By Grace Annan-Callcott, Communications Officer, and Natalie Banner, Understanding Patient Data Lead. 

Understanding Patient Data aims to make the way patient data is used more visible, understandable and trustworthy. It’s probably fairly clear what we mean by visible and understandable, but we think the trustworthy bit could do with some more explanation.

Decision-makers often talk about the importance of maintaining or preserving public trust in the way that data is used. But the problem with this approach is that it puts the responsibility on people to ‘correctly’ place their trust in institutions and people. As Onora O’Neill argues, we should shift that perspective, and instead focus on what can be done to make those people, systems and institutions worthy of people’s trust. Rather than relying on people’s subjective feelings of trust, which can be influenced by a huge range of events, we can look at the objective characteristics and practices organisations can put in place to demonstrate they are trustworthy. 

In our context, this places the responsibility on those collecting and using patient data to build a trustworthy system for how it’s managed. Here we’ll share some of the things we believe are important to creating that kind of system. This is not meant to be a comprehensive list and there will be things we’ve missed. Our aim is to share some of the ingredients of trustworthiness that we’ve been thinking about, especially in light of Covid-19.


The reasons why data is collected, stored and used are important. People want to know patient data will be used to improve health and care for people and that this is prioritised over other reasons (especially financial gain). To earn people’s trust, organisations must intend to act in the public interest and consistently prove this over time. They also need to answer the “what's in it for you?” question sincerely, as people will naturally question these motives. When communicating about how patient data is used, the aim should be to inform rather than persuade – giving people the facts and letting them come to their own conclusions, rather than ‘selling’ the approach.


Organisations managing or using data should ‘show not tell’ the real-world impact of the work they’re doing, making it clear how it benefits people. Teams need to have the right expertise, competencies, tools and methodologies to answer the questions they’re setting out to answer, and to follow that through to impact. This will include being representative of the population they’re working in and knowledge of how to handle data securely, in a way that protects people’s privacy. It can be difficult to tell a full story from data use to impact, as it may often take a long time before the intended outcomes are achieved, but openness about this is important for people’s trust. The COVID tracking project based in the US is good at being upfront about impact, rather than focusing on ‘the data’.  


Meaningful transparency is a form of honesty that involves vulnerability and acknowledging uncertainty. Overloading people with all the details doesn’t count – legal terms and conditions may be transparent but they’re hardly a good tool for conveying important information. Transparency should instead make information about the things people care about accessible and understandable. This requires listening to people’s concerns and being willing to address them in the open. It also means considering what information is provided and how it’s communicated. Technical elements to transparency are important too – making code, data and methodology open, to allow for reproducibility and scrutiny by peers. This Turing Data Stories project demonstrates good practice for reproducible research.


Establishing clear and consistent rules that determine how data is used makes it easier for people to understand what’s happening: a patchwork of rules, criteria and processes does not inspire public confidence. Controls around who can access what data, when and how are an important part of this. Technical architectures that make it possible audit who has access to information and avoid large transfers of data are inherently more trustworthy. For example, OpenSAFELY uses a trusted research environment platform built within an existing data centre for electronic health records, avoiding transfer of data and recording all instances of data access.  


Even with all the right safeguards in place, mistakes will be made. It needs to be clear which person, or group of people, is ultimately responsible if something goes wrong and what the sanctions or redress mechanisms will be. Regulation like GDPR offers legal accountability, but public and democratic accountability are needed too. Meaningful transparency is an important part of this – it facilitates public accountability by allowing others to scrutinise and challenge if needed. To give an example, the Government backtracked on a memorandum of understanding between the NHS and Home Office to share data after MPs condemned it in a Health Select Committee: a clear form of democratic accountability.  

Public participation  

In England, individuals can opt-out of having their confidential data used for research and planning - but this is limited in scope. At a societal level, people believe the public should have a say in how patient data is used, so collective mechanisms of control and oversight are important. Participation should fundamentally shape rules and decisions, not be an add-on or tick box exercise, or just be about informing people after decisions have been made. Listening to people’s views also makes it possible to understand and respond to their concerns proactively. The OneLondon public engagement exercise is a good example, as it involved 100 Londoners from a diverse range of backgrounds and was designed to shape policy and practice as shared care records are implemented across the city.

What’s missing? 

The way we think and talk about trustworthy use of data is evolving, so we’re keen to hear from people with thoughts or feedback. While there are pockets of great work there’s still inconsistency, and deeper thinking about trustworthiness is not really embedded in how data systems function yet. If you have examples of places doing some of these things well, we’d love to know. You can write to us at