Auditing Demand for Health and Care Data: In Search of Radical Transparency
24th May 2019
Dr Josefine Magnusson, Senior Research Officer, Future Care Capital
How will we ensure individuals are able to understand and have more of a say or stake in whether and how the social, economic development and commercial value of health and care data about them is being harnessed?
In a world where personal information about anything – from shopping habits to medical history – is amassed in electronic form, data is now more valuable than ever. Routinely collected health and care data is attractive for, amongst other things, its utility in the design, commissioning and delivery of services impacting individuals’ care and population outcomes; stimulating innovation and the creation of new businesses and employment opportunities; enhancing competition amongst suppliers of products and services to health and care organisations; as well as for research.
Over recent months, we have tried to better understand the demand for data held by NHS Trusts in England. Using a standard Freedom of Information (FOI) request, we asked Trusts about the number of times third parties sought access to data they control for research or commercial purposes, the types of organisations that made such applications and the proportion that resulted in a commercial or financial relationship.
NHS Trusts are not required to systematically record information about the requests they receive for research and commercial purposes, making comprehensive analysis of data access arrangements challenging. Twenty per cent of Trusts that responded to our FOI request reported not holding or recording this type of information, and a further eighteen per cent were unable to answer our questions because it would prove too costly in terms of both time and resources for them to do so. This gap in record keeping is important, because concerns about who has access to data and the uses to which they are put has repeatedly been shown to impact public attitudes towards data sharing. Where organisations (of any type) do not appear to maintain records of requests to access the data they control, they may well be ‘technically compliant’ with the provisions of the Data Protection Act (2000) but are not necessarily acting in accordance with the spirit of the General Data Protection Act. We need radical transparency to build public trust.
The situation appears to be compounded by the fact that the demand for data differs according to the type and location of Trusts. Acute and Mental Health Trusts, for example, report receiving substantially more requests to access data than either Ambulance or Care Trusts – perhaps, indicating that certain types of data are perceived as more valuable or useful than others. The Trusts with the greatest demand for data (and the greatest likelihood to enter into a commercial agreement with a data requestor) tend to be located in three geographic regions (London, the West Midlands and the North West) and are, most commonly, situated close to a Russell Group University.
As a result, it might be the case that data about some individuals or groups will be used more ‘intensively’ than others – raising questions about the potential for data bias to impact resultant treatments and technologies. It also points toward a disparity in the extent to which NHS Trusts might be able to help stimulate data-driven economic development or generate revenue from ‘data deals’ which, in future, could impact local productivity and the financial position of Integrated Care Systems.
To address some of the issues outlined above, we recommend the government
- mandates standard returns from health and care organisations so that data supply, demand, and commercialisation activities are made transparent;
- pilots innovative approaches to auditing and communicating the demand for data – to test their trustworthiness from the point of view of individuals and utility from the point of view of constituent organisations and front-line professionals as well as innovators and commercial entities.