Who’s using your family’s health data and how secure is it?

Beth McCleverty is the columnist today from Genetic Alliance UK

Data, from many angles, has been somewhere near the top of the agenda for a while now. Whether the issue you associate with ‘data’ is around using your phone to pay for things in shops, or the way Facebook uses your data to advertise to you, I’m willing to bet you’ve thought about it.

Health and medical data is probably something you’ve thought about as well, whether that’s the records your GP holds, or as you tick a box to consent when your child joins a research study – it’s all relevant.

Who's using your family's health data and how secure is it?

In the world of health and social care, the controversial care.data programme has been very recently closed after a public backlash. However, it's set the scene for the government to do some serious work to make sure that there is a robust framework for the sharing of health and social care data that the public can be confident in.

To that end, Dame Fiona Caldicott, the National Data Guardian, has undertaken a review of data security, consent and opt-outs in the health and care sector. Dame Fiona has developed new standards for data security to be applied to all health and care organisations as well as a mechanism to make sure people are complying with them. She has also proposed a new consent model for data sharing in the NHS and social care. Last week Dame Fiona released her report, dubbed the Caldicott Review.

Making sure your data is secure

The Caldicott Review has made recommendations about the way our health and care services should be treating our data. These are around strengthening accountability for data security, including bringing data security in line with areas such as financial accountability and clinical standards. It will also mean including data security standards in Care Quality Commission (CQC) inspections.

It's been recommended that NHS England amend their standard contract so that contractors would have to comply with the same levels of accountability and security. There would also be harsher penalties for anyone who misuses data purposefully and/or maliciously.

Generally, these recommendations all seem straightforward and positive common sense changes to improve the integrity of data security in health and social care data.

Giving your consent and opting out of data sharing

One of the interesting things that Caldicott has attempted to deal with, is how people consent or opt-out of having their data shared.

Often people's initial reaction to consent and opt-outs with data-sharing might be to opt-out – for example, ticking the box to stop that online retailer selling your email address. But when it comes to medical data, there are a whole world of benefits to sharing data (and less risk of spammy emails).

The patients who we talk to are often relatively well-informed about the benefits of data sharing for research. It’s hard to ignore that by their nature, rare diseases have small patient populations. This means collecting as much data as possible, often across international boundaries, is vital if researchers are going to be able to carry out meaningful studies, diagnose more patients and find treatments.

Generally in our community, patients and their families feel that not sharing data would be detrimental to research efforts and therefore damaging to the scientific advancements that they look to for improvements in the quality and length of their lives or the lives of their loved ones.

From that perspective the recommendations that Dame Fiona has come up with are pretty favourable. She has separated data into two categories. First, the information attached to your name (or anything else that could identify you as an individual) and second, the data that has been collected in health and care that has been anonymised and cannot be connected with you in any way.

The proposals set out in the Caldicott Review suggest that you would have an opt-out to the sharing personal confidential information that relates to you, or any living individual, who can be identified from the information.

However, this is not so for anonymised information. Some data from the health and care sector would be passed to the Health and Social Care Information Centre, a government body that acts as the statutory safe haven of the health and social care system. They will de-identify, or anonymise, the data and then pass it on to those that need to use it. Patients would not be able to opt-out of this sharing of your data. There are also a number of contexts in which the opt-out does not apply to the use of personal confidential data. These include where there is an overriding public interest or where required by law, for example if you were diagnosed with Ebola, your doctor is required by law to report that, as it is highly contagious.

As I said, this seems to be going in the right direction, but it’s worth remembering that the same characteristics that make the rare disease community so keen on data sharing (i.e the low patient populations) also leave the same people’s data easier to re-identify. Where conditions are really rare, there is a higher risk that patients could have their identity compromised, even without deliberate or negligent handling of the data.

We’re aware that this concern is real for families with rare conditions and we will continue to engage with this process in the hope that the final model will meet the needs of our community.

GAUK Logo
Visit the new updated Genetic Alliance UK website

So what now?

A consultation was launched shortly after the publication of the Review, and will be open until 7 September 2016. Alongside this there will be further testing of the opt-out questions with various stakeholder groups. The Wellcome Trust has also announced that they will be setting up an independent task-force in response to Dame Fiona’s recommendations, which we look forward to being involved with.

If you have any comments or questions about this topic please feel free to get in touch with our Policy Officer, Louise Coleman

The Genetic Alliance UK annual conference, taking place on Tuesday 27th September 2016, is now open for bookings. You can book your place at this link. If you're part of a patient/ carer support group or a small charity for a genetic condition, please consider joining Genetic Alliance UK

Sign up for SNJ new post alerts

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Beth McCleverty, Genetic Alliance UK
Follow me:

Beth McCleverty, Genetic Alliance UK

Policy and Communications Assistant at Genetic Alliance UK
Beth McCleverty is the Policy and Communications Assistant at Genetic Alliance UK. She has a masters degree in Public Policy and manages all of the communications at the charity. She also supports the policy work of the organisation, focusing on making sure the patient voice is heard in policy making.
Beth McCleverty, Genetic Alliance UK
Follow me:

Latest posts by Beth McCleverty, Genetic Alliance UK (see all)