Greater transparency about big data projects in healthcare is crucial if they are to succeed without losing public trust, a new report argues.

The report, from the Nuffield Council on Bioethics, includes a range of recommendations for the Health and Social Care Information Centre, including the publication of all its data sharing agreements and the results of independent compliance audits.

 ‘The collection, linking and use of data in biomedical research and health care: ethical issues’ looks into how issues of privacy and public interest should be considered during big data projects in healthcare.

The report says advances in information technology and data science “have created novel opportunities to derive insights from the analysis of big datasets, and particularly through the combination or linking of datasets.”

It adds: “While these developments are not specific to biomedical research and health care, they are having a significant impact in these fields, with morally significant implications.”

The report says people’s rights for privacy and to object must be respected by organisations working on big data projects.

It expresses scepticism about proposals to anonymise patient data for research purposes, saying that “while de-identification measures may help to protect privacy, re-identification may not be impossible and the risk of re-identification is both difficult to quantify and may become greater over time.”

The report recommends further controls on data access, such as data access committees to approve projects and safe havens where data can be securely viewed.

The report says debate over the programme, to extract data sets from different organisations and link them to an expanded set of Hospital Episode Statistics within the HSCIC “highlighted the absence of governance arrangements” to address the difference between the HSCIC’s legal requirements and the privacy expectations of NHS patients.

The report recommends that each data initiative include a public statement of expectations about who may be given access to health data and for what purposes.

It says the HSCIC should publish all its data sharing agreements and the results of independent compliance audits, as well as a record of all people given access to data by the HSCIC that can be given to affected individuals.

Other recommendations include criminal penalties for the deliberate misuse of data, as well as publication of policies on the use of cloud services by national bodies.

Professor Martin Richards, chair of the council’s working party and emeritus professor of family research at the University of Cambridge, said increased use of health data comes with the need to ensure it is used responsibly while respecting privacy concerns.

“If we don't get this right, we risk losing public trust in research, and ultimately missing out on the benefits this type of research can bring."