A large-scale public engagement report commissioned by NHSE on building and maintaining public trust in data use across health and care has been published, focusing on the approach to creating a single patient record and the secondary use of GP data.
It noted “relief” and “enthusiasm” from participants around not having to repeat their health history when interacting with different parts of the health and care system, and highlighted concerns about data accuracy, privacy, and security.
120 participants were recruited for tier one, with 98 remaining by the end, for 15 hours of deliberation over three days in locations including Liverpool, Leicester, Portsmouth, and South London. Inclusive engagement for tier two recruited 76 people from “seldom heard groups” such as those with health needs or socially marginalised groups for interviews and small group sessions. A nationally representative ten-minute online survey with 2,000 people was also carried out in tier three.
“To start with, the concept of a single patient record was met with relief and enthusiasm across Tier 1 and Tier 2 participants,” according to the report. Participants reportedly highlighted benefits such as improved experiences of using the healthcare system, improved efficiency of care, and better health outcomes. Initial reactions also outlined concerns about maintaining data accuracy, privacy, and security, with fears a single centralised record could increase the risk of cyber attacks, but “the broad consensus across the whole of cohort 2 was that the benefits would outweigh these risks as long as high levels of security, accuracy of data, and transparency were ensured”.
Trust in a single patient record would be dependent on a high level of security to include staff training, transparency in design and access to the record, accountability for when things go wrong, and patient choice on how data is shared, findings noted. Participants “rejected the idea that all health and care professionals should have full access to an individual’s single patient record”, instead preferring a tiered system of access, based on urgency and breadth of care responsibilities, with an audit trail showing access history. Concerns around cyber security could also be mitigated, participants shared, by limiting the sharing of sensitive information or providing patients with a summary record only.
Policy recommendations based on this engagement outline the need to include a record of access, to implement tiered access, to ensure rigorous training in data use and security for health and care professionals, and to maintain transparency “from the start”, acknowledging risks up front and ensuring patients have a say in implementation.
When it comes to GP data, participants were “largely unaware” of secondary uses, but initially expressed comfort in the idea of it being used for saving lives, improving care, prevention, and efficiency in delivery of services. Concerns were broadly similar to those about the single patient record: concerns about data breaches, incorrect data, misuse, sensitivity of data being shared, bias against individuals, and the potential for re-identification. Some participants felt GP data should be treated differently because “it is likely to contain more intimate information”, offering greater risk to the individual patient if data were to be misused. Others felt it should be included alongside secondary care data to ensure a “comprehensive dataset”.
Participants were “reassured” overall by safeguards in place such as de-identification, staff training in data handling and security, and data regulation such as GDPR and the Data Protection Act. “There was a widespread feeling among Tier 1 and Tier 2 participants that the current model of the GP being the data controller for both direct care and secondary uses placed too much of a burden on GPs when it came to how data is used for secondary purposes,” findings show. “They wanted to see a new model which would allow for greater consistency of approach, transparency, and accountability.” Tier one participants suggested this could be a move to national or regional decision-making on secondary use. Tier three participants who only engaged with the topic online were “more resistant” to moving away from GPs as sole data controllers, with the report stating: “This greater reluctance to change demonstrates the need for careful communication with the public about this topic as changes are made, and continued involvement of the public.”
Policy recommendations around these findings include that decision making should move to “a model that balances the need for national consistency and regional responsiveness”, with participants given clear insight into how decisions have been made, and with voices of lay people, experts in data security, and GPs represented in the decision making model. Due to the sensitive nature of GP records, it is also important to communicate any steps being taken to keep it secure, like the use of secure data environments (SDEs).
Single patient record wider trend
NHS England shared a preliminary market consultation and request for information from suppliers for a single patient record in May, aiming to gain innovative ideas from the market, consider all options available, and approach the SPR in “the most effective way possible”. Draft minimum functionality is outlined, along with a request for feedback from suppliers on how NHSE can maximise the value of current infrastructure in the development process.
Patients Know Best has been selected to provide a single patient record system for the Government of Lagos State in Nigeria, forming part of a partnership between Interswitch Group and the government to introduce the Lagos Smart Health Information Platform. The contract will enable the government to host health records for over 20 million citizens, said to mark a significant step forward for healthcare infrastructure in the region.
Patients Know Best has also announced the national launch of GP data integration with its single patient record platform. The development enables every adult patient in England to store in their PKB personal health record, a copy of the data their GP has released. Following a soft release in May, over 900,000 patients have chosen to store their GP record in PKB, the company stated, adding how this “underscores significant public demand for having their health information in a single, unified record”.
