Healthcare data is valuable. In particular, aggregating and analysing large-scale healthcare data using machine learning and other data analytics tools may offer new insights in relation to diseases, resulting in better patient outcomes. Furthermore, according to the 2019 EY report on realising the value of health care data, this is expected to generate knock-on effects in relation to operational savings for healthcare organisations and the public sectors that fund them.
Additionally, sharing healthcare data between hospitals, medical centres and research institutions making it more easily accessible is also expected to unlock significant value. In particular, the digital transformation of Healthcare Records would enable the sharing of allergy or prescription data across sites, which would contribute to better quality of care, especially in emergency circumstances.
Beyond the immediate use of healthcare data for patient treatment, experts also expect that this data can be used to facilitate the development of health data-driven innovations like clinical decision support tools or apps (or other support software) for patients and doctors.
Combining these two potential benefits, EY has estimated that the UK’s NHS data set could generate approximately £9.6bn per annum in benefits.
How to unlock the value of healthcare data while achieving compliance
The collection and large-scale analysis of healthcare data offers a number of benefits to patients, practitioners, and researchers alike. However, according to the latest data protection legislation (e.g., Art 9 GDPR), healthcare data is classed as special category data. This means that in order to collect, process or share this data, organisations must have a lawful basis for doing so and may require explicit consent from the individual whose data is being shared. This is especially the case when further re-using the data for research, innovation or other secondary purposes.
At the same time, the potential benefits of re-using healthcare data to support research and innovation create a drive to re-use clinical and other types of data beyond their original purpose.
In the healthcare sector, this tension has manifested in the context of Data Sharing Agreements, where organisations’ positioning as Controllers and Processors can become contested. For example, a hospital sending blood samples to a lab often sees itself as the Data Controller and the laboratory as a Processor. However, conversations with the laboratory can reveal that the laboratory intends to add the sample to their databank for research purposes and sees themselves as a Controller as well.
In healthcare especially, patients are often agreeable to their data being used to further insights and innovations for the common good. Nevertheless, even if patients were agreeable to such re-use of their data, their explicit consent would have to be recorded and stored in order to comply with GDPR.
These examples reveal healthcare data can be utilised as an asset to unlock innovation and other benefits, if and only if the proper data protection compliance safeguards are put into place.
Measures such as robust consent forms, enabling data sharing and re-use for research purposes can provide a lawful basis for the further processing of patient data for research purposes, while Data Sharing Agreements can define the role of each organisation using the data, the purposes for which it is being used and the security and governance requirements that must be respected. Defining this legal framework enables the lawful use of healthcare data to benefit patients, the economy and society as a whole.
The Trilateral Research Data Protection and Cyber-risk team has been working on the processing of special category data since 2015. We offer data governance services that can help your organisation develop policies and procedures for ongoing compliance. Trilateral can help audit existing practices, perform gap analyses, and offer compliance support to help turn your healthcare data into an asset that can bring added public health and social benefit. Please feel free to contact our advisors, who would be more than happy to help.