Opinion The realisation of some digital health benefits within the NHS might have been delayed by the extra requirement for consultation on a new consent model governing the use of patient data.
A new consent and opt-out model could help clarify constraints that apply to data use in the NHS and promote new digital health initiatives. Those initiatives rely on the ability to aggregate, interrogate and link patient data.
It is critically important to build patient trust in the use of new technologies, working practices and data analytics, and a consultation on a new opt-out and consent model will help the government and NHS England to achieve that.
However, it is disappointing that the main output of Dame Fiona Caldicott's recent review concerning the consent of NHS patients in England to the use of their health data is a recommendation for further consultation on an opt-out model with two variants.
It could have been hoped, at the very least, that the national data guardian would have indicated her favoured option for a new opt out and consent model to help focus debate and bring a speedier conclusion to the issue.
The findings of the review
Caldicott's review, which also assessed data security issues in the NHS, made a series of recommendations on how to resolve issues concerning patient consent to the use of health data.
The review found that the public largely trusts the NHS to store and safeguard data, and that there is a widespread expectation and acceptance that data will be shared across the NHS, subject to some important caveats.
The first caveat is that it is the general expectation of patients that data will be anonymised wherever possible. The second qualification is that whilst patients are generally happy for their data to be used in the provision of direct care, their level of support for other uses of that data varies markedly. The review looked into support for data being used for NHS planning, quality control, clinical research, management of public health and development of government policy.
The review also found that there continues to be low levels of public knowledge in relation to the way in which data is used in healthcare. It also flagged a need for clarity as to when information will be shared and for what purpose.
The proposed opt-out models
In her report Caldicott proposed a new opt-out mechanism based on either a single question or two linked questions.
If a single question is used, patients would have to decide whether to opt out from having their personal confidential information used for any purpose beyond their direct care.
If the two question opt-out model was adopted, patients would have a more detailed choice. They would be able to opt out from their personal confidential information being used beyond direct care, in relation to either or both of the provision of local services and running the NHS and social care system; and/or the support of research and improvement of treatment and care.
The review does not recommend the adoption of one opt out model over the other, but instead requires that both models be put out to consultation.
In order to inform the consultation process, the review provides examples of the consent requests that could be adopted, both by way of information profiles and using tick box questions.
Other conclusions and recommendations on consent
The review proposes that information being used for the direct care of an individual should not be subject to an opt-out, even though there is a ‘trust differential’ between various types of care provider, with lower levels of trust existing in relation to providers of social care.
The Review also proposes that patients have the right to: ask health care professionals not to share particular types of information; and opt in to the sharing of data on a project-specific basis.
A recommendation that individuals should not be entitled to opt out of the sharing of properly anonymised data is also outlined in Caldicott's report. This is on the basis that anonymisation would be carried out in accordance with guidelines issued by the UK's data protection authority, the Information Commissioner's Office (ICO), by the Health and Social Care Information Centre (HSCIC). The HSCIC is being renamed NHS Digital as part of a broader re-branding exercise.
Caldicott also called on the UK government to consider the introduction of tougher sanctions to discourage the reversal of any data anonymisation measures.
The care.data programme
Caldicott's review triggered a ministerial statement confirming that the care.data programme is being closed. The care.data initiative looked to promote greater sharing and use of medical data held by GPs in England.
The opportunity that NHS England now has to relaunch care.data under a new banner compliant with the outputs from this latest Caldicott review will be further enhanced by the rebranding of HSCIC as NHS Digital.
Drawing a line under what was in effect a 'false start' must be the right approach. However, patient trust is a finite resource, even in context of the NHS. With that in mind, the recommendations of Caldicott must be implemented quickly so as to unlock more of the real benefits of digital health within NHS England.
Copyright © 2016, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.