We’re developing our thinking on the characteristics and practices for trustworthy use of patient data. Here we summarise the main elements of trustworthiness that we believe organisations collecting, storing or using patient data need to consider.
It's better to start with being trustworthy, than ‘building trust’
Decision-makers often talk about the importance of maintaining or preserving public trust in the way data is used. But this puts the responsibility on the public to ‘correctly’ place their trust in institutions and people.
As Onora O’Neill argues, we should begin by focusing on what can be done to make people, systems and institutions worthy of people’s trust.
Rather than relying on individuals' subjective feelings of trust (which is influence by external events), we should instead concentrate on the objective practices and behaviours for organisations to demonstrate they are trustworthy.
Characteristics of trustworthiness
Here are some of the things we believe are important to creating a trustworthy system for managing patient data.
This is not meant to be a comprehensive list and there will be things we’ve missed. There are many different ways to think about trustworthiness - take a look at the work by Ipsos Mori, the Oxford Ethox centre and partners, and TIGTech for other helpful approaches. Our aim here is to help teams and organisations consider what being trustworthy with data means to them.
- The reasons why data is collected, stored and used matter. People want to know patient data will be used to improve health and care and that this is prioritised over other reasons (especially profit).
- Organisations must intend to act in the public interest and consistently prove this over time. They also need to answer the “what's in it for you?” question sincerely, as people will question these motives.
- Communications should aim to inform rather than persuade – giving people the facts and letting them come to their own conclusions, rather than ‘selling’ the approach.
- Teams need to have the right expertise, competencies, tools and methodologies to answer the questions they’re setting out to answer and to follow that through to impact (this includes being representative of the population)
- It’s crucial that teams have the skills to make sure data is handled data securely and only used for intended purposes.
- In addition to technical competence, communication and engagement skills are important for explaining how data is used and what the benefits are for people and society.
- Meaningful transparency is a form of honesty that will involve being open about risks and acknowledging uncertainty. This can be challenging when a situation is developing rapidly – if that’s the case, be clear about the principles you’re working to and what could change.
- Overloading people with all the details in technical language doesn’t count. Transparency should instead make information about the things people care about accessible and understandable. This requires listening to people’s concerns and openly addressing them.
- It also means considering not only what information is provided but also how it’s communicated.
- Technical elements to transparency are important too – making code, data and methodology open, to allow for reproducibility and scrutiny.
- Establishing clear and consistent rules that determine how data is used makes it easier for people to understand what’s happening: a patchwork of rules, criteria and processes does not inspire public confidence.
- Involve members of the public in setting the rules and frameworks for decisions about data. That includes deciding which uses of data are or are not permitted.
- Controls around who can access what data, when and how are an important part of good governance. This is enabled by technical measures but is also about people. It’s also one of the first questions members of the public have when learning about how data is used.
- Technology and people’s views on it change, so it’s important to develop mechanisms to learn over time and improve decisions and processes.
- Even with all the right safeguards in place, mistakes will be made. It needs to be clear which person, or group of people, is ultimately responsible if something goes wrong and what the sanctions or redress mechanisms will be.
- Regulations like GDPR offer legal protections but public and democratic accountability are needed too. This means being open to independent scrutiny.
- Meaningful transparency is an important part of this – it facilitates public accountability by allowing others to check and challenge decisions and uses of data.
- Health and care data comes from people: so people care about how it is used. Both individual and societal mechanisms of involvement are necessary.
- People can express individual preference in England through the National opt-out. This allows individuals to opt-out of having their confidential personal information used for research and planning - but it is limited in scope.
- At a societal level, our research indicates people believe the public should have a say in how patient data is used, so collective mechanisms oversight are important.
- Public participation should fundamentally shape rules and decisions. It should not be an add-on or tick box exercise, or just be about informing people after decisions have been made.
- Listening to people’s views makes it possible to identify questions or issues that your team or organisation may not have considered.
Talk to us
Let us know if you’ve got feedback or if you’d like to discuss what these ideas could mean for your team or organisation.
You can write to us at firstname.lastname@example.org.