Category Archives: Information Governance

Patient data there for the asking, not the taking


The importance of using health data to target and optimise the care we deliver and to advance our understanding of medicine, health and care is undeniable and something we must do, but we really do have to secure public confidence in doing stop scoring so many “own goals”

As my good friend and colleague Dr Joe McDonald said recent in his column on digitalhealth.net “Patient data there for the asking, not the taking” and this brilliantly takes us to the heart of the issue.

When asked most citizen’s would be happy to have their health data used for a broad range of research purposes that bring health or economic benefit, but they do want to be asked and not asking them is a great way to trigger bloody mindedness and push up the extent to which people actively seek to opt-out as has been demonstrated by the 1.2 million opt-outs  generated by the crass mishandling of care.data.

We seem to be repeating these mistakes with the Royal Free giving data to Google without an adequate opportunity for patients to opt-out. Sources in the NHS tell me that the Royal Free are not the only NHS Trust to do this although no more names have yet been mentioned.

To have damaged public support and confidence in the way we have is both unforgivable and avoidable the result of arrogance and ignorance of those making the decisions with a failure to listen to the advice given to them and learn from the experience of others.
Firstly, it is necessary to acknowledge that we are talking about sharing potentially identifiable data. The work of Prof Paul Ohm  has graphically illustrated that even apparently very anonymous datasets can be re-identified. In the case of a rich datasets like those in EHR re-identification is trivially easy for those with a mind to do so It provides little comfort that is probably the last thing most researchers want to do.

Generating and maintaining public confidence is possible. Most people already understand the value of their data for research purposes and are willing to share even identifiable data if approached correctly. We only need to look to the likes of UK Biobank who have successfully persuaded over half a million people to share sensitive identifiable health data and actively participate in providing blood samples to support Biobank’s research work, with no prospect of direct personal benefit

In my view the key things that those wishing to use patient data for purposes other than those very directly related to the deliver of care to the data subject must do are:

  • Acknowledge the re-identification and privacy risk associated with share health data.
  • Take all reasonable steps to mitigate these risk with appropriate governance and the use of privacy enhancing technologies (making the effort to find out what these are and what they can do.)
  • Allow those who for whatever reason my wish to do so to have an informed opportunity to easily opt-out.
    Invest in technology and approaches that allow us to move towards an opt-in approach.

The Centre can’t say they weren’t told. Had they read and heeded “Fair Shares for All” produced by the BCS Primary Health Care Group under the leadership of Ian Herbert in 2012. Things might have been different (I have since discovered that those making the decision never read anything longer than 140 characters)
It’s a long document because there are no short answers to the complex issues it addressed, but to draw out a single paragraph that will give you a flavour:

“In summary we want to encourage patients and their clinicians to provide their data for laudable research purposes, and acknowledge the need to use it to administer and manage the NHS, but we must seek to retain public confidence while doing so. Patients accept the electronic processing of their health data for primary purposes, but should have reason to feel confident that it is protected and used properly”

The document will need some updating, particularly as new privacy enhancing technologies (e.g. block chains and homomorphic encryption) have become practical tools over the past 4 years, but it still remain highly relevant.

“Wicked” Barriers to Innovation and Adoption

Sometimes we just have to JUST DO IT! In the NHS we have too high a tolerance for inaction and too little tolerance for honourable failure.

I’ve just come back from the Healthcare Innovation Expo in Manchester, where there was much talk about the need to encourage innovation. I’m all for that but I think it’s widely agreed that the problem is not innovation but getting innovation that works widely and rapidly adopted.

I’m trying to help NHS England do some innovative things with Open Source and we made lots of progress over the two days at Expo, but I again encountered examples of two of the wicked barrier to innovation and its’ adoption.

I call these things “wicked” because they are both things that are genuinely important and that we must properly consider, but they also represent two of the most effective spanners that those who feel threatened by the innovations of others can throw in the works to slow down adoption.

They are:

  • Clinical safety
  • Evidence

Don’t get me wrong clinical safety is important and I support the application of standards like ISB0129, which I think is actually well put together and does a good job of encouraging a proportionate approach to clinical safety. What gets my goat though is the way in which clinical safety can be used as excuse for not doing things differently. I wouldn’t mind so much if we knew that current systems and processes were safe, but the fact is that we know they are probably not and I don’t see a good case for slowing down innovation longer than is necessary to be confident that they at least marginally reduce harm. Too often “the Best is the enemy of the Good” and the paradox is that the laudable desire to ensure that responsibility for clinical safety is nailed down and hazards are properly assessed and managed makes it desirable, to some, to stick with current systems and process where the hazards are not well understood or managed, but where nobody’s head is on the block if things go wrong.

Similarly with evidence, we should of course seek evidence to support that what we plan to do will be effective in achieving whatever it is we hope to achieve, but again bleating “where’s the evidence” is a great way to throw a spanner in the work for those who lack a more cogent reason for objecting to a particular course of action. Again, I’m particularly irritated as we sometimes have little evidence that what we currently do works well and more often have evidence that it doesn’t so why not try something different. I’m also concerned when people ask for evidence for things that have not done before. Clearly, if we have not tried something before we can’t have direct evidence of its effect and the more innovative an idea is the more difficult it is to find proxies for direct evidence. Sometimes we just have to rely on professional judgment, faith or plain old gut feel and just do it. We have to take this route if we want innovation and adoption but we also have to recognise that we might be wrong, evaluate what we do and “Fail Fast”. We also have to ensure that we don’t castigate those who try and innovate when they fail, as long as they fail as fast and with as little harm as is reasonable practical; sadly in the NHS we have too high a tolerance for inaction and too little tolerance for honourable failure. Given the challenges we face we know inaction will inevitably lead to catastrophic failure and have encourage people to, at least, do something.

You can read more about barriers to innovation in my blog “What Entrepreneurs Want” over on the HANDI web sitenovation