Data sharing in the NHS needs to happen. But not without building trust first

The merger between NHS England and NHS Digital raises new questions about whether the body can be trusted with patient data

By Nigel Jones

Co Founder of The Privacy Compliance Hub

February 2023

For people like me who are endlessly fascinated by data and privacy, 1 February was a date of note. That was the day NHS England officially took over NHS Digital. The merger was a surprise to many when it was announced in 2021. One former chair of NHS Digital called it a “significant retrograde step” that could undermine the public’s data rights. And, as February 2023 dawned, the national data guardian for health and adult social care, Nicole Byrne, said NHS England now needs to “demonstrate it is trustworthy” when it comes to handling patient data. 

It’s often said the NHS is sitting on a goldmine of data – one that the accountants EY estimated is worth £9.6bn a few years ago. Primary care records span 55 million people, and there are a further 23 million care records where patients received secondary or specialist care. The opportunity to use that data to research and improve patient monitoring, prevent disease and the worsening of long-term conditions, and innovate new treatments is huge. 

But it’s also one that is fraught with fears for privacy and fear of private sector involvement with the NHS. Trust is at the heart of the problem. That comes in three forms: 

  • lack of trust in government to deliver when it comes to health (or to deliver without corruption/cronyism);
  • lack of trust in technology companies to keep our data safe; and
  • lack of trust in any private company motivated by profit, not to use our data for unwanted/unknown purposes.

The impact of the Covid-19 pandemic 

There have been two major attempts to create a centralised database of primary care – GP – data. The most recent was paused in 2021 after public and media criticism. It was a PR battle as much as an infrastructure project – one privacy campaigner called it an “NHS data grab” and millions of people opted out before the benefits could be explained. Later the budget was reduced dramatically, raising questions about its future. 

The rollout plan may have been flawed, but the timing looked positive. Public sentiment on sharing health data shifted during the pandemic. A national data sharing agreement was put in place by the health secretary, allowing additional information from 50 million patients’ GP records to be made available to professionals such as pharmacists and paramedics. The agreement also supported record-sharing and appointment booking across GP practices and NHS 111 services. And as individuals, many of us shared our Covid-19 status and location to track and minimise the spread of disease. 

Many of these programmes will continue, and there are others too. The Our Future Health programme, aims to recruit 5 million volunteers to help develop new ways to prevent, detect and treat disease. And the Goldacre review, which was published in April 2022, provided a vision for the development of Trusted Research Environments (TREs) with enhanced privacy protections, that would have faster access to well-curated national and local data. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up here

Taking inspiration from other countries

Challenges around data sharing in the health sector are not particular to the UK. But some other countries do seem to have navigated these waters with more success. In Denmark, for example, aggregated population data is securely stored, monitored and analysed by 300 statisticians, economists and epidemiologists that work for the Danish Health Data Authority. It’s leading to improvements in cancer care pathways, boosted public health literacy, and expanded the scope of health research. As a result of their digital health strategy, Danish hospitals have been able to reduce the number of outpatient visits by 75%, and there are plans to sequence the genomes of 60,000 patients diagnosed with cancer, autoimmune disorders and rare diseases by 2024 at the Danish National Genome Center (NGC). 

In Estonia, online health records integrate data from multiple healthcare providers, and are accessible by doctors and patients. E-prescriptions help patients order repeat prescriptions without having to see a GP, and the e-Ambulance system detects the position of the person calling for help within less than 30 seconds. Paramedics then also have access to a patient’s medical information on their way to the emergency. 

Finally, Spain introduced electronic health records more than 20 years ago. The move has improved communication between patients and healthcare providers, enhancing the ability to diagnose diseases and raise clinical accuracy and outcomes. Spain is also a thriving healthtech hub, thanks to its easy access to funding. Doctoralia, for example, has grown significantly since its launch in Barcelona in 2007, and now helps 200 million users a year find doctor’s appointments in 20 countries. 

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

It’s time to talk

If NHS England can build trust among the British public and realise its vision for a digital healthcare system, it will improve the NHS in a number of ways. But privacy needs to be part of that conversation. NHS England must be transparent about what type of patient data is being collected, who it is shared with and what it is used for. People need to feel confident their data is safe; that they can opt out of certain uses of their data; and that it’s not being sold to companies in the pursuit of profit. 

Much of this is already covered by the UK GDPR. We’ve already seen the catalogue retailer Easylife fined £1.48m for using the personal information of customers to predict medical conditions and target them with health-related products without their consent. And Google ended up in the High Court over its use of confidential medical records of 1.6 million Britons without their knowledge or consent. 

The future of the NHS will not be powered by GPs diligently storing patient records in a filing cabinet. We need patients to be able to access their own health histories, while allowing for seamless communication between GPs, hospitals and consultants. And we need researchers to be able to use years of accumulated data to analyse, predict and prevent conditions worsening (or happening at all). This has to happen for the good of the NHS and all the people like you and me who use it. But first we need a national conversation about the benefits of data sharing in health, which acknowledges the importance of privacy. That will build the trust that’s necessary to make a much-needed digital healthcare system a reality in the UK.

More to watch and read

SHARE THIS ARTICLE