Nicola Blackwood and Nicola Perrin on how a digital transformation with respect to data in the NHS must be all inclusive

Data protection

Patient data is the black gold of the NHS. Properly and safely shared it has the potential to transform patients’ and clinicians experience of the NHS by delivering personalised care, improving efficiency and unlocking as yet unimagined opportunities for life saving research.

There are tantalising glimpses of this already: researchers in Yorkshire have increased bowel cancer diagnosis rates and cut deaths, data from the National Joint Registry identified a brand of implant with a high failure rate which led to it being withdrawn by the manufacturer, and researchers linked the UK Renal Registry with Hospital Episode statistics to identify specific improvements in kidney dialysis care that has reduced the risk of potentially life threatening complications.

But as heartening as these examples are, anyone who’s dipped a toe in the health data debate knows that we’ve all been saying this for a long time now and yet still existing datasets are nowhere near being fully deployed.

Safe and secure

Part of the reason for this is that patient data is sensitive and confidential and we’ll never make any real progress until everyone – patients and clinicians – can be fully confident that data in the system is being appropriately collected, stored and accessed. It is now perfectly possible to share health data safely and securely.

No one will be able to concentrate on it until the money is sorted out though

In general practice the use of digital clinical systems is already near universal, acute trusts still have a long way to go. Partly, this is because delivering large scale digital transformation involves risks for NHS leaders, especially in acute trusts, partly this is because funding is unclear, and partly it is because of lack of digital skills in the NHS.

That is why the Caldicott Review, and the government’s response, is such a vital step forward. It provides reassurance that patient privacy will be protected and gives clinicians a framework for delivering good data management that addresses those risks. The document, however, is just the start – success or failure will lie in how effectively it is implemented over the next few years.

No one will be able to concentrate on it until the money is sorted out though. At a time when everyone’s mind is filled with budgets, greater clarity about when announced funding will be available and who can access it is urgently needed. Caldicott does not stand alone – it is part of the wider Wachter programme and without a clear, realistic timetable for funding and delivery, trusts won’t buy into it.

Opt out

That said, the main offer for patients is a new national opt out for any use of patient data other than direct care. Patients will be able to make their preference online and change their minds.

The recent Wannacry attacks highlighted the increasingly digital nature of the NHS, and the impact on patient safety as well as privacy if IT systems are left unprotected

The evidence suggests that more than two thirds of the population currently feels they do not know how health data is used in the NHS – so giving us direct control like this is welcome. But the Caldicott response is silent on some rather significant details.

The opt out question still needs to be designed. We don’t know if there will be one or two opt- questions, or how will it be presented in a way that doesn’t create unnecessary bureaucracy or become mindless – like website cookie permissions.

We will still have to resolve how decisions will be taken for children and those with limited mental capacity? And it’s no use agreeing people’s rights if the technical response is inadequate. NHS Digital will need to lay out how will preferences be implemented, both in NHS Digital and across the whole health and care system? The timetable is tight, with just over six months to get this right.

The offer for clinicians is more cybersecurity support and more training. The recent Wannacry attacks demonstrated the importance of this, highlighting the increasingly digital nature of the NHS, and the impact on patient safety as well as privacy if IT systems are left unprotected.

Wake up call

Wannacry was a wake up call for every hospital trust and GP surgery across the NHS that robust data security must be a top priority. This is why the government response included stronger sanctions for misuse of data and a statutory role for the National Data Guardian.

The government needs to establish a Digital Delivery Forum, to sit alongside the Digital Delivery Board, and formally integrate patients, clinicians, researchers and ethicists into every step of this reform

Some of these measures have been announced as part of the upcoming Data Protection Bill – it is essential that the statutory role for NDG is included in the bill too or she will be unable to enforce the data security standards adopted by the government in the Caldicott response and NHS data security, and patients, will be put at risk.

However, it is essential that NHS data security is understood to be the foundation for the essential goal of responsible health data sharing – not an end in itself. Hard pressed or digitally inexperienced trusts may well see cybersecurity as an essential and data sharing as just nice to have, failing to grasp the efficiency savings and patient care improvements proper use of data offers.

This is why progress in this area requires much more focus on engaging and upskilling the people at all levels in the NHS. The government response rightly recognises the importance of supporting the NHS workforce to implement these changes but there is a significant piece of work to provide the tools and resources to help frontline workers understand the new systems and be able to respond to patients’ individual, potentially technical, concerns.

That is why the Wellcome Trust has set up its Understanding Patient Data programme – to reach out to patients and clinicians helping to explain how and why data can be used for care and research, what’s allowed and what’s not, and how personal information is kept safe.

To my mind, however, the only way clinicians, patients and frontline staff will really own this digital transformation is if they are directly involved in designing and delivering it so it works with, not against the grain of their day to day tasks.

I believe the government needs to establish a Digital Delivery Forum, to sit alongside the Digital Delivery Board, and formally integrate patients, clinicians, researchers and ethicists into every step of this reform and ensure that health data sharing is done with patients and clinicians and not to them.