By Jude Holmes
Last month, the UK government’s controversial plan to sell off data from NHS England was dramatically stopped at the last minute. Critics of the scheme were alarmed by how secretive the government’s approach to the topic was, and the potential for patient data to be used for marketing purposes. Despite the abrupt cancellation, it’s fair to assume this issue is far from settled. Here’s what you need to know about what happened, and why:
The UK government wants to centralise data collection from NHS England records, ostensibly in an effort to make the databank more usable in research. This includes demographic information such as gender, sexual orientation, and ethnicity stored alongside physical, mental, and sexual health records. Names would be omitted, and patient postcodes will be stored in a coded form. Some data – such as certain IVF procedures and some gender reassignment information – are protected from being shared by law, as well as notes on patient-GP conversations.
These records will be given out on request by research institutions, charities, and ‘third parties’. Patient data from up to 10 years ago will be automatically added to the database, unless patients specifically opt out by September. The initial deadline was 23rd June, however strong opposition to this bill from The British Medical Association and the Royal College of General Practitioners has pushed this deadline back. Note that if you opt out after the September deadline, your previous data will still not be removed from the site as it is anonymised and cannot be selected out of the databank, only data going forward will not be shared.
Why is this happening now?
Increasing the sharing of records containing information such medication and immunisation records has been prompted – and some would argue justified – by the COVID-19 crisis. During the pandemic, sharing medical information on cases led to some early treatments, saving thousands of lives across the globe. In the future, this databank would aim to support research and planning by updating current standards on the data sharing which already takes place.
While You’re Here…
Why not take a moment to subscribe to The International’s free monthly newsletter? It takes seconds to sign up, and you’ll stay up to date with the stories shaping our world at a pace that won’t overwhelm.
What happens to data in research?
Medical researchers currently apply to ethics committees, outlining how data will be collected, used, and stored – and this would likely remain the same. As of today, collecting data requires finding patients willing to hand over that data for use in a recruitment phase of research, ensuring participants fully comprehend how their data will be used and stored before they give consent. Best practise requires that patients are given appropriate time to consider their options before consenting, and that they are made aware how and when they can opt out. This new scheme would make this part of the process much easier, as no paperwork is required to prove that a patient consented. But, it also gives everyone less control over how their data is used.
So what’s the problem?
GDPR, as the EU data protection act is known, is one of the clauses that the UK government voted to keep during Brexit negotiations. This law provides protection for patients and supports best practice in research. This revamp could be considered as the first step away from the previously strict data protection laws, as the outline for data anonymisation processes and storage are unknown. Patient names won’t be used, but their postcode will be used in some as-yet undefined process to create a “unique code”. This seems sensible at first glance as a way of maintaining a link to patient identity through a coded means, but if so, how is that data being stored? And why can’t it be used to remove your data on request?
A subtlety of anonymisation is that not all of us are created equal, and not all of us will therefore be protected equally. For example, anonymising a population by job title might work well for some (after all, there are thousands of “writers” across the globe), but other jobs are incredibly specific? In terms of health, how many white, physically healthy, 30 year-old men with one tooth filling are there vs the number of Asian, wheelchair bound, 25 year-old women with asthma? And if minorities are harder to hide in the data, what does that mean for them?
It may seem unlikely that people are trying to steal your data – and perhaps you’re not concerned as you rarely see a doctor anyway. However, in data protection Murphy’s Law is invoked – if it can happen, it will happen. Most people don’t see the potential in data, but a national database of health information is a powerful research tool, whether that’s for medicine or marketing. The government claims that this data will not support marketing or insurance purposes, however, where is the line between a pharmaceutical company researching treatment in patients with arm fractures, and using the data on demographic distributions in fractures to market a new cast? And have we decided collectively that this is a suitable use of data for marketing?
Do We Really Have a Choice Anyway?
In addition to the question of morals, is a question of our autonomy. Before resigning, Matt Hancock claimed that the plans would increase our control over our data, but it’s hard to see how. Even with the opt out clause, data can still be legally required, such as through a court order. An ‘emergency’ can also be used as justification to take data – and events such as the Coronavirus pandemic would surely qualify as emergencies. If data about you is ‘removed’ it may still be used, though who decides on what that looks like is fundamentally unclear. On top of that, national statistics and a population census will override your decision. None of these are necessarily ‘evil’, but it doesn’t exactly sound like ‘control’, either. Oh, and for those thinking they’re safe with private healthcare, it might be worth double-checking as any private GP with even a smidge of NHS funding will also be passing on data.
The government’s decision to delay this plan hasn’t really provided any answers to the burning questions. Why was the bill about to be passed with almost no advertisement or fanfare? And why, in a democracy, are we not a little more surprised?
The best option seems to be as always, to bring this out, to air it, and have a good old fashioned debate.
Jude Holmes is a staff writer at The International. Find her here on LinkedIn.