Despite a perception of trust among the UK public when it comes to the NHS, many remain concerned about the sharing of their personal data
With the challenges the NHS has faced over the past year, it’s now more crucial than ever to guarantee public trust due to the sensitivities associated with medical data.
Sections of the public are understandably concerned that data will make its way into the possession of individuals or organisations who may use it for purposes different for which it was captured in the first place. Healthcare organisations therefore need to place focus on citizen engagement. To do this, they need to focus primarily on ensuring openness and transparency with the public, alongside the facilitation of effective data protection strategies.
It’s natural for people to question an organisation’s intentions when asked to share data with them. This is particularly true of sharing healthcare data due to a lack of public knowledge and awareness around its use for purposes other than care delivery, such as for quality improvement, system planning, and research. Consequently, a fundamental building block in building trust is open and transparent communication and educating the public on why sharing their data is hugely important for healthcare organisations.
It’s a complex subject and one that can be tricky to explain to the general public. However, it can be made easier by understanding what is important to people when it comes to sharing their healthcare data. Findings by The Great North Care Record show that citizens expect respect from the organisations that utilise their data, with clear values and expectations in place. These values include privacy being maintained with reassurances given that data held about them is secure and that their choices and preferences are upheld, and transparency and trust, whereby the public is informed about how information about them is or may be used, and institutions handling data about them act in a trustworthy manner.
Citizens also want the relationship to be reciprocal, meaning they’re given transparent access to the data held. Other values include fairness, where data shared is accessible to all, regardless of class, education and literacy, disability, ethnicity or capacity, plus agency in how data is used.
The key to the building of trust with the general public is the consideration of these values and prioritising both the communication and demonstration of how these are being adhered to.
Protecting data moving forward
Alongside this focus, a fresh look needs to given to data storage and protection methods, particularly as the sector becomes integrated and data needs to follow suit. While using the latest cybersecurity strategies is a solid starting point, these organisations must also think about protection in terms of their data architecture.
Bringing data together from disparate systems to enable the creation of a longitudinal patient record doesn’t require centralisation of that information in a single database. There are different software architectures that can allow patients’ data to be located and aggregated in real time on request, thereby mitigating the risk of moving it all into a central database and that being a single point of attack or failure. Even in a connected healthcare system, data can be aggregated “on the fly”. This can be a highly effective way to protect data.
Security issues can arise however if any data needs to be shifted between applications or systems, particularly with how it is provided. For instance, if data can be shared with other organisations by them taking a copy of some of the data to allow them to analyse and process it using their own tools, then this introduces huge risks because once the data has left the control of the organisation, they no longer have control over who it may be shared with.
Any third party wishing to access the database must have tight controls placed on them to ensure security is maintained while analysis of the data is completed. Adopting the right data platform technology, in which they can set up stringent permissions and controls, will help healthcare institutions to ensure that only the authorised people and parties can access sensitive healthcare information and maintain high levels of security.
Building trust on two fronts
To truly be in the strongest position to encourage the public to share their data, organisations need to combine comprehensive data protection strategies with clear communication that addresses the concerns and values of individuals. By following this strategy, healthcare organisations will be best placed to improve their operations and the care that they’re able to deliver. Ultimately, this will enable public trust to be established and cemented.
About the Author
David Hancock is Healthcare Executive Advisor at InterSystems. InterSystems is the engine behind the world’s most important applications in healthcare, business and government. Everything we build is designed to drive better decisions, actions, and outcomes for the people who stake their lives and livelihoods on our technology. We are guided by the IRIS principle—that software should be interoperable, reliable, intuitive, and scalable.
Featured image: ©GreenButterfly