Should we be worried about the NHS selling patient data?BMJ 2020; 368 doi: https://doi.org/10.1136/bmj.m113 (Published 15 January 2020) Cite this as: BMJ 2020;368:m113
Who owns the NHS’s patient data?
There may be no meaningful answer to this. “Legally, there isn’t really such a thing as owning data,” explains Natalie Banner, lead on the Understanding Patient Data programme at the health research charity the Wellcome Trust. “Under UK data protection law, you can be a data controller, you can be a data processor, or you can be a data subject, the person the data are about.”
The NHS organisation that collects the data is usually the controller of those data, and any organisation that the NHS contracts to process the data would be classified as a data processor, Banner explains. As data subjects patients have rights concerning access to data held about them, and there must be a lawful basis for processing personal data, she adds.
Josh Keith, a senior fellow in the Health Foundation’s data analytics team, says that, rather than thinking about “owning” patient data, it is more useful to think about who has access to data, who decides how they are used, and who acts as the gatekeeper to the data.
Haven’t we tried sharing patient data before?
In England the 2013 care.data project tried to link data from different datasets to help improve patient care.12 But the initiative ran into problems, in particular a failure to secure trust around data security, and was abandoned in 2016.3 “The key lesson from care.data is the need for open and proactive dialogue with the public to make sure their wishes and views are built into processes,” Keith says.
Banner says that, though the system isn’t perfect, after the experience with care.data it is now much clearer to patients how to opt out, if they don’t want their data shared for purposes other than their own care. It is also now clearer who can access NHS data, and a register sets out who has accessed data, on what basis, and for what purpose.
In recent years technology has improved, and the potential benefits of making better use of patient data are increasingly recognised. “It feels like there is a stronger rationale for actually using data in the public interest to help improve care for patients,” Banner says.
What are the benefits to patients?
The hope is that technology companies will be able to analyse the huge amounts of data generated by modern healthcare and produce tools to improve the design and delivery of health services. This might include analysing genomic data or triaging diagnostic imaging results, or improving the efficiency of back-office functions or processes such as ordering blood stocks and other clinical supplies.
“The technologies that are being developed have the potential to improve health by detecting diseases earlier, moving care closer to home, and encouraging health promoting behaviours,” Keith says.
Tools could also be developed to help give patients better access to their own health information, Banner says. “The thing I’m most excited about is the difference it could make to patients if they can use their own health information to manage their conditions better,” she says.
Why do companies want access to patients’ data?
Technology companies need data to understand problems, to develop artificial intelligence tools to help solve those problems, and to train and test those tools, Keith says.
NHS patient data are particularly valuable, Banner adds. “If you think about the cradle to grave nature of the NHS, and the diversity of the NHS, then the richness of that data is really valuable, for example in helping to train algorithms,” she says.
How much money might be involved?
Some estimates reach billions of pounds. The government has been told that UK health data are worth “easily more than £10bn,” the Times reported.4 The 2017 life sciences industrial strategy included the goal of using “patient capital” to help create “four UK companies valued at over £20bn” within a decade.5
But Banner points out that the value of data comes from the way they are used, rather than being a static entity. And this use is likely to include patients understanding their conditions better, clinicians and administrators working more efficiently, and services being better designed, all of which are difficult to put a financial value on. She does not think that it is feasible to put an accurate figure on the value of patient data.
What if patients don’t want their data to be shared?
Though patients can opt out, Banner says that this applies only to confidential patient information that is identifiable, and organisations are still allowed to share patient data if they have been anonymised in some way.