With the NHS committing to using data to improve patient care, Privacy Enhancing Technologies (PETs) are becoming central to how the NHS protects patient privacy by allowing organisations to better control the access, movement and release of sensitive data. In this blog, Cognizant, Privitar/Informatica and PUBLIC explore how PETs can be used in practice within the NHS to improve care and improve data collaboration while keeping patient data secure.
In May 2023, the Observer reported that 20 NHS Trusts had inadvertently disclosed sensitive data to Facebook. The Trusts in question were using Meta Pixel, a popular web analytics tool that tracked users browsing on NHS websites.
The unintended result was that sensitive patient information around medical conditions, appointments and treatments in areas like HIV medication, mental health, eating disorders, cancer diagnoses and sexual development was shared with the global social media firm without patient consent.
This cautionary tale highlights a major dilemma for the NHS. On one hand, accessing and leveraging people’s health data is essential to delivering better patient care. But on the other, the need to protect patient confidentiality is becoming rapidly more pressing.
It’s a dilemma that calls for new technology solutions, and we believe Privacy Enhancing Technologies (PETs) will play a fundamental role. This blog and accompanying NHS Privacy Enhancing Technologies Guide looks at the data privacy challenge facing the NHS and outlines how PETs can help local healthcare providers to improve care while protecting patient privacy.
Data is key to better care – but depends on solving the trust problem
In his foreword to the UK’s Department of Health & Social Care ‘Data Saves Lives’ strategy, Dr Tim Ferris, outgoing Transformation Director for NHS England, sets out the NHS’s commitment to increased and better use of health & care data. He states that “the future of the NHS depends on improving how we use data for 4 related purposes,” citing four areas for transformation: direct care, population health, planning, and research and innovation.
One key challenge the NHS faces in using its data more effectively is a lack of trust among patients around the sharing of their sensitive data. The open-source privacy community, OpenMined, defines three elements of this problem:
- The copy problem: Once data is copied and shared, a data owner loses control of it.
- The bundling problem: It’s difficult for a data owner to share a discrete piece of intended information without also revealing additional information.
- The recursive enforcement problem: To enforce privacy regulation, a supervisory authority must in turn be supervised by another authority. But who watches the watcher?
These problems are only exacerbated in health and care contexts. NHS analysts and research teams typically want to understand the links between a person’s health presentation, diagnosis, care & treatment, symptoms and final outcomes. However, the underlying datapoints are collected in different places and in different ways - from a GP’s electronic medical records to patient surveys in a hospital clinic and even a coroners’ report.
Linking datasets can lead to increased privacy risk
To better understand care journeys and improve health outcomes, it’s therefore often necessary to link health and care datasets from across the health service. These linkage points - where patient data flows between systems and organisations - represent points of increased risk to data privacy due to factors like data breaches, patient re-identification, or data misuse.
Given these risks, the NHS needs to control access not only to sensitive personal data, but also to other data that could be combined with it to unintentionally disclose sensitive information. This is increasingly difficult to do when the very architecture of the internet is set up to collect, link and share information, as shown by the Meta Pixel case. Although 17 of the 20 Trusts immediately stopped using Meta Pixel, with eight apologising to patients, a serious breach of trust had occurred.
How Privacy Enhancing Technologies can help
It’s a problem that Privacy Enhancing Technologies (PETs) are designed to tackle. PETs are a set of technologies which help streamline data governance by protecting the privacy or confidentiality of sensitive information. They allow useful, non-sensitive insights to be derived from data without revealing information specific to individuals.
PETs are typically used in combination to ensure two types of privacy:
- Input privacy: The guarantee that multiple parties can participate in a computation without learning about the other party’s inputs. This ensures no leakage of data and a one-way flow of information from one party to another.
- Output privacy: The guarantee that privacy is protected when results of a computation are shared. This ensures that information about individuals is not accidentally leaked to enable reidentification.
According to the ICO’s recent guidance on Privacy Enhancing Technologies, PETs can embody fundamental data protection principles in three ways: by minimising the use of personal data (as defined in the UK GDPR), by maximising information security, and/or by empowering people.
Across the four use cases in the Data Saves Lives strategy, PET-enabled data processing, sharing and collaboration would be nothing short of transformational, underpinning clinical decision-making, vital research, and government planning. To unlock that value with effective and secure data collaborations, both the NHS and the public need to understand PETs and how they work to keep people’s data safe.
An NHS leaders’ guide to using PETs effectively
With this in mind, Cognizant, Privitar/Informatica and PUBLIC are working together to build a safe and reliable NHS PETs service, supported by robust processes and best practice governance structures. We are seeking to build stakeholder trust by working in the open, providing transparent and effective audit mechanisms to make it easier for the NHS to protect people’s health data.
In service of this goal, we have developed an NHS Privacy Enhancing Technologies Guide to help NHS leaders better understand how PETs work in practice within health-specific contexts. It provides a detailed introduction to:
- How PETs work and what they can do for the NHS
- Tips for best practice and red flags to keep in mind as a PETs customer
- Health-specific use cases where PETs stand to make a real impact
Throughout the guide, we reference acute diabetic care as a useful example of a care pathway in order to bring to life practical use cases for how PETs can help achieve secure, effective data sharing across the four areas from the Data Saves Lives strategy. For each area, we also highlight real-world case studies of where PETs have made a difference in healthcare or adjacent sectors.
You can access the full NHS Privacy Enhancing Technologies Guide here.