For data to be used for public benefit citizens must be able to trust their data will be used appropriately with complementary benefits (or fair value) for patients, public, the system and private companies. Do our current approaches incorporate trust and fair value in a way that is suitable for the new world of digital technologies?
The NHS has been buying physical goods for a long time so we have a reasonable degree of understanding what fair value looks like so there is mutual benefit – the NHS can agree a good price and companies have a sustainable income – although this process is far from perfect, with variability and inefficiency. But digital technologies increasingly complicate this exchange as we move from tangible physical goods to intangible goods such as software, services and data. There is some potential to learn from the purchasing of physical goods, but data specifically is an aspect unique to digital which brings with it a whole new set of challenges.
It is difficult to codify fair value for data into a simple price list largely because it is highly personal, has multiple variables and is use dependent. Perceived value is dependent upon multiple factors, such as how much data there is, its quality, the time span covered, demographic representation, completeness, etc. One person’s blood pressure data is valuable in isolation and rapidly becomes much more valuable in combination with other data such as heart rate and level of physical activity (eg from a wearable device). This personal data is valuable for an individual and their care provider, but once pooled for a representative population the perceived value increases substantially – the data can be used to improve the health of many. Physical goods can be considered a simple one-off monetary transaction in return for a medical product but digital technologies create data that can also benefit companies by improving their algorithms and insights to generate new business. Ideally, we seek equally fair value for the health and care system, patients, the public and companies. It sounds easy until we try to pin down what exactly we mean by fair value, and specifically, what is fair value to the NHS? Is it monetary return, improved outcomes or increased efficiency?
Integral to agreeing on fair value is trust in the institutions, companies and decision-makers that hold, control and use our most personal data. In the UK we are lucky to have a health service that is trusted by the majority of the public to keep data safe and use it appropriately to improve care. However, we have seen past missteps erode this trust, subsequently many believe that agreements benefit private companies more than the NHS. Unfortunately, there’s little evidence that missteps have translated into lessons learnt. For example, the recent test and trace agreement with McKinsey states no data sharing will occur without written consent from the data controller and relevant data protection in place, which may seem sufficient. But, it’s unclear how fair value to the NHS and the public fit within the conditions for data access. Just as data protection has become standard, transparency on how fair value will be defined and generated needs to become a standard part of agreements.
While it is a complicated area, there are already good precedents on how to establish a shared understanding of fair value. One approach is a citizens deliberation, such as the recent engagement with OneLondon citizens, a collaboration with Understanding Patient Data, The King’s Fund and Ipsos Mori. Over several years, multiple citizens deliberations have developed knowledge and processes for engaging citizens on complex topics in a structured way to derive consensus on fair value and appropriate data usage.
Given what we know about the benefits of involving the public who are becoming more privacy conscious, we are left with the question: when will this established knowledge be utilised by data controllers at all levels of the system when working with corporate partners to modernise best practice for transparency and fair use of data? From the existing body of work, data controllers sharing patient data need to consider the following questions.
- How have established citizens expectations on fair use of data with appropriate practices been incorporated into agreements?
- How will the public be engaged in the development of any agreement and ongoing activities?
- If agreements have multi-year durations, how will the initial agreed value be adjusted over time?
Deliberation on a complex issue like fair value helps develop shared understanding and a way forward that is more nuanced than simply ‘do not sell data’. Most, if not all, data agreement approaches can be improved by incorporating established expectations and engaging with the public. This won’t solve all the problems, but it will help to maintain and improve trust while simultaneously modernising best practice.
Holding and using data is a privilege based on trust, earned through professional values and behaviour. Covid-19 has increased digitalisation and created new data streams, and the importance of data and good data practices continues to grow, but we can’t continue to ignore modernising protocol. The system will only work optimally if patients feel safe providing and sharing their data. Without improved protocols there is a real risk that the sense of trust and safety will be further eroded.
My father was very old and had a lot of things wrong with him but, in the end, he suffered and died because his data weren't shared between hospitals or even within the same hospital. Recently, I have benefitted from rapid sharing of my data between a hospital and my surgery. So I value the huge benefit that this system could bring.
I have written to NHS digital twice to ask them to explain their data anonymisation process in more detail and failed to receive a satisfactory answer. Individual patient data needs to be encrypted as it passes between various NHS bodies and decrypted by legitimate users such as doctors and nurses, or before it is given to the patient. However an individual's data could also easily be stripped of any identifying features such as name, address and the street level part of the postcode before being given to genuine research institutions or approved private companies without the need for encryption. Clearly, the data would be given freely on the basis that the NHS and ultimately the patients would benefit freely from the results of the research.
However, this is not what I understand NHS Digital intends to do. It means to pass on the encrypted data. If this is a misapprehension, I would like somebody to correct me. In the end, I am prepared to take the risk. But I would prefer to know that my data were not being used purely for the profit of a private company or to the detriment of the NHS. Medical insurance companies should not have access to patient data in any form whatsoever.
I went onto the Kings Fund site to check out a piece on the OpenDemocracy site. One aspect of the handling of patient data seems to have been overlooked by both the Kings Fund and OpenDemoceracy. That is, if confidential patient data was sold or passed to life insurance companies in such a form that the patient's name etc could be retrieved, such companies could use the data to manipulate their business model to their own advantage. OpenDemocracy are trying to persuade people to opt out of a wider sharing of patient data. They do concede that data sharing is important for national health provision. I think there are two fundamental issues to cause concern around data sharing. First, the risk of cyber hacking into large data systems such as the NHS, which seems to be getting more pervasive and large bureaucracies have not proved to be immune to the threat. The NHS has had a poor track record on computer technology (not surprising given the ambition, size and complexity of its reach), Second, corruption/connivance within/between politicians and businesses has always exists where power sups with ambition. Personally, given the trouble caused by Covid19, possibly through either a lack of sufficient, hard, accessible data or a political failure to use it wisely, and knowing a bit about statistics and the NHS, I still think we need to be able to access national patient data quickly, and store it for the next pandemic. So I won't be buying into OpenDemocracy's invitation to refuse to share my data, but I will have my fingers crossed.