Medical data: does patient privacy trump access for research?BMJ 2013; 347 doi: http://dx.doi.org/10.1136/bmj.f5516 (Published 11 September 2013) Cite this as: BMJ 2013;347:f5516
A national drive to gather and store more information on patients—both medical and genomic—is under way. At the same time, researchers are on the brink of accessing individual patient data from the vaults of drug companies’ clinical trial records. But with this fundamental shift comes a new concern: how can we make best use of individual patient data without impinging on privacy? In the wider world, recent cybersurveillance scandals have led to a new nervousness about privacy. For patients the concerns are that their privacy is protected and that data are not used inappropriately or mischievously for the wrong reasons.
All three potential sources of medical data for research in the UK—a data service providing patient records from general practices and hospitals, data from clinical trials, and a NHS DNA database built from patients’ genomic information—are proving controversial.
Researchers currently get data from patient records mainly through the clinical patient research datalink (CPRD). The electronic health records given over are anonymised—patients’ names and dates of birth are removed and postcodes are obfuscated. Ben Goldacre, author and research fellow in epidemiology at the London School of Hygiene and Tropical Medicine, says: “In my day job I work partly on CPRD data—full electronic health records of every blood test, every prescription, every diagnosis—for observational epidemiology.
“Recently people have got a little bit worried about the government saying that it is going to exploit NHS electronic health records as a way of making money by selling them to industry to do research on.
“But, the GP research database has been around for a couple of decades and quite correctly, we sell that information to drug companies who use it to do observational epidemiology research into potential risk signals.”
In August, NHS England announced it was commissioning the Health and Social Care Information Centre to run the care.data service, which is designed to make better use of the information in general practice patient records, including data such as referrals and NHS prescriptions. Data from general practice will be linked to Hospital Episode Statistics, thereby transforming it into the Care Episodes Service.
The information centre has worked with the BMA and the Royal College of General Practitioners to produce information materials and guidance, including for GPs,1 to support practices and raise awareness among doctors and patients.
Patients who are not happy for their data to be used in this way can ask their general practice to note this in their medical record and can opt out.
Sam Smith, a technology adviser for campaigning organisation Privacy International, says: “I think patients are happy for their medical data from general patient records to be used by bona fide academic researchers in a university if they are asked.
“There will be a very small percentage who will object, but the vast majority, if they know what it’s going to be used for—ie, legitimate research for the benefit of humanity—will not.”
However, he is concerned about the public’s lack of knowledge about NHS England’s plans for care.data: “It’s down to communication and the opt-out. Patients are entitled to opt out, but it’s being buried. NHS England, in the first place, did not want the opt-out at all.
“NHS England talks about a digital NHS and that lots of things will be on the web and you can download your medical history, but the posters and the leaflets for care.data contain no URLs. They suggest you talk to the receptionist about how we use your medical records. There are some GPs that are actively telling their patients about care.data but most won’t.”
The plans to build a DNA database on 100 000 people for the NHS are also causing controversy. The pilot database will create a variant file containing the whole genome of each person minus the reference genome that will be attached to the medical record. If the pilot is successful it will be rolled out to every person in the NHS in England.
The Human Genomics Strategy Group report, commissioned by the government and published last year, says: “Genomic technologies have the potential to transform the delivery of healthcare in the UK, providing vital insights to support more accurate diagnosis of disease and inform therapeutic decisions.”2
The report recommended that the Department of Health, in partnership with the Department for Business, Innovation and Skills and partners, should establish a central repository for storing genomic and genetic data with the capacity to provide biomedical informatics services.
In addition, there should be agreements that require data from tests carried out by NHS commissioned laboratories to be made available to nationally designed research databases but ensuring patient confidentiality and data protection.
GeneWatch UK, a not for profit organisation that aims to ensure genetic science and technology are used in the public interest, is worried the proposals will create privacy problems. It says such a database could mean that a person’s employer or a drug company could be classified as a researcher and thus gain access to data about people who have had a workplace related illness or an adverse drug reaction and work out their identity.
A potentially major new source of patient data is from drug company clinical trials. Pressure has been building over the past few years for drug companies to provide more data, including from the BMJ’s open data campaign.3
As well as the more general clinical study reports, researchers also want access to individual patient data—information about trial participants such as blood tests and dates of hospital admissions.
Goldacre says accessing individual patient data needs careful consideration: “For clinical study reports with personal data removed, summary results, and for registration, there is no ethical argument at all against making all of that information publicly accessible for all the trials. For individual patient data, there is a world of caveats and structures and mechanisms that need to be discussed.”
But Goldacre is clear on the benefits of access to individual patient data: “When it comes to sharing individual patient data, there are many more opportunities. We can try to identify subgroups of patients who do better or worse on a particular treatment and then target our interventions so that people get treatments that are likely to do them more good than the general population.”
When sharing data with researchers, it should be checked that they are competent to protect the information and do the analysis, he says.
Carl Heneghan, professor of evidence based medicine at the Department of Primary Care Health Sciences at the University of Oxford, agrees there are worries about patient privacy when dealing with clinical study reports and individual patient data.
“They do contain what people consider is identifiable data, such as age, sex, and an event,” he says. “There is a remote possibility that you could put information together and work out what was going on, yet I’ve never seen anybody do that and never seen anybody want to do that or attempt to.
“If you don’t know all of the data, you cannot come to a decision about the effectiveness of treatments and how it’s going to work in clinical practice. If you don’t know all of that, you shouldn’t be using the treatment.”
GlaxoSmithKline has pledged to make all its clinical study reports publicly available on its register and is opening its platform for controlled access to patient level data.
James Shannon, the company’s chief medical director, says one worry for companies and academics is that making data more widely available could mean journalists could trawl through results and come up with unfair and sensationalist conclusions.
“There is a concern that data will be used irresponsibly and that’s why we have put in place the system of review of the protocol or the question to be asked such that we look and make sure that there are statisticians and capable people involved in the team who are going to look at it and interpret it,” says Shannon.
Anonymising patient data properly is not straightforward, argues Shannon, who says: “It’s a very important element that whenever we release clinical trial data, that we respect the privacy of the patients who participated in the trial.
“We have put in place a system where we anonymise the data and then we throw away the code sets so it is theoretically not possible to go back to the individual.”
The European Medicines Agency is also looking at this issue and in June, released its draft policy on publication and access to clinical trial data.4
Plans within its consultation, which runs until 30 September, if implemented, will allow researchers access to patient level data to conduct and publish their own re-analyses and secondary analyses.
Despite the many concerns over patient privacy, Heneghan says transparency will become increasingly important.
“We have got an ageing population and people with more chronic disease and disability, and it’s going to cost more money,” he says. “We have got to save money and we cannot afford very costly treatments that don’t have much benefit and don’t declare the full effectiveness for our healthcare system.”
He believes that the argument is not just financial but ethical: “Can anybody tell me from an ethical point of view, why the true effectiveness of a treatment can be outweighed by the potential that somebody will be identified in that process? Are they prepared to let people die on the basis that somebody may be identified?”
Cite this as: BMJ 2013;347:f5516
Competing interests: I have read and understood the BMJ policy on declaration of interests and have no relevant interests to declare.
Provenance and peer review: Commissioned; not externally peer reviewed.