NHSX chief: Clinicians were ‘too nervous’ to share data
Matthew Gould tells PublicTechnology event that complex language around data standards had meant most staff were afraid to share patient data even in cases where it would aid delivery of care
Credit: Chokniti Khongchum from Pixabay
Complex guidance on the sharing of patient data has been to blame for a culture of nervousness in the NHS, according to the chief exectuive of NHSX.
During a talk at the PublicTechnology Cyber Security Summit on Wednesday Matthew Gould, spoke of how information governance guidance had become “too complex and convoluted”. This in turn had led to confusion and fear amongst NHS staff, who opted to take the less “risky” approach of not engaging in data sharing at all.
“The system has got itself nervous about sharing data, even though the law allows sharing of data for the direct care of patients – indeed it’s an obligation to share for the benefit of patients,” said Gould.
Very quickly in the pandemic, the organisation, which is responsible for promoting digital transformation across the NHS, sought to help the flow of data, as it plays “a really key role” in managing the crisis.
"Sharing data didn’t materially affect the risk to it, but reset people’s attitudes to when it was appropriate and safe and legal to share it"
Matthew Gould, NHSX
Gould told attendees that conversations were facilitated between NHSX, the Information Commissioner and the National Data Guardian. COPI (Control of Patient Information) notices were also issued – these required NHS Digital to share patient information with organisations for Covid-19 purposes.
“The case for doing so is self-evident, and I’m absolutely confident we had the support of the public as well as the strong support of the professions,” Gould said.
Most effective, however, was a single page of information issued by NHSX on how to approach patient data.
“We put out one page of incredibly simple guidance on looking after patient data that basically said if you are a clinician and you’re looking after your patients, you’re doing it in good faith and you’re being sensible, then you’ll be fine and to get on with it,” Gould said.
Simplified guidance issued by NHSX states: “The duty to share information for individual care is as important as the duty to protect confidentiality.”
Asked about whether increased sharing constituted an increased risk to the safety of health data, Gould responded that this was not necessarily the case. Instead, he stressed that the lack of data sharing previously was not an inherent indicator of sound cybersecurity practice.
“Last year, we intentionally gave people more confidence to share data and more data was shared. I would like to think that the act of doing so didn’t actually dramatically increase the risk. Because where we had got to collectively wasn’t necessarily the right approach to keeping data secure and allowing it to flow at the same time,” he said.
“I do believe what we did [in sharing it] didn’t materially affect the risk to the data, but reset people’s attitudes to when it was appropriate and safe and legal to share it.”
Like many organisations, NHSX is already thinking about how best to cement the positive lessons learned from its Covid-19 response.
In the next few months, the organisation aims to publish a Data Strategy for Health and Social Care. Introduced in the ‘Busting Bureaucracy’ report of November 2020 , it will aim to “capitalise on the good practice from the response to Covid-19 by building on the permissive approach to data sharing, such as the use of Control of Patient Information (COPI) notices, while protecting the need for patient confidentiality.”
The strategy will build on the changes implemented in 2020, Gould said, “rather than just reverting to the status quo.”
Additionally, NHSX continues to publish governance guidance to make clear the law surrounding data sharing.
The guidance issued at the start of the pandemic has since become a portal, which contains “really simple, easy to use guidance for IG (information governance) professionals, clinicians or members of the public”.
“We’re working through the full canon of guidance to convert it into a simple, easy to use format,” Gould said.
“That’s a step forward I’m determined we should keep.”
Post comes with £70,000-plus salary and responsibility for data protection
Annual report of tech agency – which will shortly be wholly merged into NHS England – details progress in many areas
Candidates sought to replace Sir Ian Diamond
Watchdog urges stats professionals to be ‘proactive’ in ensuring information they publish is not used inappropriately