This article will examine the UK’s latest health data protection trends. With the introduction of General Data Protection Regulation and the Data Protection Act 2018, businesses must understand how to carefully and lawfully protect consumer data. This is of high importance, particularly where there is a high chance of cyber attacks and data breaches for smaller and medium-sized businesses, with 43% of cyber attacks being towards these businesses.
Furthermore, this article will provide an understanding of why consumers are now more open to share their data with companies, where there was a 23% decrease in consumers who labelled themselves as ‘very concerned’ with how organisations handle their personal data, as compared to two years prior.
Lastly, this article will analyse the NHS’s health data protection process, and outline how e-Pharmacy will protect partners from any potential health data breaches.
Businesses collect various forms of customer data, which is then stored within their database, and in some cases may be passed on to third or fourth parties. The data businesses collect may include: Names; Addresses; Emails; Telephone Numbers; Bank and Credit Card details; and Medical information . Due to the sensitivity of this information, it is important businesses take precautionary steps to ensure the privacy of their consumers is protected.
This is particularly important to small and medium-sized businesses, where 43% of cyber attacks are towards small and medium sized businesses, yet these businesses are often the least prepared . This makes consumer data protection even more important as if customer data is leaked or shared, it can lead to a decrease in customer trust and cause reputational damage beyond repair.
For the business, criminal action may be taken against them if found liable of not complying with the UK’s current data protection law.
In the UK, the Data Protection Act 2018 (DPA) controls how personal data and information can be used by organisations and businesses . The DPA 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). This regulation means businesses and organisations must follow the ‘data protection principles’ which state information must be:
It is important businesses practice these regulations as failure to comply with the Data Protection Act 2018 can lead to major fines, where the UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover for any infringements , thus indicating the seriousness of protecting customer data.
According to Experian, there are four different types of consumer groups which share their data in different ways . The consumer groups are: Unaware, Acceptor, Cautious & Incognito.
A Deloitte study with 4,150 participants revealed consumers are willing to be more transparent with online businesses, and therefore are more likely to share their personal data . The main reason for this appears to be GDPR, which ensures consumer data is protected by businesses, and consumers explicitly grant permission for businesses to store this data.
The study found :
Despite the difference in consumers, it appears all consumers are willing to share their data, although they may accept terms and conditions in different ways. The main similarity between these groups appears to be that consumers must feel like they receive a benefit from sharing their data. In return, consumers are more open to sharing their data.
Nevertheless, some consumers still appear to feel concerned about their privacy, thus have taken action to ensure their data remains secure. This includes 81% taking action due to data privacy concerns, 40% have deleted an app, and 43% have removed their browser history  . This indicates consumers are still wary about sharing their data with online platforms, thus companies must ensure they improve compliance and consumer confidence through building trust and remaining transparent with consumers.
Although consumers are now less concerned about sharing their personal data with online businesses as compared to 5 or 10 years ago, some consumers still require some sort of benefit to sharing their data. In a consumer study, 50% of participants said they would only share their personal data if there was a “clear reward in doing so”, whereas the number of consumers who will not share their personal data under any circumstances has fallen from 31% to 25% . This indicates consumers are still wary about sharing their data with organisations, and so companies must do more to ensure consumer information remains safe and secure
Companies can build trust with consumers by being transparent, allowing consumers to have control of their data, and also their perceived benefits for consumers involved in data exchange.
Overall, despite the general decline in consumer concerns over privacy, some consumers are still wary about sharing their data, and companies must do more to prioritise these factors, in order to build consumer trust.
Health data is safeguarded and regulated in several ways – confidentiality of the medical profession, the Data Protection Act 2018 and General Data Protection Regulation (GDPR) . The NHS will hold health data on everyone who uses the service, and health records will be updated every time patients get care or treatment . This enables the NHS to provide patients with the correct care and treatment.
Nevertheless, the NHS is obliged to keep this data confidential and safe, and will only share health data in certain circumstances, such as with other health services looking after patients. These organisations may include dentists, community pharmacies, and social care services. However, any information shared with these organisations must be relevant to the care the organisation is providing to the patient, which will ensure patient confidentiality is prioritised.
The NHS also ensures patients have rights with the use of their data, otherwise known as ‘Privacy Rights’:
It is also important to acknowledge the NHS may share patient data in other ways such as to improve the public’s health and NHS services; for training and research; and to investigate a serious crime or protect a child or vulnerable adult from harm. Despite this, information which will easily identify patients will be removed, and the NHS will only share the minimum data, through compliance with the law.
In 2021, the NHS implemented a new system which meant patient data held by GP surgeries in England could be fed into a central NHS database  . This new policy meant that under the General Practice Data for Planning and Research (GPDPR) system, information from the past 10 years could be gathered from GP surgeries in England and transferred to the central database. The data included could include sex, ethnicity, sexual orientation, diagnoses, symptoms and test results. Although this system allows for patient data to be assessed and stored in a more consistent way, it is still prone to criticism as third parties will be able to access the data under certain circumstances. These third parties may include researchers at universities, charities and private companies.
As this data contains highly sensitive details about patients’ mental and sexual health, and a lack of transparency has been reported with many patients not knowing about the scheme, it has caused much criticism. As of the 22st of August 2021, more than 1.4 million patients decided to opt out of the data-sharing scheme due to the privacy concerns raised by both doctors and privacy campaigners  . Instead, due to campaigners and the major public backlash, the NHS delayed the scheme’s implementation and have stated that patients will be allowed to opt out at any stage, with their data deleted even if it had already been uploaded. This indicates that patients are still wary of their health data, and many would prefer their data remained secure. Therefore, this suggests the NHS must ensure they are transparent with patients, so that data is used in a fair and legal way.
As previously stated, consumers who perceive a brand to be ‘trustworthy’ are more likely to share their data with companies, as they are more likely to protect their information. Therefore, it can be assumed that those companies who do not carefully protect consumer information are more likely to receive a bad reputation, and lose the confidence of consumers. Once customer trust is gone, they are likely to tell other customers their information has been compromised, which in turn will often cause reputational damage beyond repair.
When customers enter their identity details for an e-Pharmacy prescription, e-Pharmacy will securely store customer details directly onto our database. This means 3rd parties will not have access to any customer information, instead they will only have access to a unique has code which is generated when customers input their data onto the e-Pharmacy platform. As partners will not be able to access the information on the hashes, partners will not have to worry about handling any sensitive customer data, which removes the risk of any possible data breaches. e-Pharmacy will ensure customer data is protected.
 FSB | Why is data protection so important? | https://www.fsb.org.uk/resources-page/why-is-data-protection-so-important.html
 Mimecast | Why SMBs Are Under-Prepared for CyberAttacks | https://www.mimecast.com/blog/why-smbs-are-under-prepared-for-cyberattacks/
 UK Government | Data protection | https://www.gov.uk/data-protection
 IT Governance | GDPR Penalties and Fines | https://www.itgovernance.co.uk/dpa-and-gdpr-penalties#:~:text=The%20UK%20GDPR%20and%20DPA,whichever%20is%20greater%20%E2%80%93%20for%20infringements.
 Forbes | Understanding Consumers’ Attitudes About Data Sharing And Building Trust | https://www.forbes.com/sites/forbesagencycouncil/2019/11/20/understanding-consumers-attitudes-about-data-sharing-and-building-trust/?sh=27861abf452a
 Deloitte | Digital Consumer Trends | https://www2.deloitte.com/uk/en/pages/technology-media-and-telecommunications/articles/digital-consumer-trends-data-privacy.html
 Deloitte | Dicing with data: Proportion of consumers ‘very concerned’ over sharing data online halves in two years | https://www2.deloitte.com/uk/en/pages/press-releases/articles/dicing-with-data-proportion-of-consumers-very-concerned-over-sharing-data-online-halves-in-two-years.html
 Acxiom | Data privacy: What the consumer really thinks | https://marketing.acxiom.com/rs/982-LRE-196/images/DMA-REP-DataPrivacy-US.pdf
 Patient.info | How the NHS handles your data | https://patient.info/news-and-features/how-the-nhs-handles-your-data#:~:text=The%20NHS%20holds%20data%20on,health%20professionals%20looking%20after%20you.
 NHS Inform | How the NHS handles your personal health information | https://www.wihb.scot.nhs.uk/wp-content/uploads/2019/03/How_NHS_handles_your_data.PDF
 BBC News| GP data sharing: What is it and can I opt out? | https://www.bbc.co.uk/news/technology-57555013
 The Guardian | NHS data grab on hold as millions opt out | https://www.theguardian.com/society/2021/aug/22/nhs-data-grab-on-hold-as-millions-opt-out