Privacy Paranoia and the NHS app
Our data protection obsession is damaging
I found myself shouting at the radio again this morning - for once because I agreed with what an interviewee was saying. On BBC Radio 4’s Today Programme the Health Minister Stephen Kinnock was being challenged over whether creating a single patient medical record, accessible via the NHS app, would be a threat to privacy. Here’s what he said:
“If we don't modernise the NHS, make it more efficient and productive, you can have the best data protection rules in the world, but you're not going to have a health and care system that actually works.”
Now Mr Kinnock sidestepped the question of whether all of the 1.5 million NHS staff might have access to a patient’s record, insisting that the government was committed to protecting data. But it was this passage that had me cheering:
“If you constantly just say, we can't do this because of data protection concerns, you're just going to have the status quo going on and on and on, and you're going to have a system that doesn't work, frustrated patients, frustrated staff.”
The reason this struck home was that I had been reading the response to the plan for portable medical records with increasing frustration - it was so predictable to anyone who has followed the debate over health data for many years. Every time any new plan surfaces to modernise NHS IT systems and give patients and doctors easier access to medical records or to share health data for research, we see panicky headlines about privacy.
Remember the latest scheme to share GP medical records with researchers? Probably not, because it sank without trace after the Guardian greeted it with the headline “NHS in new data grab”. Even when patients had explicitly signed up to have their data shared, as was the case with the UK Biobank scheme, most GPs failed to hand over their records because they feared falling foul of data protection laws.
The pattern continues in the coverage of today’s announcement. The Guardian’s report features two critics of the scheme - Sam Smith of the privacy campaign medConfidential said Wes Streeting was planning “a big brother database” which would be “a gift to stalkers and creeps who misuse NHS systems to find out the most basic private details that people only tell their doctors.” Rose Curling from Foxglove, a technology justice campaign group, said: “Opening up NHS data to profit-making companies is a fundamental shift in the critical relationship between patient and doctor, which is based above all on confidentiality and trust.”
These kind of warnings have a major impact on public confidence in the sharing of health data - the Guardian says a public consultation on a similar scheme from the last government found that two thirds of people polled said they would not want anyone not directly treating them to access their medical records. More generally, the idea of big tech and pharma companies getting hold of our health data is pretty unpopular.
Of course, it all depends on how you frame the question - if you asked whether people would be happy to share their data if it helped the NHS to spot cancer early or to cut waiting lists you would probably get a very different answer. Yet it is mostly those “profit-making companies” that Foxglove is so concerned about that are developing the innovations which we all want to see. Take the work of the pioneering Moorfields ophthalmologist Pearse Keane, who has collaborated with Google DeepMind to develop an algorithm to triage the millions of scans from high street opticians which could otherwise end up overwhelming our eye hospitals.
Besides Wes Streeting, the Guardian did not speak to anyone who thought the policy had merits. Nor did we hear about the cost of carrying on with the status quo. On Twitter this morning the FT data journalist John Burn Murdoch quoted from a BBC story about NHS IT failures which had led to patient deaths and said people saying a digital patient database was a plot to privatise the NHS should read it to understand the cost of poor data management.
And I have personal experience of the impact of inadequate IT systems and a lack of joined-up communication. A year ago when I fell and broke my elbow, a hospital sent me home with an open fracture - a mistake which could have had very serious. consequences and which an investigation into my treatment found was partly due to a failure of IT systems. The NHS app was of some use during my stay in hospital, enabling me for instance to show the pharmacist my list of Parkinson’s drugs, but I’m impatient for it to do more.
The other thing that has become increasingly apparent to me in my journey through the NHS in recent years is the damage done by the paranoia about data protection. Yes, it is important, but it is adding layers of bureaucracy onto organisations and processes which are already slow-moving. I wrote last week about the 16 year process of testing a potential Parkinson’s drug exenatide which ended in failure. Right in the middle of that process the EU’s GDPR arrived and I would not mind betting that the mammoth data protection law was one factor in extending the time it took.
There are risks in bringing data together and creating a big target for hackers. But Sweden’s healthcare system seems to have managed to provide its patients with digital tools to access their health records without much of a fuss, and is delivering better outcomes than the NHS. It is time to ditch the paranoia and get a move on with creating a modern health service.
I was also listening to this interview and immediately penned a note to the Today programme. I wish I could send the screenshot of my message - I can’t, of course - but ended it with these words: “. . . And get Rory Cellan-Jones on to talk about data protection and all things to do with health and IT. He knows.” I hope they do! Everything you say makes so much sense.
Betsy Everett
Investigating and honest reporting of the wider health + technology world is one of the strongest strings to your intellectual bow of curiosity, so thank you for that, and please keep it up.