In June 2016, the National Data Guardian, Dame Fiona Caldicott, published her Review of Data Security, Consent and Opt-Outs in relation to patient confidential data. She did so at the request of the Secretary of State for Health who had asked for recommendations on new data security standards, methods for compliance testing, and a new consent or opt-out model for sharing patient data for care and other purposes, such as services commissioning and research.
Dame Fiona is best known for her six Caldicott Principles for protecting confidentiality first issued in 1997. A further report in 2013 added a seventh Principle – that the duty to share information can be as important as the duty to protect patient confidentiality – but it seems that the message has been not getting through. Furthermore, the fallout from the ill-conceived and poorly executed care.data initiative is widespread in England. Although the 2016 Review did not address this directly, it undoubtedly cast a pall over proceedings (see further: Safe data, safe care).
The Review’s 20 recommendations are premised on one simple, yet illusive, concept: trust. Dame Fiona’s Foreword rightly highlights that the challenge at hand is to demonstrate trustworthiness in the use of patient confidential information. Unfortunately, the body of the Review then proceeds to talk about building trust, as if this is a remotely achievable task. It is not. Trust is not something that any stakeholder – whether they are a data controller or a data researcher – can construct. Trust is something that is given, and easily taken away. It is the prerogative of the citizen. At best, data custodians can aspire to demonstrate that they are worthy of trust. It is in this spirit that the recommendations must be considered if they are to prove at all useful.
The Review frequently references the culture of risk aversion that prevails in many quarters. This mirrors the findings of our own work both in the health sector and in the wider context of public authorities and administrative data. In both contexts, we have argued strongly that more law is not what is needed. Care.data was perfectly lawful, but this did not stop it being socially unacceptable.
A key feature of the 2016 Review and many of its recommendations is the proposal for a new consent/opt-out model for dealing with patient confidential data. The political message has been sent – quite clearly – that the consent route is the right path to follow. The Review is therefore concerned with the niceties of the model: one opt-out from all uses of confidential data beyond those for direct care, or a choice between two opt-outs (one from providing local services and running the NHS & social care system, and/or another from using data to support research and improve treatment and care more broadly).
The Review recommends a further public consultation on the model and the wording of the options. In doing so, it both opens up the opportunity for dialogue while closing it down. This is because the consent route is not questioned, either for its desirability, viability, or practicability. Exceptions are to come either in narrow legalistic forms, or by an appeal to a dizzingly-high standard of ‘overriding public interest’ (para 3.2.40). We have long argued that consent has serious limitations as a governance device and as an effective protective mechanism for patients and citizens. It can provide an illusion of control while encouraging people to pursue only their own interests. This should also form part of the debate.
If the NHS is great, it is only great because we all benefit; and we can all only benefit if we all contribute.