Maintaining public trust in sharing healthcare data when commercial entities play a role

Because Britain has a National Health Service (NHS), unlike in the US where healthcare is largely provided by commercial entities, there is a unique opportunity to use healthcare data at a national scale to carry out a wide variety of not-for-profit research - in order to not only improve and coordinate care, but also for clinical research. 

However, the reality of the matter is that the UK also engages with private healthcare entities on a massive scale. Not only to deliver services, but to use this national data asset within the private sector for research, in order to create innovative new preventions and treatments. The idea that NHS data should just be kept within the four walls of the public sector is seemingly not on the table. 

With that in mind, the question is being raised: how do you ensure that data is protected and that trust is maintained when citizens hand over their data to the NHS, which in turn then engages with the private sector for a multitude of reasons? This is particularly pertinent given that the private sector will by and large not be using this data solely for public good - profit will be the end game. 

We saw during the COVID-19 pandemic how researchers in the UK used data and new techniques to develop effective vaccines in record time. But also how accessible data was used to monitor the outbreak and manage service delivery for urgent care. 

It’s true that this created a new appetite for data use within healthcare. And the public - possibly for the first time in decades - understood the opportunity that the NHS presents here. However, the NHS being the NHS, quickly eroded some of this enthusiasm with a poorly executed attempt to scrape GP data across the country. 

Whilst the GP data scape was being pursued in the name of research, there was a huge outcry from privacy campaigners due to a lack of engagement, poor communication with the public and inadequate controls put in place to manage the shared data and/or opt out. 

This is a familiar story within the national healthcare system in Britain; one whereby excitement about the opportunity with data always exceeds the effective education, communication and governance programmes that need to be coordinated at the same time. 

And this was largely the impression that was created during an evidence session with MPs on the Science and Technology Committee this week. It seems that those working with data understand the opportunity very well, and want to get their hands on the datasets, but don’t necessarily have the same comprehensive answers for how to use the data whilst keeping citizens comfortable about its use, at the same time. 

So, the question remains: how does the NHS make citizens feel comfortable about it using healthcare data on a massive scale, particularly when this data may be shared with commercial entities that see it as a profit-making asset? 

I’m not sure a practical answer was given during the evidence session this week, but some common themes did emerge, which are worth exploring. 

Trust is the foundation 

Unsurprisingly, the two key persons giving evidence - Matt Westmore, Chief Executive of the Health Research Authority, and Dr Nicola Byrne, National Data Guardian (NDG) for Health and Social Care - both agreed that building trust in the system is the foundation for how the NHS can move forward with more effective data use. 

Dr Byrne, for example, said: 

This is data that comes from all of us. It’s our shared asset. We've all got an investment in how it's used. And crucially, it's collected in a context of a relationship of trust. And that trust matters. And it matters that we don't break it. Otherwise, people will be reluctant to share information or indeed will opt out. 

I think the ethical obligations that flow from that, around respect for privacy, the fact that there should be no surprises for people, which entails transparency and ensuring users are aligned to expectations, and retaining that agency of choice, I think things could be further improved in terms of how well they're embedded.

Equally, Westmore added: 

So the power that can be released by unlocking data for the benefit of patients and the health service is immense. But we can't unlock it if we don't maintain and ensure public and patient trust in the use of that data. Those two have to go hand in hand. 

What does that look like? Well, I think public trust requires transparency. In what we're doing and how we're using the data. It requires patient and public centred motives and values. It requires secure systems and processes, but above all, it requires the involvement of patients and the public at every stage of this discussion and conversation about how we build secure and ethical systems.

Quite. Except, that isn’t how things have worked out in recent years. The approach has been very much ‘make a move and apologize later’, which in turns is a sure fire way to erode trust. 

The government is - it seems - attempting to take this more seriously at the moment. A recent review was published which talked about building a small number of Trusted Research Environments (secure platforms) that give insight into how data is being used, allowing the power of healthcare data to be unleashed, whilst ensuring transparency and giving users control. 

However, it’s early days and a lot of organizational and cultural change needs to take place for the review’s recommendations to become effective. Time will tell. History tells us that public sector institutions are very resistant to building new ways of working, without effective central controls in place. 

Mixed-model use

As noted above, part of the issue pertains to how the NHS will engage with for-profit entities that want access to a national, public asset. Is there a way to ensure that trust can be maintained if our data is being used for commercial gains? 

Both Westmore and Byrne believe that it is possible, but that a fine balancing act is required, one that is able to quantify public good on one hand and risk to the public on the other. 

Dr Byrne commented on the Department of Health and Social Care’s recent report ‘Data Saves Lives’, where she said that the lack of commitment to opt-outs was particularly concerning. She said; 

I'd stress, I think, that the public aren't only concerned about their privacy. Of course that's a major consideration. But I think over recent times, we've learned that people are very concerned about the use of data not being for public benefit. So public privacy is not the only concern here. I thought there was a serious omission with no mention of opt-outs because the importance of choice is crucial for people to have agency in an ethical system.

And on the role of commercial entities, she added: 

We know that once the rationale for commercial involvement is explained to people that they're not necessarily against it and they may be supportive of it. For example, as with drug development. But there are conditions for that. If you'd like that support, that public benefit must come above commercial profits, and that'd be the primary consideration. People want to see the safeguards that are in place and also see meaningful sanctions for any improper use.

The problem that emerges is, how do you quantify public good? And how do you compare that public good to commercial profits? One answer may seem obvious to one person, but not another. Byrne added: 

The things that people consider in the overall benefit, also consider risks, such as privacy risks, equity, clinical safe, safeguards against data manipulation, and also questions about profit and that being proportionate. 

The benefit side is a complex amalgam of all these different factors together, rather than any simple metric. The ‘public’ bit of ‘public benefit’ is to stress the importance of transparency. It's not a ‘nice to have’. And a part of that is public involvement. 

So you have to go beyond simple comms or invoking the idea of ‘bringing the public with you’, this is about the public actually having a say, some agency in decision making about how data is used and what is in the public benefit. 

Dr Byrne noted that the NHS’s accumulation of healthcare data over decades is one of the nation’s greatest assets. She said that it has taken hundreds of thousands of hours and NHS staff to collect and curate. And the government should not think about the opportunity of this asset in the short to medium term. She said: 

People understand the value of this data is potentially knowledge generation in years way beyond where we are now. So I would share some of the concerns actually, that the NHS has to be extremely careful about any being locked into any commercial contracts that might give any exclusivity to that knowledge in future and lock that away from us.

I think things like intellectual property, co ownership for the NHS, all of that would have to be thought through…very, very carefully in terms of what that would mean in any any such model that might be proposed.

Further considerations

Westmore went on to say that in his experience, patients and the public are not against commercial interest in NHS data, per Se. But that they do require greater transparency around the public benefit that will be gained, alongside commercial interests. 

But, essentially, what is required is greater control given to users of how and when that data is used. Westmore said: 

Patients and the public are much more comfortable to see data invade wider types of research, for use for commercial benefit, as long as there’s still that public benefit as well.

As a wider system, we need to explain the checks and balances which exist, to continue to maintain the interest of patients and the public, such as the work of the Health Research Authority, or the National Data Guardian, and many, many others in the system.

There needs to be an ongoing process of governance and monitoring of the use of that data. So we should not find ourselves in a situation where we approve and then forget - hand over the data, or hand over access, even through a trusted research environment, and then no longer take an interest. We need to have that continued interest to ensure patient public interest is always maintained.

The patient's self determination in the use of their data is fundamental to both the ethical use of that data and public trust, so maintaining some form of patient agency to opt out of the use of their data for whatever purposes. This is really, really important. 

Without it, public trust will be undermined and then the foundations of the research and all of the benefits that we're keen to see released will evaporate away. 

My take

This was really a fascinating session to listen to. Whilst on the one hand I don’t disagree with much of what was said, on the other hand it’s a lot of what I’ve heard before. Trust, public engagement, transparency, user control, the ability to opt out, etc, etc. We’ve known these foundational pillars for a number of years, and yet we don’t seem to have made a great deal of progress in bringing the public along with the opportunity of the NHS data asset. Researchers, government agencies, companies, are all desperate to get their hands on our healthcare data. Fair enough. But I don’t see the same level of desperation from many quarters to give us the systems, processes or structures to ensure we have complete control and insight over how that data is used. I think until that happens, the two will always be at odds.