Could pseudonymised data at source rescue the beleaguered care.data programme? Jennifer Trueland explores
If we have learned anything from recent events it’s that people have very strong feelings about sharing patient data - and that there are significant differences of opinion.
While some are horrified that any patient information is seen by anyone apart from, say, the clinician treating them at the time, and have real concerns about what might happen to their records, others believe that sharing data can bring huge benefits both to the NHS and to individual patients.
- Dr John Parry: Pseudonymised data can protect patient confidentiality
- Case studies: Return to the source
- Service improvement: The exemplar hospital
- Martin Johnson: Continuous improvement
- Download a free PDF of the HSJ/NHS Confederation supplement
The care.data debate is a case in point.
‘Care.data has shaken the public’s confidence in sharing patient records’
As is well known, in February, NHS England took the decision to postpone the rollout of the Care.data programme, the ambitious initiative to extract data from GP records and share it with the Health and Social Care Information Centre.
The idea is to use the data (linked with hospital episode statistics) to improve patient care, by, for example, identifying disease patterns, monitoring the effects of treatments, or informing NHS planning.
The roll-out was abandoned, however, following concerns raised by the British Medical Association, royal colleges and others.
At the time, Tim Kelsey, national director for patients and information with NHS England, said that the message was clear that “patients need more time to learn about the benefits of sharing information and their right to object to their information being shared”.
‘You can’t routinely reverse pseudonymisation to get the identity of the patient - it can’t go backwards’
A six-month awareness raising exercise is now underway - and might even take longer than that.
Although the decision to postpone has been welcomed in some quarters, it has led to raised eyebrows in others, for example, the research community.
Indeed, many believe it would be entirely possible to sidestep the issues raised by Care.data if a different model were applied, making use of pseudonymisation at source software, and taking the whole question of identification completely out of the picture.
Chris Bates, head of analytics, informatics and research with TPP, and an honorary research fellow at the Institute of Health Sciences at Leeds University, says there are huge benefits in being able to link data from different sources, such as GP information, and hospital episode statistics.
“Care.data has shaken the public’s confidence in sharing patient records,” he concedes. “But if we were to take a different approach, and use pseudonymisation at source, then we can allay many of the concerns. If the data simply isn’t identifiable, then people’s confidentiality isn’t at risk.”
Master of disguise
Pseudonymisation at source involves taking a patient identifier, such as the NHS number, and applying an algorithm to it so that it is no longer identifiable.
“You can’t routinely reverse it to get the identity of the patient - it can’t go backwards,” he says.
“The research community has been doing this for a while, and we see no reason why it shouldn’t be adopted more widely.”
Pseudonymisation at source allows different datasets to be linked - such as those from the GP record, hospital episode statistics, cancer registries and cause of death information. Putting them together builds a comprehensive picture with numerous applications - and, the greater the number of datasets, the more synergistic the results.
“From a research point of view we can do it, and we are doing it,” he says.
‘There’s some work to do to reassure the public and to make it clear that it’s actually in people’s best interests for this to happen’
NHS England has confirmed that the information centre is currently examining the feasibility of pseudonymisation at source, but says it will be challenging to apply it at a large scale because different organisations across the NHS use different information systems.
Dr Bates, however, believes that there is enough consistency to make it valuable - and that 100 per cent coverage isn’t necessary as a starting point.
“What we would say is that if you can get 50-70 per cent providing pseudonymisation at source, then you can wait for the other 30 per cent.
“The research world has been using this technique very successfully for a number of years - I believe we should be using it in clinical settings too, to allay concerns.”
Delays to greater data sharing are regrettable, he believes, but says that restoring public trust is important.
“Care.data has shaken public confidence and people are dropping out,” he says. “There’s some work to do to reassure the public and to make it clear that it’s actually in people’s best interests for this to happen. Of course patient confidentiality is vital, but I think we can do this without compromising it.”
The information centre is also working to provide further reassurances over the safety of data collected, stored and shared.
Listen and learn
The important thing, says NHS England’s Tim Kelsey, is to listen, and to get the processes right, for patients and the public.
“We are acting on the views of patients, the public, doctors and others, and are making key changes in response,” he says. “We want to listen carefully rather than setting some artificial deadline for rollout.
“Parliament is also adding important new legal protections to safeguard patient data, while ensuring patients are able to benefit from the quality improvement and breakthrough health advances that this initiative will enable.”
The stakes are high on this. Get it right, and Care.data will help maintain standards on clinical safety and effectiveness, and raise the alert if standards drop. If it works as planned, Care.data will mean that the NHS has much more information about what works and what doesn’t work, potentially revolutionising outcomes.
But the consequences of getting it wrong - particularly in terms of losing public trust - are also serious. As Dame Fiona Caldicott recently told BBC Radio 4’s PM programme, good public information is essential.
As chair of the Independent Information Governance Oversight Panel, she believes that the Care.data public information leaflet was not clear enough and did not follow her panel’s advice.
‘The research world has been using this technique for years - we should be using it in clinical settings too, to allay concerns’
She also said in the interview that she, personally, did not recall receiving a leaflet, and that NHS England had been in too much of a hurry to roll it out.
NHS England does, however, clearly now understand just how high feelings are running on this issue. This was made obvious in the relatively strong language used in a recent communication sent to the participants of the newly constituted Care.data advisory group (autonomous, but set up by NHS England in March 2014).
Along with draft terms of reference, the letter, which is available on the NHS England website calls for respect for different views, saying that “people who choose to opt out are not extremist, people who advocate data sharing not cavalier”.
The irony, says Dr Bates, is that solutions such as pseudonymisation at source could, potentially, address the concerns of both camps. At the moment, however, there are no concrete signs that the government feels the same way.