Intended for healthcare professionals

Feature

Care.data: why are Scotland and Wales doing it differently?

BMJ 2014; 348 doi: https://doi.org/10.1136/bmj.g1702 (Published 20 February 2014) Cite this as: BMJ 2014;348:g1702

Re: Care.data: why are Scotland and Wales doing it differently?

Dear editor,

We would like to comment on the recently published article on the use of general practice data for research. We appreciate that it is difficult to capture the detail of complex systems in short feature articles.

The article is correct in its general description of the Secure Anonymised Information Linkage (SAIL) system operating in Wales. However, there is some potential for confusion in some of the language used which requires clarification and elaboration. The article states that ‘The Welsh system does not hold any fully identifiable data, and researchers need consent from individual patients to access red data’. The term ‘fully identifiable’ could be open to misinterpretation.

SAIL has been designed with privacy protection at its heart. It does not hold any ‘red data’, i.e. names, addresses, postcodes, dates of birth or NHS numbers that can identify individuals directly or by cross referencing to other sources. Instead, SAIL holds a set of unique encrypted numbers that enable data to be linked. These are derived via multiple separate encryptions by different organisations and hence it is not possible decrypt identities within SAIL.

We are well aware of the potential to identify individuals from de-identified data using so called ‘jigsaw’ attacks with linkage to other sources of data. This is not possible with the SAIL system as no data, with one exception, ever leave the system. Access to data in SAIL is through a secure remote analysis platform and then only to curtailed data. Researchers are provided with access limited to the data they require to answer the scientific questions within their projects. Each project requires approval of the Independent Governance Review Panel (IGRP) comprising experts in information governance and ethics, drawn from the British Medical Association (BMA), Public Health Wales, National Research Ethics Service, NHS Wales Informatics Service (NWIS) and members of the public. The IGRP mechanism ensures that the data put together for researchers conform to Information Governance regulations, and that the use of data is in line with the stipulations in the agreements between SAIL and data providing organisations [1].

SAIL has an active Consumer Panel made up of members of the general public. The Panel provides a public perspective on data linkage research and independent advice on data protection issues. Members are involved at the strategic level on the SAIL Advisory Board, and at the project level by reviewing proposals and information for dissemination[2].

We mentioned ‘with one exception’ earlier. In some cases, as part of a clinical trial or cohort study, members of the public give individual explicit consent that their medical records can be made available to those in charge of the study. In these cases the research team can apply to the NHS Wales Informatics Service (NWIS) to generate a separate linkage key which links to their anonymised data in SAIL. After approval from the IGRP, SAIL then complies with the expressed wishes of the patient and arranges for the secure transfer of data to the study custodians. At no stage, does SAIL hold any ‘identifiable, red data’.

Also, for the avoidance of any confusion the Health and Social Care Act 2012 that gave the Health and Social Care Information Centre the power to require all general practices in England to upload their data does not extend to Wales. General practice participation in SAIL is voluntary and is widely supported by GP leaders, including from GPC Wales and RCGP(Wales).

1. Jones KH, McNerney CL and Ford DV. Involving consumers in the work of a data linkage research unit. International Journal of Consumer Studies, January 2014, 38:1:45-51, doi: 10.1111/ijcs.12062

2. Jones KH, Ford DV, Jones C, D’Silva R, Thompson S, Brooks CJ, Heaven ML, Thayer DS, McNerney CL and Lyons RA. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy protecting remote access system for health related research and evaluation, Journal of Biomedical Informatics: special issue on medical data privacy, January 2014, doi: 10.1016/j.jbi.2014.01.003

Competing interests: Ronan Lyons and David Ford are co-Directors, and Kerina Jones the Information Governance lead, for the Secure Anonymised Information Linkage (SAIL) system

22 February 2014
Ronan Lyons
Professor of Public Health
David Ford, Kerina Jones
Swansea University
College of Medicine, Singleton Park, SA2 8PP