Patient data sharing
How health data can be shared safely and appropriately to benefit people with dementia and medical research.
Health data is generated through the care of patients and in recent years there has been an exponential growth in the amount of health data that is collected. With rapidly evolving information technology it is possible to integrate and analyse a range of data sets with the aim of improving the delivery of healthcare and increasing scientific understanding. Within the UK there is a particularly rich source of potential information given the coverage and accessibility of the NHS.
Such development offers great potential for research, however there are potential risks and valid public concerns, particularly around data security and appropriate consent for data use. This policy statement outlines Alzheimer’s Research UK’s position on the key steps needed to ensure that data can be shared safely and appropriately to bring mutual benefits for patients and medical research.
How can patient data sharing support dementia research?
Health information can be used to support medical research in several ways, for example:
- Providing a better understanding of factors that affect health and disease.
- Measuring effectiveness of treatments and interventions.
- Finding people to take part in clinical trials.
- Optimising the use of resources.
- Planning services to meet patient needs.
There are different types of data that can be shared, as outlined in the image above (taken from the Understanding Patient Data website). Personally identifiable data, includes details like name or NHS number. This data is the most highly regulated with strict penalties for misuse. Patients can opt out of sharing this data under new NHS England regulations. De-personalised data is information that includes fewer details than personally identifiable data, but which has the potential to be traced back to an individual. There are strict safeguards on how de-personalised information can be used because there is the potential that it might be possible to re-identify someone. Finally, there is anonymised data, where the information about an individual cannot be linked back to the original patient record it came from. This information is published more openly than the other types of data, and researchers generally use anonymised data wherever possible. NHS England patients cannot opt out of having anonymised information shared.
Data sharing for individual care
To offer joined up care and the best outcomes for patients, information stored in different parts of the NHS needs to be shared. Data systems between NHS organisations (whether GPs, hospitals or community services) have not historically supported the sharing of clinical data, as IT systems may not be compatible. This can undermine the quality of care and can also limit the potential benefit to research. There are initiatives to try and improve connectivity between organisations, certainly across some local health systems, however there has not been widespread success across the NHS. There are multiple challenges to achieving this aim including fragmented decision making, limited budgets, and ongoing public mistrust.
There is widespread public support for data to be shared to support research – a recent survey by The Wellcome Trust found that 77 per cent of people surveyed would be willing to allow their medical records to be used in a research study if there were anonymised.
However there remains some public concern regarding the ability of organisations to safeguard personal, sensitive information. In the past, there were concerns that data was relatively easy to de-anonymise and could be shared with other organisations, including commercial organisations. In 2014 the Care Act specifically outlawed sharing of potentially identifiable data for the purposes of commercial insurance. There are now four ways in which patient privacy is shielded:
- Removing identifying information.
- Using an independent review process.
- Ensuring strict legal contracts are in place before data is transferred.
- Implementing robust data security standards.
NHS England launched a new National Data Opt-out in May 2018.People in England have the choice to opt out of sharing their personally identifiable data for purposes other than their individual care.
Scotland has an opt-out system called SPIRE. In Wales, patient data is collected through the National Wales Informatics System (NWIS), which removes personally identifiable information, and anonymised patient data is stored through the Secure Anonymised Information Linkage (SAIL) databank. Requests for patient data in Northern Ireland are handled in part by the NHS’ Honest Broker System (HBS).
- We believe that sharing data can save lives, improve the delivery of healthcare and support research. It is important that:
- Data is anonymous wherever possible.
- Data is used only for research or the planning and improvement of care.
- Data security policy and practice is high quality and regularly reviewed.
- We recognise the need to ensure all data is treated with the greatest respect.
- We respect the right for any individual to withhold consent to share data, and that this should have no impact on the quality of care they receive. This may be particularly challenging for people with dementia, who may not be able to give informed consent. There should be appropriate processes and support in place to help people make their preferences clear.
- There must be adequate safeguards and processes to ensure all data is stored and shared safely, accompanied by ongoing investment to ensure that security of data is maintained.
- There should be ongoing engagement with the public and clear information available to help people understand the benefits and potential risks of patient data sharing. This must include a clear explanation of what patients are consenting to, and how data uses might change in the future.
- The NHS and clinicians have an important role in communicating and supporting patients to consent to data sharing, as well as providing information on how people could become involved in research.
- There must be broad reassurances from key industries (e.g. insurance and pharmaceutical) that the data will never be used for marketing or actuarial purposes, and there must be a strong and enforceable policy in case of any breach to this agreement.
Alzheimer’s Research UK is a member of the Association of Medical Research Charities (AMRC) and supports their statement on the use of patient data for research. Further information about patient data sharing can be found at Understanding Patient Data.
 Wellcome Trust (2016) Wellcome Trust Monitor Summary Report Wave 3. Tracking public views on science and biomedical research.