Out-Law News 3 min. read

Health data use undermined by pseudonymisation shortcomings, says Goldacre


The practice of pseudonymising data fails to properly safeguard privacy and this impacts public trust in the use of their health data, according to an academic who recently led a government-commissioned review into the use of health data for the purposes of research and analysis.

Professor Ben Goldacre MBE, professor of evidence-based medicine and director of the Bennett Institute for Applied Data Science at the University of Oxford, told MPs on the Science and Technology Committee in the UK parliament that the “challenges and the shortcomings” of pseudonymising data are “exacerbated the more comprehensive and granular a dataset becomes”.

Pseudonymisation is the practice of removing some, but not all, information that can lead to the identification of individuals from a dataset – such as names and addresses. The practice of pseudonymisation is recognised in UK and EU law as a measure that promotes data protection and as having the potential to reduce risks to data subjects. 

However, Goldacre said “pseudonymisation and dissemination have such serious shortcomings that they present privacy risks”. He said it was “a mistake” for policymakers in England to set out plans to collect data held by GPs for research purposes without first “making it clear to patients exactly what the mitigations will be”. More than one million people reportedly opted out of the scheme within a few weeks, casting doubt over the future of the initiative. Goldacre said the combination of failing to address privacy risks by building “trusted research environments” and the “chaotic and ad hoc approach to access to data through dissemination” had contributed to “a lack of people doing good work at all in data” within the NHS.

Goldacre said, though, that the government had now “made a promise about the restart of the GP data programme, which was that it would continue only after they had built a national trusted research environment (TRE) that could hold the data securely and make it accessible to all legitimate users, while mitigating the risks”. He said he was confident that would “not only mitigate risks, but begin to earn public trust”, and added that TREs “make for a much more productive environment for working with data”.

Louise Fullwood of Pinsent Masons, who specialises in federated databases and health data initiatives, said: “The plans for a national trusted research environment for GP data in the UK is welcome at a time when EU policymakers are pushing forward with their plans to create a ‘European Health Data Space’ (EHDS).”

“It is envisaged that the EHDS will allow access to health data by researchers, companies or institutions subject to them securing a permit from a health data access body, which are to be set up in all member states. Access is only to be granted if the requested data is used for specific purposes, in closed, secure environments and without revealing the identity of the individual. It is also to be strictly prohibited to use the data for decisions which are detrimental to citizens, such as designing harmful products or services or increasing an insurance premium.”

According to Goldacre, who made 185 recommendations in his recent review of how to improve safety and security in the use of health data for research and analysis, data held by GPs is “the jewel in the crown of NHS data”.

He said: “The GP dataset is probably the single most valuable NHS data asset that we have, and that is because of two things. First, there is its granularity: it has a lot of detail about each individual patient. There is something in there about almost every health service contact and every prescription, blood test, referral and diagnosis that is recorded in primary care, but there is also information about what has happened to patients in secondary care, albeit a little more sparse.”

“The data is also very complete in its population coverage – it covers the whole of the country. That really makes it the jewel in the crown of NHS data. It is one of the things that makes the NHS, and the UK, such a unique place to do this kind of work. It has huge opportunities for traditional academic research; for analysis for service improvement to monitor the quality, safety and effectiveness of care; and for driving life sciences innovation,” he said.

“However, because of the granularity and the comprehensiveness of the coverage, it also presents substantial privacy risks to patients. Like all NHS datasets, it contains information that many patients – although not all – would prefer not to be widely accessible to people outside of trusted clinicians or family members… I feel very confident that by adopting the TREs as policy, we are moving forward to sunlit uplands of not just more secure working methods but more efficient working methods, he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.