What’s wrong with care.data?
It’s been a tough few weeks for care.data. The roll out of the initiative – which aims to combine GP and hospital records in the national Health and Social Care Information Centre (HSCIC) databases – has been postponed for a second time for six months. Doctors have reported being confused about the respective demands of the Health and Social Care Act 2012 and the Data Protection Act; and there were awkward moments at this week’s Health Select Committee meeting when basic questions about how past data had been used could not be answered. The fear is that a very worthy and laudable project could go the way of that other ill-fated data integration exercise – the ID card scheme – unless dramatic improvements can be made. So what’s the prognosis?
On initial examination, the negative reaction to care.data presents a conundrum. Why is it that when most of us are relaxed about sharing our most intimate details with the likes of Facebook and Google (our name, age, relationships, what we like, what we search for, what we need, and even our current location), we regard with concern or hostility the idea of government joining up our data? Why do we willingly accept deep and commercially-driven analytics to be performed on our personal information for relatively mundane online actions, yet resist it for the far nobler cause of improving healthcare? Three factors may help explain the difference: benefit, trust and consent. All three seem to be worryingly weak in care.data’s current form.
Start with the benefit. When we share our personal details and interests with a social network or search engine, we do so in order to gain an immediate and direct personal benefit. In return for giving up some information, we can connect with family and friends, or find the perfect product, service or information. Log in, search, find, reward. You give; you receive – the feedback loop is quick, simple and obvious. Meanwhile, NHS England lists the priorities of care.data as follows:
“[F]irst, to support patients’ choice; second, to advance customer services; third, to promote greater transparency; fourth, to improve outcomes; fifth, to increase accountability; and finally to drive economic growth by making England the default location for world-class health services research.”
The order is surely misleading. In contrast to social media and search engines, the direct benefits to individuals of taking part in care.data are likely to be a long way into the future for all but a tiny minority. What is a much greater and more immediate benefit is how this data can help build a more efficient healthcare system and provide better analysis of medical outcomes in the long-term, but it lacks personal advantages such as hospital staff being able to view our GP history. If we are being asked to give our data as a philanthropic, social act for the wider health of the nation then that argument should be made loud and clear. Patients will find it disingenuous to be told that this is principally for their direct benefit and choice.
The second issue is trust. Britons are uneasy about how government will use their data (our medical records are, after all, deeply personal and sensitive), and are particularly concerned by the issue of anonymity. There have been mixed messages on both fronts. Regarding anonymity, the care.data information leaflet sent to each household stated that “We will use information such as your postcode and NHS number to link your records”. In fact, while names and addresses will be removed, care.data will link records using our age, gender and postcode – the same information held on the Electoral Roll to which literally thousands of organisations across the UK have access. Further documents clarified that once our records are linked in the HSCIC databases, those pieces of information will be replaced with a code to protect our identity, but it remains unclear when in the process this happens or by whom. The fact that GP records will be re-extracted on a monthly basis suggests that our personal information will still need to be maintained somewhere (as part of a reference system) to update HSCIC records. And even once anonymised, several writers have demonstrated that patients could be easily re-identified by combining records with other data sets.
As for who will be able to use the data, again messages have been mixed. We were initially told that insurance firms would not have access, but Tuesday’s Select Committee hearing heard that, in 2012, it was used by these companies (albeit under the now replaced Health and Social Care Act 2006). Subject to approval and with restrictions on use, it looks likely that organisations such as pharmaceutical companies, health charities and universities will be able to request access to anonymised data. Amid such ambiguity, it perhaps not surprising that there is a lack of trust. Ben Goldacre put it well in a recent Guardian article when he said that “by and large, the public support public research, but are nervous about commercial exploitation of their health data.”
The final issue is the much-debated notion of consent. As it stands, the scheme is opt-out rather than opt-in. That decision is understandable. The nudge effect (whereby most people never change a default setting) is expected to ensure that the majority of records are included, whereas if it were opt-in, perhaps only a minority would sign up – the same problem that has long affected organ donations. It has also been argued that the most vulnerable patients would be least likely to sign up to an opt-in system and thereby be under-represented in health statistics. Whatever the merits of such arguments, it is hardly reassuring when, according to a Pulse survey (which admittedly had a small sample size of just 400), 40% of GPs said they intended to opt themselves out of the scheme. Compounding dissatisfaction is the lack of a standardised mechanism for those that do wish to opt out; current advice is to ‘speak to’ your GP. Without a more effective process, there is likely to be an ever greater erosion of trust.
A Better Way Forward
Despite the flaws in the initial execution of this project, the principle of using data to improve public services is not only sound but essential. There are huge gains to be made in achieving better health outcomes and ensuring the NHS can operate in a way that is both more responsive to patients and also more cost effective. But if this programme is to work, steps must quickly be taken to improve patient benefits, trust and consent. By the end of the six month postponement, we need a clear articulation of the benefits of the scheme and how our data will be anonymised, used and shared; and a much clearer mechanism for opting out. Tim Kelsey was spot on when he told the Health Select Committee that this was “not a PR stunt”. Indeed, the information communicated to the public about the project must reflect clear operations on the ground.
Longer-term, the aim for healthcare data must be to focus on the patient. Estonia provides an insight into how this could be achieved. It begins with patients having access to their own electronic healthcare records. There, they can “granularly assign access rights to the general practitioners and specialized doctors of their choosing.” Beyond this, in cases where individuals cannot control who views their data, they should at least be able to see who has accessed their record and have the right to ask why they have done so. There are undoubtedly complications with the idea of patients ‘owning’ their data, but giving them this kind of control should be possible. (Tim Kelsey was asked at the Select Committee if he supported George Freeman’s Bill to have data recognised as owned by people. He stated that he did.) If individuals had access to their own electronic records, their details could still be shared with HSCIC by default, but patients would have a simple online mechanism to opt-out if they chose to do so. Incentives could be offered for patients to remain opted-in, for example having the ability to compare their own health information with aggregated records of those of the same demographic or with a similar condition. This model would reward patients, create trust on how their information was used, and ensure a proper mechanism for giving consent.
There are numerous benefits to integrating personal data, both in healthcare and in many other domains where the public sector holds our details. But if government wants them to succeed, they should learn from the reaction to care.data and design systems that put the individual first.