How To Be Patient Centric In The Age Of GDPR

Anatomy Health

Shai Blackwell, Managing Director, Anatomy Health

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. It’s imperative that anyone working with or for patients, particularly in digital healthcare, understands what it means to them and their products and services. 

The current focus of many GDPR-readiness seminars and guidelines is largely on the internal – for example, scoping the role of the Data Protection Officer; defining data controllers versus data processors, and unpicking the various justifications for legal processing of data.

All crucial stuff, of course. But through focussing on these internal aspects of implementing GDPR, there’s a danger of missing something crucial.

The primary objective of the GDPR is to give people back control of their personal data. And control only comes through comprehension: people need to understand how their data is being used.

Trust and transparency

There are seven mentions of clear and plain language in the GDPR regulations. This is a clear and plain message that the way that you communicate with patients is a crucial aspect of GDPR compliance.

In other words, don’t just focus on internal readiness, plan for patient readiness.

Patients rely on trust. Trust in the healthcare system, their medicines, the people and the innovation. Trust that their health and care is at the centre of decisions. Trust that innovation will lead to better diagnostics, in-home care, monitoring, potential cure, etc. Trust that their care can help to improve future health outcomes of others, even.

But trust is precarious, especially when it comes to health data, as the NHS England fiasco aptly highlights. GDPR success or failure will be linked to the ability for a company to quickly and empathetically engage with patients –  and build trust that their data is being handled competently and transparently.

Communication is key

GDPR actively pushes companies to be explicit about how and why data is being used, and to give patients a crystal clear understanding of their individual rights. Passive engagement is no longer an option.

In theory, this means patients will be in a position to question, challenge and object more. Any company wishing to use data for the greater good will need to ensure that patients see that, understand that and – above all – value that.

This all hinges on transparent and understandable communication, and raises key questions for anyone working in digital health:

  • How are you planning to engage your patients in understanding and agreeing to their data being used?
  • How will you ensure patients understand all their rights in relation to the data you are collecting and processing – and how will you ensure this doesn’t become a barrier to opting in?
  • How will you explain the purpose and benefit?
  • How will you clearly signpost when different data has different legal justifications for processing and the implications this could have for patients rights?
  • How will you ensure it meets that patient’s health capability and level of understanding (aka their health literacy)?

When it comes to answering any of these questions, the most fundamental piece of advice that we give is our simplest – know your audience. In the UK, that means knowing that half of adults have a reading age of 11 years or under.

This single fact should help to inform how you construct patient notifications and consent so that they are aligned with the capability of your users. Simple language, short sentences, unambiguous intent.

Striving for simplicity isn’t an option but a necessity in the age of GDPR.


This is a guest post written by Shai Blackwell, Managing Director, Anatomy Health, for JAG Shaw Baker. All views expressed in this post are those of Ms. Blackwell.

A cookie is a small file of letters and numbers that we store on your browser or computer, phone or tablet hard drive if you agree. more information

INFORMATION ABOUT OUR USE OF COOKIES Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience and also allows us to improve our website. By continuing to browse the website, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that we store on your browser or computer, phone or tablet hard drive if you agree. We use the following cookies: • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to return to a previous page. • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. The analytical/performance cookies are provided on our behalf by Google Inc. to aid with reporting of user behaviour, market research and improving website functionality. This user behaviour is analysed in order to improve this website. To see how this applies to Google Analytics, visit You can stop tracking by Google Analytics by visiting COOKIE DURATION The strictly necessary session cookies are a temporary cookie which remains in the cookie file of your browser until you close the browser. The other cookies will remain in the cookie file of your browser after the closing of the browser, and will become active again when you reopen this website. The different cookies have different expiration dates. Following expiry of a cookie, a new version of that cookie will be downloaded when you next visit this website, unless you have withdrawn your consent in the meantime. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. Contact If you have any queries regarding this cookie policy please contact us at