Data may save lives but does sharing it inevitably vitiate privacy?
The balance between sharing data for the common good and protecting data to safeguard individual liberty is nowhere more fraught, as a question, than in the field of health data.
Under the banner of data saving lives, hoisted above the fray of the Covid pandemic, the government is proposing a “new duty to share anonymous data safely and appropriately across the entire health system”.
This has prompted a House of Commons Science and Technology Committee inquiry into the sharing of personal health data for what is called “innovation” and into what are the “associated privacy concerns”.
The first oral testimony session was held last week (Wednesday 25 March), following the launch of the inquiry on 20 December 2021, “The right to privacy: Digital data”.
The first session took testimony from Andrew Morris, director, Health Data UK, Phil Booth, co-ordinator, medConfidential, Christopher Holmes, programme director for Health and Medical Sciences at the Alan Turing Institute, Melissa Lewis-Brown, head of research data strategy, Cancer Research UK, Aziz Sheikh, director of the Usher Institute and dean of data at Edinburgh University, and Chris Molloy, CEO, Medicines Discovery Catapult.
The full transcript is here.
There is no gainsaying the difficulty of coming to a hard and fast view on the debates in this area. The simplest approach is to take a communitarian point of view or a libertarian one. Either accept that your health data feeds research, as it is shared, or interdict its being shared. If you take, as many of us do, a more provisional position (“I am happy to have my health data shared as long as it is not used for purposes of which I would not approve” – like being used as the data fuel for a commercial venture) you have to take the risk of being disappointed.
For the word “innovation” is not innocent. It is code (whether deliberate or not) for generating companies around the NHS. And there is no right answer about the moral acceptability of that. Your viewpoint will ultimately stem from your politics – communitarian or libertarian.
Morris’ opening statement was crystal clear in its endorsement of innovation.
“When we think about health data it is not just about medical records and NHS data. If we are going to seize the opportunities of the fourth industrial revolution in a trustworthy way, it is about building the integrity of a trustworthy health data ecosystem that has the ability to link health data from medical records with omics data, which is biological data from genetics—proteomics—with pathology data, but also environmental and social administrative data, because it is often when one can link data in a trustworthy way across these domains that the most exciting discoveries and impact on human lives can be made. We prefer the term “health-relevant data”, which spans multiple domains”.
From the opposite point of view, Booth was equally lucid in his foregrounding of the unintended consequences of health data sharing, however carefully governed.
“Things like the increasing use of whole genome sequencing start to create data that can clearly be to do with a person’s health but can be used in many other ways as well. It is not just about linking the social administrative data to the health data. What we are creating in the course of healthcare, diagnosis and possibly even research can be used for other purposes, such as determining paternity and ancestry.
“[T]he risks can be multiple and [are] different for different individuals, should their information be used, misused, or abused. There could be embarrassment; as I said, people don’t like to reveal certain things. There could be discrimination; there have been legal cases where someone’s medical status has become available to people in the workplace, and that has led to discrimination against them. It could also, unfortunately, lead to things like scams, and unlawful targeting of the vulnerable”.
There was common ground between the two first witnesses. As Booth put it: “as Professor Morris says, we advocate, and have done for many years, for the use of these trusted research environments, rather than the dissemination—the copying—of lists of individual-level linked data out to various entities. The main risk—I think we are in agreement here—is trust. We do not want to collapse trust, because without trust, we do not get all the positive benefits. That has been demonstrated by projects such as care.data in 2014”.
But he also put very crisply what is an ineluctable tendency of health data becoming a fuel for private companies to exploit.
“It is a pretty consistent public attitude that quite a number of people do not like the idea of profit-seeking organisations deriving commercial benefit from their data. In fact, it is one of the leading reasons why people might not be comfortable with sharing their information for medical research.
“Unfortunately, historically the NHS and the pharmaceutical industry have obscured much of this sort of reuse through what are called information intermediaries — companies that service other companies, if you like, with data. Exploiting carefully framed terms like ‘cannot be exclusively commercial’ still allows a commercial organisation to service the NHS and a whole bunch of other commercial companies, and ‘for the promotion of health’ goes along with a promise that patients’ data will not be used for marketing or insurance purposes — but that still allows a lucrative market to thrive around what are called market insights and market access”.
With these excerpts from the first session, the surface, here, is being scraped.
My overall observation is that under the banner of “data saves lives”, raised aloft by virtue of the UK Covid-19 pandemic response (which did indeed make great use of data), the seeds of private companies are germinating. And whether that is a good thing or a bad thing, or a mixture of both, remains to be seen, but certainly demands mindfulness and scrutiny. Innovation is not necessarily a good thing. The guillotine was innovative, and, arguably, humanely so.
The next oral evidence session of The Right to Privacy: digital data inquiry is on Wednesday 20 April.