UK pharma seeks to establish health data principles as part of plans to unlock NHS data


The British Association of the Pharmaceutical Industry (ABPI) has recently concluded a consultation on its new draft Industry Governance Principles to guide the pharmaceutical industry when analyzing and using health data .

Recognizing the “huge potential” to unlock data, which is routinely collected and stored by the NHS, “on everything from health services to treatments and outcomes across the country”, the ABPI seeks to build “trust , transparency and public participation” in the use and analysis of health data by the biopharmaceutical industry. The draft principles (which were the subject of the consultation) are intended to work alongside existing governance processes and include:

  • Lens Transparency: Researchers will be clear and open about i) their goals and purposes for using health data; ii) how the data in question will be analysed; iii) expected benefits; and (iv) possible risks and how they will be managed.
  • Clarity of arrangements. The contractual arrangements will yield “fair value” to the parties and data custodians involved and will promote the sustainability of the system whether individual projects succeed or not.
  • Participation and engagement of patients and the public. Patient and public representatives will be involved in the design and approval of future data projects.
  • Non-exclusivity of arrangements. Any data set must be available for analysis by other “good faith researchers” and the beneficial results must be applied across the UK health service.
  • Compliance with applicable laws and regulations. All projects and arrangements will comply with applicable legal, regulatory, security and confidentiality obligations.

Increased digitization and capitalization of health data

It makes sense that the industry is seeking to implement guiding principles for best practice in the absence of clear legal guidance, and as the UK government and other regulators strive to exploit and capitalize on many rich healthcare datasets in a way that mitigates privacy and other risks. .

The UK government has recently set out an “ambitious” digitization plan, recognizing the immense potential for innovation through the digitization of the sector, as well as the wider value and opportunities offered by rich datasets in health .

For example, at the HSJ Digital Transformation Summit earlier this year, Health and Social Care Secretary Sajid Javid highlighted the key role and value of NHS data, acknowledging this “valuable resource in the form of data…including some of the largest in the world”. genomic datasets.’ He then outlined the government’s “ambitious agenda” to harness technology in the health sector to drive “a new era of recovery and reform”, with priorities for the digital transformation of the NHS including:

  • ‘enhance’ digital provision across the NHS and social services, with targets set for rolling out electronic patient records;
  • a greater emphasis on personalized and remote healthcare, including increased use of the NHS app, for example through digital diagnostic and treatment capabilities such as remote monitoring and ‘virtual services’ ; and
  • take “big game-changing bets” on emerging technologies and data.

Mr. Javid also announced that the final guidance document Data Saves Lives and the First Digital Health Plan will be released later this year.

Risk management: compliance, security and bias

The core ABPI principles also recognize the significant risks inherent in the use of health datasets, such as bias, security and compliance. These risks are also very much on the minds of government and others looking to use health datasets.

cyber security

Cyber ​​resilience and building a culture of vigilance will be a key focus area for many organizations as they explore opportunities for innovation. The UK ICO has seen an almost 20% increase in reports of cybersecurity incidents involving personal data over the past two years. Mr Javid was keen to highlight the government’s efforts to build “cyber resilience” across health and care to prevent cyber attacks that could impact patient safety. He claimed that since 2017, four major attacks with a potentially “catastrophic” impact on the front had been averted.

Data protection

Of course, any move to make greater use of healthcare datasets will need to be done with data protection laws in mind. For example, the expansion of the NHS app is crucial to Mr Javid’s personalization goals, and many need not recall that developing contract tracking capabilities faced many complexities in with regard to both data protection and broader data ethics considerations.


Mr Javid acknowledged the critical importance of ensuring public trust in health data and in data security and called for closing the “diversity gap” in the health sector. We have seen a number of recent examples of the UK government trying to tackle these important issues, albeit with results yet to be demonstrated:

  • Dr. Ben Goldacre was recently tasked with a rapid review of the better and safer use of health data for research and analysis for the benefit of patients and the health sector.
  • Separately, we have also seen the recent announcement of a government pilot program using AI to reduce stigma in healthcare.
  • Mr Javid also recently launched a review of potential biases in medical devices, led by Dame Margaret Whitehead.

Comments and key points

While it is clear that the health datasets under consideration are huge, rich and have great potential, the risks and practical hurdles of leveraging this data present significant challenges and we look forward more concrete proposals from the government.

The UK’s approach here is in line with its broader approach to data reform and the National AI Strategy released last autumn. Unsurprisingly, it also shares much in common with the ambitions and concerns being considered at European level (see for example our recent analysis of the European Commission’s plans). It will be interesting to see how closely the UK eventually aligns with the EU on these issues after Brexit.

It may also be possible to look to other industries to see how they are addressing the uncertainties surrounding digital transformation (for example, initiatives in the financial services industry to manage biases in algorithmic decision-making). More broadly, the high-level principles that are often articulated in relation to personal data may have broader applicability, for example the UK ICO has detailed guidance explaining decisions made with AI.

Key points to remember:

  1. We foresee an increase in data-driven investment opportunities in the healthcare sector to capitalize on the rich datasets that exist.
  2. Stakeholders will need to closely monitor developments as the UK government (and other international actors) address the regulatory implications and inherent risks.
  3. From a compliance perspective, it makes sense for the industry to seek to implement clear (and sufficiently flexible) guiding principles for best practice in the absence of clear legal guidelines.

[T]health datasets…are huge, rich and have great potential [but]the risks and practical hurdles of leveraging this data present significant challenges…


Comments are closed.