The aim of this book is to generate debate and to provoke new visions for the sharing of personal and confidential medical data. Such discussion is framed through an exploration of the changing concept of ‘privacy’ and ‘patient control’ in healthcare information management. Best practices from Europe and the USA are combined to form a suggested vision for the UK as an early adopter of change. We argue that the UK has established a solid foundation upon which to build, but we also suggest that in today’s global society, which is no longer bound by geography, best practices from one part of the world can and should be replicated in other parts of the world. This model is therefore intended as an exploration of ‘the art of the possible’ in the management of healthcare data. All are invited and encouraged to build upon what we present herein.

This argument is hardly surprising as currently the question of ‘what is possible’ rests solely with the National Health Service (NHS); its artistic licence may well be exercised at will but we as the public know next to nothing about it. The onset of the Information Revolution² created a dilemma for the NHS in terms of how it addresses its obligation to use information to improve best practice (termed ‘collective transparency’) whilst also keeping personal information confidential (termed ‘individual privacy’). Unfortunately, to use a contradiction in terms, there is ‘limited transparency’ for the public as to whether the NHS is balancing this critically important informational relationship or whether its approach is fit for purpose. The public would need to know what the purposes for the sharing of information are to assess whether it is indeed ‘fit’.

This issue has been brought into sharp focus through the recent public debate about the NHS’s attempt to roll out a programme of work (‘care.data’³) which uses the public’s data for purposes other than their direct healthcare (‘direct care’). The programme uses only an ill-communicated⁴ information leaflet telling patients they can ‘opt out’,⁵ which brings the issue of consent and objections management to the forefront.

In direct contrast, the NHS Information Revolution publication⁶ vowed to put patients at the heart of healthcare decisions, giving them ‘choice’ and ‘control’. With hindsight, this was always going to be an empty promise, positioned before the revolution that promised patients the right to choose whether to control the sharing of their healthcare information or not. However to achieve this objective there is a need for the NHS to take several steps backwards before moving forwards. Unlike the system in the USA,⁷ in England there is a web of seemingly unconnected law, regulations and policy pre-existing this state of ‘patient empowerment’.

There is also a large distinction between sharing personal confidential data for direct care purposes and sharing personal confidential data for indirect care purposes. Direct care purposes are those of a clinician or care worker with a legitimate relationship to treat a patient. The sharing of personal confidential data for these purposes has a direct benefit for the individual. This is the type of sharing that the NHS has traditionally engaged in for the benefit of the individual in their care. Sharing for indirect care purposes is relatively new to the business of the NHS. These purposes are not for the primary treatment or care of an individual. They include the analysis of information for research, commissioning or payment of service providers and audit of services. However, this big distinction has been blurred. This is partially due to the unclear areas of law outlined above. There could also be some purpose behind the blurring: whilst the uncertainty exists, those who currently rely on implied consent for direct care purposes might conveniently blur the boundaries to make their essentially indirect care purposes fit within the definition so that explicit consent is not sought for these purposes.

The Caldicott Review⁸ highlighted the illegality of some practices, such as commissioning, which has led to various sticking plasters of legislation (namely s. 251 of the NHS Act 2006⁹) but no overarching solution. It also highlighted the need to share for direct care purposes to ensure that care is safe and effective. Nevertheless, in the midst of the confusion of yet another NHS reorganisation giving more power to the central NHS and less to the regions, the messages of the Caldicott Review which looked independently at the issues of information sharing without the clutter of other political agendas, have not been heeded. We purport that this has had two major impacts pushing in opposing directions, whereas the more difficult, yet more ethical, solution is staring us in the face. We argue that transparency and control for patients has still not been considered. As a result the first adverse impact has been on direct care, where some have begun to question the legality of the doctrine of implied consent. This is a common law concept that assumes that because someone presents for treatment they are consenting to their information being shared for these purposes. The pollsters show that people expect this to happen¹⁰ and are concerned that it may have a negative, and sometimes fatal, effect if this does not happen. Despite this we see proposed changes to the European Data Protection Directive¹¹ making explicit consent the default for all handling of health data. The second adverse impact has brought about the current principal debate.

The Health and Social Care Act 2012 illustrated the will of Parliament to allow a government quango – the Health and Social Care Information Centre (HSCIC) – the right to direct other parts of the health service to send personal confidential data about individuals to them for purposes of analysis (indirect care) without the consent of those individuals. However, even before this was put in motion through the ‘care.data’ movement the then Secretary of State for Health publicly contradicted the law at the launch of the Caldicott Report, stating that the public would have the right to ‘veto’ the transfer of data from GPs to the HSCIC,¹² in contravention of the right to direct the HSCIC to collect personal data laid out in s. 254 of the Health and Social Care Act 2012.

While this suggestion is definitely contentious, perhaps more detrimental to the government was NHS England’s attempts to honour this ‘pledge’ through a leaflet drop highlighting an individual’s right to opt out of the ‘care.data’ scheme. The leaflet was compared to a ‘pizza menu’¹³ and led to a freeze of the rollout of the ‘care.data’ programme. Hence unsurprisingly we are currently in a position of stalemate, where fair processing and the ‘right’ to object are becoming too difficult for the government to control on their own. Patients are more aware than ever that they have the right to object to the sharing of some of their data but are still largely unaware of the data sharing that currently happens and that which doesn’t happen which might lead to their harm. Likewise they are unaware of the benefits to society of sharing information, which could help to improve treatments or services.

In the spirit of pragmatism this book develops a way to address this lack of transparency and choice through the use of technology. It suggests that a portal could allow individuals to access their data, to add to it, to decide who else can see it and for what purposes and to understand when they do not have the choice because of a law which mandates either sharing or secrecy. This is becoming more important as the population is increasingly more geographically mobile. As society is travelling or working away more often than in the past, the idea of personal relationships with a local GP who solely holds and controls your paper health records to make decisions about your care is rapidly becoming outdated. Because it is this type of trust which gives rise to relationships of ‘confidentiality’, we must reconsider whether this ruling concept of ‘confidentiality’ in health is also becoming outdated or whether the nature of the relationship(s) can evolve with the times.

We must not forget that ‘confidentiality’ as a concept requires consent from the individual. This begs the question of whether we in fact need anyone to control our information on our behalf. Hence, we propose that using an internet-based portal could allow people to access and control their own data, or allow others to access it if the individual chooses that, wherever in the world they may need treatment. This book is therefore about empowering people to make informed choices about sharing their health data. But what if an individual does have a personal relationship with the GP, an unspectacular medical history and has no desire to make choices about the sharing of their healthcare data? We argue that although it is a very reasonable choice to make, nevertheless it should be an ‘informed choice’. What is particularly intriguing about this observation is the question that we pose – ‘How do you know what you don’t know?’ It is this question that the model we propose addresses. Currently there is considerable uncertainty as to the legal and regulatory status of several essential aspects of sharing healthcare data across different jurisdictions. The application of established data protection concepts and rules for processing and sharing information in the context of the NHS...