Will the rise of technology mean the fall of privacy–and what can be done? UK seeks a new National Data Guardian.

Can we have data sharing and interoperability while retaining control by individuals on what they want shared? This keeps surfacing as a concern in the US, UK, Europe, and Australia, especially with COVID testing.

In recent news, last week’s acquisition of Ancestry by Blackstone [TTA 13 August] raised questions in minds other than this Editor’s of how a business model based on the value of genomic data to others is going to serve two masters–investors and its customers who simply want to know their genetic profile and disease predispositions, and may not be clear about or confused about how to limit where their data is going, however de-identified. The consolidation of digital health companies, practices, and payers–Teladoc and Livongo, CVS Health and Aetna, and even Village MD and Walgreens–are also dependent on data. Terms you hear are ‘tracking the patient journey’, ‘improving population health’, and a Big ’80s term, ‘synergy’. This does not include all the platforms that are solely about the data and making it more available in the healthcare universe.

A recent HIMSS virtual session, reported in Healthcare Finance, addressed the issue in a soft and jargony way which is easy to dismiss. From one of the five panelists:  

Dr. Alex Cahana, chief medical officer at ConsenSys Health.”And so if we are in essence our data, then any third party that takes that data – with a partial or even complete agreement of consent from my end, and uses it, abuses it or loses it – takes actually a piece of me as a human.”

Dignity-Preserving Technology: Addressing Global Health Disparities in Vulnerable Populations

But then when you dig into it and the further comments, it’s absolutely true. Most data sharing, most of the time, is helpful. Not having to keep track of everything on paper, or being able to store your data digitally, or your primary care practice or radiologist having it and interpretation accessible, makes life easier. The average person tends to block the possibility of misuse, except if it turns around and bites us. So what is the solution? Quite a bit of this discussion was about improving “literacy” which is a Catch-22 of vulnerability– ‘lacking skill and ability’ to understand how their data is being used versus ‘the system’ actually creating these vulnerable populations. But when the priority, from the government on to private payers, is ‘value-based care’ and saving money, how does this prevent ‘nefarious use’ of sharing data and identifying de-identified data for which you, the vulnerable, have given consent, to that end? 

It’s exhausting. Why avoid the problem in the first place? Having observed the uses and misuses of genomics data, this Editor will harp on again that we should have a Genomic Data Bill of Rights [TTA 29 Aug 18] for consumers to be fully transparent on where their data is going, how it is being used, and to easily keep their data private without jumping through a ridiculous number of hoops. This could be expandable to all health data. While I’d prefer this to be enforced by private entities, I don’t see it having a chance. In the US, we have HIPAA which is enforced by HHS’ Office of Civil Rights (OCR), which also watchdogs and fines for internal data breaches. Data privacy is also a problem of international scope, what with data hacking coming from state-sponsored entities in China and North Korea, as well as Eastern European pirates.

Thus it is encouraging that the UK’s Department of Health and Social Care is seeking a new national data guardian (NDG) to figure out how to safeguard patient data, based on the December 2018 Act. This replaces Dame Fiona Caldicott who was the first NDG starting in 2014 well before the Act. The specs for the job in Public Appointments are here. You’ll be paid £45,000 per annum, for a 2-3 day per week, primarily working remote with some travel to Leeds and London. (But if you’d like it, apply quickly–it closes 3 Sept!). It’s not full time, which is slightly dismaying given the situation’s growing importance. The HealthcareITNews article has a HIMSS interview video with Dame Fiona discussing the role of trust in this process starting with the clinician, and why the Care.data program was scrapped. Of related interest is Public Health England’s inter-mortem of lessons learned in data management from COVID-19, while reportedly Secretary Matt Hancock is replacing it with a new agency with a sole focus on health protection from pandemics. Hmmmmm…..HealthcareITNews.

The stop-start of health tech in the NHS continues (UK)

Continuing their critique of the state of technology within the NHS [TTA 17 Feb], The King’s Fund’s Harry Evans examines the current state of incipient ‘rigor mortis’ (his term). Due to the upcoming election, the Department of Health is delaying its response to Dame Fiona Caldicott, the National Data Guardian for Health and Care (NDG), on her review of data security, consent and opt-outs (Gov.UK publications).

People have significant trust and privacy concerns about their data, which led to NHS England suspending care.data over three years ago. But with safeguards in place, public polling supports the sharing of health data for uses such as research and direct care. But…there’s more. Now there is ‘algorithmic accountability’, which may single out individuals and influence their care, much as algorithms dictate what online ads we’re served. What of the patient data being served to Google DeepMind, IBM Watson Health, and Vitalpac for AI development? Have people adjusted their concerns, and have systems evolved to better store, secure, and share data? And how can this be implemented at the local NHS level? The NHS and technology: turn it off and on again Hat tip to Susanne Woodman of BRE.

A reminder that The King’s Fund’s Digital Health and Care Congress is on 11-12 July. Click on the sidebar to go directly to information and to register. Preview video; the Digital Health Congress fact sheet includes information on sponsoring or exhibiting. To make the event more accessible, there are new reduced rates for groups and students, plus bursary spots available for patients and carers. TTA is again a media partner of the Digital Health and Care Congress 2017. Updates on Twitter @kfdigital17

Health data changes Down Under: My Health Record, Tim Kelsey and Telstra

Australia’s federal government is hoping for a boost to its national personal health records system, starting with a renaming of Personally Controlled Electronic Health Record (PCEHR) to My Health Record. Proposed in the government’s $485 million budget announcement on eHealth is a resolution of implementation issues and introducing trials of participation models including designing opt-out approaches. Currently enrollment stands at a paltry 10 percent of Australians. Computer World (Australia) Hat tip to Mike Clark via Twitter

Come December, also taking the long trip there will be NHS England national director for patients and information Tim Kelsey to join Telstra Health as commercial director. Telstra is Australia’s largest telecom developing a footprint in health, and earlier this year acquired Dr Foster LLP, the UK-based health informatics company. Coincidentally (?), Mr Kelsey co-founded Dr Foster prior to 2006, when he joined the NHS to start up the information site NHS Choices. During his NHS tenure, Mr Kelsey faced numerous controversies which are detailed in the Guardian and IT news/opinion site The Register reports, mainly concerning the Care.data database for all English medical records. Concerns were raised about inadequate privacy, transparency and confidentiality provision in its design, and after a halt it has still not restarted, although 1 million people have preemptively opted out–another issue in common with My Health Record. According to the Guardian, “The scheme was recently labelled “unachievable” by a Whitehall watchdog, the Major Projects Authority, which said the future of the programme should be reassessed.” A successor to Mr Kelsey has not yet been named.