Cross Talk on consent

The fraught debate about creating electronic records in the NHS tends to focus on consent. A new report on data sharing may just have found a new way forward, argues Mike Cross. 

In the great film The Godfather, Don Corleone said memorably: "I'm gonna make him an offer he can't refuse." Much of modern life is now presented to us in similar terms.

“All the time, in every walk of life, we are asked to give consent in ways that mocks the meaning of the word.” In theory, I suppose we could refuse to consent to the terms and conditions that come with a software package, a credit card or an airline flight. But we wouldn't have very interesting lives if we did; no software, credit or long-distance travel, for a start.

So it is with consent to medical procedures. In most circumstances when I've been asked to sign consent forms for myself or others, I've been in no condition to read them properly, let alone rationally assess their contents. All the time, in every walk of life, we are asked to give consent in ways that mocks the meaning of the word. 

Consent: a modern dilemma

It's strange, then, that consent has become the fulcrum of the debate about the ethics of electronic medical records. In all the arguments over implied or explicit, opt-in or opt-out, over what constitutes "informed", everyone assumes that consent itself is the goal; the bit that matters.

This assumption gets a comprehensive kicking in the independent review of data sharing commissioned by the Prime Minister that's published this month.

Don't get me wrong: in their excellent Data Sharing Review Report, Information Commissioner, Richard Thomas, and Wellcome Trust director, Mark Walport, say that consent is good. "We support the instinctive view that, wherever possible, people should consent to the use or sharing of their personal information."

In practice, however, they point out that things are not so simple. In many cases, consent for sharing information is neither practical nor sensible. Obviously, nobody asks a suspect in a criminal investigation whether they consent to having information shared with the police.

There are many other situations where it is unrealistic to grant individuals full control over access to, and use of, information about them. If we ask for consent in these cases, we either don't understand what we are doing or don't intend to abide by the result. In either case, it is a lie.

Not all public services fall in to this category. Mr Thomas and Dr Walport say there are circumstances where consent is both practical and reasonable.

Citizens applying for a photocard driving licence can give consent for their passport photograph – which is already held by the government - to be re-used rather than sending in a new one. The choice is genuine because the system can deal with whatever option people go for.

Consent in healthcare

“We could offer people a new opt-out. Perhaps: ‘I opt to use other people's data to inform my care, but I don't want my data used to help them’.” But what about healthcare, a discipline whose ethics have always been rooted in consent? When they consent to care, should patients be given the additional choice of exercising control over their information?

Mr Thomas and Dr Walport seem to say no. Their case is based partly on practical considerations. Can NHS organisations set up parallel systems to cater for the minority of patients who might want to opt out of their routine ones? What happens when an individual withdraws consent for their data to be re-used?

But there are some bigger picture issues, too. Can people expect to receive a taxpayer-funded service and insist that it doesn’t keep records about them? And if the care that we receive is based on data gathered from others, is it ethically right for us to decide that we want to withhold information that might benefit others in their turn? 

Transparency is key

The solution, the review says, is not to ask patients' consent for their information to be stored and shared, but rather to be up-front about what will be held about them and what it will be used for. Transparency is essential.
Patients should be told exactly what information will be used by the care team and for management, audit and research purposes. They should be told exactly what other bodies the NHS may share information with and on what basis.

All this, of course, depends on having "robust systems" in place to protect privacy. The rest of the report has many sound suggestions for improving information governance and catching people who misuse data.

I suppose people could still be offered an opt-out, but it should be couched in terms that emphasise the selfishness of the act. Perhaps: "I opt to use other people's data to inform my care, but I don't want my data used to help them." I think the Don would approve. 

You can read the Data Sharing Review Report on the Information Commissioner’s website

About the author: Michael Cross is a freelance journalist specialising in healthcare informatics and e-government. He is a member of the British Computer Society.