Why data privacy is crucial to the future of healthcare

Health tech is central to the future of medicine and diagnosis. But to unlock its potential, clinicians need access to health data, which patients may not hand over so easily


Female Medical Research Scientist Working with Brain Scans on Her Personal Computer. Modern Laboratory Working on Neurophysiology, Science, Neuropharmacology. Understanding Human Brain.

Since the onset of Covid-19, we’ve become far more accustomed to consuming health data. Whether it’s using telemedicine platforms or signing up to NHS Track and Trace, health data collection has become a very real and visible part of our lives. 

According to the government, health data collection and distribution shaped our response to “the greatest public health emergency that this country has tackled for generations” and “made all the difference”. But this begs the question – where does data privacy fit into the future of healthcare? 

In its draft policy paper, Data saves lives: reshaping health and social care with data, published in September 2021, the UK government said the sharing of health data during the pandemic helped to inform the response over who would be most vulnerable to the effects of the virus and who should shield. Data supported vaccine development efforts and trials, while health records were used to dictate who had the earliest access to vaccines when they were made available. 

Health data vs Covid-19

Such efforts are “using data as intelligence to help us to define policy”, according to Professor Mark Lawler, scientific director at the DATA-CAN health data research hub and professor of digital health at Queen’s University Belfast. 

At the beginning of the pandemic, there was no data on the impacts of the pandemic or the lockdown and the indirect impacts they were having on cancer presentational delay, diagnostic delay and treatment delay, he says. 

We all talked about our different vaccines like they were wine varieties

“That’s where we started,” he continues. “Initial data showed us that seven out of 10 people who had a suspicion of cancer either weren’t going to or weren’t being seen by specialist cancer services. We presented our data to WHO Europe and the European Cancer Organisation and from that point, it became a European effort.” 

The mass sharing of public health and patient data isn’t unique to the last two years. In 2002 the UK Health Service (Control of Patient Information) Regulations were introduced, which give the current health secretary the right to access health data in times of health emergencies. This can be used in “the surveillance and analysis of health and disease, the monitoring and audit of health and health-related care provision and outcomes where such provision has been made, [and] the planning and administration of the provision made for health and health-related care.” 

This means the government can gain healthcare data on everything from cervical cancer screenings to vaccination rollouts. In response to Covid-19, then health secretary Matt Hancock initiated the right to access and share data in April 2020. 

The rise of telemedicine 

While health data is a key component in the government’s response to the pandemic, many telehealth and online health services have also reported a rapid uptake. According to a recent analysis by McKinsey and Company, telehealth use has increased by 38 times compared to before Covid-19. 

Online doctors have been praised for increasing access to healthcare during Covid-19 without putting patients at risk of catching the virus in a medical setting. However, with increased use of telehealth services comes increased health data sharing.

At the height of the pandemic, online doctor and digital healthcare company Babylon “experienced a boom in app usage in the UK and saw a need for expanded services”, said a spokesperson. Its team of engineers built its Covid-19 Care Assistant in just 10 days, the spokesperson said, offering 8% of the population AI-led technology that helped triage patients and minimise the burden on clinicians, hospitals and A&E.

“The increased demand for virtual care also led to Babylon becoming the UK’s largest and fastest NHS GP practice, with over 100,000 registered patients,” the spokesperson continued. “Babylon also launched in the US in 2020 and is quickly expanding to cover 3.5 million patients.” 

You need to look at how you balance maintaining the privacy of the individual with using the data for good

As usage has increased, people’s general perceptions of telehealth services have improved. Alice Pelton is founder of The Lowdown, a review platform for contraception.  She notes that the move to online services was already occurring. 

“Being able to book [an appointment] for a time that suits you, being able to get evening or weekend appointments that work around people’s work or childcare” and being able to speak to your doctor from the comfort of your home were all factors in people’s move to online, she says. 

A spokesperson for SH:24, the digital sexual health service, has the same opinion. “The frustration felt by those trying to access basic sexual health services is palpable in most

clinics. Pre-Covid clinic waiting rooms were packed and tense,” the spokesperson said. “By expanding opportunities for accessing services, we believe we have improved service

user experience, helped transform the healthcare system and reduced the physical and

psychological impact of an unintended pregnancy and/or sexually transmitted infection.”

The increased access to personalised and accessible care, achieved in part by the growing collection and sharing of health data, sounds ideal. But as health data cultivation has developed, breaches have become an unfortunate norm: few data sets are more sensitive than our health data.

Data breaches 

According to a study published by data security provider Bitglass in February 2021, hospital data breaches increased across the US in 2020, affecting around 26.4 million people. Healthcare data breaches have doubled since 2014. As recently as July 2021 fears were expressed over thousands of NHS patients’ private data being shared with strangers as details were mistakenly mixed up and sent out to the wrong patients. 

Understandably, this may make you sceptical about the future of mass sharing of health data and your privacy. 

“You need to look at how you balance maintaining the privacy of the individual with using the data for good. It’s paramount that we protect the privacy of the individual while also being effective,” says Lawler. 

The NHS protects patient data through a series of cybersecurity provisions, according to the service. It monitors for threats and vulnerabilities 24 hours a day and has virtual perimeter security. However, news of breaches can undermine public confidence in the collection and sharing of health data. 

Sharing of health data also has a massive impact on public health

“We see the same hiccups over and over again. There’s a particular focus on commercial access to health data. There needs to be transparency about what’s happening,” says Sarion Bowers, head of policy at the Wellcome Sanger Institute, which focuses on genomic science. “A lot of people when they hear health data they think of their health records. It can also be a genomic sequence. And when you create on a large scale you get more depth. You can identify variations in patients and adverse drug reactions, which cost the NHS a huge amount of money every year and really impact patients’ lives.” 

She continues: “Having the data to spot that is transformational. Sharing of health data also has a massive impact on public health. We’ve been able to rapidly identify variants and target public health. As we’ve done that for Covid-19 we can use it for other diseases.”

The future of healthcare

It seems that transparency in the way health data is collected, stored, regulated and used is the key to gaining public trust in parting with their information. With developments in treatments and patients’ quality of life listed as some of the top benefits of cultivating health data, it’s tempting to overlook the ever-increasing privacy issues and breaches. 

Conducting work in trusted research environments may be one way of gaining public trust, says Lawler. 

“Rather than data moving around and running the risk of potential privacy breaches, you keep the data in a very safe environment and then you have safe researchers who are trained to deal with privacy issues,” he explains. “We sometimes call it the five safes; safe people working in safe environments with safe technology looking at developing safe outputs that are relevant to patients” leading to safe data.

Both Lawler and Bowers emphasise the importance and benefits of including patients in data cultivation and sharing through advisory boards. Participants can bring views on why something shouldn’t be done for reasons the professionals might not think about, notes Bowers. 

“And if anything goes slightly wrong, having participants there to speak up can be a really valuable asset,” she continues. “That’s not to say you should put them on the line, but I think having them to speak up for themselves can be really valuable.” 

Covid-19 has highlighted the global response that can be achieved if research bodies and countries share health data. But should individuals put their health information at risk of breaches and invasions of privacy in the name of disease diagnosis and treatment? 

At times, thousands of people have died and billions of pounds wasted when health data hasn’t been used or exploited to its full potential, according to a study published on Science Direct.  However, the report concluded that “a wider understanding of its nature is required before it can be captured and successfully tamed.”

If the increased sharing of health data is to become a key factor in improving healthcare and the lives of patients around the globe, privacy security will need to develop just as quickly. This doesn’t just mean complying with regulations set out by the General Data Protection Regulation (GDPR) or the US Health Insurance Portability and Accountability Act (HIPAA). It also means encrypting data and restricting access to it, as well as educating the staff that work within the healthcare system and handle sensitive data. 

Similarly, after so much exposure to health data in our everyday lives, Bowers predicts an increase in the widespread knowledge of how health data is used and the privacy concerns surrounding it.

“We all talked about our different vaccines like they were wine varieties. I didn’t know anything about lateral flow tests before,” she says. “So knowledge does seep through. I think the public will be more knowledgeable about health data and I think that needs to be encouraged.”