It’s been estimated that, in monetary terms, the information that the NHS holds on its patients has a market value of several billion pounds per annum. Its other value is of course for academic research and the benefits this can provide for patients, the NHS and the public good more generally.
Our political leaders have their sights set on making our personal data more widely accessible, both to government and the private sector. We highlight just five of the things we should be concerned about.
1. Commodification of our data: The government sees NHS data as a resource that can drive economic growth after Brexit. One of the priorities driving the digitalisation of the NHS has been to encourage a “world leading IT industry in England with a supportive environment for software developers and innovators.” The government is also relying on the UK becoming a science and technology superpower by bringing together NHS data and “the power of our capital markets”. Aside from whether we want our health data turned into a commodity, many of the products developed from our data will be owned by the developer and, for example, only made available to the NHS at a price.
2. Embedding tech companies in the NHS: If data is the ‘new oil’, Integrated Care Systems (ICSs) are the new oil wells. The NHS is being divided into around 40 ICSs, each charged with saving money, reducing hospital admissions, and improving the health of its population through Population Health Management (PHM). PHM relies on amassing huge data sets from across health, social care and other services. But to do this, ISCs must depend on technology companies with the resources for collecting, storing and analysing the vast quantity of information involved. This brings tech companies into the heart of the NHS. It’s also unclear what controls there are on these companies once they have access to our data.
3. Increased access, decreased protection: Increasing commercial access to our personal data means weakening existing data protections: the government is keen to lower current safeguards provided by the Data Protection Act (2018) and the UK General Data Protection Regulation (GDPR). For example, it’s looking to change the definition of ‘scientific research’ to allow more commercial exploitation of health data; increase the groups of people who can access and process health data (but who have no duty of confidentiality); and allow data gathered for one research project with patients’ consent to be used for different projects without consent.
Recently NHS England tried, without consent, to collect comprehensive information from patients’ GP records and store this in a centralised database for academic research. This scheme was paused when it emerged the data was also available to private companies on payment of fees and patients opted to have their information excluded from this data grab. However, this option won’t be possible if the Health and Care Bill is passed: this will “put beyond doubt NHS Digital’s power to share data concerning health or adult social care”.
What’s more, proposals suggest that the Information Commissioner’s Office, the watchdog that regulates how our personal data is collected, shared or processed is to be muzzled.
4. Big Brother and Big Data. NHS Trusts are already expected to share the data of patients they decide are ineligible for NHS care and to report ‘debt’ from treatment to the Home Office – data that may then be used by Immigration Enforcement teams to trace, detain and possibly deport people. The Police, Crime, Sentencing and Courts Bill 2021 now going through Parliament goes further. It aims to give police powers to gather, retain and share personal data gathered from the public sector, circumventing existing safeguards, increasing individual profiling and eroding professional obligations, such as that of confidentiality. At the same time, the Department of Health and Social Care (DHSC) aims to link health data to central government departments. There are concerns, for example, that GPs will be bypassed and their records directly accessed by the Department of Work and Pensions and used in decisions about benefits such as Universal Credit or Personal Independence allowance.
5. Risk to the right of human review: The government sees artificial intelligence (AI) as key to growth and prosperity in the UK. In health care, AI is playing a growing role in clinical decision making through technologies such as machine learning, where computers have the ability to learn from data without being explicitly programmed. However, the kind of processing involved creates a ‘black box’ effect that makes it difficult to understand how these automated decisions are arrived at. The GDPR currently provides a right to the human review of automated decisions but there are signs the government sees retaining this right won’t be ‘practical or proportionate’ in future. This loss of accountability could have significant implications, such as affecting someone’s eligibility for medical treatment.
What can you do?
The results of a government consultation Data: A new direction are to be reported soon. Keep an eye open for their recommendations that are expected to radically change data protections, and for campaigns to challenge these.
Keep Our NHS Public https://keepournhspublic.com/health-data-working-group/
Open Rights Group https://www.openrightsgroup.org
Jan Savage is a member of Keep Our NHS Public