The NHS in England has started to flesh out its plans for data sharing with the publication of new policy guidelines for ‘secure data environments’, which will underpin how people and organizations access data for research and analysis.
The plans are the NHS’s latest attempt to build trust in letting third parties analyze England’s health data at scale, after two previous schemes were ultimately scrapped due to privacy concerns and citizens opting out. Both care.data and the more recent GP data scrape proved to be highly controversial and failed to win over the support of experts and citizens.
The Department of Health and Social Care is hoping that this latest endeavour, which is being underpinned by key learnings during the COVID-19 pandemic, will be more successful.
diginomica has written in the past about how the NHS is thinking about building and maintaining public trust in sharing healthcare data and how the NHS App could be used by citizens to control how their health data is shared.
Secure data environments were a central idea in the government’s recent Data Saves Lives strategy, which followed on from the Goldacre Review that stated:
Data can drive research. It can be used to discover which treatments work best, in which patients, and which have side effects. It can be used to help monitor and improve the quality, safety and efficiency of health services. It can be used to drive innovation across the life sciences sector.
If we are to unlock the full potential of data, we must make sure that the public has confidence in how their data is used and protected. We believe this will only be possible by moving from the current system that relies on data sharing, to one that is built on data access. Secure data environments will be key to achieving this ambition.
The Department of Health and Social Care defines secure data environments as data storage and access platforms, which uphold the highest standards of privacy and security of NHS health and social care data when used for research and analysis. They allow approved users to access and analyze data without data leavin the environment.
Secure data environments allow the NHS to control:
who can become a user to access the data
the data that users can access
what users can do with the data in the environment
the information users can remove
The hope is that these environments can be used for planning and population health management, internal planning, and broader research and analysis.
At the moment, the Department of Health and Social Care has three different approaches for these environments - NHS Digital’s National Secure Data Environment, four sub-national secure data environments that will work at a regional level, and a federated data platform that will be implemented across the NHS in England.
With this in mind, the Department has published new guidelines - the Five Safes Framework - that aim to not only provide additional information regarding the environments’ purpose, but to build confidence in the NHS’s approach.
The framework, which has been developed by the Office for National Statistics (ONS), aims to follow ‘best practice’ principles for data protection. These include:
safe settings - the environment prevents inappropriate access, or misuse
safe data - information is protected and is treated to protect confidentiality
safe people - individuals accessing the data are trained, and authorized, to use it appropriately
safe projects - research projects are approved by data owners for the public good
safe outputs - summarized data taken away is checked to make sure it protects privacy
It’s worth reading the guidance in full to understand how the NHS is approaching this, but there are some key standouts that are worth highlighting.
For example, these environments will be the default way to access NHS Health and Social Care data. It states:
Secure data environments must be adopted by organisations hosting NHS health and social care data for research and analysis. These environments have features that improve data privacy and security, which will help build public trust in the use of their data.
Instances of analysing or disseminating data outside of a secure data environment will be extremely limited. Any exceptions will require significant justification, such as where explicit consent from clinical trial participants has been obtained.
Transparency is going to be at the core. It adds:
Owners of secure data environments must be open about the way data is used within their secure data environment. They must be able to detail who is accessing the data and for what purpose. This may be achieved, for example, by organisations ensuring that clear and accessible reporting is in place for their secure data environment.
The public will also be included in how these environments are used. The guidance notes:
Owners of secure data environments must make sure that the public are properly informed and meaningfully involved in ongoing decisions about who can access their data and how their data is used. For example, by ensuring that relevant technical information is presented in an accessible way (that is, through publishing privacy notices and data protection impact assessments).
Secure data environment owners must also be able to demonstrate that they have, or plan to, undertake active patient and public involvement activities.
Patient confidentiality is also highlighted as a priority, as the guidance notes:
Data must be treated in a secure data environment to protect confidentiality using techniques such as data minimisation and de-identification. De-identification practices mean that personal identifiers are removed from datasets to protect patient confidentiality. This includes techniques such as aggregation, anonymisation, and pseudonymisation. The level of de-identification applied to data may vary based on user roles and requirements for accessing the data.
Data minimization practices help make sure that access to data is relevant and limited to what is necessary in relation to the purposes for which they are processed.
And the key priority for the environments is that the data use within them must be for the public good. The guidance adds:
The use of NHS health and social care data must be ethical, for the public good, and comply with all existing law. It must also be intended for health purposes or the promotion of health. Data access must never be provided for marketing or insurance purposes.
Owners of secure data environments must make sure there are processes in place to assess the reasons for accessing NHS health and social care data in a secure data environment. These processes must fulfil minimum national standards, which we will set out.
This will make sure that appropriate access is given to NHS health and care data, which will support the delivery of improved outcomes across the health and care system. It will also help build public confidence in why their data is accessed and how it is used.
The Department says that it has started to engage with patients and the public on its plans for data sharing, but that engagement will scale up from Autumn 2022. By the end of 2022 it will also publish technical guidance for secure data environments and an outline of the accreditation process that all NHS secure data environments will need.
I’ve said it before, but there is a huge opportunity for the NHS in terms of how it uses and shares data - in fact, how it does this may be critical to its future success and survival. However, past endeavours have come close to diminishing any trust the public would want to place in letting the NHS do this. They were done behind closed doors and without much public consultation. For this to work, the government needs to bring people with them. And that’s only possible with transparency, seeking input and acknowledging this is a sensitive area. So far, this latest attempt appears to be taking a much better approach.