How are we using health and care data in London?
Here’s how we’ve used public recommendations to develop a consistent set of rules around the join-up and use of health and care data in London. This summary from OneLondon’s Clinical Lead, Dr Sanjay Gautama, explains what we’re doing with Londoners’ health and care data, and importantly, what we’re not doing.
In 2019 OneLondon initiated a Conversation with Londoners to understand people’s expectations around the uses of health and care data. Initial research and engagement established significant support for data sharing but also identified some key questions to explore further. In February and March 2020, 100 Londoners came together in a Citizens’ Summit to discuss, debate, and recommend how London’s health and care services should be joining up and using people’s health and care data.
They expected their personal – or identifiable – data to be accessed and used to support their individual care, as long as safeguards for keeping their data secure were in place and there were controls around who can see this information. There was also strong support for using non-identifiable – sometimes referred to as depersonalised, pseudonymised or aggregate – data, to help plan and improve health and care services, and for research. Importantly, participants expected a single set of rules around data use, rather than organisations being able to create different policies, and they felt strongly that the public should continue to be involved in shaping these rules for London.
Since the Citizens’ Summit, London’s health and care partnerships – or Integrated Care Systems as they’re now called – have been working together to implement these public recommendations. One of the first steps has been to develop a OneLondon Data Sharing Framework, recognising public expectations for a consistent set of rules around the join-up and use of health and care data. This framework describes the principles for safe and secure data sharing in London, and is explicitly shaped from the detailed recommendations and conditions set out by the public.
In short, the OneLondon Data Sharing Framework:
- Sets out the purpose and principles (the ‘why’) for the join-up and use of health and care information in London
- Sets out the information governance processes in place to support safe-secure join-up of information across London
- Includes examples of the types of data that will be shared
- Provides detail of the lawful basis for data sharing
- Details who has access to the data and the safeguards in place to protect it
Here’s how the framework was developed and who was involved:
All of London’s Integrated Care Systems and their partner health and care provider organisations have agreed the framework in principle, and are working towards making any necessary adjustments and iterations to their local data sharing arrangements to support a consistent approach for London.
So what exactly have the Integrated Care Systems and local data controllers signed up to? How are London’s health and care services using health and care data? Here’s a summary of what we’re doing, and importantly, what we’re not doing.
What we’re doing with your health and care data:
1. We are securely sharing your personal (identifiable) health and care data to support your individual care at the point of care
- This means that health and care professionals can access your information to support your direct care
- Systems are auditable, so it’s possible to see who has accessed your information and when
2. We are using non-identifiable – or depersonalised – data to help plan and improve health and care services, and for research
- We are using trusted health data environments when joining-up data for service planning and research to ensure that it is safe, secure, and can’t be accessed for unauthorised use
- Applications for using data in this way are approved via local governance arrangements and processes that involve the public and data controllers
3. We are working towards consistent governance and processes for using data in London, to ensure this is both trustworthy and legitimate
- This is enabled by the London Data Sharing Framework which provides a ‘gold standard’ for what local health and care organisations should be doing
- The five integrated care systems and London Ambulance Service are working together as a OneLondon collaborative to ensure this consistency
- Control of health and care data remains with individual local health and care providers
What we’re not doing with your health and care data:
1. We are not sharing your personal (identifiable) health and care data for anything other than to support your direct care
- There are examples where we use personal data to support your direct care by conducting analysis to support your care. This is sometimes referred to as ‘proactive care’ and can support effective intervention (for example, notifying somebody about their flu jab, or cervical screening)
2. We are not selling non-identifiable (depersonalised) data for research
- Instead, we are charging for services to support the research based on a robust application process involving local data controllers and citizens. This could include providing access to the data in a trusted health data environment for a defined period of time and for a specific, agreed purpose
3. We are not selling data to insurance companies
4. We are not contravening the Common Law Duty of Confidentiality because we only use depersonalised data for the purposes of service planning and research
For more information, including how you can opt-out of your non-identifiable (depersonalised) health and care data being used for care and service planning and research, visit our Frequently Asked Questions.
Dr Sanjay Gautama is a consultant anaesthetist, Chief Clinical Information Officer, and Caldicott Guardian for Imperial College Healthcare NHS Trust. He is Clinical Informatics Lead for the NHS London Region, and chairs the London Information Governance Steering Group.