Public sector officials tell UKA that the tension between two new regulations could create problems, and that there are still barriers to the integration of health and social care
Senior public officials are beginning to feel concern over the prospect of two new laws - the General Data Protection Regulation (GDPR) and the Digital Economy Bill (DEB) – pulling data sharing in different directions.
The perspective has emerged from a group of officials – largely from local government – responding to questions from UKAuthority in a piece of research supported by business-critical software, technology and outsourcing specialist Civica. (The report is available for download at the end of this article.)
They conveyed a perspective that the GDPR, due to come into force next year, places an emphasis on giving people control over their personal data; while the DEB, currently going through Parliament, has attracted complaints that it is too relaxed around data sharing. Wherever they stand on the issue, public authorities may feel unsure about what exactly the law requires.
Two-thirds of the respondents to the question on how the anticipated laws relate to each other said they foresee a conflict, with a quarter saying it could be serious. One made a significant point that the two sets of regulations use different terminology and this is likely to increase the confusion.
Security and control
Overwhelmingly, they could see benefits around security and giving people control of their data in the GDPR, while majorities believed the DEB would do more to improve data sharing, identify citizen service needs and cut down on fraud.
It was also notable that majorities of respondents anticipated that both laws will improve service delivery.
Most also said their organisations were making some preparations for the GDPR. This is taking different forms, such as reviewing business processes and risks, drafting policies for staff to follow, and preparing an action plan for relevant work.
But only a handful said they have done so for the DEB.
It points to an uncertain situation that, while not yet on the radar of many organisations, could create problems once both laws are on the statute book. It also indicates that data sharing is likely to demand a careful approach.
One official made a pertinent point about the need to show how it can enhance service delivery, and for “an informed conversation between those organisations needing access to personal data and customers/citizens who have the right to protect their sensitive information”.
Need for balance
This comes back to a challenge that has faced the public sector for a long time: finding the right balance between respecting the sensitivity of personal data while using it to help organisations work together. The need to find the balance is increasingly urgent, especially as the financial squeeze and ageing population demands a new model for health and social care, but the new legislation threatens to move the goalposts.
The officials also identified a variety of factors in the way of data sharing for the integration of health and social care – generally recognised as one of the priorities for public services in the next few years.
Most of the respondents provided ratings of more than 50% to indicate how much of a barrier was created by specific issues in attempting to bring together the data from the two sides.
Some of the problems are around technology: most agreed to some degree that digital solutions are not yet sufficiently mature to support integration, and that policy in the area is not yet aligned with the possibilities of technology.
There were also majorities indicating problems in the conflicting priorities of budget holders in health and social care, overall limits on funding, cultural differences and the incompatibility of governance structures between the two sides, and a lack of clarity on the legal status of data sharing.
Worries about other issues – leadership, fear of change and a disparity between the footprint of NHS Sustainability Transformation Plans and local authority boundaries – were less pronounced but still an issue, with most respondents registering some measure of concern.
Several reactions to a question about priority steps to overcome the blockers focused on the need for clarity around data sharing. They included:
- “Clear national rules about what data can and cannot be shared and through what levels of security to follow patients through the system.”
- “Greater clarity at national and regional government levels on the need to consider grounds for data sharing and how valuable data is as an asset for solving some intractable public sector challenges.”
- “A mandate from central government that health and social care can share information, and a programme to support the development of policies and technology to support it.”
But there were also responses focused on the need for requirements specification, systems interoperability, a clear governance model, and “regional leadership with teeth”.
The responses create cause for concern in suggesting that organisations see a large element of the solution, the need for central guidance, as being out of their hands. But the urgency around the issue means they cannot wait indefinitely; some will have to press ahead and develop their own leadership to overcome the barriers.
Steve Shakespeare, executive director of Civica, comments:
"We live in a truly global digital world, one that is expanding at a rapid pace with customers demanding, faster, intuitive and enriched interactions. To compete in this new world, a deeper insight into both business and customer needs are required - as is the need for regulation to ensure the rights of customers are protected.
"Our recent survey with UKAuthority highlights concerns between the pending GDPR and Digital Economy Bill and the potential conflict this presents between the protection and sharing of data. However, an in-depth understanding and integration of data across the public sector is at the heart of being able to really transform services and deliver better outcomes. But at what cost to customer privacy and business sustainability, with substantial non-compliance fines soon coming in to force?
"As we move forward the demands to use and connect data to forge deeper insights, whilst maintaining the trust of customers, will continue to challenge those looking to progress. So it’s important that we collectively find the right balance and continue to transform services and improve lives."