The Department of Health and Social Care has set out a code of conduct for users of data-driven health and care technology.
The code encourages providers of health and care services, particularly when investing in IT systems, to think about issues such as transparency, accountability, liability, explicability, fairness, justice and bias, and avoiding unintended harm.
Data handling requirements affecting social care, particularly those with CHC contracts, include the NHS Constitution and the Data Security and Protection Toolkit (look out for more information in the March print edition). The Data Protection Act 2018 and General Data Protection Regulation sets out the requirements for processing health data, which is classed as special category data.
The code specifies the use of data flow maps, data protection impact assessments (DPIA) and privacy notices.
Launching the code, the DHSC says that technological developments in combination with data-sharing across the NHS has the potential to improve diagnosis, treatment, experience of care, efficiency of the system and overall outcomes. However, innovators in this field come from sectors that are not necessarily familiar with medical ethics and research regulation, and who may utilise data sets and processing methods that sit outside existing NHS safeguards.