David Hancock, healthcare executive advisor at InterSystems, explores the principles that have influenced the attitudes of patients toward data sharing and the approaches healthcare organisations must action
Despite the NHS being seen as a ‘trusted organisation’, concerns remain among the public when it comes to sharing their data.
With the ongoing challenges the NHS has faced over the past year, it has never been more important to guarantee public trust, especially given the sensitivities of medical data.
To reassure the public that their data isn’t going to fall into the hands of individuals or organisations who should not be able to see it, or worse, who could abuse it, healthcare organisations need to focus their efforts on citizen engagement.
As healthcare organisations explore how to do this and win over public trust, a two-pronged approach is necessary: ensuring openness and transparency, paired with the right data protection strategies.
When asked to give up personal information, it is human nature that people will question why they are being asked to share their data, who they are sharing it with, and what they will use it for.
When asked to give up personal information, it is human nature that people will question why they are being asked to share their data, who they are sharing it with, and what they will use it for
And this is particularly true of sharing healthcare data due to a lack of public knowledge and awareness around its use for purposes other than care delivery, such as for quality improvement, system planning, and research.
Consequently, a fundamental building block in building trust is open and transparent communication and educating the public on why sharing their data is hugely important for healthcare organisations.
This requires skilled communication on a subject that can sometimes be difficult to explain to the general public.
However, it can be made easier by understanding what is important to people when it comes to sharing their healthcare data.
Citizens have clear values and expectations that shape their attitudes to sharing their data, all of which are underpinned by an expectation of respect
According to research by The Great North Care Record, citizens have clear values and expectations that shape their attitudes to sharing their data, all of which are underpinned by an expectation of respect.
These values include privacy being maintained with reassurance given that data held about them is secure and that their choices and preferences are upheld; and transparency and trust, whereby the public is informed about how information about them is, or may be, used; and that institutions handling data about them act in a trustworthy manner.
Other values identified are reciprocity, in which citizens are given access to data held about them; fairness, with communication and making decisions about data sharing accessible to all, regardless of class, education, and literacy, disability, ethnicity or capacity; and having agency in how their data is used.
Therefore, to build trust with the general public, healthcare organisations must ensure they take all of these values into consideration and not only communicate, but also demonstrate how they are adhering them.
In addition to this, healthcare institutions must look closely at their data storage and protection strategies, particularly as healthcare becomes more connected and greater data integration is required.
While using the latest cyber security strategies is a solid starting point, organisations must also think about protection in terms of their data architecture
While using the latest cyber security strategies is a solid starting point, these organisations must also think about protection in terms of their data architecture.
In order to integrate information from different systems to create a complete longitudinal patient record, it isn’t necessary to centralise all that data in a single large database.
There are different software architectures that can allow patients’ data to be located and aggregated in real time on request, thereby mitigating the risk of moving it all into a central database and that being a single point of attack or failure.
Even in a connected healthcare system, data can be aggregated ‘on the fly’ and this can be a highly-effective way to protect information.
However, a major security concern can come about if data needs to be moved between apps or systems, with how the data is provided critical to data protection.
For instance, if data can be shared with other organisations by them taking a copy of some of the data to allow them to analyse and process it using their own tools, this introduces huge risks because once the data has left the control of the organisation, they no longer have any control over who it may be shared with.
By taking a two-pronged approach in which organisations couple strong data protection strategies with clear communication that speaks to individuals’ concerns and values, healthcare institutions will be in the best position to encourage the public to share their data
Therefore, all third parties must be given controlled access to the database, which they can query and perform analyses on, but never remove.
Adopting the right data platform technology, in which they can set up stringent permissions and controls, will help healthcare institutions to ensure that only authorised people and parties can access sensitive healthcare information and maintain high levels of security.
By taking a two-pronged approach in which organisations couple strong data protection strategies with clear communication that speaks to individuals’ concerns and values, healthcare institutions will be in the best position to encourage the public to share their data.
In doing so, healthcare organisations will be able to improve the way in which they operate and the care they deliver, and, ultimately, cement public trust.