The SAVVI programme has been listening to its partners to understand some of the key barriers they experience when sharing health data at the local level.

We held a ‘barriers to health data’ workshop specifically to hear local anecdotes, discover what the issues are, and to understand the extent to which these issues pertain to accessing health data through data sharing. We then took our findings to national and local Health colleagues to discuss. 

This blog, co-produced with Paul Davidson, John Curtis, and Aidan Richmond distils some of the key messages from the two main workshops into two parts.


Part 1: The Local Anecdotes

The issues and barriers that we heard from local colleagues can be categorised under the following headings: Cultural, Legal, Technical and Trust. 

1. Cultural Considerations

The NHS is made up of many organisations: As well as the need for greater leadership, partners also referenced the complexities of health and social care sectors as another significant barrier. Useful data was said to be spread across many organisations who use various systems and operate at different scales or geographical areas. This requires buy-in and agreement of more partners and generally adds to the resources required to establish a data flow (share). We heard an anecdote from a Lancashire authority on their experiences with their local Children’s Safeguarding Assurance Partnership and Safeguarding Adults Boards. The council’s experience was that successful data sharing initiatives take time, building relationships with individual organisations and often specific people within them; if any of those individuals leave, or an organisation’s priorities change, the initiative can lose momentum.

With additional organisations also comes additional workload for those trying to establish a data flow, with time spent on liaising with partners, identifying legal gateways, undertaking Data Protection Impact Assessments (DPIA’s), drafting information sharing agreements, etc. We also heard that available guidance on these areas is spread-out and made up of lengthy documents, each using various acronyms and often with no glossaries or even conflicting interpretations. It was suggested that much gets lost in translation between organisations from different sectors.

Sharing about Sharing: Partners felt that many of the barriers outlined above could be addressed through the socialisation of successful health data sharing initiatives. Awareness of established data flows elsewhere and the applicable legal gateways would potentially offer a blueprint for organisations to follow, cutting down resource requirements during the discovery phase of any project and building the confidence to share.

Leadership is required for better data sharing: While all partners who attended our workshop highlighted the benefits of effective data sharing, and the issues lack of access to data can cause, many cited difficulties in getting the necessary buy-in from sharing organisations. Partners shared multiple anecdotes of initiatives that they couldn’t get off the ground due to a general reticence to sharing health data. This barrier seemed particularly prominent where partners were seeking to access data owned by primary care organisations. For example, one council in Yorkshire wished to access primary care data to inform a ‘blind spot’ in understanding clinical disease in care home settings. The council believe there are several appropriate legal gateways, but they have not been able to access the data.

Partners from a Greater Manchester local authority recounted efforts to access Health Visitor data from their local NHS Trust for their School Readiness initiative. The council has not been able to access the data, citing information governance/data protection issues as the main barrier. This experience was shared by most other local authorities in Greater Manchester, yet some were able to establish the same data flows with their respective NHS Trusts. It is possible that this disparity could stem from differing local arrangements, as the data is collected by organisations who manage Health Visitors on behalf of the NHS Trusts. However, most partners believed that these barriers often come from lack of leadership regarding data sharing and a general ‘computer says no’ attitude towards it. Even where legal gateways to share data exist, the data owners either are not aware of them or lack confidence in relying on them.

Conversely, we also heard anecdotes of successful data sharing initiatives. For example, a Merseyside based Council’s Supporting Families Programme receives Adult Mental Health data from a local NHS Trust, to monitor AMH as a family-based complexity. The council believes this was helped by the fact that they sit on the NHS Trust’s strategic group and therefore already had links at that leadership level. The council did mention that identifying the correct legal gateways was seen as an initial barrier, but with further consideration appropriate gateways were identified.

Delegates considered place-based leadership, including pooling of budgets and joint commissioning, a positive way forward to overcome some of these barriers.

Organisations have differing risk appetites: different organisations have differing levels of risk appetite. Some organisations are risk averse and others are more confident to share and are risk aware. To some extent, the level of IG maturity of an organisation influenced the risk appetite. 

Having awareness of established data flows (shares) used elsewhere was seen as a potential leveller for this, or as a solution to some of the cultural barriers discussed. If leadership of organisations who control data could see the benefits such initiatives were bringing elsewhere, through safe, secure and lawful data sharing, they may have more confidence in allowing data to be shared for similar purposes. One delegate stated that we need “one public service ethos to data sharing”.

2. Legal Considerations

Legal Gateways: While most initiatives we heard about believed they had the necessary legal gateways to share health data, some partners did note a lack of these as the main barrier. For example, one Greater Manchester Council cited data protection issues as a blocker to accessing data required for their Breastfeeding Support and Troubled Families initiatives. 

Data Protection: Reflecting on the anecdotes we heard at the workshop, ‘information governance’ or ‘data protection’ barriers were a common theme. Notably, no specific pieces of legislation were referred to as restricting sharing of health data. This is perhaps because most failed initiatives we heard about were from the perspective of those attempting to access data, who may not be aware of the data owner’s specific concerns. Unless otherwise stated it was presumed that the legal blockers referred to were the Common Law Duty of Confidentiality and where this was getting confused with explicit UK GDPR consent and where no enabler of data sharing could be identified.

This is not to suggest that such enablers always exist. For example, local authorities in Greater Manchester have not yet found a legal gateway for childrens’ social care data to be shared and used within an integrated digital care record. This has been confirmed with Health colleagues nationally. Elsewhere, a Merseyside Council successfully developed a Covid-19 vulnerability database, sharing health data under the COPI notice. This notice is due to expire at the end of March 2022 and the council is yet to identify an alternative legal gateway for these data flows (shares).

In considering legal gateways, partners have started to look at enablers outside of traditional health legislation. For example, one local authority relies on the Digital Economy Act to share data for their Supporting Families Programme. Partners seemed to agree that such new gateways, with a clear strategic outline, were very welcome.


3. Technical Considerations

Interoperability: Another common theme from the anecdotes we heard was poor interoperability between systems and poor data quality hindering effective data sharing and analysis. One upper tier Council found that, as well as the complexities stemming from the number of organisations party to their Safeguarding Partnership, Health Providers did not report and record things in the same way caused further problems. These are exacerbated in counties the size of Lancashire or Cumbria, with multiple providers all covering different parts of the county.

Similarly, the East Midlands Imaging Network (EMRAD) is a collaboration of trusts aiming to deliver timely and expert radiology services to patients across the East Midlands, regardless of where they are being treated. This requires data sharing/joint systems but is apparently impacted by data quality and standards.

These issues are thought to stem from the fact that the NHS is not a single organisation; the NHS franchise model means that focus on their respective primary responsibilities does not lend itself to include sharing data. Excluding secondary care organisations, there are tens of thousands of GPs across the country each prioritising in their own way, with their own systems and policies. Partners discussed a possible solution to this, considering whether bottom-up or top-down solutions would be more effective.

4. Trust Considerations

For an organisation to pass data to another, they will need to be assured of the arrangements that keep data secure, and well governed. We heard examples where different organisations have differing levels of data maturity, both from an information governance perspective, and from an information security perspective.

Part 2: The Discussion with National Colleagues

SAVVI met with key colleagues across the NHS at local and national level, DWP and Cabinet Office to discuss the above findings that we heard. From this discussion, we listened to the NHS perspective, found common ground and understood better which barriers could be addressed.

Here are some of the key discussion points from this workshop with NHS England, NHSx, DHSC, DWP, and the Cabinet Office:

Sometimes health data is not shared for a good reason: the NHS can have good reasons not to share the data they hold. These reasons can include the need to protect patient privacy, to protect the NHS’ reputation and integrity as a safe and neutral service that patients always trust to keep their confidentiality, or perhaps the aims of the data project do not align to the aims or mission of the NHS. It can be difficult to agree to share data for secondary purposes that are not care related.

The group discussed the need for a catalogue of what data has been requested, that has not been agreed to, so that we do not keep repeatedly asking NHS colleagues the same question without new evidence or different compelling reasons.

NHS colleagues sometimes find it difficult to access Local Authority data: the issue of data sharing is not all one way. NHS colleagues have experienced difficulty accessing local authority data. For example, a DHSC colleague could not get a child’s data on a critical safeguarding case as the local authority would not share because a child protection order was not in place.

Local confidence to share data is not consistent: even when data sharing is clear cut from a national perspective, it is still not happening consistently across the UK at a local level. This is sometimes due to confidence to share on the local level. It has been shown in places such as Bristol and London, where health and social care meet together regularly, that data sharing is often successful.

There are emerging technologies that might support sharing health data: emerging trust technology, such as digital identity and digital wallets, allow individuals the control of who information is shared to. This is perhaps a solution to some of the current data sharing barriers, for example health data could be shared as a customer attribute with the DWP for benefits purposes via a digital wallet.

We are at the start of a national conversation about health vulnerability in the Digital Economy Act: The Digital Economy Act 2017 provides greater clarification on data sharing between public bodies. However, the current legislation does not cover health data. We understand that the legislation team responsible for the Digital Economy Act within the Cabinet Office are starting to look at this and have had early conversations about how health data might be included.

Next Steps

We agreed to continue this conversation, and to explore those barriers that SAVVI is best placed to help alleviate. For example, the SAVVI catalogue is seen to be needed by both local and national colleagues as a way to surface and share what data is being shared. Further workshops and meetings on this topic will be shared in future blogs; if you wish to be kept up to date on SAVVI news, please sign up to the SAVVI mailing list.