Senior vice-president of quality regulatory and information governance compliance at Sensyne Health Dr Roberto Liddi. Image: Sensyne Health
Senior vice-president of quality regulatory and information governance compliance at Sensyne Health Dr Roberto Liddi. Image: Sensyne Health
Five ways we can ensure patient data anonymity is preserved
As a result of the current pandemic, the need to collect and use patient data has become a heated topic in healthcare. Senior vice-president of quality regulatory and information governance compliance at Sensyne Health, Dr Roberto Liddi, explores how companies can ensure that patient data is protected, and anonymity is maintained.
The rise in IoT devices and apps has created a boom in data generation in the last decade, with many of us using multiple apps in our day-to-day lives that collect, store, and share personal information.
From sport apps tracking our running distances to the way we order food online, the way we live our lives has been digitally transformed by IoT. Arguably, this form of data collection has become most significant in recent years in the healthcare sector.
It’s estimated that in 2020 alone, 2,314 exabytes of healthcare data will be produced – and there has already been a 48% increase in the amount of healthcare data produced annually since 2013. The potential of these vast data sets is huge in its ability to generate insights that could be the catalyst for vaccine development and treatment procedures to ultimately save lives.
But with opportunity comes great responsibility. Data protection, anonymity and security breaches have become a greater concern as we use more online platforms to collect, store, manage and share information about individuals.
Data collection amid a pandemic
During the Covid-19 pandemic, the debate around collecting and storing health data has been brought to people’s attention more than ever. Subsequently, concerns about surveillance and the ability to keep health data and records private have come to the fore. For example, there have been concerns about the decision by the UK Government to allow Google and Plantir to access health data on millions of UK citizens to train AI models.
Collecting and using real-world evidence, whether directly from hospitals or remote devices being used as homeis critical. Understanding how individuals are affected by diseases or react to drugs, and how this may differ from person to person, can help to inform research, and eventually improve or save lives.
That being said, there must also be buy-in from patients willing to use these devices, share their data and allow it to be used in R&D. Without willingness to share data, innovations like remote patient monitoring, wearable medical devices and drug development will simply not work as effectively.
As a result, healthcare institutions have a duty to make patients' feel confident and comfortable to share data with the healthcare and pharma industry to support medical research and drug discovery, and organisations must provide the reassurance that they are able to protect patient’s anonymity.
So, the question is –how can we ensure that patient data anonymity is preserved, and build trust amongst the public?
Life Whisperer rates the viability of embryos for transfer. Image: Life Whisperer
Protect the owners of any data
While patients and the general public often appreciate the value that their data can have for medical research, there is concern around being personally identified, particularly if the data is sold to third parties to be used for research and development of new drugs or treatments.
Therefore, there must be a balance between the use of data for commercial purposes and protecting the original owners. As guardians of the data, the NHS has a great responsibility to preserve data anonymity – ensuring that records from types of admission to vital signs and records of operations are anonymised.
The opt-in option
Under EU General Data Protection Regulation regulation, giving patients the option to choose whether they make their data available to be shared or not, is mandatory. This regulation empowers patients to take control of their data and gives them confidence that they can choose where to share, or not share, their personal data.
At the point of collecting data, healthcare professionals have a responsibility to let patients know that they have the right not to share their data, and that it will be handled sensitively if they choose to.
Invest in storing data securely
While the NHS and pharma companies themselves work hard to protect patient anonymity, as more companies move towards the cloud and online storage of data, the risk of cyber-attacks grow. As a result, companies must invest in cybersecurity measures and ensure everyone, both those working in IT and other staff such as clinicians, understand the importance of cybersecurity.
Training all employees with the skills to be safe when using or storing patient data in the cloud, and sharing it with others, is key. Equally, if patients are given the opportunity to monitor symptoms remotely from home, they must also be made aware of how to use these devices securely and share data with their clinicians in a safe way.
Education
Often, fear comes with a lack of knowledge or clear understanding of facts. In the healthcare industry, a general lack of understanding about how and why data is collected and used by Big Tech, governments and pharmaceutical industry has led to scepticism amongst the public around whether their data is secure.
Therefore, it seems only fair that we are more transparent, where possible, in what data we are using, how it will be used and the reasons that we need to access it in the first place. Sharing more information around the types of real-world evidence we are using, such as genetic markers, heart rates and magnetic resonance imaging images, and the medical developments that have been made possible as a result, will help educate and put the public’s mind at ease.
Collaborate with regulators, policy makers and the wider industry
Working with regulators and the wider industry to listen and take on board patients concerns, and ensuring the healthcare industry as a whole is being held to the highest standards when using data is important. Investing in training for staff to understand how to work with data in line with the latest regulations, will ensure data is stored and used ethically and that the public can trust that their data is being handled responsibly.
At Sensyne Health, for example, we establish frameworks with each NHS partner to ensure there is ethical, transparent, and compliant approaches to data sharing and processing. We also created a framework that goes above and beyond complying with existing GDPR regulation and UK Government Codes of Conduct in order to meet the highest standards possible.
Clearly, patient data must be handled sensitively, and patient concerns and ethical standards must always be taken into consideration when using it for drug development. By investing in security measures, working with regulators and ensuring the NHS is equipped to anonymise any data shared with third parties, it is possible to develop new drugs and treatments to save and improve lives, as well as building trust with the public.
Comment