The importance of using health data to target and optimise the care we deliver and to advance our understanding of medicine, health and care is undeniable and something we must do, but we really do have to secure public confidence in doing stop scoring so many “own goals”
As my good friend and colleague Dr Joe McDonald said recent in his column on digitalhealth.net “Patient data there for the asking, not the taking” and this brilliantly takes us to the heart of the issue.
When asked most citizen’s would be happy to have their health data used for a broad range of research purposes that bring health or economic benefit, but they do want to be asked and not asking them is a great way to trigger bloody mindedness and push up the extent to which people actively seek to opt-out as has been demonstrated by the 1.2 million opt-outs generated by the crass mishandling of care.data.
We seem to be repeating these mistakes with the Royal Free giving data to Google without an adequate opportunity for patients to opt-out. Sources in the NHS tell me that the Royal Free are not the only NHS Trust to do this although no more names have yet been mentioned.
To have damaged public support and confidence in the way we have is both unforgivable and avoidable the result of arrogance and ignorance of those making the decisions with a failure to listen to the advice given to them and learn from the experience of others.
Firstly, it is necessary to acknowledge that we are talking about sharing potentially identifiable data. The work of Prof Paul Ohm has graphically illustrated that even apparently very anonymous datasets can be re-identified. In the case of a rich datasets like those in EHR re-identification is trivially easy for those with a mind to do so It provides little comfort that is probably the last thing most researchers want to do.
Generating and maintaining public confidence is possible. Most people already understand the value of their data for research purposes and are willing to share even identifiable data if approached correctly. We only need to look to the likes of UK Biobank who have successfully persuaded over half a million people to share sensitive identifiable health data and actively participate in providing blood samples to support Biobank’s research work, with no prospect of direct personal benefit
In my view the key things that those wishing to use patient data for purposes other than those very directly related to the deliver of care to the data subject must do are:
- Acknowledge the re-identification and privacy risk associated with share health data.
- Take all reasonable steps to mitigate these risk with appropriate governance and the use of privacy enhancing technologies (making the effort to find out what these are and what they can do.)
- Allow those who for whatever reason my wish to do so to have an informed opportunity to easily opt-out.
Invest in technology and approaches that allow us to move towards an opt-in approach.
The Centre can’t say they weren’t told. Had they read and heeded “Fair Shares for All” produced by the BCS Primary Health Care Group under the leadership of Ian Herbert in 2012. Things might have been different (I have since discovered that those making the decision never read anything longer than 140 characters)
It’s a long document because there are no short answers to the complex issues it addressed, but to draw out a single paragraph that will give you a flavour:
“In summary we want to encourage patients and their clinicians to provide their data for laudable research purposes, and acknowledge the need to use it to administer and manage the NHS, but we must seek to retain public confidence while doing so. Patients accept the electronic processing of their health data for primary purposes, but should have reason to feel confident that it is protected and used properly”
The document will need some updating, particularly as new privacy enhancing technologies (e.g. block chains and homomorphic encryption) have become practical tools over the past 4 years, but it still remain highly relevant.