Academic and commercial researchers using patient data are increasingly turning to real world data to gain broader insights into patient care and treatment. The UK is uniquely positioned to unlock the potential research, innovation and social value of health data generated by the NHS, and until recently, there has not been a unified approach to academic and commercial collaborations involving patient data.
The newly released guide to effective NHS data partnerships from NHS England (the “Guidance”), recognises the significant social and economic value that data partnerships can offer, and aims to provide guidance to NHS organisations on establishing data partnerships in order to promote consistency and streamline approaches across the NHS.
The Guidance relates to multiple different types of data partnerships including third-party requests to access NHS data assets for research and development purposes, validation of a solution to a healthcare problem requiring data access, or an NHS organisation reaching out to third parties to use data to solve a particular challenge.
The Guidance focuses on certain key topics summarised below.
The Guidance sets out three options for access to NHS data assets:
- the data remains in the NHS environment and only NHS staff work on the data, with the third party partner only having access to aggregated results;
- the data is shared via a secure data environment (an “SDE”), a data storage and access platform managed by the NHS and which permits authorised users to analyse data without it leaving the secure environment or seeing patient-identifying data. This is stated to be the default method of data sharing in the future; or
- the data is only shared in a pseudonymised or anonymised form. This is method is stated to only be possible in a small number of cases as it comes with risks, and that in the future analysing data outside of an SDE will be “extremely limited” and will require “significant justification”
One of the key focus areas for the Guidance is that fair value is obtained for the public from data partnerships. Accordingly, the Guidance sets out four principles to govern commercial terms for data partnerships:
- Cost of access should not prevent good use of data. The Guidance highlights that protracted negotiations risk preventing the benefits being delivered to the public and accordingly a “consistent, efficient approach that aligns incentives for all parties is preferred to optimizing each individual negotiation”.
- The NHS will always charge a fee for accessing health data. See below for a summary on how the Guidance advises the fee is to be determined.
- The cost of access should depend on how the data is being used. The Guidance advises that “NHS parties should not routinely set a relatively high charge for commercial companies and a low or no charge for non-commercial” entities. Instead, the charge depends on the use case.
- The NHS should share in the value create by its data. “The NHS should seek a share of any commercial value arising from a data partnership proportional to the NHS’s contribution to that value.”
The Guidance goes into further detail on how NHS organisations might determine pricing for data partnerships by the use of a pricing strategy.
- The Guidance stresses that the fees involved are highly context dependent considering the costs to the NHS organisation of being involved in the project, the value of any services being provided by the NHS party (such as data curation) plus the price of the data.
- For commercial uses, the Guidance advises “the commercial arrangement governing the partnership should fairly allocate the commercial gains between the parties based on their respective contributions, roles, responsibilities, risks and investment”, and suggested options include fixed payments, subscription payments, milestone payments and revenue royalties.
Intellectual Property Rights
The Guidance sets out that, provided the NHS organisation obtains fair value from a collaboration, the NHS owning the foreground IP created from the transaction may not be the most effective way to maximise public benefit: “generally, it is best for marketable foreground IP to be held by the partner with a track record of taking products to market.”
- The Guidance gives a brief overview on ensuring compliance with data protection legislation and patient confidentiality.
- The Guidance highlights how transparency requirements should be satisfied by NHS organisations via a communications plan, including patient information leaflets and social media posts as well as required privacy notices.
- In order to comply with information governance principles, the Guidance requires the following: DPIA, due diligence checks on the partner, a Data Processing Agreement, a Data Sharing Agreement, and transparency information (a privacy notice).
- The Guidance recommends that NHS organisations form a data assets management committee. Such committee will be responsible for approving new data partnerships and so should be accounted for in contractual negotiation timetables.
- The Guidance also recommends that NHS organisations have a data assets management strategy. The strategy will define the organisation’s approach to using their data assets to ensure consistency in responding to approaches from external parties seeking to access the data. The strategy may also define the types, or number, of data partnerships that the NHS organisation will enter into.
- The Guidance encourages NHS organisations to consider their capabilities and capacity for entering into data partnerships, such as ring fencing the time spent by staff on partnerships. The Guidance also suggests stipulating in the contract that NHS staff will be trained by the partner’s experts.
- The Centre for Improving Data Collaboration (CIDC) is offering to give advice to NHS organisations on particular data partnerships, including specific value return models; commercial partners may be concerned around confidentiality undertakings (such as NDAs) being extended to the CIDC in such cases.
Other Legal Terms
- The Guidance suggests that the NHS organisation establishes how it will recharge for extra demands resulting from the collaboration and that it is able to stop work if it is no longer making a positive contribution. This could be difficult for commercial partners that are investing funds up-front in the data partnership.
- The Guidance identifies a risk as the possibility of major changes at the partner organisation, with the solution being protection in the contract. The Guidance further explains that in this situation, the data must be returned or destroyed.
The Guidance sets out a number of more ambiguous considerations when seeking a third party collaborator for data partnerships, including the vision of the partner, whether they are well established in the UK, their leadership/management style and interactions with staff, common values, and responsiveness and transparency.