Dr Alan Hassey provides an update on the work of the National Data Guardian's Panel on understanding people's expectations on data sharing
We’ve been looking at how health and care information needs to be shared for people’s individual care and how to ensure there are no surprises for patients and service users about this.
The article discussed implied consent, which is routinely used by health and care professionals as the legal basis to share information about patients and service users to make sure that individuals get the care they need. The article was called ‘reasonable expectations’. This was a reference to the importance of ensuring that when information is shared on the basis of ‘implied consent’, it’s important that this is done in a way that the patient or service user would reasonably expect.
The piece was published to provoke debate about an important issue, to open up discussion and help us decide whether any further work was needed to look at this subject. The response to the piece exceeded my own expectations.
It certainly did stimulate discussion and we are very grateful to all those who took time to reflect and respond. The viewpoints expressed were wide ranging. There were some who felt that the boundaries described to the use of implied consent were not restrictive enough. At the other end of the spectrum, some argued that the limitations described in the article would curb the flow of information in a way that would be against individuals’ best interests.
The range of opinions reflects the continuing variation in understanding of how implied consent can and should be used in health and care. This is understandable. After all, a key question here is whether information is being used and shared in a way that meets people’s reasonable expectations. And those expectations can and will vary and be influenced by a variety of factors. Perhaps most importantly, what efforts have been made to inform people about how information might be used and shared.
The need for more work to reach a consensus on this issue was highlighted in the 2013 Information Governance Review led by Dame Fiona Caldicott prior to her appointment as National Data Guardian. It issued a recommendation for a piece of work to bring together the health and social care professional regulators to achieve this, which was echoed in the report published a year later tracking progress.
In April this year, the General Medical Council’s (GMC) revised confidentiality guidance came into force. This was updated after extensive consultation, during which the GMC heard that doctors wanted more clarity on the circumstances in which they can rely on implied consent to share patient information for direct care.
There are resonances between what the GMC revised guidance says about implied consent and the thinking that the NDG panel has been doing. The guidance will be very helpful to doctors on the ground, but we believe there is still a need for a greater consensus across the whole of the health and social care system about how to ensure that information is shared in a way that aligns with people’s reasonable expectations.
To progress this, the NDG will be testing with members of the public what their expectations are around data sharing, what the boundaries should be and think through how these expectations should be informed and assessed. To do this we will be undertaking a piece of public engagement work with partners – we will provide more details on our web pages later this summer. To help shape the questions and issues that should be put to members of the public, we will be holding a seminar with Sheffield University later this month to bring together clinicians, information experts, commissioners, lawyers and ethicists.
We’re approaching this with an open mind, although I believe that running through this work will still be that vital test – would people reasonably expect how information about them is used and shared?