Programmes which facilitate the sharing of anonymised patient data from GP practices as well as hospitals are very important sources for medical research. Communicating this with patients to allow informed decision making is vital.
What was Care.data?
Care.data was a programme proposed by NHS England and the Health and Social Care Information Centre (now NHS Digital) in 2013. HSCIC proposed to upload patient records from GP practices onto a central database, to be made available to approved researchers and both public and commercial health organisations, including pharmaceutical corporations.
The organisation already compiles databases of hospital data, such as Hospital Episode Statistics (HES), which have proved useful for medical research and in public inquiries such as that into the Bristol heart surgery scandals. HES contain data generated from all hospital admissions, outpatient appointments and A&E attendances. However, this data represents a “snapshot” of a patient’s health compared to data held by GP practices which provide comprehensive information about a patient’s history.
Hence, the Care.data programme was proposed, whereby HSCIC would upload data from GP practices onto a central database, including identifiable information in order to allow linking with hospital data. Patients could opt out of identifiable information being shared, except in extreme cases such as during a public health emergency, but they could not restrict who the data was being shared with. Following concerns about the security and the patient consent model of the Care.data programme raised by Dame Fiona Caldicott in her review, Care.data was closed. Criticisms were aplenty regarding how details of the programme had been communicated with the public, and how this confusion ultimately led to its closure earlier this year.
How is NHS data currently used?
Generally, patients are uncomfortable with the notion of their health history being shared with non-NHS bodies. We tend to be more comfortable with sharing anonymised data, but even then feel less comfortable with the NHS sharing such data with external organisations. This is not helped by a fear of security breaches, such as when an HIV clinic revealed the names of its patients in an email, resulting in a £180,000 fine. Many have also criticised IT management within the NHS following failed plans costing billions of pounds.
However, NHS data is currently being shared, such as through the aforementioned HES or through databases including the Clinical Practice Research Datalink (CPRD), by obtaining approval from the Data Access Advisory Group (DAAG) who check for consent and evaluate reasons for requesting access to data. Hospital data collection, updated monthly, is useful, but including GP data, as was proposed in Care.data, provides an even better source for medical researchers. The NHS should first upgrade its IT, with a focus on moving towards complete electronic health records, as this allows for easier data sharing (if the patient has given consent).
A major reason why Care.data was not implemented was that information regarding opting out and what data would be shared had not been communicated well. A BBC survey found that at least two-thirds of the public had not seen the leaflets meant to be distributed across UK households explaining the programme. The public should be better informed about the benefits to medicine and public health of sharing this type of data. Patient consent and control over data are absolute values, but with greater transparency and efforts with regards to promoting awareness of such a programme, support may have been higher than it was with Care.data.
While patient data is currently shared with pharmaceutical corporations in an anonymised format via schemes such as the CPRD, patients may still feel uncomfortable with the idea of private corporations accessing a database such as that proposed under Care.data, and there would need to be regulations regarding consent for such access.
Nonetheless, via campaigning, the importance of working alongside private corporations which provide necessary funding for drug development and related research may be realised, further encouraging public support for such a programme. Data sharing, albeit with informed consent from patients, is in the best interests of the public, and the government should support the NHS to try and introduce such programmes. The fact that the UK is fairly unique in having a centralised, public health system while at the same time having a large population means that the opportunities for research and academia are immense and they should be explored.
What does Google have to do with this?
While patients may tend to be uncomfortable with data sharing, they trust tech companies even less with their data, as a survey of the American public shows. This was reflected in the UK when the Royal Free NHS Trust shared records of 1.6 million patients with DeepMind, a Google subsidiary, which the company hoped to use to develop an app able to recognise kidney injury. Campaigners expressed concerns that this amounted to a “breach of trust” and that it was not in the best interests of patients.
However, such partnerships with tech companies could assist the NHS in providing online tools for patients as well as applications for staff use, not only allowing better monitoring and surveillance of patient recovery, but also reducing paperwork and improving efficiency. Public confidence in such ventures could be maintained by developing regulations governing the security of the data during transmission and storage.
Combined with the access to comprehensive health data on a population-scale, this would provide innumerable opportunities for the fields of medicine and public health, better informing health policy as a result. By introducing legislation and security protocols to strengthen public confidence in future data sharing programmes similar to Care.data, and allowing regulated partnerships with approved tech companies, the NHS could be at the forefront of medical advancement in the years to come. What are we waiting for?