Why transparency, accountability and public involvement are key to resolving this conundrum
This is an edited version of an article that originally appeared on The BMJ
A row is brewing over NHS Digital’s plans to update its system for extracting patient data from general practice records. These involve replacing the General Practice Extraction Service, which has been in place for over 10 years, with a streamlined and more efficient system for collecting and analysing general practice data for health and social care purposes, including planning, policy development, public health, commissioning and research.
Privacy campaigners MedConfidential and Foxglove accuse the government of rushing the changes through by stealth, giving patients insufficient time to exercise their right to opt out. This is, indeed, a sensitive issue, but opting out may not be the best response.
For patients, concern centres on the extent to which they can trust data users to protect their privacy and the likelihood that use of the data will lead to public benefit. Most people are willing to share their de-identified data for planning and research if they are sure it will not be used for marketing or insurance purposes – but they want reassurance about users’ motivations for requesting the data, and their competence to protect it.
The COVID-19 pandemic has provided plenty of illustrations of the value of using routine data to monitor the impact of disease, identify effective treatments, and study vaccine effectiveness; this has helped improve people’s knowledge and understanding of the potential value of making personal health data available for wider use – but they still need reassurance that it will be used appropriately. It is important that patients retain the right to opt out of sharing their data, but exercising that right diminishes the completeness of datasets, potentially undermining their usefulness.
Transparency, accountability and public involvement are key to resolving this conundrum. It requires an approach to data governance that takes a case-by-case approach to requests for data access which is fully transparent and open to public scrutiny. Patient and public involvement in the committees making these decisions should be standard practice. These committees should act independently of data controllers and those requesting access, and maintain oversight of the entire data lifecycle – collection, storage, access and use.
Clear criteria should be agreed to guide decisions about who can access data, and for what purpose. The ‘five safes’ provides a useful model on which these can be based:
- Safe projects: is this use of the data appropriate?
- Safe people: can those requesting access be trusted to use it in an appropriate manner?
- Safe data: is there a disclosure risk in the data themselves?
- Safe settings: does the access facility limit unauthorised use?
- Safe outputs: are the statistical results presented in a way that maintains subjects’ anonymity?
Committees should keep registers of all approved uses of the data, making these publicly available; conditions of use should be monitored and sanctions applied if any breaches are identified. These provisions are already standard practice for some data controllers, including NHS Digital, but they are by no means universally applied. Common problems include lack of patient and public involvement and failure to provide publicly accessible information about safety procedures.
Public acceptance of data use is not helped by the fact that few people have seen their own records. GPs are now required to make summaries of patient records available electronically so that individuals can review and make use of them but, by 2020, only 19% of patients were aware that this was possible, and only six per cent had done so.
Meanwhile, UK law in relation to record ownership remains unreformed, with legal ownership vested in the organisation that owns the paper or database on which the record is stored, allowing patients no direct control over their data; this is despite government promises to enable patient access to their full medical records by 2018, including the facility to add their own notes. Comprehensive interactive access is still a long way from being achieved.
For too long arguments about who should have access to their data have raged above patients’ heads or behind their backs. Opting out is an unsatisfactory solution. It is time to make more strenuous efforts to involve the public in designing and implementing secure systems for extracting benefit from this important resource.