Out of the wreckage of care.data, something will emerge. It can be better, but that will not happen without a multi-organisation discussion led by medical professionals and patients, with everyone at the table being heard. If that doesn’t happen, what replaces it be care.data2, without the culture change that Dame Fiona Caldicott has called for.
We have several proposals, which generally look at processes designed to enhance trust and help make all flows in the NHS consensual, safe and transparent:
Tell patients about every access to their medical record for direct care, and every use of information from their record for secondary uses. It’s that simple: hide nothing from the patient. It is the secret corners that cause concern. This should be achievable for the majority of the areas of most significant concern, for all patients, within 6 months.
Where patients are happy to allow their data to be linked and used for research, it must be with the appropriate level of security. The HSCIC Secure Data Facility is such a facility of the type that should be used for all individual-level data access, and we will continue to engage to ensure it delivers the necessary benefits and the necessary protections. This would also improve the work of the disease registries (1/9/2016).
NHS England can commit to a change process which embeds public confidence in their uses of data. So far, it has only committed to a single consultation for the next round of (big) changes.
To have privacy, a citizen should not have to learn how the NHS works. Hence, consent choices about the secondary use of patients’ information should cover all data flows for purposes other than their direct care. We propose a single Spine-based consent setting: “Dissent from disclosure of individual-level data for uses other than my care and treatment”.
5) A modern Lloyd George Envelope [Updated]
When medical records are not being edited by a care provider, they should be classified, and subject to the highest legal protections that the UK can provide – the Official Secrets Act. Which needs better protection – official memos, or our consolidated medical records?
When they’re all in place, a new data programme?
Once all 4 of these are in place, and with a statutory National Data Guardian to oversee the entire system, there can be a full and open discussion about what the new data framework should be for the future of research and secondary uses.
“One of the descriptions of care.data that has been used is that it was the most data they could sneak past without anybody noticing”, and it’s terrible. This does not mean that a proper programme, looking at the full care episode history for individuals who wish to be included, could not be done safely, in time.
Secondary use of patient data is clearly necessary to achieve specific, clearly-defined benefits but the use of individual-level data and/or linkable identifiers should be done only through processes of data replacement (using such data only where absolutely necessary), reduction (using the minimum amount of data necessary) and refinement (using methods that minimise the risk of harm and distress) and as part of a national conversation.
When examined on a case-by-case basis, an appropriate data product with deconflated requirements can be defined in each case. We have conducted a worked example for two of the most complex, and most cited, scenarios: risk stratification and invoicing (2018).
The important question still remains: what would a good, high-quality dataset look like, that didn’t try to sneak anything anywhere? With properly managed consent and with the public’s full knowledge and support, what would meet – or possibly even exceed – the needs and wishes and potential of the UK research community, in the problems they are trying to solve?