Dr Roberto Liddi, senior vice president of quality regulatory and information governance compliance at clinical AI company, Sensyne Health, discusses how to ensure patient data anonymity within the healthcare industry
Healthcare organisations are increasingly being targeted by cyber criminals
The rise in Internet of Things (IoT) devices and apps has created a boom in data generation in the last decade, with many of us using multiple apps in our day-to-day lives that collect, store, and share personal information.
From sport apps tracking our running distances, to the way we order food online; the way we live our lives has been digitally transformed by IoT.
And, arguably, this form of data collection has become most significant in recent years in the healthcare sector.
It’s now estimated that in 2020 alone, 2,314 exabytes of healthcare data will be produced – and there has already been a 48% increase in the amount of healthcare data produced annually since 2013.
Data protection, anonymity and security breaches have become a greater concern as we use more online platforms to collect, store, manage, and share information about individuals
The potential of these vast data sets is huge in its ability to generate insights that could be the catalyst for vaccine development and treatment procedures to ultimately save lives.
But with opportunity comes great responsibility.
Data protection, anonymity and security breaches have become a greater concern as we use more online platforms to collect, store, manage, and share information about individuals.
And, during the COVID-19 pandemic, the debate around collecting and storing health data has been brought to people’s attention more than ever.
Subsequently, concerns about surveillance and the ability to keep health data and records private have come to the fore.
For example, there have been concerns about the decision by the UK government to allow Google and Plantir to access health data on millions of UK citizens to train AI models.
Collecting and using real-world evidence, whether directly from hospitals or remote devices being used as home is critical.
Understanding how individuals are affected by diseases or how they react to drugs, and how this may differ from person to person, can help to inform research, and eventually improve, or save, lives.
By investing in security measures, working with regulators, and ensuring the NHS is equipped to anonymise any data shared with third parties; it is possible to develop new drugs and treatments to save and improve lives, as well as building trust with the public
That being said, there must also be buy-in from patients willing to use these devices, share their data, and allow it to be used in R&D.
Without willingness to share data, innovations like remote patient monitoring, wearable medical devices and drug development will simply not work as effectively.
As a result, healthcare institutions have a duty to make patients feel confident and comfortable to share data with the healthcare and pharma industry to support medical research and drug discovery, and organisations must provide the reassurance they are able to protect patient anonymity.
So, the question is – how can we ensure that patient data anonymity is preserved, and build trust among the public?
While patients and the general public often appreciate the value that their data can have for medical research, there is concern around being personally identified, particularly if the data is sold to third parties to be used for research and the development of new drugs or treatments.
Therefore, there must be a balance between the use of data for commercial purposes and protecting the original owners.
As guardians of the data, the NHS has a great responsibility to preserve data anonymity – ensuring that records from types of admission to vital signs and records of operations are anonymised.
Under GDPR regulations, giving patients the option to choose whether they make their data available to be shared or not is mandatory.
This regulation empowers patients to take control of their data and gives them confidence that they can choose where to share, or not share, their personal data.
At the point of collecting data, healthcare professionals have a responsibility to let patients know that they have the right not to share their data, and that it will be handled sensitively if they choose to.
While the NHS and pharma companies themselves work hard to protect patient anonymity, as more companies move towards the cloud and online storage of data, the risk of cyber-attacks grows.
As a result, companies must invest in cyber security measures and ensure everyone, both those working in IT and other staff such as clinicians, understand the importance of cyber security.
Training all employees with the skills to be safe when using or storing patient data in the cloud, and sharing it with others, is key.
Equally, if patients are given the opportunity to monitor symptoms remotely from home, they must also be made aware of how to use these devices securely, and share data with their clinicians in a safe way.
Often, fear comes with a lack of knowledge or clear understanding of facts.
In the healthcare industry, a general lack of understanding about how and why data is collected and used by Big Tech, governments and the pharmaceutical industry has led to scepticism among the public around whether their data is secure.
Therefore, it seems only fair that we are more transparent, where possible, in what data we are using, how it will be used, and the reasons that we need to access it in the first place.
Sharing more information around the types of real-world evidence we are using, such as genetic markers, heart rates and MRI images, and the medical developments that have been made possible as a result, will help educate and put the public’s mind at ease.
Working with regulators and the wider industry to listen and take on board patients concerns, and ensuring the healthcare industry as a whole is being held to the highest standards when using data, is important.
Investing in training for staff to understand how to work with data in line with the latest regulations, will ensure data is stored and used ethically and that the public can trust that their data is being handled responsibly.
At Sensyne Health, for example, we establish frameworks with each NHS partner to ensure there is ethical, transparent, and compliant approaches to data sharing and processing.
We also created a framework that goes above and beyond complying with existing GDPR regulation and UK Government Codes of Conduct in order to meet the highest standards possible.
Without willingness to share data, innovations like remote patient monitoring, wearable medical devices and drug development will simply not work as effectively
Clearly, patient data must be handled sensitively, and patient concerns and ethical standards must always be taken into consideration when using it for drug development.
By investing in security measures, working with regulators, and ensuring the NHS is equipped to anonymise any data shared with third parties; it is possible to develop new drugs and treatments to save and improve lives, as well as building trust with the public.