COVID-19, Digital Health & Patient Data: A Case Study from Sensyne Health
We need a ‘trust model’ for patient data
2020 has so far been an extraordinary year in healthcare. The COVID-19 pandemic has placed approaches to healthcare and the management of health systems as a unifying global priority. It has also firmly placed digital health technology in the public consciousness with the introduction of apps to help prevent and monitor disease spread, remote monitoring to enable continued interaction and intervention between clinicians and patients during periods of lockdown, and the use of machine learning to meaningfully interpret COVID-19 patient data to drive medical research.
The gradual evolution of digitising healthcare, arguably one of the last industries to be disrupted by technology, has become a revolution born of the necessity to respond quickly to the COVID-19 pandemic. As such we find ourselves in a new world where technology is being very quickly integrated into health systems.
This revolution brings many opportunities such as the ability to analyse large sets of real-world patient data and provide actionable clinical insights and better disease understanding to aid treatment and ultimately lead to improved patient care and lower costs.
Using patient data effectively presents science and society with the opportunity to deliver a healthier future. However, the increased use of technology also raises important questions around ethics, transparency, privacy and existential risk.
Sharing patient data has always been controversial and lately been front of mind with moves from the UK Government to centralise patient data in partnership with global technology platforms such as Google and Palantir. The public are rightly nervous about how their data will be analysed and used by third parties, with perceptions of “profit over privacy”.
Therefore, robust information governance and regulatory processes are key for the healthcare industry to gain the public trust necessary as an ethical license to operate. If we look to drug discovery and development, or medical devices, there is a public acceptance that prescribed drugs and products are generally safe to use having been through a strict regulatory process before being made available. Additionally, many medications are prescribed by a clinician, and devices used by expert surgeons, providing further checks, balances and reassurance around the acceptability of use.
Such processes provide a good model in creating public trust for something that can be perceived as inherently dangerous – putting a chemical or device into our bodies. It’s a good model for creating public trust, appreciation and acceptance in using patient data – having a robust Information Governance (IG) framework that provides the necessary rules to ensure that all processes involved are actioned in a controlled and compliant way that ultimately benefit patients and clinicians.
This is a principle and a model that we use at Sensyne Health and one which we hope will be universally copied – it will take more than one organisation to drive public trust. As a company we place a high value on patient privacy, transparency and trust and as such have created an IG framework that not only complies with exiting GDPR regulations, Caldicott principles and UK Government Codes of Conduct but also aims to exceed regulatory and legal requirements.
For example, for each of our NHS partners we have established a ‘Strategic Research Agreement’ (SRA) framework to ensure ethical, transparent and compliant approaches to data sharing and data processing. Every commercial research project that Sensyne undertakes is pre-approved on a case-by-case basis by clinicians within each NHS Trust. SRAs not only qualify that a research project has a potential clinical and patient benefit at its foundation, but also to ensure patient data is ethically sourced, used fairly, stored safely and not disclosed to any other entity unlawfully.
This approach unquestionably adds complexity and many self-imposed hoops to jump through in managing our research projects, but it is the right thing to do. We have invested in resource to do this, creating a dedicated team within Sensyne, including a DPO (Data Protection Officer), a CG (Caldicott Guardian), a SIRO (Senior Information Risk Officer) and an IAO (Information Asset Owner) to oversee all activities that require data transfer, movement and/or control prior to the data being released for research analysis and to monitor the journey of the data through this process.
In particular, the Data Request and Processing procedure, which is also agreed with the partner Trusts, explains in detail the data flow and governance control steps and establishes that the partner Trust is always acting as Data Controller, therefore keeping control of the shared data even in an anonymised form.
We hope by doing this we can create a mark of trust and an industry benchmark, demonstrating that there are ways to maximise the opportunities that technology brings for new models of scientific collaboration, improved disease prediction and patient care, while balancing transparency, privacy and public assurance that patient data is being used to improve patient outcomes.
Roberto Liddi, SVP Quality Regulatory and Information Governance, Sensyne Health