Authored article

Protecting confidentiality and improving care: not a zero sum game

Dr Mark Taylor writes about the NDG principle of ‘no surprises’ in the context of genetic and genomic medicine.

Dr Mark Taylor, NDG Panel Member

Protecting the confidentiality of personally identifiable patient data, and using that same information to improve care outcomes, is sometimes seen as a zero-sum game. Either the information is protected or it is used to improve care.

During my time on the National Data Guardian’s panel I’ve come to see it a little differently.

There is not always a conflict between respecting an individual’s right to exercise control over the use of her information and using information about her to improve care. What matters is whether the use is consistent with what she expects, accepts as reasonable, and whether it respects her wishes. I’ve come to recognise it to be central to the work of the National Data Guardian (NDG) to ensure that the health and care system has the right controls in place to stop inappropriate uses of data but also to ensure that it is used so that people get the care they need.

The tension, between stopping data flow and making it flow, may be perceived to be acute particularly in case of new technologies and innovative opportunities to deliver high quality health care. Genomics and genetics is a case in point.

In her most recent Annual Report, the Chief Medical Officer (CMO), Dame Sally Davies, makes clear the promise of genomic medicine and science for the UK. In Generation Genome, Dame Sally notes the importance of holding patient data securely and of standards to protect from inappropriate disclosure. She also says that “the emphasis on confidentiality must be balanced against the interests of other family members and broader society, especially where genomic information may prevent serious disease”.

Dame Fiona Caldicott, as the NDG, has established authoritative principles to guide appropriate use of confidential patient data for a wide range of purposes associated with the delivery and improvement of care. Dame Fiona has been approached by the genomics and genetics community to help them think through how these principles, such as the principle that there should be ‘no surprises’ to patients about how their data has been used, may be applied in the context of genetic and genomic medicine.

As none of the previous NDG Reviews specifically considered these challenges in detail, we have been undertaking some work to examine the issues in collaboration with others. As a panel member, I have been supporting Dame Fiona in this work. This work has been very much an attempt to help the genomics and genetics community move forward and is not, at this point, a policy position or official advice from the NDG.

A key challenge we’ve looked at is whether it is necessary for genetic and genomic data about individuals to be shared more widely than is traditional for medical data in order to ensure that people get the best diagnoses and care. We have heard that when a doctor or scientist gets a result of a genetic test for patient A, they won’t necessarily know whether the result indicates a problem or not, whether possession of that gene variant by that person might contribute toward disease or if it could indicate what the best treatment might be for her. This is partly because there are so many possible gene variations and partly because the significance of a variation for an individual can depend upon other variables. We are nowhere near having seen or understood them all. So where should a doctor start to help their patient?

One place is to look at the records of as many other patients as possible to see if anyone else has ever had the same test result, what their symptoms and other characteristics were, and what treatment they had. So to most effectively diagnose and/or treat patient A, a clinician might need to look at the records of patients B, C, D, E, F etc. This is a challenge to conventional understandings of medical confidentiality - a doctor would not normally be looking at the personally identifiable patient data of people they were not treating. Our thinking has principally been around this challenge. If doctors and scientists need to access data about others to give the best care to the patient in front of them, how can this happen in a way that patients can be comfortable with and maintains trust in a confidential health service?

We’ve come up with some suggestions for next steps in the paper we have published today. Crucial will be exploring with the relevant patient population how acceptable they consider such use to be. While the opportunities may not always exist within clinical practice for an in-depth conversation, if time and space is made for such a discussiondialogue outside a clinical setting, then do people consider this to be a reasonable use of personally identifiable patient data? If so, then how can awareness of this use be raised to the point that patients in general would not be surprised to learn of it? How do we move toward it being a general expectation?

If it were established that access to personally identifiable patient data by other health care professionals, to help them understand genetic variants for the benefit of the care received by all, was seen by patients to be both reasonable and expected, then there are various ways in which such ‘reasonable expectations’ might be related to existing Caldicott and legal principles. It also relates to other work on ‘reasonable expectations’ being undertaken by the NDG and her panel.

We are not the only people looking at this, we know that the genetics and genomics community, NHS England, the CMO, Genomics England and others are also doing this. We look forward to playing our role in ensuring that patient confidentiality is protected consistent with patient expectation and at the same time genetic data may be used to support and improve the delivery of care. That doesn’t have to be a zero sum game.

Published 1 August 2017