Putting data privacy front and centre of any digital transformation journey is crucial to healthcare providers gaining public trust.
Heather McKay, a Senior Associate specialising in data protection law at UK and Ireland law firm Browne Jacobson, emphasised the importance of adopting a ‘privacy by design’ approach for organisations planning to integrate emerging technologies into their healthcare provision.
It follows new guidance published by the Information Commissioner’s Office (ICO) to support health and social care organisations in being transparent with patients about how their personal information is being used.
The guidance aims to provide regulatory certainty on how these organisations should keep people informed about their personal information, which is especially important when accessing vital services.
Heather said: “Emerging technologies such as artificial intelligence and big data have huge potential to drive efficiencies in the NHS, and other health and social care providers, by reducing paperwork for clinicians and giving them more time with patients.
“However, the success of such initiatives depends enormously on gaining public trust, which is why it is vital to put data privacy front and centre of any digital transformation strategy. This means letting the public know how their data will be used.
“The UK GDPR requires transparency in processing personal data, which means that organisations must process data lawfully, fairly and transparently. The new guidance on transparency will help organisations build a link with the public and gain their trust, which is crucial for the success of any new project.”
The ICO, which is the UK’s data regulator, said it published the guidance to support health and social care organisations in remaining compliant with data protection law, which gives people a right to know how their personal information is being used.
Providers routinely handle sensitive information about the most intimate aspects of someone’s health, which is provided in confidence to practitioners.
This personal information also increasingly informs the successful adoption of new technologies to boost the efficiency and public benefit of these systems.
The guidance includes definitions of transparency and practical steps to developing effective transparency information. The transparency principle extends beyond the information that appears in privacy notices, and organisations must provide additional transparency information to explain how and why they use people's information.
Heather added: “Some of the personal information being processed for use in healthcare is classified as special category and requires additional protection. Acquiring and maintaining public trust and confidence is important to ensure people feel comfortable sharing their information.
“People's support for using their information for secondary purposes depends on how much they understand the proposed use. Being transparent about the use of personal information for secondary purposes can help inform people's expectations and build trust.
“Organisations should decide what extra information to provide, how much is necessary, and the most effective way to provide it.
“This could include providing additional information beyond privacy information, confirmation of what will not be done with people's information, clarity on design decisions, alternative forms of transparency information, accountability information, and information that explains how other laws beyond data protection provide the basis for organisations using information in certain ways.
“Organisations must also reflect choice, and highlight and explain genuine choices available to people about how their information is used.”