UK pharmaceutical industry seeks to establish health data principles amid plans to unlock NHS data

The UK’s Association of the British Pharmaceutical Industry (ABPI) has recently concluded a consultation on its new draft industry governance principles aimed at guiding the pharmaceutical industry when analysing and using health data.

Recognising the ‘enormous potential’ in unlocking data, which is routinely collected and stored by the NHS, ‘on everything from health services to treatments and outcomes across the country’, the ABPI is looking to build ‘trust, transparency and public involvement’ in the use and analysis of health data by the biopharmaceutical industry. The draft principles (which were the subject of the consultation) are intended to work alongside existing governance processes, and include:

• Transparency of purpose: Researchers will be clear and open about i) their aims and objectives for the use of health data; ii) how the data in question will be analysed; iii) the anticipated benefits; and iv) the possible risks and how they will be managed.
• Clarity of arrangements. Contractual arrangements will return ‘fair value’ for the parties and data custodians involved and will promote the sustainability of the system irrespective of whether individual projects are successful or not.
• Patient and public involvement and engagement. Patient and public representatives will be involved in the design and approval of future data projects.
• Non-exclusivity of arrangements. Any data set should be available for analysis by other ‘bona fide researchers’ and beneficial findings should be applied across the UK health service.
• Compliance with prevailing laws and regulations. All projects and arrangements will adhere to applicable legal, regulatory, security and privacy obligations.

Increased digitalisation and capitalisation of health data 

It makes sense for industry to be looking to implement guiding principles for best practice in the absence of clear legal guidelines, and as the UK government and other regulators are grappling to harness and capitalise on rich healthcare datasets in a way that mitigates privacy and other risks.

The UK government has recently set out an ‘ambitious’ digitalisation plan, recognising the immense potential for innovation via digitalisation of the sector, as well as the broader value in, and opportunities presented by, the rich datasets in the healthcare space.

For example, speaking at the HSJ Digital Transformation Summit earlier this year, Health and Social Care Secretary, Sajid Javid, emphasised the key role and value of NHS data, acknowledging this ‘precious resource in the form of data…including some of the world’s largest genomic datasets.’ He then outlined the government’s ‘ambitious agenda’ for harnessing technology in the healthcare sector to drive ‘a new era of recovery and reform’, with priorities for the NHS’s digital transformation including:

• ‘levelling up’ digital provision across the NHS and social care, with targets set for the rollout of electronic patient records;
• increasing the focus on personalised and remote healthcare, including increased use of the NHS App, eg via digital diagnostic and treatment capabilities such as remote monitoring and ‘virtual wards’; and
• taking ‘big breakthrough bets’ on emerging technologies and data.

Mr Javid also announced that both the final Data Saves Lives policy paper and the first Digital Health Plan will be published later this year.

Managing risks: compliance, security and bias 

The core of the ABPI’s principles also recognises the significant risks inherent in the utilisation of health datasets, such as bias, security and compliance. These risks are also very much front of mind for government and others seeking to make use of health datasets.

Cyber security

Cyber resilience and creating a culture of vigilance will be a key area of focus for many organisations as they explore innovation opportunities. The UK ICO has recorded a nearly 20 per cent increase in reports of cyber security incidents involving personal data in the past two years. Mr Javid was keen to emphasise the government’s efforts to shore up ‘cyber-resilience’ across health and care to prevent cyber-attacks which could impact patient safety. He claimed that since 2017 four major attacks with potential ‘catastrophic’ front-line impact, had been prevented.

Data protection 

Of course, any move to further utilise health care datasets will need to be carried out with data protection laws in mind. For example, the expansion of the NHS App is crucial to Mr Javid’s personalisation goals, and many won’t need reminding that the development of contract tracing capabilities had to navigate numerous complexities with regards to both data protection and broader data ethics considerations.

Bias

Mr Javid acknowledged the critical importance of ensuring public trust in healthcare data and in data security and called for the ‘stark diversity gap’ in the healthcare sector to be addressed. We have seen a number of recent examples of the UK government trying to tackle these important issues, although with results yet to be demonstrated:

• Dr Ben Goldacre was recently tasked with a rapid review into the better and safer use of health data for research and analysis for the benefit of patients and the healthcare sector.
• Separately, we have also seen the recent announcement of a government pilot scheme using AI to reduce bias in the healthcare space.
• Mr Javid also recently launched a review into potential bias in medical devices, which is being led by Dame Margaret Whitehead.

Commentary and key takeaways

While it is clear that the health datasets under consideration are huge, rich, and have great potential, the risks and practical obstacles with harnessing such data present significant challenges and we look forward to seeing the government’s more concrete proposals.

The UK’s approach here is in line with its broader approach on data reform and the National AI Strategy published last Autumn. Unsurprisingly, it also shares much in common with ambitions and concerns being considered at the European level (for example see our recent analysis of the EU Commission’s plans). It will be interesting to see how closely the UK ultimately aligns with the EU on such matters post-Brexit.

There may also be opportunities to look across to other sectors to see how they are approaching the uncertainties surrounding digital transformation (eg initiatives in the financial services sector to manage bias in algorithmic decision making). More broadly the high-level principles that are often articulated with regards to personal data may have broader applicability, for example the UK ICO has set out detailed guidance explaining decisions made with AI.

Key takeaways:

1. We predict an increase in data driven investment opportunities in the health sector to capitalise on the rich datasets that exist.
2. Stakeholders will need to follow the developments closely as the UK government (and others internationally) grapple with the regulatory implications and inherent risks.
3. From a compliance perspective, it makes sense for industry to seek to implement clear (and sufficiently flexible) guiding principles for best practice in the absence of clear legal guidelines.