Integrated data for integrated care

13 July 2021

The recent draft data strategy from the Department of Health and Social Care represents an opportunity for health and care organisations to review how effectively they are using data to deliver their strategic objectives.

On 23 June the Department of Health and Social Care released its draft data strategy.

Central to the strategy and delivering its outcomes of joined-up care and the population health agenda is the ability and commitment to share data. As Matt Hancock, the former Secretary of State for Health and Social Care, recently outlined:

The golden thread that runs through all these changes, all of these areas of reform on integration, on public health, on mental health, on social care: the golden thread is better use of data.”

The importance of sharing data to empower patients and service users, enable staff to do their jobs effectively, improve patient and population health outcomes, reduce health inequalities and support research and development has long been recognised by those working in the NHS and its partner organisations. However, despite this commitment, the potential of data sharing has never truly been realised by the NHS. The reasons for this are complex but include a mix of cultural factors underpinned by the absolute primacy of upholding patient confidentiality (something we must never lose sight of).

This makes it more challenging to balance the benefits of data sharing for the wider system against individual privacy when the NHS is compared, for example, to private sector organisations. Yet striking the right balance that upholds the patient/professional confidential relationship, trust and accountability in the health and care system while supporting effective service delivery and innovation must be a priority if the opportunities outlined in the strategy are to be achieved.

When it comes to patient data, the principles arising from the common-law duty of confidentiality have played a major role in developing the thinking and behaviour of health and care professionals over the years. The simple yet effective message that patient information should not be shared outside the direct care team without the consent of the patient (with certain exceptions such as sharing for public interest or for safeguarding purposes) has been widely communicated across the NHS. It has therefore become the default and ‘safe’ principle adopted within the culture of many health and care organisations. This position has not always been helpful in supporting professionals to share patient data when it is right to do so.

The consent challenge

Although common law has the same status as statute in UK law, data protection law outlined by the UK General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018 has introduced a more nuanced position to the sharing of data. For example, consent given by individuals to share their personal data must be based on genuine control and choice by individuals around how their personal data is used without them suffering any detriment if they choose to withhold it - individuals must be in complete control and have the right to request their data be erased if they choose.

These conditions are unlikely to be met in many health and care situations including, for example, patient records. Instead, sharing of personal data for purposes such as protecting public health, ensuring high quality in care standards and scientific research are all explicitly recognised (with certain limitations) as legitimate reasons for using and sharing personal health data without the need for patient consent.

Disparities such as these have led to the development of an unclear system for the sharing of patient data. It is further complicated by initiatives such as the national opt-out scheme that allows patients to choose that their information is not used for research and planning in certain cases.

None of these principles is wrong per se, but they do create a complicated and unclear system where boundaries are blurred around the sharing of personal patient data and its ownership and control. It is understandable, therefore, why health and care professionals will often adopt the least risky position and avoid sharing data unless it is clearly necessary for delivering direct patient care.

The draft data strategy commits to developing secondary legislation that will enable data sharing that supports the ‘health and care system’. This legislation must facilitate the adoption of a clear position, defining what type of organisations the wider health and care system includes and for what purposes personal health and care data can be shared and where it should be anonymised.

Anonymising data

The anonymisation of data creates a further challenge for organisations and health and care professionals to get their heads around. If a duty to share anonymised (fully de-identified) data through the health and care system is created, delivering this will require practical guidance and support. Holding meaningful consultations with professionals and patients and clearly communicating future principles for data sharing is crucial, particularly when this takes place with private sector partner organisations for research, innovation and ‘public good’ purposes. The recent plans to pool NHS data and make it available for research and the resulting push back from medical professionals is a case in point.

To uphold patient trust and meet legal requirements, organisations and health and care professionals must have confidence that the anonymised data they are sharing is fully de-identified, both now and in a way that is ‘future proofed’. This is not always simple to deliver in practice. Research has shown that anonymising data so that it can be released into the public domain is complex and without guarantee that it won’t be re-identified by connecting it to other information in the future. The Netflix example from 2007 demonstrates the uncertainty that organisations can face when releasing ‘anonymous data’ into the public domain.

Clear guidance and support in areas such as ensuring professionals understand what is considered to be an acceptable re-identification risk (if any) and in deploying anonymisation techniques using new technologies will be crucial to ensure anonymised data sharing happens in practice and maintains patient trust in healthcare organisations.

What is really welcome about the draft data strategy is that it recognises the importance of people and we will talk about this more in a future illumination. art of their strategy in delivering system working and population health management.

Data as an organisational asset

Many private organisations count the data they hold as a key business asset and, just like any other important financial asset, its impact upon the delivery of their strategy is considered by the leadership and the board.

Profit is not a determining factor for public sector organisations, but value for money and ensuring the best possible patient care and outcomes are delivered certainly should be.


  • Professionals must be given a clear steer about how and when to share data.

  • Digital systems used for the sharing of patient data need to be designed and built to support professionals to make the right decisions and to develop cultural change through doing.

  • Boards should develop a clear understanding of the value of data as an asset and its central role in delivering their organisational strategies, including in developing system working and meeting population health outcomes.

Ensuring that the board has the right level of skills and information to realise the benefits of effective data use will also be essential. We can help.

If you have any questions or comments or would like support with anything in this briefing, please call us on 07732 681120 or email

Prepared by GGI Development and Research LLP for the Good Governance Institute.

Enquire about this article

Here to help