Header graphic for print
Focus on Regulation

Privacy and common standards underpin UK Government’s strategy for technology-driven healthcare

The UK Department of Health and Social Care (DHSC) has published a new policy paperThe future of healthcare: our vision for digital, data and technology in health and care” setting out the UK’s approach to using the best technology available in the National Health Service (NHS) and social care sector to provide better care and improved health outcomes.

The DHSC recognises the potential of new technologies to provide ground-breaking diagnostic, treatment and preventative interventions, assist with long-term patient support and generate large real-world datasets that can be used to assess the safety and effectiveness of interventions. However persisting procedural, cultural, technical and regulatory barriers mean that the NHS are not making the most of these new technologies resulting in many NHS staff still relying on paper-based processes.

The key principles and priorities set out in the paper include:

  • Privacy and cyber security – the DHSC plans to build on existing legislation, standards and guidance to safeguard patient privacy, give patients control over their data and restore public confidence in NHS IT systems after a recent high-profile cyberattacks. The policy paper refers to a number of existing NHS and national toolkits and guidance documents that assist innovators in ensuring that new systems and tools for storing, sharing and using patient data are compliant with the GDPR and patients’ consent where appropriate. Standards and guidance documents, such as the Initial Code of Conduct for Data-Driven Health and Care Technology, will be reviewed and revised to respond to rapid changes and developments in healthtech.
  • Clear, common rules – new rules governing evidential requirements, privacy, cyber security and access to data are needed to improve market access for small companies and promote the development of high-quality solutions. The DHSC aims to develop clear, easily accessible and consistent rules through collaboration between experts, NHS and industry stakeholders. The DHSC also proposes to introduce a ‘healthtech regulatory sandbox’ to allow the Information Commissioner’s Office (ICO), the National Data Guardian, NICE and other regulators to test, iterate and de-risk promising innovations and relevant regulation in clinical and ‘real world’ settings. The new standards will also be reflected in how the Care Quality Commission (CQC) regulates service providers. The involvement of regulators will be important to maintain the public’s trust in the quality of new technologies and the way in which personal data will be handled as part of the Government’s new framework, as well as ensuring alignment with new rules and practices including international and European data protection standards.
  • Simplified contracts – as part of a wider strategy to streamline the NHS procurement, the DHSC will develop new template contracts that are short and flexible, avoid lock-in provisions and enable NHS customers to switch to alternative, better and cheaper products and services as they become available on the market.

Other priorities include putting in place a basic IT infrastructure across the NHS, developing open standards to ensure interoperability, putting user need at the centre of innovation and NHS procurement, and staff training on use of these technologies.

The DHSC is seeking comments and feedback on the new framework, which can be submitted here.