In the run up to the introduction of the NHS care.data programme, there is an urgent need for a debate about what we, and our healthcare providers, mean by the term “consent”.
So far, the plans for care.data are ringing alarm bells, and for good reason. But we are becoming more and more comfortable with handling our own data when we use technology such as smart wristbands and apps that track our diets. If the NHS took heed of how this field is handling the difficult issue of personal privacy, it might have more success winning over a wary public.
What is consent?
Neither the aggregation, nor sharing of the data in the NHS database will require the explicit consent of the patients concerned. While it is claimed that data will be anonymised, the records can include data which could, if certain precautions are not taken, be used to re-identify individuals.
All patients are automatically included in the system, with the option of “opting-out” by writing to their GP. Such basic privacy control presents patients with an all-or-nothing choice regarding how their health records are shared. There is currently no way for patients to express preferences about which parts of their record they would like to share, specific purposes for which they may or may not be used, and what should be allowed to happen with findings derived from them.
The rollout of this system raises the urgent need for a public debate on the issues of privacy of medical information. Certainly, such information has the potential to help improve health services and identify problem areas, as well as being useful for research. But it also raises fears that sensitive data will be leaked, abused, or used in ways which are contrary to patients’ wishes.
Since patients will not be informed if, when and with whom their data is shared, deciding not to opt-out equates to a high degree of trust in the authorities responsible for releasing this information. By using an automatic opt-in approach, this trust is assumed unless otherwise stated. But a recent Wellcome Trust survey revealed that the public does not trust institutions enough to support that assumption.
Even if all patients were educated about the care.data system, and aware of both their implied consent and the possibility of opting-out, the project is still playing fast and lose with the term “consent”. Does the word retain any meaning when the scope and number of actions being consented to is so open, and when there is no way for the consenting party to easily remain informed as to what they have consented to?
Health data in your hand
But beyond traditional healthcare systems, people are beginning to collate, manage and make use of their own healthcare information. Mobile devices such as smartphones and wearable computers, and the plethora of applications running on them, means that people are collecting and manipulating their data like never before. They are keeping track of their heart rate, their weight, and even their sleep patterns. They are storing information about their excercise regime and even sharing it online.
This personalised e-health movement also faces issues of privacy and security but the patient or user remains the undisputed owner of their data and is naturally at the centre of all decisions about access and usage. In this domain, a number of technologies are under investigation that could lead to a healthier balance between patient privacy and end-user utility of health information.
The TRUMP UK-India project is a good example of trying out mobile technology to help people in rural areas manage their own health in a way that feels secure. Patients suffering from chronic illnesses, such as diabetes and depression, use smartphones to monitor their condition, which could involve the collection of data such as location and activity, mood or diet diaries and blood pressure readings. GPs and care providers can then access this data and use it to make decisions about the patient’s care.
Part of this project involves helping patients and GPs to define rich, machine-readable policies, which reflect their privacy preferences. These policies are essentially fine-grained statements of conditional consent, and allow third party access to be automatically restricted to cases which respect patients’ wishes. It shows that it is possible to at least look into making detailed consent part of the system, something which the NHS might want to think about for care.data, even at this advanced stage.
This is nothing, of course, if patients cannot verify that their wishes are being respected. Care.data might make patients less uncomfortable if they could be provided a degree of transparency about what has been done with their data. Technology can be used to capture the provenance of data, detailed machine and human-readable audit trails which allow patients to trace the history of their data, from doctor’s surgery to research laboratory.
A wide-reaching database such as care.data requires a more refined approach to patient consent management and involvement than what we are seeing in the NHS. Together, provenance and policies provide a means to manage rich and dynamic patient consent, while building confidence that their wishes are being respected.
Scaling the kinds of technology seen in the TRUMP project to massive use will be extremely challenging. However, they will hopefully allow future systems to effectively balance the potential benefits for data users with the complex and dynamic privacy and ethical preferences of patients.