Landmark patient data probe sparks 'serious concerns'

The Information Commissioner’s Office’s investigation has caused “serious concerns” among researchers, who have warned crucial research could be put at risk by increased data restrictions.

The argument – revealed just weeks before the government’s response to Dame Fiona Caldicott’s report on patient data sharing is due – hinges on whether NHS Digital is complying with the ICO code of practice on anonymisation when distributing hospital episodes statistics data.

NHS Digital says it is in compliance, but a complaint from MedConfidential has prompted the ICO to investigate. Its ruling could have a profound impact on data sharing.

A paper from NHS Digital’s September board meeting said: “MedConfidential have made a complaint to the ICO around ongoing disseminations of HES data which are released without opt-outs being upheld when we have assessed them as in compliance with the ICO [code practice] on anonymisation.”

MedConfidential argues patients who have made a “type 2” objection, which requests no identifiable information held by NHS Digital is passed to a third party, should apply to HES data because NHS Digital is not meeting the anonymisation standards.

NHS Digital figures published earlier this year showed up to 1.2 million patients have lodged a type 2 objection.

The development follows the closure of the much criticised Care.data programme in July, a data sharing project that badly damaged public trust in the NHS’s ability to handle confidential records.

It is not clear which way the ICO ruling will go, but a well informed, senior source, whose interests rely on access to HES data, said the watchdog may rule in favour of MedConfidential’s position.

“How much impact [the decision would have] depends on how many people opt out, and the way the NHS is currently behaving risks that being higher than we expect,” the source said.

Heavyweight research figures including the founder and former head of the NHS’s National Cancer Intelligence Network Chris Carrigan, and the Wellcome Trust, have set out their concerns (see box below).

Wellcome Trust head of policy Nicola Perrin said the debate was “about what counts as anonymised”. She said: “Anonymised data from HES has been vital in a huge number of studies which have resulted in life saving interventions. It would be a serious concern if this research was put at risk.”

Ms Perrin said “robust processes” and sanctions to protect patients’ confidential information were critical but “proportionality” was needed.

“We cannot just put a brake on all the good work that is being done because there is a very small chance of re-identification by someone with significant motivation, resource and technical skill, who is willing to breach data protection laws,” she said.

Concerns have also been raised about the impact on commissioning and invoicing for services. Mark Davies, former NHS Digital medical director and now member of industry body Tech UK’s health and social care group, said a full HES dataset was “critical for [helping] sustainability and transformation plans to have a complete picture of clinical activity in their areas to accurately plan and manage services”.

MedConfidential coordinator Phil Booth said a ruling in the group’s favour would not impact payment by results. “If the ICO ruled that type 2 [opt-outs] should apply to HES, the payments by results system should not be disrupted due to the other data available for that purpose,” he said.

The HES dataset contains information from acute, primary care and mental health trusts in England. It is stored as a large collection of separate records, one for each “period of care”, by NHS Digital.

It includes identifiers such as a person’s NHS number, but NHS Digital can strip out identifiers in a way it says creates “anonymised” data, before it is supplied to third parties. If third parties want access to identifiable data – which they need to go through a further clearance process for – the type 2 opt-out should still apply.

HSJ understands MedConfidential is arguing that the replacement of some direct identifiers and the protection by contract is not enough – mainly because HES includes dates, such as the day of diagnosis, which could make “jigsaw re-identification” easier. NHS Digital rejects this argument.

An ICO spokeswoman confirmed an investigation was ongoing. NHS Digital said it had “offered its full support to the ICO in support of their investigation”.