Academic and commercial researchers using patient data are increasingly turning to real world data to gain broader insights into patient care and treatment. The UK is uniquely positioned to unlock the potential research, innovation and social value of health data generated by the NHS, and until recently, there has not been a unified approach to academic and commercial collaborations involving patient data.

The newly released guide to effective NHS data partnerships from NHS England (the “Guidance”), recognises the significant social and economic value that data partnerships can offer, and aims to provide guidance to NHS organisations on establishing data partnerships in order to promote consistency and streamline approaches across the NHS.

The Guidance relates to multiple different types of data partnerships including third-party requests to access NHS data assets for research and development purposes, validation of a solution to a healthcare problem requiring data access, or an NHS organisation reaching out to third parties to use data to solve a particular challenge.

The Guidance focuses on certain key topics summarised below.

Data Access

The Guidance sets out three options for access to NHS data assets:

  • the data remains in the NHS environment and only NHS staff work on the data, with the third party partner only having access to aggregated results;
  • the data is shared via a secure data environment (an “SDE”), a data storage and access platform managed by the NHS and which permits authorised users to analyse data without it leaving the secure environment or seeing patient-identifying data. This is stated to be the default method of data sharing in the future; or
  • the data is only shared in a pseudonymised or anonymised form. This is method is stated to only be possible in a small number of cases as it comes with risks, and that in the future analysing data outside of an SDE will be “extremely limited” and will require “significant justification”

Fair Value

One of the key focus areas for the Guidance is that fair value is obtained for the public from data partnerships. Accordingly, the Guidance sets out four principles to govern commercial terms for data partnerships:

  • Cost of access should not prevent good use of data. The Guidance highlights that protracted negotiations risk preventing the benefits being delivered to the public and accordingly a “consistent, efficient approach that aligns incentives for all parties is preferred to optimizing each individual negotiation”.
  • The NHS will always charge a fee for accessing health data. See below for a summary on how the Guidance advises the fee is to be determined.
  • The cost of access should depend on how the data is being used. The Guidance advises that “NHS parties should not routinely set a relatively high charge for commercial companies and a low or no charge for non-commercial” entities. Instead, the charge depends on the use case.
  • The NHS should share in the value create by its data. “The NHS should seek a share of any commercial value arising from a data partnership proportional to the NHS’s contribution to that value.”

The Guidance goes into further detail on how NHS organisations might determine pricing for data partnerships by the use of a pricing strategy.

  • The Guidance stresses that the fees involved are highly context dependent considering the costs to the NHS organisation of being involved in the project, the value of any services being provided by the NHS party (such as data curation) plus the price of the data.
  • For commercial uses, the Guidance advises “the commercial arrangement governing the partnership should fairly allocate the commercial gains between the parties based on their respective contributions, roles, responsibilities, risks and investment”, and suggested options include fixed payments, subscription payments, milestone payments and revenue royalties.

Intellectual Property Rights

The Guidance sets out that, provided the NHS organisation obtains fair value from a collaboration, the NHS owning the foreground IP created from the transaction may not be the most effective way to maximise public benefit: “generally, it is best for marketable foreground IP to be held by the partner with a track record of taking products to market.”

Information Governance

  • The Guidance gives a brief overview on ensuring compliance with data protection legislation and patient confidentiality.
  • The Guidance highlights how transparency requirements should be satisfied by NHS organisations via a communications plan, including patient information leaflets and social media posts as well as required privacy notices.
  • In order to comply with information governance principles, the Guidance requires the following: DPIA, due diligence checks on the partner, a Data Processing Agreement, a Data Sharing Agreement, and transparency information (a privacy notice).

NHS Governance

  • The Guidance recommends that NHS organisations form a data assets management committee. Such committee will be responsible for approving new data partnerships and so should be accounted for in contractual negotiation timetables.
  • The Guidance also recommends that NHS organisations have a data assets management strategy. The strategy will define the organisation’s approach to using their data assets to ensure consistency in responding to approaches from external parties seeking to access the data. The strategy may also define the types, or number, of data partnerships that the NHS organisation will enter into.
  • The Guidance encourages NHS organisations to consider their capabilities and capacity for entering into data partnerships, such as ring fencing the time spent by staff on partnerships. The Guidance also suggests stipulating in the contract that NHS staff will be trained by the partner’s experts.
  • The Centre for Improving Data Collaboration (CIDC) is offering to give advice to NHS organisations on particular data partnerships, including specific value return models; commercial partners may be concerned around confidentiality undertakings (such as NDAs) being extended to the CIDC in such cases.

Other Legal Terms

  • The Guidance suggests that the NHS organisation establishes how it will recharge for extra demands resulting from the collaboration and that it is able to stop work if it is no longer making a positive contribution. This could be difficult for commercial partners that are investing funds up-front in the data partnership.
  • The Guidance identifies a risk as the possibility of major changes at the partner organisation, with the solution being protection in the contract. The Guidance further explains that in this situation, the data must be returned or destroyed.

Suitable Partners

The Guidance sets out a number of more ambiguous considerations when seeking a third party collaborator for data partnerships, including the vision of the partner, whether they are well established in the UK, their leadership/management style and interactions with staff, common values, and responsiveness and transparency.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Gabrielle Ohlsen Gabrielle Ohlsen

Gabrielle Ohlsen is an associate in the firm’s Technology and IP Transaction Practice Group. Her practice covers a range of commercial contracts involving technology, data and intellectual property. Gabrielle represents clients in a range of industries including technology, digital health and media.

Photo of Joshua Gray Joshua Gray

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring…

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring and negotiating bespoke technology projects, privacy and GDPR, innovative collaborations involving the use of new (and often data-driven) technologies, and other business critical commercial transactions. Joshua provides “product counselling” to clients looking to launch new digital products and services and he routinely supports multi-jurisdictional projects covering areas such as e-commerce, consumer law, media licensing and telecoms.

Joshua otherwise advises on the full spectrum of technology transactions, including IT services agreements, outsourcing, software development and licensing, cloud computing and infrastructure, M&A and joint ventures.

Joshua has deep industry knowledge and experience in the technology, life sciences, digital health, media, telecoms and travel sectors. This experience has been bolstered through client secondments to Illumina Inc, Barclays Bank and du, a leading telecoms operator in the UAE.