In order to establish an effective digital healthcare system, we need to build trust with privacy first, argues Nigel Jones, co-founder of the Privacy Compliance Hub
A lack of public trust has been holding innovation in the NHS back, so how do we turn over a new leaf? An efficient digital healthcare system could be the solution.
The expansion of NHS England to include NHS Digital, NHSX and Health Education England earlier this year has not been without its controversies. One former NHS Digital chair called it a “significant retrograde step” that could undermine the public’s rights. Nicola Byrne, the national data guardian for health and adult social care, also emphasised the need for NHS England to now “demonstrate it’s trustworthy” when handling patient data.
Perhaps someone was listening. A few weeks later, the news broke that NHS England had signed a £1m deal with McKinsey & Company to design the organisation’s framework for data and analytics. While the review will look at health and non-health data, it does include ensuring “that confidential patient data can be transmitted and stored securely”.
Fears for privacy in the NHS
Done right, the opportunity to use data to research and improve patient monitoring, prevent the worsening of long-term conditions and innovate new treatments is significant.
But a good digital healthcare system is proving a hard nut to crack. This area is fraught with fears for privacy and fear of private sector involvement with the NHS. There’s a lack of trust in the government to deliver without cronyism, a lack of trust in technology companies to keep our data safe, and a lack of trust in any private company motivated by profit, not to use that data for alternative purposes.
There’s a lack of trust in the government to deliver without cronyism
Two previous attempts to create a centralised digital healthcare system and database of primary care data were paused about public and media criticism. The latest plans for a GP Data for Planning and Research (GPDPR) programme were scrapped last September after millions of patients opted out, and the project became more of a PR battle than an infrastructure project.
More recently, there has been some debate around NHS Trusts being ordered to upload patient information to a new central database developed by Palantir Technologies.
A digital healthcare system and its health data
Health data is some of the most sensitive information an individual has. In fact, it has special category status under the UK GDPR, which defines it as “data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status”. A digital healthcare system can include any information on injury, disability or disease risk, medical examination data and test results, appointment details, or identifiers such as an NHS number. Its special category status requires robust data protection safeguards to be put in place to protect it.
It’s also incredibly valuable. The accountants EY have estimated that the NHS is sitting on £9.6 billion worth of data, spanning the lives of 55 million people. And there have been incidents of the health service sharing data with private companies. Google, for example, ended up in the High Court over its use of confidential NHS medical records of 1.6 million Brits without their knowledge or consent. And back in 2019, there was uproar after Amazon was given free access to healthcare information (albeit not including patient data) collected by the NHS as part of a contract with the government.
Learning from others when considering data sharing
Challenges around data sharing in the health sector are not particular to the UK, but other countries seem to have managed this transition better. In Denmark, aggregated population data is securely stored, monitored and analysed by 300 statisticians, economists and epidemiologists that work for the Danish Health Data Authority. Their work is leading to improved cancer care, boosting public health literacy and expanding the scope of health research. And the Danish National Genome Center plans to sequence the genomes of 60,000 patients diagnosed with cancer, autoimmune disorders and rare diseases by 2024.
Spain introduced electronic health records more than 20 years ago
Spain introduced electronic health records more than 20 years ago. It’s improved communication between patients and healthcare providers and raised clinical accuracy and outcomes. And in Estonia, online health records integrate data from multiple healthcare providers and are accessible to doctors and patients.
Hope for a future data-driven digital healthcare system
For NHS England to realise its vision for a data-driven digital healthcare system, it has to start by building trust with the public. Privacy is at the heart of that conversation. People need to feel confident their information is safe, that they can opt out of certain uses of their data, and that it’s not being sold to companies in the pursuit of profit.
The timing could also be beneficial. Public sentiment on sharing health data shifted during the Covid-19 pandemic. A national data-sharing agreement allowed information from 50 million patients’ GP records to be made available to pharmacists and paramedics. And record-sharing and appointment booking across GP practices and NHS 111 services were also supported. Many members of the public also shared their Covid-19 status and location to track and curb the spread of the virus.
There’s an opportunity then to take some of those lessons and tackle what has seemed like an insurmountable challenge because the future of the NHS will not be powered by GPs diligently storing patient records in rows of filing cabinets. Patients need to be able to access their own health histories. Information silos between GPs, hospitals, and the community care sector need to be removed. Researchers should be able to use years of accumulated data to analyse, predict and prevent disease. And it all starts with a national conversation about the importance of privacy and trust.
Nigel Jones is the co-founder of The Privacy Compliance Hub.