Has NHS privacy faux pas set transformation and skills alarm bells ringing?

Healthcare | NHS privacy

When the chief executive of a medical insurance company said recently that the UK’s National Health Service (NHS) is “under strain” and therefore “presents quite a few business opportunities,” it just confirmed what everyone knew already – that the NHS is perhaps facing its biggest crisis in its 75-year history. With official stats on patient waiting times not making great reading, it feels as though Britain’s biggest employer is lurching from one problem to another, while an unreasonable amount of hope is being placed on its digital transformation to solve problems.

No one said it was going to be easy. When NHS England merged with NHS Digital earlier this year, the idea was to create “a closer link between the collection and analysis of data to help drive improvement to patient outcomes,” said the press release. Technology and more specifically patient data, was going to be at the heart of transformation. So when in May, a report revealed that 20 NHS trusts have been sharing patient details with Facebook without consent, via the site’s advertising measurement tool Meta Pixel, it surely undermined trust.

Understandably, NHS England is defensive when it comes to handling patient data. An NHS spokesperson told ERP Today in a prepared statement that “most people are comfortable with their patient data being used to improve their individual care, to improve the health of others and to plan and improve services. The NHS always remains in control of patient data and no third party can access or use it for their own purposes.”

In terms of the Meta Pixel incident, NHS England says that there are clear rules and processes in place to protect patient data, referring to a recent protection of patient data document. NHS trusts are responsible for ensuring they follow these rules but clearly this highlights the complexities of data management and privacy, and the fallibility of relying on guidance documents. Data literacy, or illiteracy surely comes into play here and only last year the Open Data Institute (ODI) warned the Government that its data literacy policies lacked consistency and direct application.

The problem with data illiteracy is that it leads to human error and avoidable data breaches. NHS England’s claim that it “always remains in control of patient data” cannot really be backed-up by what is happening in the real world. While a claim by the Russian ALPHV/BlackCat ransomware gang in July this year that it has stolen 7TB of data from Barts NHS Trust in London cannot necessarily be linked to human error, the data breaches keep coming.

In June, NHS England reported a data breach involving GP information following a cyber-attack concerning Capita, affecting 90 NHS organizations. Also in June, details of more than a million NHS patients were compromised following a ransomware attack at the University of Manchester. Insider threats (either malicious or errors due to lack of data literacy), weak passwords and unpatched security systems are the most common causes of breaches.

The point is, like any organization, the NHS has to juggle data availability and sharing across a wide range of systems while also trying to keep it safe and only used for what it is intended to be used. As it goes through a major digital transformation that can become increasingly complicated. While no one doubts the potential of sharing patient information, NHS England has to walk an unenviable tight rope.

“The NHS is sitting on a goldmine of data,” says Nigel Jones, co-founder, Privacy Compliance Hub. “Primary care records span 55 million people, and there are a further 23 million care records where patients received secondary or specialist care. The opportunity to use that data to research and improve patient monitoring, prevent disease and the worsening of long-term conditions and innovate new treatments is huge.”

But, admits Jones, it is also one that is “fraught with fears for privacy and fear of private sector involvement with the NHS.” Trust, he adds, “is at the heart of the problem.”

This, he says, comes in three forms – lack of trust in government to deliver when it comes to health (or to deliver without corruption/cronyism); lack of trust in technology companies to keep our data safe; and lack of trust in any private company motivated by profit, not to use our data for unwanted/unknown purposes.

Lack of skills

However, given the size of the transformation task, ensuring all houses are in order by 2024 (the supposed end date of the transformation) is going to be tricky, to say the least. Many of the issues are typical of large organizations. A House of Commons Health and Social Care committee report in June this year blamed legacy technology as a key factor, as well as the NHS’s inability to attract sufficient IT talent. Again, this smacks of a lack of in-house digital and data literacy, which could undermine longer-term plans for a smooth and secure digital operation.

“To achieve digital transformation, we need to build general digital literacy, expert digital skills and digital leadership in the health and social care workforce. This includes leaders across the sector,” said the report.

“There needs to be urgent action taken to carry out the recommendations within the report, but this can only be done if the correct skills are in place,” says Dame Barbara Hakin, chair of the Health Tech Alliance, and former deputy chief executive of NHS England. Hakin suggests that NHS England’s recent Workforce Plan may solve some skills issues although it remains to be seen whether the NHS could compete with the private sector, especially on IT. Although the report also suggests upskilling, this takes time.

Hakin remains optimistic. She says that the merger of NHS England and NHS Digital into one system has provided a huge opportunity for digital innovations to be adopted into NHS practices and ways of working.

“With attention directed to engaging and improving the digital skills of existing staff, and leveling the digital playing field for different regions, the digital transformation will culminate in a smoother running and more efficient NHS,” she adds.

Of course, this is the dream. The reality, for the moment at least, is skills shortages and these could continue to impact the speed of transformation, as well as service performance. Coupled with a transformation project that still has at least a year to run, this feels a little shaky, especially with so much patient data flying around.  So when can we start to look forward to improved interoperability and secure data sharing?

Alex Case, a senior director and public sector industry principal at Pegasystems, previously worked as a senior official at No.10 and the Cabinet Office, leading large government IT and transformation programs. He says that the considerations for investment in technology solutions are crucial as this sets the tone to transform patient experience and optimize healthcare provision.

“A unified platform that can better automate patient data, across all components of an Integrated Care Systems (ICS) structure,” says Case, “ensures the ability to place patients more effectively on the right pathway to get the right treatment, at the right time, applying a 1:1 focus, but in the wider context of total workload, backlog and prioritization.”

Any thoughts on prioritization?

“Often in government, organization and policy frameworks are greater blockers to digital transformation than the IT itself,” replies Case. “With that in mind the success of the NHS England and NHS Digital merger will be measured in how well it now transforms process and working practice, to tackle patient backlogs and increase administrative efficiency.”

Case talks about how intelligent automation could be used to manage the data, triage backlogs and prioritize urgent cases. He also talks about the potentials for low code no code citizen development, to “empower NHS administration teams to develop their own automated processes to overcome obstacles and any institutional inertia.”

It’s not a bad idea but again we go back to data and digital literacy issues and the need to upskill existing employees.

AI or intelligent automation makes so much more sense given the scale of NHS data. For Tina Woods, CEO, Business for Health and author of Live Longer with AI, it’s a must if the NHS is to truly see the cost and service efficiency benefits of its current technology upgrade. She talks about “streamlining” admin tasks including patient management, using algorithms to triage and optimize schedules.

“Current medical records are often disconnected and not shared across the system meaning that patients must repeat their histories at every appointment, which is frustrating and wastes valuable time in the consultation,” says Woods.

This is where transformation will have its public face, in its ability to improve patient experiences. Behind the scenes, it’s about standards, enabling interoperability and driving digital literacy. In terms of scale, cost and its relevance to the whole country, NHS England’s digital transformation of the NHS is perhaps the most important digital transformation in England. However, the sheer scale and budget of the NHS and its mass of personal patient data will always make it a target. While the relative success of NHS app has shown that people are prepared to share data, it is built on trust and trust is really what underpins this transformation.