Welcome to my second blog.
My first eight weeks as the National Data Guardian (NDG) was my “honeymoon time” and what I, a little awesome, called my “listening exercise”. I met many people and organizations for the first time in the role and got to know the excellent office of the National Data Guardian team. I was excited and inspired, baffled (sometimes at the same time) and curious to hear the sometimes very polarized views on data sharing, usage, and the risk-benefit ratio. Thank you to those I met for their time.
I also find it striking that issues of data use are often approached from the perspective of broader issues such as individual and / or professional identity or trust in institutions. Allegedly disparate issues can sometimes mix quickly, reflecting perhaps more fundamental tensions around our underlying common values as citizens.
As the honeymoon ended, I found, as it should be, that there is an expectation in some circles that the NDG will be able to exercise some kind of omnipotent authority over health and care data. In conflict situations, my own leadership style seeks to be more honest than a ‘boudica’ wielding a sword. More importantly, it’s not the NDG role. In several conversations I have referred to the framework of legislation that defines the role of upholding the NDG is not a regulatory authority that enforces, but a person with the authority to create guidelines that organizations must – and To provide advice, information and assistance relating to the processing of adult health and social care data in England. The law is silent about the extent to which this advice should be public.
As expected, I also experienced an implicit (or sometimes explicit) comparison with my predecessor as NDG, the late Dame Fiona Caldicott. I also ask myself, “What would Dame Fiona have done?” And I find that a helpful question. I consider myself fortunate that I had the opportunity to meet her in the run-up to my appointment last year and to benefit from comprehensive and open advice on the challenges of the position. Since then, the NDG team and panel members have given each other incredible support in discussing the background to current issues, including the “older” history that shapes our current data landscape.
For me, all of this has brought the question of my own values very much into focus. What will be most important in this role? Adopting the principles and values of the NHS Constitution, along with the Seven Principles of Public Life, is a good place to start. My previous experience has led me to work out two other personal values that feel particularly important now, namely:
Work with complexity and resist binary thinking – over-simplifying complex issues or polarizing organizations or individuals into “good or bad”, for ideological or other reasons, is rarely helpful. I’m on the side of Oscar Wilde – “The truth is seldom pure and never easy”.
Work with humility – realize that no expert is infallible, that no solution or system is ever perfect. Health and care must be a learning system that tries to continuously improve itself from both positive and negative experiences. When things go wrong and / or mistakes are made, it is usually not helpful and imprecise to scapegoat and attribute incompetence or malicious intent. The important thing is how we learn together from what happened and what we are doing now, and that is my focus.
I will undoubtedly continue to develop and refine these as I gain experience as an NDG. I suspect I’ll also add something to do with healthcare being an emotional business.
As you can imagine, the most pressing issue that landed on my desk in those first few weeks was the issue of public trust and my role in it in relation to the General Practice Data for Planning and Research (GPDPR) program. The NDG office has been actively involved in discussing the initiative since 2018, along with stakeholders such as the Royal College of GPs and the British Medical Association. One of the main points of discussion was the need to build on lessons learned from previous data initiatives, including care.data and the National Data Opt-out, not least to ensure that the right security measures are in place and that this is clearly communicated to the public.
As I have seen since taking office, learning from experience has resulted in the development of a program that represents a step forward in data protection, with data sharing under a strong system of independent oversight. Since its introduction, however, the advantages of the new GPDPR system have not caught on in large parts of the media discourse. It appears that in the absence of an alternative, a narrative has evolved that this new initiative is essentially historically blind and “data theft” for potentially nefarious purposes. Such accounts often do not contain any reference to the many different pre-existing data collections from primary care, their purpose or the aging technical system that the GPDPR is replacing. Obviously, concerns about retail companies’ access to data were also very high for many people.
Clear communication about this data collection would also be of the utmost importance – just as important as ensuring that the technical details, safety precautions, and safeguards are well thought out. The importance of building a clear communication campaign so that the public can see what is and is not being done with the data has been at the center of advice from the NDG office and panel for this program over the past few years. This recommendation was in line with the new Caldicott Principle 8 that there should be “no surprises” in the use of health and care data for patients and the public. I have been heavily involved in discussions over the past week about the need to allow more time to communicate. I am very excited about the decision to postpone the launch to clarify these issues.
It is important that we all work together now as a system with humility and honesty to actively address public concerns to ensure there are “no surprises” and I look forward to playing my part in this. We achieve this, among other things, by providing citizens with the information they need in a sufficiently clear form. This allows them to form their own informed opinion about the purpose and trustworthiness of the system and its processes, including security, privacy and decision-making, with clear information on the opt-out and what it means in practice if they do so .
Ultimately, we approach all issues of health and care data as individuals, both in terms of what we share with health and care professionals and how we exercise our rights in relation to our use of that information. Our individual approaches depend on a number of factors, including how we weigh risks and benefits in light of our personal experiences, priorities, and broader concerns.
I personally decided against it. I shared this private information because I was aware that Dame Fiona Caldicott decided to make it public. I am satisfied with the purpose, guarantees and oversight of the GPDPR. And I fear that if a lot of people log out because our systems are not being trusted, it will result in inferior, unrepresentative data sets for health research and systems planning, which will end up seriously at the expense of improving health and care for all of us.
Now, to wrap up my listening exercise for the past two months, I’ll set out my priorities for the coming year in more detail in the NDG annual report to be published this summer. In the meantime, I appreciate your feedback and thoughts via email@example.com.