Health and social care - data strategy: consultation analysis

An independent analysis of the responses to our public consultation to inform the development of Scotland’s first data strategy for health and social care, due for publication in early 2023.


Part 1: Empowering People

This chapter presents an analysis of responses to the first set of questions in the consultation, which focus on how individuals can have greater access to and control over their health and social care data. As noted in the consultation, this includes the ability to view and request updates to information in their records, and access information such as test results, letters and treatment and care plans.

While Part 1 focussed on individuals' own data, the consultation encouraged respondents to answer as many questions as they could, and organisations were encouraged to answer Part 1 by considering what empowering individuals would mean for their organisation. The analysis below therefore includes both individual and organisation responses, highlighting where any differences were evident.

1A. We all have different perceptions of what our health and social care data may be. When considering the term 'your health and social care data' what does this mean to you and what do you consider it to be?

A total of 105 respondents commented on the first consultation question. They answered in two ways; most reflected on the types of information they would consider as health and social care data, while others described who might hold the data.

Types of health and social care data

The most common perception of health and social care data, held by many respondents, was an individual's medical history. This was seen to comprise: clinical notes from GP and hospital visits; diagnosis history including treatments offered and their outcomes; test results; and medication, prescriptions and vaccination history.

"All paper and digital records held by any health or care team in primary care, community care, acute care, social care, dental, optometry. This could be written, verbal, photographic, recorded [and] include demographic information about me, consultations, appointment details, inpatient stays, outpatient attendances, investigations, test results (e.g. x-rays, blood results, endoscopies) diagnoses, treatment decisions, medications / prescribing history, maternity records and details of my children…" – Individual

"'Health data' as used here includes all information that could or should be included in every patient's health record (ideally held electronically) e.g., clinical examinations, signs, symptoms and diagnostic tests including scans and laboratory tests, treatments prescribed, records of vaccination, procedures undertaken and outcome measures, as well as similar information generated during the conduct of a clinical trial." – ABPI

Many respondents gave a general comment that the term encompasses any or all information held about someone's health and social care, but did not provide more detail.

Personal information was mentioned by some respondents, covering name, date of birth, contact details, next of kin or emergency contacts, ethnicity and preferred language, with a very small number including occupation and financial details. Some others felt health and social care data would include a history of interactions with health services throughout an individual's life e.g. emergency care, maternity, dentist, opticians, mental health services, physiotherapists, occupational therapists and osteopaths.

A few also considered including a record of past and future appointments, details of waiting times for treatment, a log of all communications e.g. letters from GPs, and equalities data. A small number suggested that it should include their wishes for current and future treatment, or any information which would be helpful to determining their care.

Very small numbers each suggested it could encompass: any data linked to an individual's CHI (Community Health Index) number; family health history and causes of death; any experiences of problematic substance use; sensitive personal data e.g. sexuality or continence; non-clinical data such as census data; housing support and social security; environmental monitoring data; or interactions with police and justice services.

Only some respondents specifically described what might be included in social care data. These comments varied and included: information about care needs; care plans, carer support plans and emergency plans for carers; a log of contact, appointments and interactions with social work, social services or social care including use of care homes and any private or third sector providers; information about relationships and family dynamics; and financial arrangements associated with social care provision.

Who holds health and social care data

Respondents were most likely to state that health and social care data is information held by the NHS. A few respondents each stated that the term could refer to: data collected or held by an individual, particularly from wearable or fitness devices; data held by a local authority, especially in relation to social work and social care; and data held by other public bodies, private or third sector organisations who deliver care and support.

Need for a clear definition

A few individuals and organisations such as Age Scotland highlighted the large amount of information that could be considered health and social care data, and how public understanding of the term can vary considerably. Consequently, there were calls from respondents for a clear definition to be developed, particularly for social care which organisations such as Key and Community Lifestyles and Coalition of Care and Support Providers in Scotland (CCPS) noted can be more challenging to define.

"If a national, mutually agreed and understood definition of 'health and social care data' is to be arrived at, in order to further this strategy, Social Work Scotland believes greater precision is needed to avoid confusion among delivery and strategic partners and people getting support, to avoid inequity and potential rights infringement. Clarity and consistency of understanding is essential." – Social Work Scotland

"Because we all have different perceptions of what our health and social care data may be it is critical that the Government's definition is clear and clearly communicated to the population. Without that clarity there can be no ethical, transparent and inclusive sharing of health and care data and, more critically, who actually owns it." – University of the Highlands and Islands

2. Our ambition is to give everyone greater access to and a greater say over their health and social care data. Health and social care data examples include results from a blood test, a diagnosed condition or interaction with specific health and social care services.

2A. When thinking about accessing your own health and social care data, what data about you would be your priority for having access to and greater control over?

Two types of comments were evident in the 95 open responses to Q2A. Most described a variety of types and levels of data they would like to access, while some made more general comments about access and control.

Types of data

By far the most prevalent theme in open comments was having access to and control over specific medical data, with individuals and organisations making similar suggestions. Most frequently mentioned was access to test results including an interpretation of what the results mean. A few individuals noted this would save GPs and patients time. Other data included: clinical notes; reports of consultations; diagnoses; prescriptions; allergies; and any correspondence about these issues.

"Quicker and direct access to my test results, for example direct notification where appropriate, rather than having to wait for the GP or other service to receive, process and then notify me of results by letter/telephone or face to face consultation." – Individual

"Access to current, relevant information about an individual's planned treatment – medication, test results, scans and x-rays, appointments and admissions/discharges. A personal health dashboard. This would allow greater transparency and control for individuals" – NHSS Records Management Forum and NHSS Health Records Forum

Some respondents stated they would like to see relevant information that could affect their treatment or care, or that would impact their ability to make decisions about their care or how they self-manage conditions. This included some of the data above, but also care plans and a log of ongoing symptoms or observations.

A broader response was given by some who stated they would like access to all data, all their medical records, or anything they might need to review or could need corrected.

"I expect to have access to all of my health records without having to request it… I cannot prioritise the health data I feel is most important – it should all be available." – Individual

"Individuals should have full access to their own health and social care records with a mechanism for providing summary data for ease of access [and] be able to update their own records e.g. to add information about changes or increased needs." – Carers Scotland

The potential to access and use data to keep people informed was raised by some respondents. They suggested that individuals should have access to: details about their previous and upcoming appointments, including the ability to book appointments; waiting time information; and schedules for treatment.

Several other types of data were each mentioned by a few respondents. These included:

  • Personal details such as name and contact details, with respondents particularly keen to have a way to ensure contacts details are correct.
  • A full vaccination record was requested by mostly individuals and one organisation.
  • A history of service use including interactions with maternity, emergency care etc.
  • Sensitive information such as sexuality, sexual health and mental health. This is examined more under the analysis of Q4A.

Only a few respondents cited social care data specifically. Singular requests included information about dependents or a trusted person, access to a person's history with social care services, access to personal records for people with care experience, and an option for carers to provide updated information.

A small number of respondents highlighted data they did not want to access. A few individuals stated they did not want access to test results because they would be unable to interpret them without professional advice; a few organisations made the same point, arguing that releasing test results without an opportunity for explanation could cause distress. One individual wanted access to current data but not historical diagnoses. Another stated they would not want to see inter-professional notes e.g. ward round notes.

Other themes

Some commented broadly on the importance of individuals having access and control over health and social care data, and of individuals being informed about and empowered to make decisions about how their data is used. A small number stressed the importance of ensuring data being accessed is clear and understandable i.e. it is in plain English, avoids medical jargon and is accessible for those with a disability or difficulties with literacy.

Another theme, mentioned by a few respondents, was the need to ensure a joined-up approach to data. This should allow individuals to access data from all parts of the system e.g. GPs, hospital, dentists etc, but also enable access to the same information by all practitioners across health and social care. Inclusion Scotland and the People Led Policy Panel suggested the use of a health and social care passport could help reduce the need for people to constantly retell their story and could be updated over time and as circumstances and needs change.

Legal considerations

It should also be noted that a small number of respondents gave conflicting views around the legalities of offering individuals access to and control of their data. Glasgow City Health and Social Care Partnership (HSCP) provided a detailed response where they expressed a view that the proposals outlined in the consultation paper are "in contradiction to the basic principles of data protection law". In particular, they highlighted the misconception that an individual – the data subject – has control over 'their' health and social care data, when it is the data controller who determines how and in what way their data is processed and used. The Information Commissioner's Office stated that allowing a patient access to their health data is in line with UK GDPR, and that it encourages data controllers to provide individuals with remote access and be more involved in their own care.

"Care will be needed around both the controllership situation and possible tension between a clinical record and a patient's view and the responsibilities of the controller to control access" – Information Commissioner's Office

2B. When considering the rights of individuals who are unable to interact with their own health and social care data, do you feel that delegating access to a guardian/carer/trusted individual would be appropriate? If yes, what safeguards need to be in place?

Among those answering the closed question Q2B, 78% agreed that delegating access would be appropriate; 20% were unsure and 2% disagreed (representing two individuals). Organisations were marginally more likely to answer yes – 81% compared to 76% of individuals. Over four fifths of most sectors answered yes, including all HSCP, other public bodies and academia, but those in the third sector were least likely to answer yes (64%). A full breakdown by sector is available for this and all other closed questions in Appendix B.

The follow-up question was answered by 95 respondents, primarily those who agreed with delegated access but also some who were not sure or did not answer the closed question.

Use or mirror existing safeguards

The most common theme was that existing legal safeguards could or should be followed or used as examples to create new safeguards. Most prevalent was that access should only be delegated where there is Power of Attorney or Guardianship already in place. Others mentioned the potential to follow the Adults with Incapacity safeguards or made broad comments about legally defined roles being in place e.g. parent with parental rights.

Consent

A recurring theme, mentioned by several respondents, was that the individual delegating access would need to give their consent, if they had the capacity to do so. Recognising issues around capacity, a few suggested delegation would ideally be arranged in advance while a patient was fit and able; if not, suggestions for delegation included to a GP and a 'break glass' clause where access was granted for immediate care needs. A few called for consent and delegation rights to be regularly reviewed because an individual's capacity to interact, and their relationship with their trusted individual, can change over time. A small number argued that more support should be given to those who find it challenging to interact with their data, rather than assuming control should be delegated in the first instance. Inclusion Scotland noted the need for greater supported decision-making to ensure disabled people can exercise their legal capacity. A very small number stated that the delegated individual should also consent to taking on that role.

Assessing the suitability of the trusted individual

Several respondents raised concerns about a trusted person's suitability and competence and suggested safeguards to address this. Some stressed the need to verify the identity of the trusted person. A small number suggested that a nominated person needs to clearly understand the role of delegated access, with a very small number suggesting training on their responsibilities.

"Appropriate safeguards and privacy measures are essential to protect everyone's personal data. There should be measures in place to validate the guardian/care/trusted individual and controls surrounding eligibility criteria. These measures should be directed towards validating the guardian/ carer/ trusted individuals' identity, their relationship to the individual and ability to handle delegated data appropriately and safely." – Cancer Research UK

"…Any agreement to delegate access needs to be properly identified using identification/validation and with the named individual's consent, in the absence of a formal power of attorney/guardianship lodged with the office of the public guardian. Many utility companies use the term 'authorised contact or alternative contact' but have an enforced process to ensure the relationship and authority are legitimate and appropriate." Renfrewshire HSCP

Mixed views were expressed on who should be a trusted individual. A few felt a family member would be appropriate; others disagreed. Opponents argued that next of kin may not have an individual's best interests at heart or expressed concerns about exploitation. They called for acceptance in the sector that any anyone could be nominated as a trusted person, for example a few suggested sharing information with carers. Another safeguard, mentioned by a few, was delegating access to two individuals to reduce the risk of abuse.

"The individual's preferences should be respected as much as possible, and certainly there should not be the assumption that a person should have access to someone else's health and social care data by default because they are next of kin." – Individual

"…Further clarification will be needed on exactly who can, and why, access data belonging to someone else – being a guardian or carer is insufficient of itself. Relationships are complex and the individual's wishes must be obtained and respected; there are many reasons why someone might not want a parent or guardian to access their records on their behalf. The same applies to adult children of older people." – Social Work Scotland

Less commonly mentioned themes

Other themes and suggested safeguards included:

  • Ensuring the trusted person can only access relevant data was raised by some.
  • A few respondents urged for delegation rights to be clearly defined and recorded so that all parties know who is involved in decision-making and in what way. Similarly, a small number called delegated access to follow all governance and sharing frameworks or for clear and straightforward frameworks and procedures to be used.
  • Consideration of the rights and privacy of young people was raised by a small number. Singular comments ranged from enabling young people to make their own decisions, their right to keep their information confidential and worries about overly restrictive parents, and concerns about child protection e.g. in domestic abuse where both parents maintain parental rights and access to data could cause harm. Children in Scotland called for the strategy to consider children and young people's views about data and welcomed the Scottish Government's efforts to engage with young people when developing the strategy.

3A. We are committed to providing clarity over how your data is used and the need for this to be built on ethical principles. When thinking about the ethical principles that must be maintained when gathering, storing, and using health and social care data, what information would you find most useful in providing clarity over how your data is used in a consistent and ethical manner?

What data is being used for

The most prevalent theme in the 96 responses to Q3A was the need for transparency about what individuals' data is being used for. While many simply stated they would like to know this, others provided more detailed comments. These included the need for privacy statements which clearly outline the intended use of data, and respondents who stated they would only be willing to share their data if it was being used for positive reasons. A few suggested the publication of reports or summaries to demonstrate how using the data has a positive impact. Related to this, a small number of mostly individuals reiterated they would not agree to their data being sold or used for commercial purposes.

"A very clear privacy statement which is updated to reflect exactly how and what information is shared across services, and also how each service uses each specific data attribute for the purposes collected." – Renfrewshire HSCP

Who data is being shared with

Several respondents stated they would want to know who their data is being shared with. Some individuals and a few organisations from multiple sectors called for a clear record or log of who had been given access to data, when, and for what purpose.

"A running list of who has accessed my records and when, whether it is a department, an individual or a company. I can see that with social media records, why not my health care? Who is in my 'friends' list for my records? But I do think that some should be default, like your GP." – Individual

Data storage and security

Another theme, mentioned by some, was the need for information and reassurance that data is being stored securely. Around half of those mentioning this theme made specific points about data security, suggesting they would need clarity over whether their data was anonymised, how they could request changes to incorrect data, and how long data is stored and when it is deleted or destroyed.

Consent and procedures for data sharing and use

Respondents described some of the processes they would like to see in place to ensure their data is being used ethically. Some focussed on consent, questioning whether their consent would be sought, or stressing that it should be. A small number suggested there should be easily accessible opportunities to regularly review, update and withdraw consent, and that there should be a process for complaints. A few respondents noted that all data use should adhere to existing data protection policies such as GDPR and to data storing and sharing frameworks, agreements and governance.

What data is being collected, stored and shared

A less commonly mentioned theme, raised by some, was to have information on what type and level of data is being collected and accessed. A few called for safeguards to be in place to ensure that only relevant data is shared, or for individuals to be able to opt out of sharing certain data, or sharing with certain people, on a case-by-case basis.

"There has to be a transparency mechanism for safeguarding patients' interests that should only authorise the disclosure of information for the necessary 'medical or care purposes' of improving patient care or when disclosure is in the public interest: no less, no more, and not just because the data is merely useful." – University of Leeds School of Law

Clear and accessible information

A recurring theme was the need for clear, consistent and accessible information about all the above points to be readily available to individuals. This was raised by both individuals and organisations, but especially by third sector organisations. Suggestions ranged from privacy statements written in plain English to consent dashboards which people can access to have a clear overview who is using their data and why, and potentially switch their consent on or off. Related to this, a few argued that a meaningful discussion with the public about sharing their data, highlighting how it can be used to benefit health and social care more widely, would be beneficial.

3B. To what extent do you believe it is important to collect data to enable our health and social care services to understand how they are serving those with protected characteristics?

Among those who answered Q3B, 87% felt it is important to collect data to understand how health and social care services are serving those with protected characteristics; 74% stated it was very important and 13% fairly important. One in ten (11%) were neutral and 3 individuals felt it was not important.

There were some noticeable differences by sub-group. Organisations were more likely to state this was very important (91%) than individuals (61%). Sectors recording high levels of total importance included other public bodies (100%), the third sector (100%) and representative / membership bodies (100%). All HSCP considered this important, though this was split between 71% who felt it is very important and 29% fairly important. By contrast, 80% of other health public bodies considered this important (73% very, 7% fairly) and 20% were neutral.

Some respondents – primarily third sector organisations and a few health bodies, representative bodies and individuals – elaborated on their response to Q3B at Q3C. Most reiterated their view that collecting information about protected characteristics is vital to understanding inequalities and the met and unmet needs of those groups, particularly as they can have difficulty accessing health and social care or experience bias or discrimination in their treatment. A few including Age Scotland and Inclusion Scotland called for more opportunities to disaggregate data to get a better understanding of impacts and outcomes for older people, disabled people, and other protected characteristics.

"Very important – protected characteristics exist to prevent discrimination, whether active or passive. The only way to measure whether a given service is equitable is to understand the demographics of the people accessing that service, and by observing patterns of outcomes related to certain characteristics. This will be essential for service design in the future." – Community Pharmacy Scotland

Challenges around protected characteristics data were raised by a small number. Voluntary Health Scotland noted importance of transparency and honesty as some marginalised groups have a deep distrust of public services due to past experiences of discrimination which can impact the collection and sharing of health data. For example, a fear of health data being shared with the Home Office deterring asylum seekers from engaging with health services. Key and Community Lifestyles called for consideration to be given to "data which is wider than protected characteristics, for example legal status, communication needs, digital activity/inactivity, and personal situations which require sensitive handling such as domestic abuse/coercive relationships". Chest Heart and Stroke Scotland welcomed a proposed integrated health and social care record which would mean equalities information could be recorded once, in private, at an appropriate time, and making it more likely to be available to all services.

A few respondents called for greater training for health and social care staff in equalities issues, protected characteristics and human rights approaches more generally.

"And when it comes to equalities, better day to day evidence that the workforce understands and respects equality issues. If the person I see doesn't get it, why would I trust them to keep my information and its sensitivities?" – Individual

3C. When thinking about health and social care professionals accessing and using your health and social care data, what more could be done to improve your trust?

Q3C received 104 open comments. However, there was significant overlap in responses with the themes evident under Q3A covering transparency, consent and security. Other themes evident at Q3C included improved public understanding, information governance and data quality and staff training in data literacy. A small number noted that they already trust health and social care professionals with their data and had no concerns about this.

Transparency, consent and data security

A large proportion of comments at Q3C repeated themes described earlier, specifically:

  • Many respondents reiterated the importance of transparency over how their data is being collected, stored, shared and used, with some recommending a clear record is kept of who accesses their date, when, and for what purpose. ABPI cited the steps the Estonian government has taken to allow patients to have access to their information and see who is using their data, alongside investing in cyber-security.
  • Consent and being able to limit, restrict or revoke access to data on a case-by-case basis was mentioned by some respondents.
  • Some noted that their trust would be improved if they could be reassured that their data was being stored securely with appropriate access rights and controls in place.

Improved public understanding

The most common theme at Q3C, not including the above, was the suggestion that an improved public understanding of how health and social care data is being used would increase trust. Respondents described how more work is needed to raise the public's awareness of what data is held about them, and how using the data benefits individuals and the wider population. A few suggested the public should be involved in developing systems handling health data. A common theme within this was the need to demonstrate the positive impact of sharing data, either through individuals seeing improvements in their own care as a result, or through the publication of reports and giving examples of where data has been used effectively or has driven change. A small number advocated public information campaigns to raise awareness, and others noted the need for clear and accessible communication.

"Prove that current data management is used efficiently across existing services where 'sharing' is not an issue e.g. across health boards and between primary and secondary health care" – Individual

"Trust could also be improved by providing individuals with examples of how data is used by those accessing it, both to improve care on an individual level and also to support improvements in the health and social care system" – The Innovative Healthcare Delivery Programme (IHDP)

Information governance

Some respondents stated that their trust would improve if there was clear evidence that all appropriate legislation and frameworks were being followed. This included adhering to GDPR, following governance frameworks with independent auditing, and publishing Data Processing Impact Assessments (DPIA). A few individuals, health bodies and HSCPs stated that it is important to see transparency and honesty when things go wrong, for example when a data breach occurs.

"Ensure staff are fully aware of consequences of accessing or sharing my data inappropriately, and that adequate action is taken when a breach occurs." – Individual

"The SSSC believes that ensuring the use of personal data is legally compliant is the most important thing that could be done to help to ensure a high level of trust." – The Scottish Social Services Council

Data quality and data literacy

Another theme was data quality, with two types of comments evident. Some respondents highlighted the importance of data quality, accuracy and completeness. They indicated that their trust would improve if they felt health and social care professionals understood the importance of, and were adequately trained in, the collection, recording and use of data, as well as data privacy and the handling of data. A few organisations including Microsoft, The Promise Scotland and the Health and Social Care Alliance Scotland provided detailed responses which stressed the importance of trusting relationships between individuals and professionals. They argued that trusting relationships can encourage individuals to feel empowered to share their information and to understand and make better decisions about data sharing, leading to better data collection and care. On a specific point, Aberdeen City HSCP noted the need for professionals to access secure equipment e.g. encrypted laptops and secure photocopiers.

The other strand of comments, from a small number of respondents, noted the importance of a means to review their data and correct any inaccuracies. A very small number argued a more integrated approach to data collection and sharing would improve trust.

"I don't know what they access today but I think if they had the right information in one place and used it professionally then [I] would trust them more than the disparate, inconsistent records of today." – Individual

4A. When considering sharing of your data across the health and social care sector, are there any health and social care situations where you might be uncomfortable with your data being shared?

A total of 95 respondents gave an open comment in response to Q4A. Respondents mostly took one of two approaches to answering the question, either citing types of data they would be uncomfortable sharing, or describing circumstances which would determine whether they were comfortable sharing. In addition, one quarter of those who answered stated there were no circumstances where they would be uncomfortable sharing.

Types of data

The most prevalent theme in responses to Q4A was the types of data which respondents would be uncomfortable sharing. A range of examples were cited by several individuals and a small number of organisations. Information about sexual health and sexual history was the most common, followed by information about mental health; both were raised by some respondents. All other examples were each mentioned by a few respondents, including: non-anonymised data or information which could identify an individual; historical information which is not relevant to current care needs; abortion history; information about disabilities; and one respondent mentioned problematic substance use. A small number elaborated by stating that this information could lead to them being unfairly judged.

"For the sharing of more sensitive information, it would be best practice to ask specifically for consent to share or restrictions over exactly what can be shared, e.g. mental health information, abortions, sexual health – these have a higher sensitivity." – NHSS Records Management Forum and NHSS Health Records Forum

Four respondents made a distinction between health data and social care data. Three individuals stated they would not want their health data shared with social care. The Promise provided a detailed response outlining the best practice for respectfully sharing young people, parents and carers information.

Circumstances for sharing data

Consent was the second most prevalent theme in responses to Q4A, with all who raised this issue stating that information should not be shared without individual's consent. A small number stated that they would only be willing to share if the appropriate approvals and data protection controls were in place. One individual suggested that the level of client sensitivity should be part of a governance framework. The Innovative Healthcare Delivery Programme (IHDP) made a specific point calling for patients to be helped to understand how electronic images used for clinical assessment are stored and used.

Another theme, mentioned by some, was that their data should not be shared with organisations beyond health and social care, with private companies, or sold for profit. Some noted they would be uncomfortable sharing information if it led to prejudice or harm to them or others. For example, sharing health data with insurance companies or the Department for Work and Pensions could negatively impact the level of insurance or benefits an individual is offered. A few others noted that sharing protected characteristics, such as disability, sexual orientation or gender identity, or sharing a diagnosis such as HIV status, could increase stigma, particularly in some cultures or small communities. These points were also raised by small numbers at Q4B.

"A commonly cited area of concern was around care experience during childhood, and historical treatment for diseases such as HIV; both of which continue to carry stigma, with individuals facing discrimination. Another example was the location in which certain health and social care services were provided, the detail of which might reveal a history of incarceration, whether for criminal or mental health reasons. There may also be records which – under the Equality Act 2010 – are protected and sensitive; for example, gender assigned at birth, which is likely to be information that many professionals do not need or should not be privy to." – Social Work Scotland

Others felt that they would only be willing to share data that was relevant to the professional and their care setting. Similarly, a small number stated that sharing should only be considered on a case-by-case basis, once they could provide informed consent.

4B. Under Data Protection legislation, your health and social care data can be shared in order to administer care. For what other purposes would you be comfortable with your health and social care data being shared within the health and social care sector?

Research and healthcare innovation

The most prevalent theme in the 87 open responses to Q4B was a willingness to share health and social care data for the purposes of research. Many respondents simply stated research would be a valid purpose for sharing but did not elaborate. However, some gave more detail, highlighting that research could result in improved interventions, new or more effective treatments, or create alternative ways to access services.

"To improve care for everyone (provided my privacy is protected) – both through service improvement by NHS but also research to work out better ways to improve health and care (treatments/ interventions)" – Individual

Performance management and planning

A recurring theme, mentioned by both individuals and organisations, was the sharing of data for service improvement. Some respondents noted the value of data in allowing health and social care services to audit and evaluate services, manage performance and improve the quality of service delivery. A few specifically highlighted the importance of data and data modelling in planning the distribution of funding and resources and forecasting future demand for services. Specifically, Inclusion Scotland noted that data on people's social care support needs will need to be collated in an unprecedented way to allow the new National Care Service to understand the need for services and plan at a local and national level.

Sharing data for use in developing wider public health policy was also mentioned by a few respondents, for example in developing public health initiatives and epidemiology.

"There is also an important distinction to be made between information shared about an individual to facilitate the delivery of a service, including protection, and information shared to evaluate and improve the quality of a service overall. The former requires detailed personal, identifying information to be shared, the latter does not. However, it is all "your health and social care data". The NHS has a framework for the safe use of individual's data for research and evaluation purposes, developed over decades. Any 'health and social care' data strategy should learn from, and where relevant replicate, this framework, The strategy must also make clear the distinction, described above, between purposes linked to the delivery of a service, and purposes linked to the administration / management / evaluation of a service." – Social Work Scotland

"The use of health data is crucial to the effective planning of services. Without data about how care is administered and the outcomes of this care, it is difficult to support the continuous quality improvement that is needed to improve patient care. The public must be consulted and informed about how their data is used to improve services and identify quickly where issues in care arise." – British Heart Foundation Scotland

Sharing data to administer care

Though the focus of the question was on the sharing of data for other purposes, some respondents reiterated the benefits of data sharing on administering care. Respondents argued that more data sharing was required within health and social care to ensure that services can provide the right care at the right time, without relying on the patient to provide necessary information. In their response, Microsoft described the example of the Dorset Intelligence Insight Service (DiiS). This was set up to link a patient's health, social care and socio-economic data from primary care, GPs, community and mental health, the police force, the fire service, and Dorset's three acute hospitals, and is now being used to make proactive decisions about individuals' care and in wider planning in the area.

Safeguards when sharing data

Around one in eight of those answering Q4B stated that they would not be comfortable sharing their data for other purposes within health and social care. Mydex CIC questioned whether the proposed sharing was feasible under existing data protection legislation.

Several other respondents outlined steps they would like to see in place to ensure they have control over how their data is shared, typically repeating actions or processes which have already been outlined in this chapter. In summary: several respondents noted that only anonymous data should be shared; some stressed that data should only be shared once consent had been given and this may need to be requested and granted on a case by case basis; and a small number reiterated that they would not be willing to share their data with private organisations.

5A. More people are using wearable devices to track their own health including sleep activity, mindfulness, heart rate, blood pressure and physical activity. Do you gather your own health data for example measuring activity, sleep patterns or heart rate through a mobile phone or watch?

If yes, would you want to share this data with health and social care professionals, and for them to use it to improve the services you receive?

Of those who answered Q5A, 65% stated they gather their own health data. Among the individuals who answered, 63% collected their own data. Given the more personal nature of the question, only 23 organisations responded, but of this group 70% answered yes.

Open comments were given by 73 respondents; slightly over half were individuals. The most common theme was agreement from several respondents, mostly individuals, that they would be happy to share their wearable data to improve services. A few gave examples of how they already collect or share data e.g. a Fitbit. Conversely, a very small number explicitly stated they would not share this information.

Uses of wearable data

The second most prevalent theme was that people's own health data, collected from wearables or from equipment such as personal alarms, could be useful for monitoring conditions such as diabetes or heart disease, or in highlighting a change in measurements which could mean there is a need for early intervention. A mix of individuals and organisations felt that as well as being useful for self-management, sharing this information could support ongoing care and reduce unnecessary appointments.

Some respondents argued that data collected by individuals should only be shared if it was linked to a specific purpose which was clinically relevant to the individual's care. A small number stated that they would be happy to share their data if the specific purpose was to help improve health outcomes and services more widely.

Consent and control

Some respondents highlighted the importance of individuals having control over sharing their wearable data, that it is only shared with consent, and ensuring individuals have sufficient information when deciding whether to share. A few stated they would only be willing to share their data if it could be stored securely or called for more clarity on how shared data would be stored and accessed. A small number stressed that they would not be willing to share wearable data with third parties for commercial purposes.

"I might be willing to use remote health monitoring devices and share that data with healthcare professionals, but I'd be concerned that it was also being shared with 3rd parties e.g. the equipment suppliers. Hence, I would want to have a more detailed understanding of who would have access to my data throughout the entire data lifecycle, including data gathering, processing, analysis, and storage." – Individual

Reliability of wearable data

Another theme, raised primarily by some health bodies and HSCPs, questioned the reliability and usefulness of data collected by individuals. Respondents argued that data collected by personal devices is not as accurate as that recorded by medical equipment. Views were mixed; some felt wearable data should not be used, while others felt it could but with a degree of caution. A few respondents highlighted that the data might only be useful if it could be added to or synced with NHS systems and records, for example by using NHS built or approved apps for data collection. A small number raised compatibility and security challenges around transferring data.

Less commonly mentioned themes

Other themes, each mentioned by very small numbers, included:

  • Ensuring that individuals who do not use, or cannot afford, wearable devices are not disadvantaged in the care they receive as a result, particularly as there may already be differences in health between users and non-users of wearables.
  • Concerns that data collected by individuals, for example weight or physical activity data, could be used against them by biased professionals who shame their choices or offer inadequate treatment.
  • One respondent suggested a system should be in place if the shared data requires an action e.g. there should be a process that triggers an appointment.

Contact

Email: DHCPolicyHub@gov.scot

Back to top