ICO publishes new tech guidance for healthcare providers

Regulator aims to ensure transparency on personal data use

ICO publishes new tech guidance for healthcare providers

ICO says new guidance will provide regulatory certainty to organisations using technology in healthcare delivery and research.

The Information Commissioners office (ICO) has issued new guidance for organisations providing health and social care.

The regulator's stated aim is supporting these organisations to ensure that they are being transparent with people about how their personal data is being used. The ICO said in a statement that it wanted to help healthcare providers define and assess appropriate levels of transparency and set out some practical steps to developing effective transparency information.

Health and social care data is enormously valuable – to the developers of technology, to the organisations, and of course to cyber criminals. At the same time, the greater use of technology and digitisation more generally in healthcare is being encouraged by the government and likely future government, given the potential for costs savings.

Technosolutionism aside, if patients and future patients have concerns about what their data is being used for they are less likely to support the march of digitisation in healthcare. Surveys have suggested that whilst at present, the wider population is broadly supportive of healthcare digitisation, younger cohorts are more suspicious. People tend to support technology which expedites their access to in-person healthcare (the NHS app being a good example) whilst being less supportive of tech that used as a substitute for it, or used as a barrier to access. Chatbots are unloved.

Trust is vital, as Anne Russell, Head of Regulatory Policy Projects at the ICO notes:

"Being transparent is essential to building public trust in health and social care services. If people clearly understand how and why their personal information is being used, they are likely to feel empowered to share their health information to both access care and support initiatives such as medical research."

The guidance follows public consultation which has led the incorporation of feedback from health and social care providers across the UK. It supplements existing ICO guidance on the principle of transparency and the right to be informed.

Anne Russell continues:

"As new technologies are developed and deployed in the health sector, our personal information is becoming more important than ever to boost the efficiency and public benefit of these systems. With this bespoke guidance, we want to support health and social care organisations by improving their understanding of effective transparency, ensuring that they are clear, open and honest with everyone whose personal information is being used."

This new guidance has been developed as work begins on the NHS Federated Data Platform (FDP) with Palantir. Numerous people and groups concerned with data privacy have questioned the wisdom of the healthcare data of every single UK citizen being available to such a controversial tech company. Concerns have also been raised about the transparency of the process by which that contract was awarded.

NHS England has recently signed a £10m contract with consultancy firm KPMG to build and implement the platform capability.