How to Build Trust in Health Data: Compliance & Ethics
Post Summary
In today's rapidly evolving healthcare landscape, the use of data has become a cornerstone for improving patient outcomes. From personalized treatments to public health crisis management, health data holds immense potential. However, with great power comes great responsibility. Healthcare and cybersecurity professionals face the daunting challenge of leveraging data ethically, securely, and with full compliance. A recent panel discussion hosted by experts from Wales delved deeply into these pressing issues, exploring practical strategies to build trust in health data through transparency, ethical practices, and robust governance.
This article synthesizes key insights from the discussion while providing actionable takeaways for healthcare and IT leaders seeking to navigate the complexities of compliance, ethics, and collaborative data sharing in the health sector.
The Pillars of Trust: Transparency, Ethics, and Compliance
Transparency as a Foundation for Trust
Transparency emerged as a recurring theme in the discussion, highlighting its central role in fostering trust. Under UK data protection laws, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), organizations are required to inform individuals about how their data will be used. This fundamental right promotes informed decision-making and builds trust between patients, providers, and regulators.
David Teague, the head of Welsh Affairs for the Information Commissioner’s Office (ICO), emphasized that transparency is not simply a regulatory checkbox but an opportunity to engage meaningfully with individuals. "If you’re transparent and tell people what you’re doing with their data and why", he explained, "you automatically engender trust." This principle is especially critical in sensitive areas like genomics, where individuals with rare diseases are often more willing to share their data when fully informed about its purpose.
Ethics: Beyond Legal Compliance
While compliance with data protection laws is mandatory, the panel stressed that ethics go beyond legal obligations. Anna Bartlett, a data ethics lead in the Welsh government, explained that ethical considerations require a holistic approach to all forms of data use, including non-personal and aggregated data. "Just because something is lawful", she noted, "doesn’t necessarily mean it is ethical."
Ethical data use requires organizations to examine the potential biases inherent in data collection, repurposing, and analysis. For instance, reusing data collected for one purpose in a new context may introduce unintended biases, potentially leading to unfair outcomes. Bartlett encouraged organizations to conduct data ethics assessments early in the decision-making process, ensuring that ethical concerns are identified - and addressed - before data is used in ways that could impact individuals or communities.
Embedding Compliance and Ethics from the Outset
The panelists agreed that integrating compliance and ethics into the earliest stages of a project is key to successful data governance. Tools like Data Protection Impact Assessments (DPIAs) help organizations assess risks and ensure that data use aligns with both legal and ethical standards. As Dave Parsons, a manager within Digital Arm Wales, explained, "DPIAs are not barriers - they’re enablers. They help us make informed decisions and avoid pitfalls down the line."
sbb-itb-535baee
Cultural Transformation: Collaboration and Confidence in Data Sharing
Overcoming Barriers to Data Sharing
Data sharing remains one of the most misunderstood aspects of compliance. According to Parsons, many professionals still default to saying "no" to data sharing due to a lack of confidence or understanding of legal frameworks. To counter this, the panel underscored the importance of fostering a culture of collaboration and confidence.
Welsh public services offer a compelling model. Over two decades, the Wales Accord on the Sharing of Personal Information (WASPI) has provided a standardized framework for data sharing, bringing hundreds of organizations together. This collaborative approach proved particularly effective during the COVID-19 pandemic, enabling swift, secure data sharing between health authorities, local governments, and even private sector partners like supermarkets.
The Role of Standards and Governance
Standardization is a critical enabler of effective data sharing. The panelists called for the adoption of consistent templates for DPIAs, data sharing agreements, and governance frameworks. "Why reinvent the wheel when we all have to comply with the same laws?" asked Parsons. Standardized processes not only simplify compliance but also reduce the time and effort needed to establish data-sharing arrangements.
Lessons from Crisis Management: COVID-19 and Beyond
The pandemic served as a stress test for data sharing frameworks, revealing both challenges and opportunities. The Welsh government demonstrated how embedding privacy and data protection from the start can enable rapid, ethical decision-making. For example, Wales successfully shared health data with local authorities and private sector partners to ensure that vulnerable individuals received essential services like grocery deliveries.
These lessons were carried forward into Wales’ response to the Ukraine war, where pre-existing data sharing mechanisms allowed for a coordinated and ethical approach to supporting refugees. Bartlett highlighted the importance of keeping data governance practices agile, noting, "It’s not a one-time exercise. You need to revisit and adapt your processes as circumstances evolve."
Addressing Public Trust and Ethical Ambiguity
Engaging the Public in Transparent Conversations
Building public trust requires more than compliance; it demands proactive engagement. The panelists acknowledged the difficulty of communicating complex data practices to the public but emphasized the moral obligation to do so. Transparency around both personal and non-personal data use can demystify the decision-making process and empower individuals to make informed choices.
Navigating Ethical Gray Areas
Ethics assessments can be subjective, as different stakeholders may have varying perspectives on what constitutes ethical data use. Bartlett advised organizations to document their decision-making processes meticulously, ensuring that ethical considerations are explicitly addressed and revisited over time. She concluded, "Good ethical practices evolve. What looked ethical three years ago may not hold up today, especially with advancements in AI and data science."
Key Takeaways
- Transparency is foundational: Informing individuals about how and why their data is used builds trust and promotes informed decision-making.
- Ethics go beyond compliance: Organizations must consider the broader implications of data use, including potential biases and unintended consequences.
- Embed governance early: Conduct DPIAs and ethics assessments at the start of a project to avoid costly missteps later.
- Standardization simplifies compliance: Use shared frameworks and templates to streamline data sharing and ensure consistency across organizations.
- Collaboration drives success: A culture of trust and partnership enables effective data sharing, as demonstrated in Wales’ pandemic and refugee responses.
- Document decisions: Comprehensive documentation provides a clear audit trail for regulators and stakeholders, reinforcing accountability.
- Engage the public: Transparent communication fosters trust, helping individuals understand the value and safeguards of data use.
- Adapt to evolving ethics: Regularly revisit ethical assessments to align with advancements in technology and societal expectations.
Conclusion
Trust in health data is not built overnight - it is earned through transparency, ethical practices, and collaborative governance. The insights shared by experts from Wales underscore the importance of embedding these principles into every stage of data use, from planning to implementation. By fostering a culture of collaboration and confidence, healthcare organizations can unlock the full potential of data to improve patient outcomes while upholding the highest standards of trust and integrity.
For healthcare and IT leaders navigating this complex landscape, the message is clear: compliance and ethics are not barriers - they are enablers of a smarter, more resilient healthcare system. By prioritizing transparency, standardization, and continuous improvement, we can ensure that data works for everyone, driving innovation while safeguarding public trust.
Source: "Fireside Chat: Building Trust in Health Data: Compliance, Ethics" - Health Data Forum, YouTube, Dec 5, 2025 - https://www.youtube.com/watch?v=eeXUU6qZB2E
