The challenge of ensuring that patients within the NHS benefit from technological advances which improve the flow of information, yet preserving patient confidentiality and upholding data privacy is a difficult one to crack.
On 5 September 2018 the government published an Initial Code of Conduct for data-driven Health and Care Technology and has invited feedback and comment. It aims not only to provide a framework for management of technology within the NHS, but also to encourage and support technology companies with important innovations to access the NHS market for the benefit of patients.
What is being proposed?
The Code aims to:
- provide clarity on what is expected of suppliers of data-driven technology and what the government will do to support innovation in healthcare to provide a pathway for them to enter the market. It has been recognised for some time that the NHS may be failing to harness innovation and its potential to enhance and improve healthcare because suppliers often lack the resource to navigate often complex and difficult public procurement processes
- provide the basis for an open discussion about how we all; patients, clinicians, the wider public as well as industry, should use technology and data in a healthcare context
- provide the basis for fair sharing of the benefits of technology between the providers of healthcare and the suppliers of such technology
The Code is voluntary - but organisations with an interest are being encouraged to sign up immediately to it.
The initial Code is to be re-published after consultation this in December, so any organisation which wishes to provide feedback on the proposals should do so now given that it is intended that the code will become the standard for technology partnerships at that point. It is however accepted that the code will evolve over time, with a Kitemark scheme suggested as well as a ‘robust application and evaluation’ process.
The data dilemma
There is an inevitable tension between the need to ensure that patient data is used in a way which safeguards their privacy rights as data subjects, which in a healthcare context often involves the use of extremely personal and sensitive data, and the public interest in enhancing patient care by the efficient transfer of patient and other data to those who need to access it, and use of that data to analyse outcomes and enable changes to processes and systems with the aim of improving outcomes for us all.
Post-GDPR and in light of several unfavourable experiments which have seen previous Data Sharing initiatives criticised and even subject to censure. “Privacy by design” will need to be at the heart of every project ten key principles are set out within the draft Code for safe and effective digital innovation requiring suppliers to:
- define the user. Suppliers should understand and set out clearly who the product is for
- define the value proposition. Suppliers should demonstrate how the product will improve outcomes
- be fair and transparent and accountable about the data used. This involves ensuring all aspects of GDPR for instance have been considered.
- use data that is proportionate to the identified user need. Show that minimal personal data necessary has been used.
- make use of open standards- ensuring interoperability so that new systems can communicate with those already in place.
- transparency as to the limitations of the data used and algorithms deployed
- security is to be integral to the design
- define the commercial strategy. The benefits of partnerships between innovators and health and care providers are shared fairly
- show evidence of effectiveness for the intended use
- show what type of algorithm that is being built, the evidence base for the algorithm and how it is planned to monitor performance
The initial Code also sets out five government commitments to:
- simplify the regulatory and funding landscape
- create an environment that enables experimentation
- encourages the system to adopt innovation
- improve interoperability and openness
- listen to users
It is clearly in everyone’s interest for the NHS to be able to take advantage of technological solutions and facilitate the delivery of world-class healthcare while being able to swiftly evaluate the effectiveness of treatments and innovative approaches to the delivery of healthcare.
It is a significant task to simplify the system, enable access to the NHS market and assist in scaling up operations for often small scale innovators, juggle the various professional regulatory bodies and other bodies with vested interests in healthcare, and at the same time ensure patient data security. Sweeping aside at least some of the bureaucracy in public healthcare contracting may enable us all to benefit from the huge amount of innovation and transformative work in the area, potentially unlocking to savings on the healthcare budget.
This is a massive challenge but heartening to see the problem has at least been recognised. Those with an interest in the area who have a product to bring to the market or an interest in data security in this context should consider getting involved now, sign up to the initial code and provide comments which hopefully will shape future commissioning and healthcare delivery.