The positive potential of GDPR – sharing data for the good of public health
Published: May 11th, 2018
_If medical innovators can find a way to promote trusted data-sharing that patients have control over, a world of possibility will open for more proactive and effective healthcare using IoT, AI and other enablers, says _J Cromack, chief commercial officer at Consentric. The opportunities for healthcare providers to harness the latest technology and make smarter use of data are boundless – from pre-empting patient conditions before symptoms worsen to targeting treatments more effectively, using everything from connected ‘wearable’ devices to artificial intelligence to look for the tiniest clues. As health records that include medical images are captured digitally, and as more individuals willingly wear devices that monitor basic health signals, it becomes possible to build up a rich, connected and evolving picture of someone’s health – and trigger alerts and actions if something in the data is awry. Together, personal health apps, real-time data analytics and artificial intelligence offer a new way to think about keeping people well. It’s hard to imagine any downside to this – other than concerns about keeping one’s personal data safe. Medical information is among the special categories of personal data requiring careful handling under the new EU General Data Protection Regulation. But address this successfully, and secure patients’ trust, and the doors to innovative new approaches to their care can swing open – to the advantage of everyone. Freedom through control Although tightening regulatory controls under GDPR may have set pulses racing among those tasked with safeguarding patient data, they have created an impetus to find robust approaches to personal data. Approaches that stay relevant well into the future and don’t conflict with other strategic priorities – such as improving the quality of care, driving up patient safety and doing all of this within shrinking budgets. One of the most effective and powerful ways to stay safely within the parameters of GDPR, but without restricting healthcare innovation, is to make it easier for patients themselves to understand, view and have more granular control of what happens to their data. A recent survey by Boston Consulting Group found that people were much more willing to share their data if they felt confident that harmful use would be prevented. Yet, as things stand, just 5 per cent of people in the UK fully grasp what personal data is being kept about them and only 4 per cent believe they have sufficient control over this, according to our own independent research conducted in April. Transparency engenders trust Fortunately, there is a way to address this and drive confident, compliant sharing of data that could unlock new patient benefits. While GDPR’s aim is to substantially shore up individuals’ rights over their data, it does not inherently pose barriers to data being used to its best effect. Rather, it demands that organisations are proactive and specific in signalling their intent. Then, on an ongoing basis, people must have the opportunity to review their data and how it is being used, and to adjust their permissions based on what feels comfortable and acceptable to them in the prevailing circumstances. The sense from recent studies is that the more people feel in control of their data, the more amenable they will be to give permission for its use – as long as they perceive a benefit. In the context of healthcare, if patients feel their personal information won’t be abused but could result in better, more proactive and more joined-up care, then there is a strong case for consent to data share, especially when related to some of the new healthcare applications that sit outside of the usual clinical circles. But this does place the onus on healthcare organisations to equip patients with the tools to view their data and to exercise their rights under GDPR. Patients are likely to be more hesitant about what they agree to if kept at one step removed. But give them easy access to their data and the means to exercise their data rights whenever they want, and patients’ sense of buy-in will increase; that is, their willingness to share their data for specified purposes. Digital diabetes management shows the way It’s in this context that Consentric by MyLife Digital is providing the personal-data management capabilities for the Diabetes Digital Coach test-bed – one of seven high-profile NHS England pilot projects targeting 5.5m diabetes sufferers. The aim is to equip them to manage their condition better using digital tools and data. Funded under the NHS Internet of Things (IoT) programme, the platform will go live this year. Crucially, patients are completely in the driving seat. They can choose whether to share their data and with whom. Permissions are managed in a secure, central, cloud-based personal data ‘strongbox’. This can sit across any number of health-related or administration-based IT systems and connect to patient websites, mobile apps and even wearable devices, acting as a single window to, control system for, and auditor of an individual’s data permissions. In the great balancing act of data-based service innovation versus data-based privacy safeguarding, it’s this emphasis on an individual’s control over their own data that promises to overcome concerns and unlock public benefits. I’ll be giving a presentation on this subject, The NHS: Unlocking a data revolution, at Caldicott Guardians National Annual Conference on May 14 in London.  Generating Trust Increases Access to Data by at Least Five Times (exhibit 2), Bridging the Trust Gap in Personal Data, Boston Consulting Group, March 2018
Ready to get started?
No setup costs or contract – start managing your customers permissions today