Covid-19: bringing healthcare data and ethics to the fore

Continuing our series investigating the profound impact Covid-19 has had on health tech, Angela Eager, Research Director at TechMarketView discusses how the pandemic has brought the value of data sharing and standardisation to the fore – and raised questions around data ethics. In an ideal scenario, complete and up to date medical information would follow […]

Continuing our series investigating the profound impact Covid-19 has had on health tech, Angela Eager, Research Director at TechMarketView discusses how the pandemic has brought the value of data sharing and standardisation to the fore – and raised questions around data ethics.

In an ideal scenario, complete and up to date medical information would follow patients, delivering both a digitally enabled joined up experience and compassionate efficiency to generate the best outcomes for patients and healthcare providers.

Shared data is the key, with data standardisation as a prerequisite, but that is no easy matter given the range of applications and types of devices generating and storing data within healthcare settings. And where data standardisation and data sharing go, ethical conundrums follow. The Covid-19 situation, from the multi-disciplinary medical teams needed to treat complex cases to almost unheard of levels of collaboration to rapidly find treatments and develop vaccines, is an acute illustration of the value of data sharing and standardisation. As the world scrabbles to deal with this disease, it also puts the ethics of private data vs. public good front and centre.

Breaking through data standardisation barriers

Fortuitously, work on the new standards framework on the block – the (beta) NHS Digital, Data and Technology standards framework – overlapped with Covid-19 and that timeliness could make a difference to the all-important level of adoption, lowering data standardisation barriers.

It covers expectations around the use of data, interoperability, and design standards within the NHS and outlines standards for the use of data, clinical safety, interoperability and design interactions. In a tip to adoption-aiding pragmatism, the standards are not new, and where possible international standards frameworks are leveraged.

APIs to deliver seamless care

Two aspects stand out. The first is the commitment to open standard Fast Healthcare Interoperability Resources (FHIR) APIs. What’s important about FHIR APIs is they are a step towards the sharing of health and care information between providers and their systems no matter what setting the care is delivered in, supporting the goal of seamless care across organisational boundaries.

What could make the difference in terms of adoption is that as part of an international family of standards developed by HL7, FHIR has become the direction of travel globally and the NHS already has a level of familiarity. ‘CareConnect’ is a FHIR profile supporting the transfer of information for medications, allergies, observations, diagnoses, procedures plus a range of other information; while the ‘Transfers of Care’ profile covers inpatient care, mental health, and A&E discharges and outpatient clinic letters specifications. While acknowledging that some legacy and clinical systems won’t be able to use APIs, these and forthcoming API-enabled services do have the potential to connect, generating momentum for more joined up experiences that address care and cost considerations.

Registers provide practical standardisation

The second notable aspect is central Data Registers where the objective is standardisation through uniform definitions. Importantly the Registers don’t just address standardisation and interoperability across systems and data, they also support a synchronised view of reference data to enable processes to interact in a standard way.

The problem is the NHS landscape is fragmented and the quality and use of data registers is inconsistent. Nevertheless, there has been progress. The GP List Size Register is used to calculate disease prevalence and the data is widely used across the health system. Population Registers are used for analysis on lifestyle and behavioural data to ensure consistent mapping between different geographical areas to accurately reflect trends, patterns and any issues affecting equitable access to health services. The Organisation Register is used for interoperability between systems involved in NHS and social care business processes such as the Child Protection Information Sharing initiative.

Adoption by exemplar

The technical challenges should not be underestimated and standards are just the starting place. Adoption is the bigger issue and that requires service transformation across people, processes, culture and organisation. There is a real opportunity to progress by embedding standards into transformation programmes – and they are starting to be embedded into local health and care record exemplar programmes.

OneLondon LHCRE, a partnership of NHS organisations and local government, is the first local health economy defining Care Connect FHIR profiles for its programme prior to offering them to the rest of the NHS as national profiles to securely share individuals’ health and care information between different parts of the NHS and social care.

Data to drive compassionate efficiency

With public health and care demand always outstripping supply, there is a need for compassionate efficiency able to deliver for all parties. Data-driven RPA is one way forward and the East Suffolk & North Essex NHS Foundation Trust is one of the RPA pioneers in the healthcare sector.

While data and technology are the enablers, its success came from a simple objective that resonated with clinical and corporate staff: “making time matter”. The Trust emphasised how robots would help staff free-up time to spend on patients. There were some secondary benefits such as increased clinical utilisation and a reduction in outpatients, but time saved was the KPI. In our opinion, it was an emotional connection to the “making time matter” mantra (as well as an opportunity to automate the least enjoyable parts of people’s roles) that elevated discussions beyond the technology and data, thereby capturing the attention of both users and the board.

Compassionate efficiency is also evident in Agilisys’ rapidly worked up Helping Hands project that drew information from the UK Government’s vulnerable person list into a solution enabling local authorities to manage interactions and support for individuals advised to socially shield during the early months of the pandemic. Data sharing across boundaries was critical to its success and the obvious and several benefits supported the case.

As healthcare data expands, ownership and use rights become opaque

However, despite actions being taken in the interests of individuals and groups in the use cases outlined above, the seeds of data ethics debates are clear to see. The Population Registers that analyse lifestyle and behavioural data for example raise the question of what can be considered healthcare data, whether non-traditional data should be aggregated, and how widely healthcare data ought to be shared. And as the data discussion broadens, increases in the level of GDPR penalties and raised expectations around data protection come further to the fore; the financial implications of breaches are important but the loss of trust in health and social care scenarios is as critical.

There is a crucial  difference between “aggregated and small numbers suppressed” and personally identifiable data, of course, but the bigger question is whether providers should be able to use individuals’ data from outside the system to 1) inform treatment and services and 2) use it for wider social good. From private prescriptions and non-prescription medication, to data from fitness trackers, there are rich pools of data. Indeed, the NHS is piloting the provision of wearables to individuals who are at risk of type 2 diabetes in an effort to combat the disease by encouraging people to monitor their own health. The boundaries of healthcare data are expanding, raising the murky question of who ‘own’s the data and how it is used.

Personal privacy vs. public good

Sharing health and care information for both personal and public good is supported due to benefits around better integration of care, reduced risk of errors and better planning of services – although it is far from universal as the presence of lobby groups such as medConfidential indicate. It’s the sharing of data with commercial bodies that raises individuals’ privacy heckles – despite many users happily sharing all manner of private information over social media and through personal fitness trackers.

Building trust when considerations are not binary

Data sharing comes down to trust and transparency and trust is hard to build. The problem is that even with the UK Information Commissioner’s Office code of conduct covering data protection including issues such as usage and anonymisation, considerations and situations are not binary. As such, the rules of the social contract between citizens and government will inevitably be contextually dependent and therefore subject to degrees of uncertainty. From permitted secondary usage to jigsaw attacks that use inference to re-identify patients from anonymised data, uncertainty varies and changes over time.

As technology such as AI/machine learning becomes more accessible, its use will lead to as yet unknown types of risks, however these techniques can be deployed to identify and mitigate risks too.

The work being done by World Wide Web founder Sir Tim Berners-Lee at tech startup Inrupt is also an interesting example of how technology could be brought to bear on data privacy and data sharing – and help address the trust issue. Its jSolid web platform enables individuals to store their health records for example, in one place – a secure Personal Online Data Store (POD). Crucially, the individual controls the data and can chose who to share it with, what for, and for how long. It could also have a role in reducing the need to repeat the same information to different medical professionals. There are plenty of questions around the practicalities of this type of approach so the pilots being undertaken by various organisations – including Greater Manchester NHS – bear watching.

Altruism and the point of benefit

Choice and the distance between the share and the benefit also matters. Altruism does exist but otherwise, where individuals see a clear and immediate benefit there is more of a willingness to share; where the benefit is distanced and less personal, it breaks down.

When it comes to personal privacy vs. public good, establishing just how far individuals are prepared to extend the point of benefit is a practical embodiment of the data ethics debate.

Adoption of the several symptom trackers available demonstrates that Covid-19 has the potential to elongate the point of benefit. Tellingly, trackers released by medical professionals are more readily accepted. Bring non-healthcare public sector authorities and private commercial companies into the mix and distrust quickly builds, in part because it can rapidly lead to the ultra-sensitive area of data economics i.e. the value of a life vs. the cost to preserve it.

There are ‘calculators’ designed to predict a person’s risk of dying from Covid-19 that bring ethical and data economic issues into the light. There is merit in being able to predict a one-year mortality rate based on factors such as age, gender and underlying illnesses because it can inform policy such as preventative measures and treatments. The ability to take the risk of infection into account is also acceptable but factor in indirect elements such as strain on the health service and unease about ethics and data economics soon appear. Understanding the strain is necessary to ensure healthcare provision but push the argument along the logical pathway and ensuring provision could soon descend into costing and withholding provision.

Time to change perspective?

Perhaps it’s time to turn the conversation around and build on the recommendations of the Caldicott 2 report by considering the degree to which it is unethical not to share data for the common good (akin to the switch from opting in to organ donation to having to proactively opt out)? But as Caldicott 3 stresses, a ‘simple’ model for consent and opt-outs would be key and technology has a role to play here. The risk of misuse is so grave however, that this approach could only be applied to narrow, tightly defined, time limited use cases with intense governance – a lesson learned from the rejection of the 2014 initiative.

More fundamentally, acknowledging that the ‘benefit’ is a point on a sliding scale that is specific to each scenario and over which the individual must have some control, is the pathway to ethical practice.

About TechMarketView

Founded in 2008,TechMarketView is an influential analyst and advisory firm focused on the UK tech market. Trusted by tech suppliers and tech users as they navigate change, TechMarketView analysts are known for robust analysis of suppliers and disruptive market trends, blending UK depth with forward-looking insight.