The health service must do more to convince patients that their data is safe following the accidental sharing of information on people being treated for HIV, the man asked to investigate NHS security measures has said.
Health secretary Jeremy Hunt on Wednesday ordered the Care Quality Commission (CQC) to carry out a review of data protection procedures across the health service, after the NHS-run 56 Dean Street clinic in Soho shared the names and email addresses of more than 700 of its patients in a regular newsletter. The sexual health clinic has apologised for the leak, which it has blamed on a “human mistake”.
Speaking at the NHS Innovation Expo in Manchester on Thursday, CQC chief executive David Behan said the health service needed to focus not just on data security, but on improving the way it informed patients about the safeguards that do exist.
Interview: David Behan, CQC
Explore our transparency & open data section
PARTNER: The benefits and challenges of harnessing data
“Yesterday we had the release of personal data of people from an HIV clinic, and there has been a succession of things being released,” he said. “It seems to me that we need to find a way of actually instilling some degree of confidence in people whose data we hold. We need to have a conversation with people about how that data is going to be used.”
Behan — who also chairs the health service’s National Information Board — said that the benefits of sharing data across the NHS were too often poorly explained to patients, with reassurances sometimes couched in “arid” technical language.
“One of the things that me and my team are asked to do as part of the National Information Board is to look at things like secondary uses [of data].
“This is known as work stream two-point-two. And if you’re not falling asleep, then I’m falling asleep talking about two-point-two and the secondary uses of data. “How about saying [to the public], ‘Come and help us improve the quality of care for everybody through the use of data?’
“And actually, one or two people might wake up at that and think, ‘I’m up for that, I’m up for a conversation about how we can do that and how my data and my dad’s data can make a combination […] to actually help us look at patterns and trends.’”
He added: “We’ll get confidence in the storage and usage of data when people understand what we’re trying to do, and how it acts in their interests, and when we can give people confidence that, if they’ve been to an HIV clinic, that data is not going to be released and that nobody, apart from who I’m going to tell, is going to be told about it.”
Addressing the Expo on Wednesday, health secretary Jeremy Hunt branded the leak “completely unacceptable”, and confirmed that the CQC would work with Dame Fiona Caldicott, national data guardian for health and care, to investigate wider NHS data practices.
Hunt said: “Nothing matters more to us than our own health but we must also understand that for NHS patients, nothing matters more to them than confidence that the NHS will look after their own personal medical data with the highest standards of security.”
The Information Commissioner's Office has separately launched its own investigation into the Dean Street incident.
Keogh: "Failure to link data costs lives"
The CQC chief’s comments came as part of a wide-ranging discussion — chaired by the Department of Health permanent secretary Una O’Brien — on the impact of technology and open data on the NHS.
NHS England’s national medical director Sir Bruce Keogh spoke of his own experience in reassuring patients the use of their medical data, and reflected on the lessons learnt from the controversial care.data scheme.
The programme — which aims to place data held by GPs with the centralised Health and Social Care Information Centre — was delayed amid criticism that NHS England had not done enough to calm public fears about the way the sensitive information would be stored and used.
“We had some difficulty around the care.data programme,” Keogh told the Expo. “And I think people need to be able to trust both that we can keep their data safe, and that we are going to use it for the right purposes, both for their own treatment and for the benefit of others.”
He added: “We spent quite a lot of time [with the care.data initiative] focusing on the benefits of sharing that kind of data — but there’s a bit of me that thinks we also need to be absolutely clear that a failure to link data costs lives. It means that there’s an opportunity cost in terms of knowledge.”
Keogh also pointed to the way an initially “unpopular” move to publish surgeon performance data in the wake of the Bristol heart scandal had helped surgeons to “focus on whether they were doing the right operations on the right patients at the right time”.
The opening up of performance data had, he argued, also worked to empower patients with information, ultimately allowing doctors to focus on treatment.
“The other thing that I found in my clinic was, people would come in with reams of paper,” the NHS medical director said. “They’d been on the internet, they’d know about you, they’d know about the condition, and they’d know what your results were.
“What had normally taken you the best part of a twenty minute consultation to get to, you could get to in a couple of minutes. And you could have a really meaningful and human conversation with people about what their own treatment meant."