The national data guardian in England recommended that a new consent and opt-out model for data sharing be implemented in the NHS in England in a report presented at the end of her review of health and care data security and consent (60-page / 882KB PDF), which had been commissioned by the UK government.
Dame Fiona said that NHS bodies should generally be free to share patients' medical data for the purposes of delivering care directly to those people. However, patients should be given control over any other proposed uses of their health records, she said.
"People should be able to opt out of their personal confidential data being used for purposes beyond their direct care unless there is a mandatory legal requirement or an overriding public interest," Dame Fiona said.
"Relevant information about a patient should continue to be shared between health professionals in support of their care. An individual will still be able to ask their doctor or other healthcare professional not to share a particular piece of information with others involved in providing their care and should be asked for their explicit consent before access to their whole record is given," she said.
Dame Fiona said that the new opt out and consent model could consist of either asking patients a single question about whether they will allow their data to be used for purposes beyond direct care or a "two-part" mechanism that would allow patients to be more specific about the way their data can be used.
She said: "The two-part approach would allow an individual to opt out of her or his data being used for purposes connected with providing local services and running the NHS and social care system. In a separate decision, the individual would be able to opt out of her or his data being used to support research and improve treatment and care. Individuals should be able to give their consent for defined uses such as a specific research project, as they do now."
Dame Fiona said the government should carry out a "formal, full and comprehensive consultation on the proposed consent/opt-out model" as well as "further testing of both a two-question and a single question model with patients and professionals to see if people would prefer to have more than one choice".
Expert in digital health Matthew Godfrey-Faussett of Pinsent Masons, the law firm behind Out-Law.com, said: "Each of the consent and opt out models that Dame Fiona has considered have their merits and raise an interesting debate on how to balance simplicity with transparency and control."
"A single question offers simplicity but uncertainty over the exact way data could be used might discourage patients and lead them to opt out even if they would otherwise accept their data being used for some purposes beyond direct care. The two-step mechanism is less simple but it might be more attractive to patients due to the greater choice they would have over use of their data and might lead to fewer patient opt outs," he said.
In her report Dame Fiona said NHS bodies should consider whether they need to use personal data to achieve their purposes and that they should "continue exploring" whether de-identified and anonymised information can be used instead.
The Health and Social Care Information Centre (HSCIC), which is to be renamed NHS Digital, should be responsible for de-identifying or anonymising data and for then sharing it with "those that need to use it", she said. The anonymisation of the data would need to accord with the standards set out in the Information Commissioner's Office's (ICO's) anonymisation code of practice, she said.
Patients would not have the right to opt their data out from being de-identified or being used in an anonymised form under the proposed new consent and opt out mechanism, Dame Fiona said. However, she said that stronger sanctions should be introduced to punish organisations and individuals that look to unpick anonymised data and identify the people the information is about.
"The government should consider introducing stronger sanctions to protect anonymised data," Dame Fiona said. "This should include criminal penalties for deliberate and negligent re-identification of individuals."
Godfrey-Faussett said: "Dame Fiona has also set out strong views on the value of anonymised data. NHS bodies should consider maximising their use of anonymised patient data to achieve their objectives. This will help them to more clearly identify where they do require access to identifiable records to further their projects and to sidestep some of the complexities that arise around compliance with data protection rules when sensitive personal health data is being processed."
In a separate government-commissioned review that was published, the Care Quality Commission (CQC) identified a range of issues concerning data security in the NHS (32-page / 1.35MB PDF). It said data security practices did not always reflect policies and procedures that were in place, and that NHS staff believe that lessons from "patient data incidents" are not always learned or shared across their organisations.
The CQC said NHS IT systems and data security protocols "should be designed around the needs of patient care and frontline staff to remove the need for workarounds", and that outdated technology that "can no longer be supported should be replaced as a matter of urgency".
Godfrey-Faussett said: "The two reports recognise the need for patient trust in how their data is used and secured. The NHS brand remains strong in this regard and is an asset that has, to-date, been underused. The HSCIC rebrand to NHS Digital presents an opportunity to reinforce that trust, but as the single repository for NHS data in England the body will need to demonstrate a consistent track record in managing patient data as any failings in data security could undermine the overall trust there is in the NHS."
The government said it plans to consult on the recommendations stemming from the reviews. It also confirmed that it has decided to scrap the controversial 'care.data' scheme, which looked to promote greater sharing and use of medical data held by GPs in England. Plans to replace the care.data initiative will be explored, it said.
"In light of Dame Fiona’s recommendations, NHS England has taken the decision to close the care.data programme," health minister George Freeman said in a written statement to the UK parliament. "However, the government and the health and care system remain absolutely committed to realising the benefits of sharing information, as an essential part of improving outcomes for patients. Therefore this work will now be taken forward by the National Information Board, in close collaboration with the primary care community, in order to retain public confidence and to drive better care for patients."