Citizen’s data, healthcare and trust


Health data has informed a central part our NHS for more than two decades, helping the informative bodies to improve services and understand health trends. This has also proved key in understanding, and attempting to mitigate, the worst impacts of COVID-19. However, when this data is shared with secondary bodies, does the public trust that this will be used in good faith?
In this blog, John Ainsworth and Niels Peek, Professors in Health Informatics, discuss how and why policymakers should strive to maintain public trust in health data.
Data in electronic health records (EHRs) must abide with the UK’s General Data Protection Regulation (GDPR).However, previous failures of the NHS to follow this legislation regarding data sharing has rendered public health data a contentious topic.With the NHS under increasing pressure, policymakers should strengthen transparency and communication around EHRs.
The UK’s National Health Service (NHS) has had electronic health records in GP practices for more than 20 years. These records are kept from cradle to grave and, increasingly, electronic records are also being used in hospitals, social care, dentistry, and other parts of the healthcare system.
The NHS number provides a unique identifier for each citizen which can be used to link data from different databases together, providing a rich, comprehensive source of real-world evidence.
However, its enormous potential for purposes beyond direct care was soon realised and some high-profile cases of data misuse have dented public trust. So, how can we maximise this resource for the benefit of all, and rebuild that trust?
Powerful, useful but highly sensitive
The data in electronic health records (EHRs) is powerful and extremely useful. It can help us improve healthcare services, understand diseases in populations, and assess the safety and effectiveness of treatments. But health is an intimate area of personal life and few people feel comfortable with the idea that strangers can see their health record.
All health professionals therefore have a duty of confidentiality, which means that they cannot disclose this information to others without the patient’s consent. A legal framework exists to share EHR data for purposes beyond direct care without needing consent from every citizen.
This is the Data Protection Act 2018, the UK’s implementation of the General Data Protection Regulation (GDPR). In essence, it says that all person-identifying information should be removed from personal data before such data is processed for purposes beyond the reasons for which it was originally collected – in this case, healthcare provision.
Legal cases, headlines and damage to public trust
So, problem solved? Unfortunately, not. The use of personal health data for uses other than providing care is contentious, because of the lack of public trust.
In 2018, the Information...

Top