Notice of May 2024 Security Incident
Need help with record requests?
Datavant Connect Login
No items found.
Blogs
/

Building Datavant-UK

Author
Publish Date
Read Time
Datavant
November 6, 2022

Growing Convenet’s NHS-approved API into a robust health data ecosystem in the UK

Convenet founders Andrew Bailey and Chris Turner met at Keele University where they were brought together on a project as “forced friends.” Years later, working on different sides of the UK healthcare system, they both became frustrated by the lack of interoperability slowing down patient record retrieval and prescription management. Together they founded Dimec, a prescriptions app that integrated with GP and Pharmacy systems in the UK before founding Convenet, an NHS Spine-integrated API. We spoke with Andrew, Chris, and Grant Murphy-Herndon, Head of UK Business Operations, about Convenet and some of the challenges involved in bringing Datavant technology to the UK. Interested in joining their team? Datavant is hiring across roles in the UK.

Datavant acquired Convenet in 2022. What does Convenet do?

Convenet is a single API running on RESTful JSON that connects to 100% of England’s General Practitioner (GP) systems and the UK National Health System (NHS) Spine. We also enable connections to dozens of 3rd-party services, including pharmacies, care homes, and remote medical consultation services. In other words, we have an extremely robust service providing identified, consented patient record retrieval.

This is very similar to Datavant’s Identified Switchboard. Tell us about the structure of the UK healthcare system and how it is you’re able to connect to 100% of UK GPs.

Interoperability is challenging in both countries, but in that regard, the UK benefits from a nationalized effort by the NHS to digitize patient records. All patients in England and Wales are listed in the NHS Spine, a central database of patients and patient demographics: first and last name, DOB, postal code, address, NHS Number (a 10-digit number like a US Social Security Number), registered GP, and chosen pharmacy. Also, there are only 3 Electronic Health Record (EHR) systems in the UK: EMIS Health, SystmOne, and Cegedem, which manages INPS Vision. Compare that to the US, where the average health system deals with 18 different EMR providers.

Convenet integrates with all four entities, connecting GPs to the 3 EMR providers and the Spine. So in the US, if Datavant knows the patient and knows the provider, then the patient’s health record can be located and transmitted to another provider, which is to say, a scenario involving a known patient and known provider. But because of our integration with the NHS Spine, Convenet has the power to connect any patient to any provider even if we don’t know where that patient received treatment, a scenario involving a known patient and unknown provider — a very powerful feature of the API.

We’re using the Convenet infrastructure as a starting point to rebuild Datavant’s entire US infrastructure in the UK.

You’re in the process of a major build-out of your platform and hiring a significant cohort of UK-based engineers for this. Now that Convenet is part of Datavant, why can’t Convenet simply unroll Datavant’s Switchboard in the UK?

At a high level, this comes down to the differences between HIPAA privacy rules and GDPR (General Data Protection Regulations) privacy rules. HIPAA is vague by design. GDPR, which covers the EU as well as 14 other territories, is strict but clear. Building according to GDPR rules is in some ways more straightforward but doesn’t allow for a simple redeployment of the Switchboard.

As an example, consider the concept of de-identified data. HIPAA has a category of data that qualifies as “de-identified” by way of either its Safe Harbor guidelines or its Expert Determination guidelines, which also include provisions for re-identification. This is the environment for which Datavant’s tokenization has been designed. GDPR does not include the concept of “de-identified” data. Under GDPR, data can be “anonymized” or “pseudo-anonymized.” If it is anonymized, then it is truly anonymized and there is no way to link the data back to an individual. Under this condition, tokenized data is a very vigorous form of “pseudo-anonymous data,” but does not count as anonymized precisely because one token still does refer to one patient.

What are some implications of the distinction between “de-identified” and “pseudo-anonymous”?

If we want to tokenize patient data for pseudo-anonymous use cases under GDPR, we can only do so with patient consent. HIPAA demands patient consent for transfer of identified data, but not for de-identified data. Personal data can move around within the GDPR member countries, but no UK patient data can hit American servers. We don’t even want patients with UK-based email addresses interacting with the US portal.

Further, GDPR is a set of guidelines for all types of personal data and addresses the right to be forgotten, or right to erasure. For example, if you “delete” your Instagram account (in a non-GDPR market such as the US), and then go back to it a year later and sign in with the same credentials, you’ll find that your data is still there: the account was inactive but not actually “deleted.” As we are rebuilding the Datavant infrastructure in the UK, we must also build a mechanism that allows patients to be absolutely forgotten. From an engineering standpoint, this means maintaining a log to prove that an individual who has requested to be forgotten has actually been deleted throughout our system, and building a mechanism to deliver the evidence of deletion to a user after they have been deleted.

Finally, there is the issue of data provenance. If a patient does consent to have their data tokenized as part of a clinical trial, Datavant must be able to tell that person what we know about them. We must be able to say “Andrew is X specific token and he was located in Y datasets, which were linked on Z occasions.” We must always know exactly where all data is coming from and be able to reconcile all patients back to any tokens that were used to de-identify them.

Essentially, you could say that we’re using the Convenet infrastructure as a starting point to rebuild Datavant’s entire US infrastructure in the UK.

Our goal is not to lock down data, but to facilitate its flow in a safe, privacy-preserving, compliant manner.

The Convenet API

What are some of the next steps for “Datavant-UK”?

There are a few major goals. We need to build an encryption platform in the UK that deals with patient data in a GDPR compliant manner. Also, we have a single API with all of the necessary connections, but we need to build the end-to-end interface and user experience for the API.

A longer range goal is to get GDPR-compliant tokenized data running in the UK so that we can integrate RWD with clinical research and trials, as is happening already in the US. And along those lines, we’re building a “Get My Health Records” button so that any user can pull their entire set of digital health records regardless of where they are stored. If Datavant has the power to find those records, we should be able to return them to patients. Our goal is not to lock down data, but to facilitate its flow in a safe, privacy-preserving, compliant manner.

More generally, our commitment to being an infrastructure layer means that we are growing partnerships across the ecosystem. We are innovating new products while also connecting to legacy products. We’re working from a standpoint of looking for problems within the system that need solving and trying to reverse engineer solutions. As Convenet and Datavant grow, our infrastructure will allow for the growth of companies that do not yet exist, conducting business that was not previously possible. Because we are an even smaller and more nimble wing of Datavant, we aim to be a spotlight of innovation. We hope to use the work done in the UK as an exemplar of how this work can be done.

Many thanks to Andrew, Chris, and Grant for the interview.

Andrew Bailey and Chris Turner have backgrounds in Pharmacy, and previously co-founded Dimec, a prescriptions app that integrated with GP and Pharmacy systems in the UK. Together they founded Convenet.

Andrew Bailey is currently Head of UK Engineering. Connect with Andrew via Linkedin.

Chris Turner is currently Head of UK Product. Connect with Chris via Linkedin.

Grant Murphy-Herndon has a background in economics and strategy and is currently Head of UK BizOps. Connect with Grant via Linkedin.

Interview compiled/edited by Nicholas DeMaison.

Considering joining the Datavant team? We’re hiring remotely across teams and at a variety of levels (junior / mid / senior) in the UK. We would love to speak with any potential new Datvanters who are nice, smart, and get things done, and want to build the future tools for securely connecting health data and improving patient outcomes.

Spotlight on AnalyticsIQ: Privacy Leadership in State De-Identification

AnalyticsIQ, a marketing data and analytics company, recently adopted Datavant’s state de-identification process to enhance the privacy of its SDOH datasets. By undergoing this privacy analysis prior to linking its data with other datasets, AnalyticsIQ has taken an extra step that could contribute to a more efficient Expert Determination (which is required when its data is linked with others in Datavant’s ecosystem).

AnalyticsIQ’s decision to adopt state de-identification standards underscores the importance of privacy in the data ecosystem. By addressing privacy challenges head-on, AnalyticsIQ and similar partners are poised to lead clinical research forward, providing datasets that are not only compliant with privacy requirements, but also ready for seamless integration into larger datasets.

"Stakeholders across the industry are seeking swift, secure access to high-quality, privacy-compliant SDOH data to drive efficiencies and improve patient outcomes,” says Christine Lee, head of health strategy and partnerships at AnalyticsIQ. 

“By collaborating with Datavant to proactively perform state de-identification and Expert Determination on our consumer dataset, we help minimize potentially time-consuming steps upfront and enable partners to leverage actionable insights when they need them most. This approach underscores our commitment to supporting healthcare innovation while upholding the highest standards of privacy and compliance."

Building Trust in Privacy-Preserving Data Ecosystems

As the regulatory landscape continues to evolve, Datavant’s state de-identification product offers an innovative tool for privacy officers and data custodians alike. By addressing both state-specific and HIPAA requirements, companies can stay ahead of regulatory demands and build trust across data partners and end-users. For life sciences organizations, this can lead to faster, more reliable access to the datasets they need to drive research and innovation while supporting high privacy standards.

As life sciences companies increasingly rely on SDOH data to drive insights, the need for privacy-preserving solutions grows. Data ecosystems like Datavant’s, which link real-world datasets while safeguarding privacy, are critical to driving innovation in healthcare. By integrating state de-identified SDOH data, life sciences can gain a more comprehensive view of patient populations, uncover social factors that impact health outcomes, and ultimately guide clinical research that improves health. 

The Power of SDOH Data with Providers and Payers to Close Gaps in Care

Both payers and providers are increasingly utilizing SDOH data to enhance care delivery and improve health equity. By incorporating SDOH data into their strategies, both groups aim to deliver more personalized care, address disparities, and better understand the social factors affecting patient outcomes.

Payers Deploy Targeted Care Using SDOH Data

Payers increasingly leverage SDOH data to meet health equity requirements and enhance care delivery:

  • Tailored Member Programs: Payers develop specialized initiatives like nutrition delivery services and transportation to and from medical appointments.
  • Identifying Care Gaps: SDOH data helps payers identify gaps in care for underserved communities, enabling strategic in-home assessments and interventions.
  • Future Risk Adjustment Models: The Centers for Medicare & Medicaid Services (CMS) plans to incorporate SDOH-related Z codes into risk adjustment models, recognizing the significance of SDOH data in assessing healthcare needs.

Payers’ consideration of SDOH underscores their commitment to improving health equity, delivering targeted care, and addressing disparities for vulnerable populations.

Example: CDPHP supports physical and mental wellbeing with non-medical assistance

Capital District Physicians’ Health Plan (CDPHP) incorporated SDOH, partnering with Papa, to combat loneliness and isolation in older adults, families, and other vulnerable populations. CDPHP aimed to address:

  • Social isolation
  • Loneliness
  • Transportation barriers
  • Gaps in care

By integrating SDOH data, CDPHP enhanced their services to deliver comprehensive care for its Medicare Advantage members.

Providers Optimize Value-Based Care Using SDOH Data

Value-based care organizations face challenges in fully understanding their patient panels. SDOH data significantly assists providers to address these challenges and improve patient care. Here are some examples of how:

  • Onboard Patients Into Care Programs: Providers use SDOH data to identify patients who require additional support and connect them with appropriate resources.
  • Stratify Patients by Risk: SDOH data combined with clinical information identifies high-risk patients, enabling targeted interventions and resource allocation.
  • Manage Transition of Care: SDOH data informs post-discharge plans, considering social factors to support smoother transitions and reduce readmissions.

By leveraging SDOH data, providers gain a more comprehensive understanding of their patient population, leading to more targeted and personalized care interventions.

While accessing SDOH data offers significant advantages, challenges can arise from:

  • Lack of Interoperability and Uniformity: Data exists in fragmented sources like electronic health records (EHRs), public health databases, social service systems, and proprietary databases. Integrating and securing data while ensuring data integrity and confidentiality can be complex, resource-intensive and risky.
  • Lag in Payer Claims Data: Payers can take weeks or months to release claims data. This delays informed decision-making, care improvement, analysis, and performance evaluation.
  • Incomplete Data Sets in Health Information Exchanges (HIEs): Not all healthcare providers or organizations participate in HIEs. This reduces the available data pool. Moreover, varying data sharing policies result in data gaps or inconsistencies.

To overcome these challenges, providers must have robust data integration strategies, standardization efforts, and access to health data ecosystems to ensure comprehensive and timely access to SDOH data.

SDOH data holds immense potential in transforming healthcare and addressing health disparities. 

With Datavant, healthcare organizations are securely accessing SDOH data, and further enhancing the efficiency of their datasets through state de-identification capabilities - empowering stakeholders across the industry to make data-driven decisions that drive care forward.

Featured resources

Sort

Tokenizing clinical trial data in the development lifecycle allows earlier access to real-world data. Validate populations prior to marketing authorization.

Read more
Black arrow pointing right
Ebook

The Utility of Data Tokenization in Clinical Trials

10/20/2023

Specialty drugs drive the majority of prescription drug spending. Learn about capabilities unlocked by connecting SP data, first party data, and RWD.

Read more
Black arrow pointing right
Ebook

Linking Specialty Pharmacy Data for Commercial Success: The New World of Commercial Analytics

9/14/2023
White paper

Datavant Connect: Matching patients across healthcare datasets

1/29/2022

Address the need for highly accurate privacy-preserving record linkage and patient matching solutions to unlock research and innovation.

Read more
Black arrow pointing right

Achieve your boldest ambitions

Explore how Datavant can be your health data logistics partner.

Contact us

Datavant is a health data platform company. We make the world’s health data secure, accessible, and actionable.

Datavant drives data connectivity into action by offering a proprietary platform and network that deliver critical solutions across the healthcare ecosystem. Datavant enables more than 60 million healthcare records to move between thousands of organizations, more than 70,000 hospitals and clinics, 75% of the 100 largest health systems, and an ecosystem of 300+ real-world data partners.

© 2024 Datavant. All Rights Reserved.
Privacy PolicyEEO