National engagement on data: Cohort 1 report

The data deliberation: what we set out to cover

Thinks Insight & Strategy is a research and strategy agency. Early in 2024, we were commissioned by NHS England (NHSE) and the Department for Health and Social Care (DHSC) to conduct a large-scale public engagement programme, to build and maintain public trust in how data is used across health and social care.

Health data is defined by the Information Commissioner’s Office as “personal data relating to the physical or mental health of an individual, including the provision of health care services, which reveals information about their health status.” Public engagement is crucial to the success of digital and data transformation, as policy and services must be informed by a detailed understanding of public attitudes and shaped by public recommendations. Meaningful engagement can help to build trust and confidence in the decisions taken by government and the NHS.

This first phase of the programme – the data deliberation – had one overarching problem statement: What does the health and social care system need to do for people to feel confident in how their data is being used?

Within this broad question, three areas were identified where the views of the public were most needed to inform and influence the cohort 1 policy deliberations:

• Secure Data Environments (SDEs) are being established by the NHS to store, manage and administer access to health and care data for research. We explored public expectations of how SDEs should make decisions, specifically looking at how governance and data access committees could work in a more joined-up manner.
• When health and care data is used for research, there is-often a potential value for the data user and costs for the NHS and social care providers. This data deliberation set out to define public expectations of how the NHS should also realise the value of data for research and appetite for the NHS to generate surplus value from data use and access.
• We tested one method of information provision, a Data Pact, developed by the NHSE/DHSC team to provide more information to individuals about data use.

We used a range of different methods, as shown in the diagram below, to ensure that the data deliberation generated a robust understanding of public attitudes. Our findings from all the three tiers have been consolidated into this report.

Data from tiers 1 and 2 was captured via live note takers (tier 1) and audio recordings which were subsequently transcribed (tier 2). We then coded this raw data. This coding allowed us to compare responses across locations and identify key themes. We formed the recommendations once this analysis was complete, looking at the implications for national and regional policy makers, as well as for future engagement. Tier 3 then tested some of these recommendations and other themes from tiers 1 and 2 with a representative sample of respondents.

Where we started: baseline views on data use (chapters 2 and 3)

At the start of workshop 1, we found that the participants, whether in the main deliberation, inclusive engagement groups, or in the survey, shared many views that were consistent with the findings of the evidence review. When it comes to ‘data’, people tended to assume that it means personally identifiable data and were suspicious about who is accessing it and why. Spam emails, marketing phone calls and high-profile data breaches in the news were all front of mind.

On the other hand, when asked about health and social care data most participants across all tiers expressed trust in the NHS to use their data, because they expected the NHS to act with their interests at heart. Understanding more about potential benefits led to increased trust, mitigating some of the fears around unwelcome uses. Almost none of the participants had any awareness of the extent to which data is used currently. This lack of knowledge tended to mean these participants had a cautious outlook towards data use and access beyond the NHS. A few called out specific organisations, such as pharmaceutical companies or insurance companies, who are instinctively less trusted.

Participants were asked to explore the key challenge for policy makers in establishing the rules for DACs: the benefits and trade-offs of having a single, standardised process for all SDEs compared to each SDE having their own approach, the importance and extent of central oversight, and the impact all this can have on issues such as clarity of decision making and timeliness of access. Tier 1 participants were introduced to these topics in the second workshop, where we asked participants to weigh up the respective merits of three hypothetical approaches to managing a request for data from multiple SDEs, used as a device to get the public to discuss the tangible trade-offs.

Previous local engagement had led to findings that all SDEs involved in a project should be equally involved in decision-making, leading to a decentralised approach. However, the tier 1 participants were split on this issue. Roughly as many supported greater central coordination, consistency, and shared decision-making, as supported a model in which each SDE is involved in every decision. That is, the participants placed much greater emphasis on consistency and efficiency in the process than the previous local engagement indicated.

There were four clear priorities for policy makers to balance in deciding the rules that govern data access to an SDE:

Transparency of process: Participants in the data deliberation were shown principles for data management rooted in the Five Safes model. Openly demonstrating the principles that govern data use and access reassured participants, mitigating concerns that this might be kept hidden from the public. A lack of transparency about the principles would undermine trust in how data is used by raising fears about why these principles were not being shared.

Consistent application of principles: Ensuring that all organisations involved in decisions about data use and access are acting according to the principles was crucial for participants. They wanted principles to be enforced, with clear sanctions for any breaches. Participants also wanted decisions about who has access to data to be consistent and felt this would be a good test of whether principles are clear enough about appropriate use.

An inclusive process: Ensuring inclusion of a relevant diverse set of views in the decision-making process was also important, especially to those who felt at most risk of discrimination. More localised decision-making was seen as important to inclusion, balanced against the overall requirement for consistency. It was deemed essential that decision-making panels included lay people from diverse backgrounds, as well as specialists with the right expertise and knowledge.

Efficient decision-making: An efficient process, led by specialists and including public voices, which minimised bureaucracy and resulted in swift decision-making, instilled confidence. An overwhelming majority of participants opted against the most complex decision-making systems for researcher applications to more than one DAC.

Policy makers therefore need to consider how they deliver an efficient, consistent process for DACs; for instance, formalising the standards discussed and creating central oversight and escalation routes to drive consistency. They need to balance this with keeping enough local autonomy to reflect the diverse nature of the regions that are represented.

We found that participants were broadly supportive of the NHS charging for access to data to cover its costs. They recognised the value of the health and social care data that is collected, and supported it being used for research that benefits individuals receiving care and the wider population. They wanted to see the value of data being shared fairly with the health and social care system.

However, it was important to participants that realising value from data should not detract from or conflict with the basic purpose of the health and social care system – to improve health and wellbeing outcomes. This principle then informed participants’ views on how to realise value from data. They told us that:

• Generating wider benefits (for example, early access to or discounts on treatments developed from health and social care data; more clinical trials for patients to participate in; ownership of intellectual property from new treatments) should be a high priority as this is most closely aligned with the mission of the NHS to improve health. Participants brought different values and assumptions to this part of the discussion and further exploration of 'wider benefits' will be required, as well as consideration as to which benefits should be prioritised.
• A surplus should be sought. Broadly, participants were keen that this happened, and that the surplus should be reinvested in the NHS. However, care must be taken to avoid perceived negative consequences like cuts in overall funding, or discouraging research that could lead to loss of wider benefits, particularly from charity and academic partners that may find high access charges a barrier. Importantly, participants did not feel that seeking a surplus from data accessed securely was the same as 'selling' their data.
• Encouraging research which uses NHS data in England is valued by participants. This was especially the case if there are clear benefits to patients and the public, either through surplus or wider benefits.

Importantly, all three of these ways of generating value from data were broadly supported by tier 1 participants. However, in this area we heard some important differences between the audiences:

• Our seldom heard tier 2 audiences were sometimes more cautious. Despite recognising the value of research in achieving health benefits, some had negative experiences of research benefits being promised but not arriving. Or, for transgender people and migrants, experiences of their data being used against them in the past. Therefore, these groups wanted reassurances that the wider benefits would, at the very least, not be actively harmful to people like them.
• In the tier 3 survey, where participants had only basic information about why and how the NHS shares data for research, there was greater reticence about the NHS making money by charging for access: around 1 in 3 in this tier told us that it is wrong for the NHS to make money from charging for access. They preferred a smaller surplus to a larger one and were more supportive when reassured that the surplus would be retained by the NHS. Thus, it seems clear that more information and time to discuss the implications of charging for access – as the tier 1 participants had – led to greater support for and trust in this concept.

Across the previous two days of discussions, tier 1 participants showed an appetite for more information to be shared with the public about how their health and social care data is used. They recognised that their own views had changed as they learned more, with most becoming more confident about how health and social care data is used. Those who were most reassured told us that the fact officials were taking the time to make this information widely available was in itself a sign that data security and public trust are being taken seriously and showed the good intentions of the health and social care system. Though there were those who felt that the Data Pact had little impact on their pre-existing views. And this was reflected in the survey data, where 62% of tier 3 respondents felt the pact would increase confidence, but close to a quarter (23%) said it would have no impact.

Participants felt that the pact as tested could be made more effective. For tier 1 participants, the word pact implied action, not just information. This meant that participants expected the document to be legally binding, rather than providing information about the legal framework that is currently in place. Participants were therefore confused about why the pact was not legally binding, and ultimately felt the draft data pact lacked authority. Some cited examples like the Post Office scandal to emphasise the importance of accountability in building trust. As well as binding conditions, they wanted the pact to have more information about recourse – that is to say, what would happen and what recourse is available if it has been broken.

Where we ended up: the impact of the data deliberation on participants’ trust and confidence in the use of health and social care data (chapter 7)

At the outset of the deliberative workshops, tier 1 participants typically had misgivings about data use in general. While they were supportive and trusting of the NHS, they felt that they lacked sufficient information to feel confident. By the end, most tier 1 participants felt more confident about how their health and social care data is being used.

We identified three main factors driving this change:

• Understanding the benefits of data for research and seeing how these align with the goal of the NHS helped many participants have greater confidence in the purpose of data access. Sharing case studies and hearing from researchers and patients contributed to this understanding.
• Developing a greater understanding of the safeguards, principles, and processes in place was critical to building confidence. Secure Data Environments, data access committees, and a data pact were important parts of the infrastructure that participants wanted to know was in place to protect their data.
• For many participants the engagement process itself also contributed to greater confidence. The time and care invested in the data deliberation, along with the level of detailed information and scope for influence that were included, all contributed to a sense that the NHS and DHSC are taking public views seriously and that trust in good intentions is well founded.

However, we should not read outputs as providing blanket permission for use of health and social care data. First, there were participants across all tiers who remained critical throughout. These participants feared that safeguarding measures would not be sufficient to prevent the misuse of data and were sceptical of the intentions of actors like pharmaceutical and tech companies.

For domestic abuse survivors, unhoused people, and those with prior justice system involvement, this mistrust was grounded in previous negative experiences with public institutions and, therefore, that mistrust was also carried over to the NHS. They worried that their individual experiences would be replicated on a grand scale when it comes to data. Those who believed that the system remained too complex and opaque for them (or others) to have confidence in were a small but vocal cohort.

We also heard very clearly from participants about their expectations of a system of health and social care data use. They expected to see data used for public benefit, with no exceptions, and for this to be actively safeguarded by those granting access. They expected that the benefits of research should be shared among NHS patients and the public, not just private interests, and challenged the NHS to establish commercial arrangements to ensure this. And, above all, participants expect the security of this intensely personal data to be protected through appropriate safeguards for data, with meaningful and visible sanctions for infringement.

Download the full report

National engagement on data - Cohort 1 report, PDF (1.9MB)