27 October 2008 – At a time when reports of data breaches are regular occurrences and surveys on working practices point to an NHS data protection time bomb, NHS Alliance delegates ranked their organisations highly on upholding the Confidentiality policy with regard to using patient data for secondary purposes.
Sapior asked delegates at the recent NHS Alliance 2008 conference to score their organisations’ enforcement of the Confidentiality policy in terms of using de-identified patient data for commissioning, performance management, clinical audit and other secondary purposes.
Most respondents scored their organisations very well with over a quarter scoring 5 out of a possible 6. 36% of organisations scored in the middle of the spectrum (3 or 4 out of 6).
However, remarks from respondents indicated that many, including those in key management roles, were simply guessing on their organisations data privacy practices. “We must be here (5 of 6) because data privacy is important,” said one non-exec director.
Not surprisingly, there were also mixed responses from within organisations. One Chief Executive scored the PCT at an impressive 5 out of 6, whilst a Finance Manager from the same PCT scored it at 2, saying “Don’t tell my CE. We have a lot to do in this area.”
Whilst not an accurate measurement tool, the goal of the quiz was to encourage delegates to give mindspace to the high profile issue of data privacy and security. In particular, to the ongoing practice of using identifiable patient data for secondary purposes which conflicts with Confidentiality policy.
About the quiz
Respondents were asked to consider six areas where patient data is used for secondary purposes. (See below) Organisations were given credit for each secondary use area the respondent believed it was using de-identified patient data. For example, if an organisation was using any de-identified data for commissioning work and public health, the respondent could claim a score of 2 out of 6.
Clearly, scoring for the Mind the Gap quiz is very generous and not an accurate measurement. For example, an organisation using a single set of de-identified data for clinical audit would receive full credit for that area even if it was also using many identifiable data sets for other clinical audit work.
Notably, not a single delegate responded that it was “Not my responsibility”. Several were comfortable with guessing on their responses, although 15% said they didn’t know for sure whether de-identified data was being used or not.
Areas of Secondary use:
- Checking quality of care (e.g. clinical audit)
- Managing NHS spending (e.g. PbR, PBC, QMAS)
- Managing health service (e.g. commissioning)
- Investigating healthcare concerns/complaints
- Protecting public health
- Supporting research
Breakdown of Scoring |
# of secondary use areas using de-identified patient data |
# of respondents |
Percentage* |
Don’t know |
6 |
15% |
1 |
1 |
3% |
2 |
3 |
8% |
3 |
7 |
18% |
4 |
7 |
18% |
5 |
10 |
26% |
6 |
5 |
13% |
Mean score: 3.5 |
Median score: 4 |
*Total percentage greater than 100 due to rounding.