Analytics – Whose data is it anyway?
There are a growing number of techniques which might be described by the term “health analytics” which are able to use patient data (generally pseudonymised) for a range of valuable purposes which can help identify opportunities to delver more appropriate, better quality and more cost-effective care. With the challenges healthcare faces using information more intelligently is not optional – We need to do all we can to facilitate the development and application of better health analytics.
There are many governance issues associated with using data for these purposes, which are not the topic of this piece, but suffice it to say there are real concerns, but concerns which can be addressed to ensure patient’s privacy and wishes are respected.
The application of analytics typically requires the extraction and linkage of data from more than one source and this requires the corporation of application designers and those organisations that host systems to facilitate access and the extraction of data. Designers and hosting companies (often one and the same) have some legitimate concerns with regard to risks to the integrity of their systems and operational impact of data extraction, but I’m concerned that some are less cooperative than they might be , sometimes to the point of being obstructive, going well beyond what can be justified by their legitimate concerms. My particular experience is in primary care, where access to practice hosted systems has generally be possible where the practice wish it, but with the growth of hosted systems control seems to be shifting to system suppliers.
It seems to me that it is the customer (more specifically the customer’s Data Controller or Caldicott Guardian) who should be in control of who is allowed to extract data from systems after satisfying themselves of the appropriateness of the data extract and that all patient privacy and any other governance issues have been appropriately addressed. Purchases of IT system should ensure that suppliers are contractually required to provide facilities to support approved extractions in a timely manner, but should understand that this may have an impact on the cost and/or service levels in a hosted environment. The basic facilities required should be no more than those any adequate system should provide as part of its standard reporting tools, but some of the requirements particular to analytics purposes (e.g. pseudonymisation, or the ability to run standard queries like HQL (Miquest, GPES)) might reasonably require additional facilities which might attract additional charges.
The requirements of health analytics are sometimes better met by third-party tools rather than the native reporting tools of individual systems and purchasers of systems should ensure that API’s are available that will allow third-party tools to connect efficiently.
Many suppliers see commercial opportunities in the exploitation of data in customer systems that they supply or host and I have no problem with their exploiting such opportunities subject to the following caveats:
• In general patient’s should be the final arbiter of how their data is used for secondary purposes. They should be made aware of such uses and have an opportunity to object (as required by both the NHS Code of Confidentiality and GMC Guidance.
• Their customers, not the suppliers should be in full control of how data in systems is used and they are responsible for ensuring such use is appropriate and respects patient’s confidentiality and wishes and meet other governance requirements.
• While supplier s may work with their customers to develop services based on secondary uses of data, they should not seek to restrict customers from working with any other party they may choose.
The actions of some suppliers to create artificial technical barriers to data extraction (e.g. by imposing arbitrary limits on the number or records that can be extracted or refusal to make available appropriate APIs to allow third parties to connect to their systems) are unacceptable and customers should ensure that contracts exclude such anti-competitive behaviour.
Opening up information to health analysis and scrutiny to all those with an interest in doing so is central to Government policy and the key to identifying opportunities to delver more appropriate, better quality and more cost-effective care. Subject always to respect for patient’s wishes and privacy, other barriers to access to information need to be swept aside.
(Declaration of interest. My company, Woodcote Consulting has a number of clients who we advise in relation to the extraction of data for analytic purposes.)