What do the delays to the care.data plans tell us about privacy and policy making? Edgar A. Whitley considers whether the delays are the result of a poor communication strategy, ill–advised nudges or the consequences of a particular view of respect for persons and individual autonomy.
A six month delay in the implementation of the controversial care.data proposals has just been announced. The official narrative is that the delay will enable NHS England to “improve its communications campaign” so that individuals are better informed about, and hence more trusting of, the care.data plans. Critics, such as lobby group medConfidential, argue that the issue is fundamentally about policy making around medical confidentiality and not a question of poor communication.
Care.data aims to bring together patient health data from the various places where an individual may receive care and treatment including GP practices, hospitals and community services. This is done because collecting data from these various sources “helps researchers by supporting studies that identify patterns in diseases, responses to different treatments, and the effectiveness of different services”.
The data from GP practices (which includes coded clinical information as well as a person’s NHS number, postcode, date of birth and gender to allow the GP record to be linked with data from other sources) will be stored in a data centre run by the Health & Social Care Information Centre (HSCIC) unless individuals “opt out” of the proposals. Once stored within HSCIC, “potentially identifiable data” can be shared with NHS Commissioners, Health Service researchers and (other) analysts. Normally, the Data Protection Act restricts the use of personal data (including sensitive personal data about a person’s health—taken to mean physical or mental health or condition) to the purpose for which it was originally collected, but care.data drew on specific powers provided under the Health and Social Care Act 2012 to support the collection and use of this data from GP records.
With the societal benefits of the proposal apparently obvious, care.data took advantage of behavioural “nudges”. For example, a leaflet distributed to each household noted that “if you are happy for your information to be shared you do not need to do anything. There is no form to ﬁll in and nothing to sign. And you can change your mind at any time”. Those who “are not happy” are advised to “speak” with their GP practice. Arguably, a suitably worded letter sent to the GP would be administratively simpler to process and hence a provide a more effective opt–out.
A key feature of the care.data proposals is the use anonymisation / pseudonymisation of personal data as a safeguard for patient data. However, there is increasing evidence of the limitations of anonymisation techniques including both large scale statistical analysis and low–tech creative thinking resulting in disclosure from previously anonymised data sets. These concerns about the practical limitations of anonymisation have further undermined confidence in policy decisions around care.data.
One solution to the privacy challenges faced by care.data emerges from ongoing research involving LSE researchers. This research examines how technological developments can drive developments in policy rather than simply respond to them. Instead of relying on anonymisation techniques with dubious efficacy, this alternative approach presents a technologically enabled model of patient consent.
Historically, the requirement for consent has been underpinned by the ethical principles of respect for persons and for individual autonomy. The consent form has become the primary means of recording individual involvement in research and helps to determine whether additional consent is required for new, unanticipated research activities. As such, informed consent formalises part of the implicit social contract between publics and researchers.
A technologically mediated, dynamic form of consent could provide information to patients about how their data are being used within care.data. Focusing on consent and engagement rather than anonymisation also supports the “data sharing model” of the Caldicott review. Caldicott’s information governance review recommends improving patients’ awareness of their personal data use. Coupled with a transparent, reliable, and easy to use system for revoking consent, this would provide confidence about the uses of patients’ own data.
Together with colleagues we have been developing this model of “dynamic consent” as a means whereby patients can provide and revoke their consent in an easy to use, reliable manner through a variety of technological interfaces.
Freely given, ‘informed’ consent is a unanimous requirement of biomedical law, privacy and information legislation across the world. Whilst there are a number of exemptions from consent for medical research that exist in law, including the statutory basis for care.data, the dynamic consent model provides a way to meet the highest international ethical and legal standards without having to anonymise data and offers a way forward for care.data that goes beyond just improving its communications campaign.
Disclosure: In the context of earlier work on the previous government’s plans for identity cards, Phil Booth, now with medConfidential, and I were described by David Blunkett as having “persuaded large swathes of the normally well–informed population, including vast swathes of the media, that the identity cards scheme and the second generation biometric register were intended to impact on the public and intrude on their civil liberties in a way that was never intended and was never going to happen”.
Note: This article gives the views of the author, and not the position of the British Politics and Policy blog, nor of the London School of Economics. Please read our comments policy before posting.
About the Author
Edgar A. Whitley is Associate Professor (Reader) of Information Systems in the Department of Management at the London School of Economics and Political Science. Edgar was the research coordinator of the influential LSE Identity Project on the UK’s proposals to introduce biometric identity cards; proposals that were scrapped following the 2010 General Election.