TechUK has produced recommendations for safe and effective information sharing in health and social care.
The industry body hopes its five guiding principles and 12 recommendations will inform Dame Fiona Caldicott’s Review into data security standards and the wording of a new consent model for data sharing, due out later this month.
In a new report, techUK points out that while the commercial companies it represents do not own or control patient data, they process the vast majority of it on behalf of public sector organisations and therefore have a pivotal role in addressing the challenge of sharing it appropriately.
The first of the document's 'guiding principles' is that there needs to be a “clear, consistent and practical consent model(s) for citizens and health and care professionals for both direct and indirect use of their data”.
The report says patients currently exercise their right to give consent for their information to be used in a number of different ways, including verbally, written and implicitly, and argues that this inconsistent approach has created a disparate environment with varying levels of information provided to patients.
TechUK recommends national guidance on how and why someone’s data will used for both direct and indirect care, as well as a national effort to inform patient about the benefits of data sharing.
The second principle is around the linking and sharing of data.
The report recommends that there be explicit references within the roadmaps for Personalised Health and Care 2020 for all commissioning organisations to have access to individual-level, de-identified but linkable information in order to effectively segment and understand their population and plan and commission services.
“Aggregated data derived from unlinked episodes of care is not a sufficient alternative. This must, and can be, achieved in ways that protect the identity and confidentiality of individuals to the highest standards and provides sufficient confidence to citizens that their data will not be used for other undisclosed purposes,” it says.
The industry-led report also argues for a “clear and consistent approach to information governance and data security standards”, arguing that while information governance and data security standards exist, they are not consistently applied.
“Similarly, in a rapidly evolving world where the regulatory and policy environment for linking and sharing data is changing in Europe and in the UK, these standards need to be regularly and systematically reviewed. During this process of review and revision, it will become clear if new information governance and data security standards are required,” the report adds.
It also recommends the development of appropriate information governance and data security standards that allow organisations to be permitted to do their own data linkage in a controlled environment.
The fourth principle focuses on the need for practical and usable information governance guidance that is proportionate to risk.
The report says confusion over information governance rules can lead to providers being overly risk averse and not sharing information when it would benefit patient care.
It recommends ongoing education and training for healthcare providers on information governance and the introduction of an agreed model of data controllership that reflects the evolving world of service delivery in health and social care.
Finally, techUK says there needs to be closer collaboration between the technology industry and government, recommending that arm’s length bodies such as NHS England, implement techUK’s Three Point Plan for better engagement, more consistent approaches to information sharing and a more favourable environment to use technology and data in innovative ways.
Natalie Bateman, head of health and social care at techUK said: “Data sharing for primary and secondary use will enable providers to improve care outcomes within ever increasing pressures on already stretched resources.
“It’s vital we reach a consensus on what and how information is shared at every level, to achieve an optimal balance between personal privacy and security, and safe, cost effective, evidence-based health and care services.”