Challenges of sharing information for  multiple purposes across local health  economies 

Challenges of sharing information for multiple purposes across local health economies An BCS Health open debate was held on Thurs 4th Nov on the topic of “Challenges of sharing information for multiple purposes across local health economies”. This topic contributes to our strategy and policy theme of “Preparing for information being mission‐critical to the NHS” and to the current NHS Information Revolution consultation. The event was attended by 30 informaticians and interested parties from the NHS, industry and other organisations. A high quality debate followed stimulating key note briefs from: 
Dr Phil Koczan, Clinical Lead, NHS London Programme for IT

Ralph Sullivan, National Clinical Lead for Primary Care, NHS Information Centre

Roger Taylor, Director of Research and Public Affairs, Dr Foster Intelligence
The first speaker outlined a case study in Outer North East London where primary and community care information was being shared across a local health economy with national dataset feeds, for both primary and secondary uses. He raised the practical information governance issues that were being raised. The second speaker gave a talk on how data extraction services can be scaled nationally, whilst the third speaker spoke on the broader implications and challenges of sharing information. The open debate that followed has been written up below. Issues that arise with GPs and clinicians on sharing of data The work in Outer North East London uncovered the following questions: ‐
‐
‐
‐
Is patient consent required to analyse the union of previous disparate datasets to make clinical care decisions? Does using data for identifying patients at risk constitute a secondary use? Does it matter what system is used (GP system vs. data warehouse)? Should administrative staff running community based services (eg retinal screening) have legitimate access to patient identifiable data? General Practitioners are confused, it is not clear to them and others what is permissible in terms of information sharing. They are clear that it is permissible to share identifiable patient data with other carers for the purpose of caring for the patient. However they are much less clear on whether they should allow sharing of identifiable patient data in order to create anonymous merged datasets for secondary purposes. Is this allowed or not allowed? Currently such considerations generate a lot of NIGB requests. Clarification required of whether clinicians should allow sharing of identifiable patient data in order to create anonymous merged datasets for secondary purposes. An interesting and important scenario arises when pseudonomised datasets that are merged coincidentally reveal some important new piece of information that may require clinical action. GPs are generally unclear whether it is legitimate to re‐identify the patient in these circumstances and whether this is allowable without consent in place. There are ethical considerations here and this may be an opportunity for patient control. Clarification required of whether it is legitimate to re‐
identify the patient without consent when new concerns are coincidentally discovered in pseudonomised datasets. We shall explore below the challenges that arise when sharing information that has to be worked through. The NHS Information Revolution depends upon exposing information in healthcare and its success demands it. But what if GPs and other providers say they don’t want to give their patients’ data away? Will they adopt a culture change of releasing data extracts? Will they hide data until the quality is right and the purposes known? Data quality We know that data quality in information systems is a real problem. Healthcare has become blasé about ‘driving through red lights’ in the way it has looked after its data. It was felt that the use of the data will drive improvement in its quality. But we have yet to learn how this can be fully realised, for example does exposing data to patients really improve its quality? There is often resistance to sharing data on the grounds that the data is not accurate enough. But why is the data not accurate enough in the first place? Who is responsible for ensuring that it is of good quality? There are some good reasons to temporarily withhold data, e.g. following a data migration until the quality of the migrated data can be verified, however these should be the exception rather than the rule. Requirements for information sharing The audience believed that there is no consensus on the requirements of what is expected for information sharing and that this is urgently required. Urgent clarification is required on the requirements for information sharing. It was argued that the requirement is not complex to understand but would include the need: ‐
‐
‐
Ideally for data to leave its source de‐identified For data to be pulled together from different sources and linked together for further processing and analysis. That actions that result from information analysis need to be passed back to the sources where they can be re‐identified as required. There has been much recent debate on the topic of safe havens to broker information in the healthcare system. Such safe havens could receive identifiable data from multiple sources to merge and (pseudo)anonymise on export for secondary uses. If Privacy Enhancing Technologies are placed inside of originating data sources they could be applied to source data in a consistent way so that only pseudonymous data left the source in a way that enabled merger with other such derived pseudononymised data sources. Such a mechanism would enable automation of the safe haven as a technique without requirement for a physical organisation with state controls and is highly desirable. Whilst proven in local settings there is a pressing need to demonstrate that Privacy Enhancing Technologies works at scale in healthcare. The Information Centre believes that control points are required along the information sharing process path to ensure GPs and others can override and stop information sharing that they are not comfortable with. Control of records Current Government policy formation and the NHS Information Revolution consultation are strongly advocating a move to patient access and control of medical records. Given the historical legacy of building information systems around clinicians and organisations needs this is a challenging task. The meeting identified however that we must pause to unpack what we mean by ‘control’. When a clinician records some information on a patient and references family members or other formal or informal carer, is this still a patient record? Healthcare and society is more complex than this, we operate in social networks with a network of obligations. Could this ever really be reduced to a single stakeholder to control it, no matter how seductive? We need to look at data afresh and clarify the debate on what is meant by patient control. We should move on from discussion around “control” and “ownership”, and focus debate and progress on “obligations”, “uses” and “rights”. Privacy, Security and Information Governance The public sector at large is working out how to rapidly expose its data to drive service improvement for the public. It was acknowledged that exposure of data to public scrutiny could lead to sensationalist press coverage. However it is the only one way to improve quality in the long run. We need to escape from the culture of blame. We need to implement a virtuous cycle instead of the vicious cycle which perpetuates poor data quality because the data is never exposed to scrutiny. There was a strong consensus in the meeting that there was far more regard for privacy and security in the healthcare sector and that other parts of the public sector had much to learn from healthcare’s lead. But it was also argued that this debate is two years out of date ‐ has the world moved on and is healthcare stuck in an old paradigm of sharing between healthcare organisations and clinicians? We need to ask how the system should work for the patient, and then determine the Information Governance required. We can expect patient data to fly across care boundaries that we need to deal with. There are several consultations that the BCS is dealing with that are relevant to health data sharing, of which the most pertinent are the Information Commissioner’s proposed Data Sharing Code of Practice, and the EU’s paper on Public Sector Information – Access and Reuse. The closing dates are 5th Jan 2011, and 30th Nov 2010 respectively, and there will be BCS Health input into both these. It was felt that we also need to be able to speak directly to patients to understand what it is they want, not just to the various bodies which represent them. Caution is required as the purpose of data collection is changing. We were reminded that medical records are recorded for specific purposes useful to that clinician and the care they provide – for example they act as an aide memoire, a medico‐legal record and a means to action transactions. The NHS Information Revolution tips this on its head as it intends to share the same data for any purpose known or unknown. Is this the right information for other such purposes? What are the limits we can expect of the ways in which we can use such data? Will clinicians need to change the way they record notes for the multiple purposes it may be put to? The semantics will be fundamentally important as they will affect the quality of data depending on the purposes it is used for. Consequently ‘don’t expect to get what you want’. We must think afresh and design our information capture requirements with this new multi‐purpose paradigm in use, with appropriate use of intercollegiate standardisation on clinical content and noting. Of course relevant legislation and regulations have been built around an old paradigm where data is collected for known and specific purposes, this is true for example of the Data Protection Act. UK and Europe requires a fresh look at legislation and regulation surrounding data sharing so that it can accommodate this new paradigm of sharing for multiple and potential unknown future purposes. To this end the Information Commission has a consultation paper out on data sharing. Sharing and obligations to share What does it mean to share data in the healthcare field? Do we know what it means to browse someone else’s record? There are several ways of sharing data, and it is important we make the best use of the strengths and avoid the weaknesses of each when we consider each use case. Besides record browsing, these include explicit messaging and tailored views of other records, as exemplified by medical portals being developed by the GP system suppliers. The TPP single care record has promoted a different approach as it enables multiple care professionals to see the one patient record. But this exposes all sorts of challenges around terminology and cultures. Different care professionals have different ways of expressing themselves and recording information so that shared records can create confusion and professional clashes. There is often a lack of standardisation, e.g. around coding systems. There is a need to understand better the different terminologies and cultures of different care professionals and how they can be accommodated whilst achieving a common degree of standardisation. We need to learn to crawl before we can walk, and aim to get a handful of things right before we move forward at speed. It is not just about clinicians but patients too. The art of clinical history taking is the art of meshing two models of the world – the patient’s model of illness and the doctor’s model of disease. The patient’s story will change every time it is presented and will be heard differently by different care professionals. Hospitals have a requirement on them to share patient information with GPs and processes have developed to enable this. But there is no reciprocal arrangement for GPs to share information with hospitals in the same way. We need to create a culture of reciprocal sharing based on obligations and trust with the best interests of the patient. We need to avoid undue damage of sharing. We need a policy commitment to help build confidence if we want information to be effective. There is no current emphasis on the benefit to clinicians of sharing. There are benefits for quality and incentives have been shown to work through pay for performance schemes such as the Quality and Outcomes Framework. Anonymous benchmarking is a fundamentally important tool to drive quality improvement in services and this will only be made possible with information sharing. Clinical conformance with national datasets that have little clinical benefit is a known problem. The benefit to clinicians and patients is pivotal and must be understood in order to gain trust and participation in information sharing. Any objection to sharing data needs to be overcome and there should be a statutory obligation to share data if contracting with the NHS and this should be included in the minimum set of requirements for contracting. We must also consider the broader information sharing implications with patients. Patients ask increasingly difficult questions of clinicians, but clinicians haven’t always been able to trust the information that is available to them. Perhaps this is overstated as there is a lot of powerful information available but it needs to be presented to clinicians in the right way. The same is true for patient engagement – there is much information available that needs to be presented to patients in the right way if it is to be effective. Trust is required around information processing and this will require a locally driven approach where there is an understanding and appreciation of the data. We need to be clear on why we are joining up information and what purpose it serves. We need public interest tests to see whether joining up information is worth doing on a case by case basis. We could create anonymous datasets first to see if it is worth doing and consult the patient before creating more complicated dataset integrations with identifiable data. We need to understand whether patients understand the limits of consent? Should they be able to use NHS services and refuse consent, c.f. taking out insurance and refusing to give the data required for risk assessment is not likely. We require a debate on social responsibility of patients engaging in healthcare and the expectation on consent requirement. Clinicians require more support in terms of training and education in a number of areas ‐ how good quality information can support good care delivery and multi‐disciplinary teamwork and under what circumstances is it appropriate to share information. Clinicians and informaticians have to evolve a common understanding and language when designing and configuring clinical information systems to ensure that the technology supports the needs and the governance around information sharing and secondary use.