Building trust in health data use

Health data is collected from patients and members of the public, and – in order for it to be used to support the development of new treatments – patients and members of the public must have trust and confidence that their personal information will be used only in the way that they choose, it is securely protected when it is used, and that its use will be carefully governed.

This trust and confidence is already high in the UK: members of the public report much greater confidence about their data being held by healthcare providers than in other countries,[19] perhaps on account of the high level of trust in the publicly-funded NHS.[20]

The biopharmaceutical industry has decades of experience in handling health data, collecting, managing, analysing and reporting on specified clinical data patient-by-patient, in the process of carrying out clinical trials.

The industry routinely provides this data to regulatory authorities as well as publishing it in aggregated, anonymised form. The biopharmaceutical industry is also increasingly making health data from trials available for others’ research efforts.

For example, the open source platform, tranSMART[21] originally developed in 2009 by scientists working in Johnson and Johnson’s R&D division and Recombinant Data Corporation, is a repository for data that supports feasibility queries, exploration and analysis of clinical, translational and genomics data.

Since then, more than 100 other corporate, non-profit, academic, patient advocacy and government organisations have joined tranSMART, which is now overseen by a public-private partnership, the tranSMART Foundation.

More recently, in 2013 representatives of the global industry agreed and published Principles for Responsible Clinical Trials Data Sharing to support enhanced data-sharing with researchers whilst safeguarding the privacy of patients.[22]

By virtue of this expertise and experience, the biopharmaceutical industry sees three prerequisites for generating and maintaining trust in a vibrant, well-supported health data research environment
here in the UK.

1. Greater public understanding in how health data is used by biopharmaceutical companies

When people participate in clinical trials, they are aware that information on their experiences and outcomes is being used for the development of new medicines.

However, when information is collected routinely by the NHS in the course of patient care, there is a low level of awareness amongst the public about how this data could be used to help others.

Given that three-quarters of the public support the sharing of health data when it is used for medical research,[23] building greater public understanding will help build a more supportive UK health data environment.

The biopharmaceutical industry has taken a number of steps to help build public understanding, including through the ABPI’s continuing commitment to the annual Pioneering Partnerships conference in collaboration with the Academy of Medical Research Charities and the NIHR,[24] and through the industry’s membership of the European Commission’s PARADIGM project – which is identifying the tools needed by both industry and patient and medical research charities to improve public and patient involvement in R&D.[25]

Important steps have also been taken by others: the Wellcome Trust has established an independent patient data taskforce – ‘Understanding Patient Data’ – to provide evidence on the use of data for research, to help people understand data choices, and to champion the responsible use of data.

In addition, organisations like UseMyData work with patients’ representatives to help build confidence and understanding amongst patients in how health data is used,[26] and their views are complemented by other organisations such as National Voices.[27]

2. Robust protections for people’s private information and how it is shared

The public is acutely aware of the risks associated with the electronic storage of personal data: the 18 largest data breaches since 2000 have included governments, healthcare providers, banks and tech companies.[28]

Nevertheless, patients participating in biopharmaceutical companies’ clinical trials can have confidence that their information will be protected, and this leads to high levels of explicit consent to the use of their data for the purposes of research.

Obtaining consent from people to use their routinely collected health data for research can be more challenging. Examples such as ‘’ (a program to extract data from general practice to a central database) show what can happen when mechanisms to obtain consent for data-sharing are poorly designed and communicated.[29]

A number of initiatives have been put in place to address these challenges. For example, the creation of the National Data Opt-Out has established a robust, legally-valid model of consent for the NHS to share patients’ data for research purposes.

In addition, a new statutory ‘National Data Guardian’ has been appointed with a remit to help ensure that the public can trust that health and care information is securely safeguarded and used appropriately.[31]

New technologies are allowing these initiatives to be built on: for example, NHS Digital in England is using a de-identification product – Privitar Publisher – to enable the safer sharing and linkage of data between authorised parties.[32]

3. Clear processes to share the benefits of research using health data

The benefits of access to and analyses of high-quality health data can support:

  • Direct improvement in clinical decision-making, leading to better outcomes for patients.
  • Refinements in patient pathways, resulting in efficiencies in NHS services; and
  • Innovation at various stages in the process of discovering and developing new interventions.

The biopharmaceutical industry recognises that the consistent collection, storage, curation and management of routine health data require resources and incur a cost. Therefore, it is expected that contracts with custodians to enable access and analysis will reflect this.

Efficient access to the right data requires both a straightforward technical solution and, ideally, a simple standardised contracting process.

There needs to be clarity around the purpose for which users are requesting access to the data, the fees paid for access should contribute directly to the costs of collecting and managing the data, and there should also be recognition that the potential benefits of the results of the data analysis should be made available throughout the NHS – to improve patient outcomes, enable efficiencies and deliver innovative new interventions.

While data is being collected in increasingly large quantities, and there are already many different types of commercial access, there are public concerns over the sharing and use of data.[33]

Nevertheless a study by IpsosMORI commissioned by the Wellcome Trust suggests that a majority of the public (61%) would support data-sharing to support research, rather than lose out on the benefits that research involving commercial organisations can bring.[32]

There are examples of international best practice frameworks to guide how data is shared and used, such as the Global Alliance for Genomics and Health’s Framework for Responsible Sharing of Genomic and Health-Related Data.[34]

We and our members support – and have actively engaged in – work led by the Office for Life Sciences (OLS) to establish guiding principles to help ensure the NHS delivers benefits for patients and the public when health data is shared with researchers.

The latest iteration of these principles is set out in Box 5, alongside our perspectives on how they might be further developed. Although these principles have been developed by institutions with jurisdiction over England, it is important that there is consistency in the application of these principles across the UK.

In summary, when arranging access to health data, it is important that the purpose is clear, that contracting arrangements are straightforward and standard, that technical access is simple and functional and that when benefits arise, they are made available across the health service.

Box 5: Guiding principles on the NHS’s uses of health data – our perspectives

Principle (July 2019 iteration)35 Our perspectives

Any use of NHS data, including operational data, not available in the public domain must have an explicit aim to improve the health, welfare and/or care of patients in the NHS, or the operation of the NHS. This may include the discovery of new treatments, diagnostics, and other scientific breakthroughs, as well as additional wider benefits.

Where possible, the terms of any arrangements should include quantifiable and explicit benefits for patients which will be realised as part of the arrangement.

We strongly support this principle – given the biopharmaceutical industry exists to improve the health, welfare and/or care of patients – and aim to work with the NHS to design ways of quantifying the benefits for patients that the analysis and use of health data can deliver through the development of new medicines.
NHS data is an important resource and NHS organisations entering into arrangements involving their data, individually or as a consortium, should ensure they agree fair terms for their organisation and for the NHS as a whole. In particular, the boards of NHS organisations should consider themselves ultimately responsible for ensuring that any arrangements entered into by their organisation are fair, including recognising and safeguarding the value of the data that is shared and the resources which are generated as a result of the arrangement. We recognise the good intent of this principle and support the concept of fair terms. However, there is no definition of ‘fair’, and there is a risk that this principle could be interpreted to mean that every NHS organisation will need to set up data commercialisation resources with specialist experience and expertise, and therefore that the UK data landscape could become more fragmented.
Any arrangements agreed by NHS organisations should not undermine, inhibit or impact the ability of the NHS, at national level, to maximise the value or use of NHS data. NHS organisations should not enter into exclusive arrangements for raw data held by the NHS, nor include conditions limiting any benefits from being applied at a national level, nor undermine the wider NHS digital architecture, including the free flow of data within health and care, open standards and interoperability. We support this principle and would like to see it more patient-centred. Through further discussion with patient groups, we hope the principle can be further refined to reflect the fact that the sources of data are patients themselves, and therefore to reflect the importance to many patients that no party should lay claim to the exclusive use of data for research.
Any arrangements agreed by NHS organisations should be transparent and clearly communicated in order to support public trust and confidence in the NHS and wider government data policies. We support this principle but note practical experience that the transparency of agreements reached to date has varied across NHS organisations. Central guidance informed by patients on what ‘transparency’ means in practice is needed.
Any arrangements agreed by NHS organisations should fully adhere to all applicable national level legal, regulatory, privacy and security obligations, including in respect of the National Data Guardian’s Data Security Standards, the General Data Protection Regulation (GDPR) and the Common Law Duty of Confidentiality. We support this principle, and – given our members’ experience of both national and international obligations and data platforms and systems – commit to observe it and to support other stakeholders in the UK health data landscape in doing so.

Last modified: 31 January 2024

Last reviewed: 31 January 2024