NHS Data sharing plan

[BurleyBaggie]

I agree the idea of a data lake for personal data given to government is not something that sounds ideal. Allied to that we have people like Matt Hancock in charge.

However, I used to work for NHS Digital as their Director of Cyber Security / CISO so have insight on this. I now work for IBM so have no relationship or interest. 

Firstly, this is a private cloud environment, secured by my old team and aligns to the NHS Cloud Hostings standards that are overly cautious and highly secure (they’re available online). It’s monitored by the National Cyber Security Ops Centre (CSOC) in Leeds which is a 24/7/365 which (biased probably) is the best none private SOC in Europe. I have no issues on data exfiltration or security, above any other paranoia I have. To be clear, I’d rather my data sat here than in GP Systems - these are private companies hosting the data in the UK, but the data does not reside in public hands. So fears around private companies having access has already happened (though only for the lawful processing of GP data). EMIS, SysmOnline etc.

In relation to sharing; this was, is and continues to be a ridiculously hard thing to do. No one gives private companies data in the clear unless it’s for direct medical care e.g. your treatment. The idea the NHS OR DHSC supplies insurance companies or the like raw data is nonesensical and untrue. GDPR is clear through its six privacy principle on how, what, why data can be used. Principles of data minimisation and purpose means data can’t be given in bulk and must be minimised or obfuscated / deidentified and must be for a specific purpose.

The purposes will be laid out in the Data and Privacy Impact Assessment (DPIA) and this has and will need to be signed off by the ICO. They will be absolutely ruthless in ensuring data is used appropriately.

Data sharing for research, risk stratification (identifying patients at risk for a multitude of diseases - basically early intervention to improve lives) and clinical trials would be processed on either a pseudonymised  (where personal data is removed by say a unique identifier is added) or anonymised (all personal data is removed) basis. Pseudo is used for things like risk stratification; so you may want a company to run their diabetes algorithm on your data to identify patients highest at risk of hospitalisation so the NHS can make a proactive intervention. You don’t want the company to have your personal data, but when the NHS get the results back you want to be able to ‘Re-id’ the patients so they can contact them for the said intervention. Anonymised data you can send to companies for research etc without ever sending personal data as they are looking for trends etc etc.

In addition to this the release process is hugely governed, onerous and difficult. Extremely difficult as it should be. The DARS process (Link) is robust and ensured that all data releases align to the purposes in the DPIA and GDPR. They don’t give data to anyone, they don’t give more than is absolutely necessary and when they share data it is mostly anonymised or pseudonymised. The release of bulk data in the clear is fractional. More than that this is facilitated by an independent DARS process outside of government. 


I’ve also read that this could be the start and where does it lead. On that one, my advice is to make a subject access request under GDPR from Facebook, Google or Twitter. For an average users this will come back between 60-200 A4 pagers and unless you’ve specifically consented otherwise the way they use and share that data will be wider and more diverse than this. While I agree I don’t want my health data given to future employers or insurers (it won’t be for sinister consequences) a lot of what is on social media is still very personal and privileged. 

Secondly, GDPR and the DPIA for this significantly limit the way this data can be used now and in future. This data collection is highly regulated and if there was to be a change in purpose the DPIA would need to change, patient consent sought and the ICO would need to acquiesce. These may seem small barriers but they are not. 

Finally the benefits to doing this are huge. I mean huge. Proactive interventions save lives. Use of data to predict illness will reduce the costs to our society (proactive medicine is far cheaper than emergency / reactive) and we have the opportunity for better population health - especially for those left behind as the data isn’t prejudicial to different people in society. This can have the most health impacts on those who need it most. 

Research will benefit massively and yes big pharma will have access to our data. But in a limited, controlled abd data minimised sense. I don’t think anyone would have been concerned with pharma using data to support COVID-19 vaccine development and the successes that has brought. But even if big pharma make money from our data, as long as that data is controlled, does it matter if that’s drives better cancer treatments? Disease cures?

Apologies for the long email but I wanted to give a view from the inside. It’s absolutely your choice what you decide to do and I respect that. I just wanted to give some thoughts. 

Apologies for typos did this on my phone.

interesting perspective and I'd agree with the majority of what you say and yes the benefits of joining up health systems is massive. I'd probably be even more paranoid round the security. No system is 100% secure and whilst you may never have had issues around data exfiltration to date, it only takes one breach and what we are dealing with here is perhaps some of the most sensitive personal data imaginable. 
I am not sure of the value of comparing this to facebook etc. There may well be sensitive data held there but the difference is i don't "need" to use facebook so could choose not to expose my data simply by not using the service. I do however need access to health services as everyone else does so that option is not available to me.

But your data is equally if not more at risk now as it’s stored in digital GP systems outside the NHS. 

It’s not a race to the bottom though. I’m just saying as a risk I don’t see the change. 

I’m off with COVID so have loads of time to write a long missive!

I thought EMIS & Vision were the 2 systems most GP's used? 
So the data for those is stored in non NHS systems, I didn't realise they did that and i'm not sure many of the general public do. 
In that case, then the change probably helps increase security of data if anything if its now being stored in the private cloud you mentioned on your previous post. 

SystmOnline (was SystmOne) Vision, EMIS, in practice are all primary care GP systems. EPIC is a secondary care system. 

They all host data on their own infrastructure. This is not hosted in some mythical NHS hosting environment

Everything controlled by NHS Digital is secured via the National CSOC etc. Outside of that each company has its own controls.