The writer is a GP and chief executive of eConsult Health
The rapid introduction of digital services across UK surgeries played a crucial role in the continuation of care during lockdown. As a practising GP, I am in awe of how quickly and effectively doctors managed to transform their surgeries in the middle of a pandemic.
To accommodate as many of these new services as quickly as possible, the NHS’s procurement arm rightly lowered the barriers to entry for suppliers. A fast and effective digital transformation required functionality and swift implementation. But with the UK on track to complete its vaccination programme by late summer, it is time to reassess the nature of these short-term deals.
Last month, a contract between the NHS and Palantir Technologies, a US data analytics company, became the subject of legal action over the analysis of vast amounts of public health data. Palantir’s involvement in the NHS began a year ago with an emergency contract to apply its data modelling techniques to resource planning during the pandemic.
That contract has now been extended and the scope widened. Open Democracy, which launched the legal action against the NHS, said the new deal “risks demolishing trust” in the health service not just because of the rushed procurement process but also because it might be the largest handover of NHS patient data to a private company in history. The NHS has said that it completed a “data protection impact assessment” of Palantir last April and will publish an update in due course.
Privacy is also the concern in primary care. The data-governance practices of the new digital service providers that helped preserve access to GPs were not always scrutinised. Palantir doesn’t store data long-term. But in the privacy policies of several new NHS suppliers there are disparities between the amount of patient data they are collecting and storing, and the length of time they are holding it for.
Patient data is a sensitive area in healthcare. Patients trust GPs to be the guardians of their health and a lot of good faith is packed into the relationship. Patients should rightly assume that all conversations held with GPs serve only to assist the physician in their work. They should also feel confident that any records of their correspondence remain private and that all information resulting from a consultation is used only to progress treatment, whether it is obtained face to face or by digital means.
While GPs care deeply about confidentiality, technology companies often have a different perspective. For some tech companies, personal data is the product itself. A Financial Times investigation in 2019 found that some of the UK’s most popular health websites were sharing sensitive data, such as diagnoses, drug names and fertility information, with dozens of companies including Google, Amazon and Facebook.
I have always encouraged GP colleagues to read the privacy policies of any digital tool or platform before procuring — including from eConsult Health. But juggling patient care, Covid-19 restrictions and a pressing vaccine rollout doesn’t leave much time to analyse the legalese. A recent eConsult study showed that 44 per cent of GPs using digital services do not know what patient data digital suppliers are holding. If GPs can’t understand the privacy terms themselves, what hope have they of explaining them to patients?
GPs, and the medical staff who support us, have a duty to challenge new digital suppliers and the way they harvest patient information. Important questions must be answered: why is this data being stored? Who will it be shared with? How will it be monetised in the future? At eConsult Health we store patient data for a few days for safety reasons, then purge it. We only pass the information to the patient’s GP, we don’t share it with third parties or monetise it.
NHS procurement must act as the first line of defence against suppliers with conflicting values. We cannot allow expediency under pandemic emergency measures to rewrite future procurement policy. Standards must be upheld not only to safeguard NHS values but also to protect the doctor-patient relationship. Accepting a lack of transparency sets a dangerous precedent for future contracts and damages public confidence in the health system.
Data harvesting is the model in Silicon Valley. But the cost of data storage is not cheap. Just a week of digital consultations between GPs and patients from a single practice would take up a significant amount of server space. If suppliers to the NHS are storing lots of patient data, the right question to ask is: why are they doing so?
