Five months after the most recent delay to the care.data launch, I’ve come to the conclusion that we must seek long-term excellence in its performance, not content ourselves with a second-rate dress rehearsal.
“Sharing our medical records, is like playing Chopin. Done well, it has the potential to demonstrate brilliance. It separates the good, the bad and the ugly, from the world-class players. But will we get it right, or will we look back at repeat dire performances and can say, we knew all the right notes, but got them all in the wrong order?”
The vast majority were from organisations which are data users, some names familiar from the care.data press coverage in spring, [Beacon Consulting, Harvey Walsh] plus many university and charity driven researchers.
Sir Kingsley Manning, Sir Nick Partridge and Andy Williams [The CEO since April 2014] all representing HSCIC, spoke about the outcomes of the PWC audit, which sampled 10% of the releases of identifiable or pseudonymous data sharing agreements for closer review, and what is termed ‘Back Office’ access (by the police, Home Office, court orders) in the eight years as the NHS IC prior to the HSCIC rebrand and changes on April 1st, 2013.
“The standard PwC methodology was adopted for sample testing data releases with the prevailing governance arrangements. Samples were selected for each of the functional areas under review. Of the total number of data releases identified (3,059); approximately a 10% sample was tested in total.” (Report, Data Release Review June 2014)
I believe it is of value to understand how we got here as well as the direction in which the HSCIC is moving. This is what the meeting sought to do, to first look back and then look forward. They are Data Controller and Processor of our health records and personal identifiable data. As care.data pathfinder pilots approach at a pace, set for ‘autumn’, the changes in the current processes and procedures for data handling will not only effect records which are already held, from our hospital care and other health settings‘, but they will have a direct effect on how our medical records extracted from GP practices will be treated, for care [dot] data in the future.
Data Management thus far has failed to meet the standards of world class delivery; in collection, governance and release
It made me think, that sharing our medical records, is like playing Chopin. Done well, it has potential for brilliance. It separates the good, the bad and the ugly, from the world-class players. Even more so, when played as part of suite, where standards are understood and interoperable . Data sharing demands technical precision, experience and discipline. Equally, gone wrong, we can look back at past performances and say, we had world class potential and knew all the right notes, but got them all in the wrong order. Where did we fail? Will we learn, or let it repeat?
The 2.5 hour event, focused more on the attendees’ main interest, how they will be affected by any changes in the release process. Some had last received data before the care.data debacle in February put a temporary halt on releases.
As a result of planned changes, will some current data customers find, that they have already received data for the last time, I wonder?
After the initial review of the critical findings in the Partridge report, the discussion centred on listening to suggestions what may be done in England to prevent future fails. But in fact, I think we should be going further. We should be looking at what we are doing in England to be the world-class player that the Prime Minister said he wants.
We are focused on making the best of a bad job, when we could be looking at how to be brilliant.
To me, the meeting missed a fundamental point. Before they decide the finer points of release, they need to ensure there will be data to collect. There was not one mention of the public’s surprise that our data was collected and had been sold or shared with each of them until last spring. So now that the public in part knows about it, the recipients should also consider we are watching them closely.
Data users are being judged as one, by their group performance
What the data recipients may or may not be conscious of, is that they too each are helping to shape the orchestra and will determine the overall sound that is heard outside.
They may not realise that as data recipients, we citizens, the data providers, will see and hear their actions and respond to them all collectively, in terms of what impact it may have on our opt in/out decision.
I heard on Monday one or two shriller voices from global data intermediaries claiming that others had been receiving data whilst their own requests had been overlooked. As of last Friday, HSCIC said 627 requests were on standby, waiting for review and to know whether or not they would receive data. Currently HSCIC is getting 70 new requests a month. Bearing in mind the attendees were mostly data users, they can be forgiven that they were mostly concerned about data release and use, but they did in part also raise the importance of correct communication, governance and consent of extraction. They realise without future public trust, there is no future data store.
One consultancy however, seemed to want to blame all the other players for their own past mistakes, though there was no talk of any blame in any discussion otherwise. They asked, what about the approvals process for SUS (Secondary Uses Service data), how are those being audited and approved, is it like HES? How about HSCIC getting their act together on opt out, putting power back in the hands of patients, they asked. What about the National Cancer Registries, ONS (Office of National Statistics), all the data which is not HES, will there be one entrance point to access all these data stores for all requests? And as for insurance concerns by patients, the same said, people were foolish to be concerned. Why, “if they don’t get our health data then all the premiums will go up.”
My my, it did feel a little like a Diva having a tantrum at the rest of the performers for messing up her part. And she would darn well pull the rest of them into the pit with her if she was going to get cancelled. In true diva style, I’m sure that company didn’t even realise it.
But all those data recipients are in the same show now – if one of them screws up badly, the critics will slam them all. And with it, their providers of data, we patients, will not share our data. Consent and confidentiality are golden tickets and will not be given up lightly. If all the data-using players perform well, abide by the expected standards, and treat both critics, audience and each other with proper etiquette, then they will get their pay, and get to stay in the show. But it won’t be a one time deal. They will need to learn continuously, do whatever the show conductor asks, and listen and learn from the critics as they perform in future, not slacking off or getting complacent.
Whilst the meeting discussed past failings in the NHS IC, I hope the organisations will consider what has truly shocked the public is some of the uses to which data has been put. How the recipients used it. They need to examine their own practices as much as HSCICs.
The majority of the attendees were playing from the same score, asking future questions which I will address in detail in part two.
The vast majority asked, how will the data lab work? And other Research users asked many similar and related questions. [This from medConfidential  whilst on the similar environment for accredited safe havens, goes some way to explaining the principle of a health research remote data lab (HRRDL).]
Governance questions were raised. Penalties were an oft recurring theme and local patient representative group and charity representatives, asked how the new DAAG lay person appointments process would work and be transparent.
Other questions on past data use, were concerned with the volume of Back Office data uses. The volume of police tracing for example. How person tracing by the border agency, particularly with reference to HIV and migrant health, which may reveal data to border agencies which would not normally be shared by the patients’ doctors. “If people are going to have confidence in HSCIC, this was a matter of policy which needed looking at in detail. ” The HSCIC panel noted that they also understood there were serious concerns on the quantity of intra-government departments sharing, the HMRC, Home and Cabinet Offices getting mentions. “There was debate to be had”, he said.
They’re collectively recovering from unexpected and catastrophic criticism at the start of the year. It is still having a critical effect on many organisations because they don’t have access to the data exactly as they used to, with a backlog built up after a temporary stop on the flow which was restarted after a couple of months. HSCIC has reviewed themselves, in part, and any smart attendees on Monday will know how each of their organisations have fared. The audit has found some of their weaknesses and sought to address them. There is a huge number of changes, definitions and open considerations under discussion and not yet ready to introduce. They realise there is a great amount of work still to be done, to bring the theory into practice, test it out, edit and get to a point where they are truly ready for a new public performance.
But none of the truly dodgy sounding instruments have been kicked out yet. I would suggest there are simply organisations which are not themselves of the same standards of ethics and physical best practices which deserve to manage our data. They will bring down the whole, and need rejected – the commercial re-use licenses of commercial intermediaries. And the playing habits of the data intermediaries need some careful attention, drawing the line between their clinical support work and their purely commercial purposes. The pace may have slowed down, but data is still flowing out, and there was no recognition that this may be without data protection permission or best practice, if individuals aren’t aware of their data being used in this way. The panel conducted a well organised and orderly discussion, but there were by far more open questions, than answers ready to be given.
What we do now, sets the future stage of all data sharing, in the UK and beyond – to be brilliant, will take time to get right
How HSCIC puts into action and implements the safeguards, processes and their verbal plans to manage data in the short and medium term, will determine much for the future of data governance in England, and the wider world. Not only in terms of the storage and release of data – its technical capability and process governance, but in the approach to data extraction, fair processing, consent, communication and ongoing management.
This is all too important to rush, and I hope that the feedback and suggestions captured on the day will be incorporated into the production. To do so well, will need time and there is no point in some half-ready dress rehearsal when so much is yet to be done.
The next Big Thing – care.data
When it came to care.data, Andy Williams said it had been a serious failing to not recognise that patients view their GP records quite, totally differently, from the records held at a hospital. Sharing their HES data.
“And it is their data, at the end of the day,” he recognised.
So to conclude looking back, I believe where data sharing has reached, is leaps and bounds ahead of where it was six months ago. The Partridge Review and its recommendations recognises there are problems and makes 9 recommendations. There is lots more the workshop suggested for consideration. If HSCIC wants to achieve brilliance, it needs to practise before going out on a public stage again. The excellence of Chopin’s music does not happen by chance, or through passion alone. To achieve brilliance we cannot follow some romantic notion of ‘it will all be alright on the night’. Hard edged, technical experience knows world-class delivery demands more.
So rolling out care.data as a pathfinder model in autumn before so much good preparation can possibly be done, is in my opinion, utterly pointless. In fact, it would be damaging. It will be like pushing a grade 5 school boy who’s not ready into the limelight, and just wishing him luck, while you wait whistling in the wings. But what will those in charge say?
“That November farewell, given in aid of a Polish charity, came at the end of a difficult six-month British sojourn, which had included concerts in Manchester (one of the largest audiences he ever faced), Glasgow and Edinburgh, where the non-religious Chopin had unwillingly endured Bible readings by a pious patroness anxious to convert him to the Church of Scotland. Finally back in London, the composer-pianist spent three weeks preparing for what turned out to be his final recital by sitting wrapped in his coat in front of the fire at St James’s Place, attended by London’s leading homeopath and the Royal Physician, a specialist in tuberculosis. A week after the concert, he was on his way home to Parisian exile and death the following year.”
Born Zelazowa Wola, Poland of a French emigrant father and Polish mother, he left Poland aged 20, never to return. Well known and by some controversially for his long romantic liaison with novelist George Sand (Aurore Dudevant) after they separated his health failed and in 1848 he paid a long visit to Britain where he gave his last public performance at the Guildhall. He died in Paris.
How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.
Our medical data sharing must be above the best model standards to be acceptable technically and ethically, worldwide. Exercised with discipline, training and precision, care.data should sound like Chopin.
Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.
Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data. They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.
Can we rise to the Challenge to be a world leader in Data Sharing?
If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.
How can we expect it of them, if our own Government departments: HMRC, the Cabinet Office, the Home Office  cannot arrange their data management in a first-class manner? They all set the scene. Big Data does not stand alone in these silos, they each need to get their act together, if it should be a model to follow.
How the 70 million patient records and years of longitudinal, in depth data already held, is treated now, will determine the setting for the extractions of future data, whether for care [dot] data, or other regional safe-haven access, and beyond into any national genomics programme.
Will data sharing in England be of the level of classical brilliance or downgraded to a common reality show?
There is a risk that by trying to please and pandering to competing, sometimes conflicting self-interests of paying data users, the HSCIC becomes a variety act. Trying to be all things to all comers, it will fail to please the critics, water down its aim of world-class standards and simply not be able to compete on a world stage because the quality of its own data, the support it gets from bona fide research, and the trust of the providers of its material, the public, will be lost.
But outside interests not only influence the performance, but often call the tune. What data is extracted vs what is not? Which reports are funded and which are not? Which diseases and conditions are being addressed by clinical researchers and which are not? Is it a case of some conditions are more equal than others, and if so, where is the transparency in that decision making? Where research institutions accept funding from multi-national institutions whose ethics are not always in line with their own, does it compromise their intellectual independence for the sake of monetary gain?
And how does this influence outputs of selected research? As this [unrelated] blog argues , this is something I feel at risk, “although collaborations with industry are important, so are the freedoms scientists enjoy to explore new ideas unrestricted by commercial arguments. Academics should be free to work with companies when they want to, but also remain free to choose not to.”
Has the review of the past by the critics brought us any closer to future next steps?
The majority of the attendees were playing the same score, asking questions for the future, at the HSCIC July 21st meeting. Similar questions came up, were acknowledge but mostly unanswered, and agreed that discussions to move them forward will be had again.
The vast majority asked, how will processes work? How will good ideas become reality and by when?
Research users asked many similar and related questions. What is a Remote Data Lab? The so-called HRRDL safe data settings which enable secure and transparent use of data in a locked-down setting as opposed to what has happened in the past, giving raw data out by email, excel, CD Rom, via the Cloud to recipients for them to manipulate, store or even re-sell onwards. How would it operate and would users need to physically go to Leeds? How would their use their own tools and bring them to the data? Could they get a fast track pathway for ‘accredited’ data users to speed up the request process? Could they get concrete examples of data sharing released to the public, to show what kinds of data is held, shared and used for different purposes? Lots of questions remain to be answered, but Sir Manning said, “undoubtedly a Data Lab Service would be part of their offering from next year.”
A number of questions concerned consent and opt-out of research purposes. Multi-layered opt outs could offer a best-practice ethical model. But if users opt out of research at HSCIC release level, one researcher asked, would for example, anyone opting out from research purposes therefore be opted out for potential clinical trials in which they could be asked for explicit consent? Another in data governance, suggested a fair processing portal as a tool for ongoing communication and consent management.
If the research community feels strongly that the public will opt out of secondary uses, because of the mistrust in the use by other non-research players, the commercial intermediaries and the insurers (three included in the audit sample have refused to delete data since having been requested by HSCIC to do so) there are options. If these uses are all conflated into a single opt out, but research wants a multiple consent model in order to stand a chance of patients opting in to one area and not the other, then they need to stand up and ask for it. Either by having the secondary purposes restricted or the opt in/out choices expanded. I’ve read here that medConfidential has suggested a local opt out model which could technically and consensually enable this.
Governance questions were raised, including some asked by Data Governance responsible owners at an acute trust. Where would the documented process for proof of consent and the legal basis for data sharing visible and accessible to users? How will HSCIC carry out audits – onsite, by process only, or will they ensure data held by third parties will not make data they receive from HSCIC makes patients identifiable? Could HSCIC help identify a national guideline & tool for decision making on determining a definition of ‘pseudonymous’ data? Could statistics of rejected as well as the approved applications, the details of the applicant requests and reason for rejection be included in the transparent documentation of applications for data release (aka CAG does already today.) This should increase trust in the system and clarify the process for buyers.
Penalties were an oft recurring theme. How would the one strike and out work? What would happen in an organisation in which a commercial partner researcher made a mistake, but data was also used by the same organisation in patient safety audits. Would the organisation be banned from future data use as a whole? Surely an accidental wrong note would not be considered as serious as a malicious breach? Reassuringly I believe from a public point of view, the panel replied, if quietly, they didn’t think the public would see the difference. Clearly another area with lots of questions, and discussion to be had again.
Local patient representative group and charity representatives, asked how the DAAG lay person appointments process would work and be transparent. Considerations for lay involvement should include, they suggested, lay-shadowing to any position, to ensure knowledge-sharing, patient involvement mentoring, and in effect ensuring attendance by a back-up if the lay person was unable to attend.
All these questions need robust consideration and response. the HSCIC plans follow up and more involvement.
Lack of time is an artificial excuse to justify not doing something, not a valid reason why we should not.
What happens next? – care.data
When it came to care.data going forward the panel confirmed that the Care Act 2014 would affect some changes, but details were yet to be determined. There was no more definition given to the broad wording, which even Ben Goldacre had recently expressed on twitter he felt left the purposes so open as to be meaningless. Sir Manning reflected on July 1st at the Health Select Committee how insurers were likely to remain approved users, but it would be a fine definition of purposes which would determine which type of data they could receive. [Q428 Hansard July 1st, below extract:]
“We suggested to them that we wish to gather further information about the use, and we have identified that the use does not include—indeed, it would be illegal—using the data to set individual subscriptions for insurance purposes. My understanding at this stage is that their current use would still be in line with the Care Act.”
There would be a review put before CAG in September and Parliament, before coming into effect potentially in January. The CAG would be looking at the types of data users and giving guidance on for example, use for commercial purposes by intermediaries, clinical trials and pharma. Seeking “principle” cases, to use as models how sharing should be. But there would be “a question of balancing the interests of commercial companies, the health and wealth of the economy.”
I personally would be interested to hear comment by Dr.Poulter after the Partridge Review, and if he now believes data should be disseminated as widely as it has been. In Parliament in March he gave a statement, at least to me seemed that it was very tightly controlled. The Partridge review shows otherwise. On what will our trust be rebuilt?
“Under section 261, the HSCIC cannot disseminate or share data that could be used to identify an individual other than a provider of care except where there is another legal basis for doing so, which, as we have said, would be only in extreme circumstances such as a civil emergency.” [Hansard, March 25th 2014, Col 57WH] 
I look forward to understanding, and it can only make any sense ‘before’ the care.data pathfinder pilots, how the opt out will prevent identifiable data leaving HSCIC and that it will include pseudonymous data, as the care.data PIA has said it is potentially identifiable, and most agree that is an understatement. Will the onward dissemination include ‘amber’ data flows as NHS England indicated in January or has that changed? And when will we see that the opt out really has become more than fine words?
“Moreover, the Government have already introduced the commitment that if someone has concerns about their data being used in such a way, they can ask their GP practice to note their objection and opt out of the system, after which no identifiable data about them will flow from their GP practice to the HSCIC. Directions to the HSCIC under section 254 of the 2012 Act, which are separate from the amendments considered by the House as part of the Care Bill, will ensure that that commitment to patients has legal force.” [Hansard, March 25th 2014, Col 57WH]
For our care.data data management to be world class in future, we need experts to set up the right technical environment, to all want the same acoustics to resonate with everyone inside and outside the hall, and be well disciplined. All the participants in the shared symphony need to play well together and agree to play to the best of their abilities. They must all be of the same high standards, ethically, technically and legally, and play in harmony. And above all, they must keep listening to both themselves and their critics, to what outside voices are saying. They cannot afford for another flop. But they cannot afford to only get better through practice, hoping it will be alright on the night and carrying on as they have in the past without addressing their known flaws.
They must be absolutely performance ready, before they invite the public back again.
Only when the technical and process framework is tested and final should we public, be invited to come back and give NHS England and HSCIC another chance. It’s not to say there would not be adjustments as a result of pilot learnings, that would be right and proper if there were, but it shouldn’t be guinea pigging real people with real records, if there were significant known weakness or concern for some of the data users as identified in the Partridge Review – on retention, deletion, foreign use, Back Office, or not reaching everyone who should be informed, for example. There is no point in us lining up now to get in, when the performance time and even the programme details are not set.
On hold since February with almost no communications since and no national public debate, where does the care.data programme go from here?
Will our health data sharing be a virtuoso performance, or will we end up with a second rate show, where we will look back and say, we had all the right notes, but played them all in the wrong order? There is also an accredited safe haven consultation, another rushed scoping exercise, which confuses the data sharing debate, conflating clinical and secondary use. But a programme of huge significance and process change. Deadline for feedback until August 8th.
Leaders from government and NHS England continue to call for the show to go on regardless of readiness. They appear to want to go ahead to extract, without all these concrete questions addressed, and do not aim higher than to focus on communication to achieve only the minimum that’s required to get past the Data Protection Act legally. Without technical and process solutions in place at the new Data Controller’s, the HSCIC; then our data will fail to be safe, consensual and transparent, and fail to be fit for the 21st century.
Our data and processes will lose the respect of data sharing bodies not just inside the UK, but worldwide, and on a global stage open to all through social media and the www. If it is not played correctly, it will be set up for misuse by poor players, breach, damage to trust and another performance failure all over again. Why not get this right? It could really put England’s data sharing research capabilities on a world stage like no other. Why press ahead just to make the best of a bad job? We are surely capable of Chopin.
There are many many good reasons to get the responses to Monday’s Driving Positive Change right. It would be wrong and catastrophic for all the existing data users, if we were to push ahead with a large scale extraction, when the system nor process is ready to receive it, with no clear reason at all. It would irrevocably damage the future NHS data management model for all, for the sake of a paper deadline.
Then the critics would indeed have good cause to shut the whole darn theatre down for everyone.
 TTP China business agreement (systems used in the NHS /NPfIT)
I started on the comms side, announcing writing events and industry news, and later moved into interviews. It’s been an amazing experience. Editor Mike French was a great remote-mentor. We’ve met only once, at the launch of his latest novel, Convergence, in The Dandelion Trilogy. Mike both enabled and encouraged me to interview some great writers, editors, scouts and publishers, every quarter. I learned something new each time, from every contribution, and had great fun. All of which I enjoyed, but some stand out in the memory more than others, and every one was unique.
Thank you to all whom I interviewed since 2006, but also to readers and fellow unpublished writers who supported me, the team, and made the community at The View From Here what it is. With eclectic tastes, I learned much on writing but also enjoyed the art of the creative collective.
The most recent interview I did for them, was here, with Isabel Allende. In her wide ranging career, it was hard to know what to ask and how to narrow it down, but one thing stays with me, in all she said, on the role of a writer:
“Writers have no obligation to comply with the official story or the official version, their only obligation is with their own consciousness. Honesty above all.”
The other part of my writing recently has been more akin to her engagement in politics and civil society. I’ve been on twitter really only for the last nine months, throughout the difficult pregnancy of care.data, pronounced care [dot] data. If you missed it, that’s the government proposed scheme to suck up our GP medical records, merge them with data already held at the central Health and Information Centre from our hospital care, and then use the new, richer record for commissioning purposes and potentially more, as yet undefined. Since our hospital and other health sourced-data is already sold to private companies and will continue to be so in future, but without having asked for informed consent, I’ve been a very skeptical critic and lay voice for positive changes for these wide secondary uses. [In case you've landed here for the first time, I've a background in tech database implementations, communications and change, and I took it upon myself to fully understand and follow the subject, a year ago when I came across the topic online, by accident.]
It looks now, as though some improvements on past failings will happen, but much remains undefined in detail, and as we all know, that’s where the devil likes to sup. I look forward to seeing some of the recently discussed changes and definitions in the Care Act, for example, becoming concrete.
So, that’s the reason for the insignificant changes on my part, and should I explain the image? I’ve chosen my favourite coffee mug for my header photo, with my favourite scarf. I use both often. The latter, reminds me a little of Bridget Riley’s op art. As a retro fan that appeals to me. The former, depicts the cover of Susan Stebbing’s most popular work Thinking to some purpose (1939) which was described on the cover of the first Pelican Books edition as being:
“A manual of first-aid to clear thinking, showing how to detect illogicalities in other people’s mental processes and how to avoid them in our own”
The work arose out of a synopsis she wrote for a series of radio broadcasts intended for the BBC. Published on the eve of the Second World War, Stebbing wrote:
“There is an urgent need to-day for the citizens of a democracy to think well. It is not enough to have freedom of the Press and parliamentary institutions. Our difficulties are due partly to our own stupidity, partly to the exploitation of that stupidity, and partly to our own prejudices and personal desires.”
Her words seem very timely.
To borrow from Wikipedia here: “This metaphor seems to me to be appropriate, because potted thinking is easily accepted, is concentrated in form, and has lost the vitamins essential to mental nourishment. You will notice that I have continued the metaphor by using the word ‘vitamins.’ Do not accept the metaphor too hastily: it must be expanded.”
I have children who are entitled, come September, to the universal free school meal programme. Department of Education advice came out last week. See here >>universal infant free school meals.
I wonder whether this will bring back a national treasure to benefit those who need it most, or is it just a Pandora’s box of problems?
The new system, raises two concerns for me, over which I now have little control or choice.
Firstly, on nutritional decision making. I fundamentally disagree with the low fat milk approach. I hope it reflects the plan only in milk, and not across all the food groups.
Whilst I fully understand the popular and State drive for cutting down obesity levels, cutting out fat across all the food groups may not be the key to national health. This ‘low-fat is good’ approach is controversial, and low fat in particular in dessert, replaced with artificial sweeteners is a false choice. I believe that the paleo approach to food, back to basics, is a better choice. Throw out artificial things, and eat almost everything that is natural, in moderation. Not all fats are the same. Children who are growing, need the kind of fat that is in milk. It’s not the same as chips.
The whole programme of child health in school is based on sweeping generalisations in my view. We’re told an awful lot of twaddle of how our kids should eat and exercise by state-sent leaflets in book bags. Add to that, the fact that the BMI comparison is flawed, and its communications to parents method is fundamentally flawed. (Letters saying your perfectly healthy, well proportioned child is obese, or underweight, partly due to its tool as an average cross group measure, in the National Child Measurement Programme (NCMP) anyway. But that’s another, longer story.) It’s no wonder parents are confused, not knowing the best thing to do on these school meals or not.
“On 17 June 2014 the department announced a new set of simplified standards. The new standards are designed to make it easier for school cooks to create imaginative, flexible and nutritious menus. They will be mandatory for all maintained schools, academies that opened prior to 2010 and academies and free schools entering into a funding agreement from June 2014, and will come into force from January 2015.
One significant change in the new standards is that lower fat milk or lactose reduced milk must, from January 2015 be available for drinking at least once a day during school hours. The milk must be offered free of charge to pupils entitled to free school meals, and to all pupils where it forms part of the free school lunch to infants.”
On the drinks policy, my child would much rather drink water than milk with a meal. I hope both will be on offer. If not, I’ll support the school with jugs and help out to darn well offer it myself.
And secondly, on cost.
Currently, my children every week, eat both hot lunches and packed lunches from home. I pay the school’s private provider, for regular, hot lunches three days a week, and I provide packed lunch on two.
From September, I will no longer be able to choose to book and pay for those meals myself. And I will no longer be able to choose for some days and not others. It’s all or nothing.
The local provider will also no longer permit parents of year R-2 children to book meals and pay for them, so even if I am fortunate enough and wanted to, I can’t opt out of the state system and pay for only those meals my children will actually eat.
The result is, if I want to continue the mix of hot and packed lunch choice I make for them, based on our family life, schedule and the nutritional content of what I want them to eat, I am required to sign them up for all five days, and either they get the imposed routine and eat more hot dinners – or carry on with our current set-up and two days a week the hot lunches will go to waste.
However having spoken to my local school meal service today, they confirmed that after 4 weeks they plan to have a review of waste, and cut back on food provided.
The net result, the local private provider will receive more money from the State, for my children’s hot lunches, than I pay myself now. And likely as not, there will be food wasted as well, because the providers will need to allow that some children may take it up all days.
I understand that to administer detailed choices would be costly. From September, schools will need to administer instead of me, how many children are taking up the meals, and any changes in numbers week on week.
However, it need not increase the admin cost to schools or state, if I could continue to book for my children, as I do now, selecting their days and meals in advance, there would be a more cost effective use of our State money, without any change in administration. It would be up to the provider to bill as used, not blanket. Surely in these days of electronic charging, not hard, and could be made without manual intervention by the state, except for regular audits, which will need to happen anyway in any well governed accounting system.
It feels as though the Government simply doesn’t trust us to feed our children properly. I think I do a fairly good job. But I’m not sure I trust the state imposed food standards to do a good job if the funding should be reduced in future, quality will fall again, back to the bad old pre-Jamie days. I’d like to have kept universal child benefit for all instead. Those entitled to free school meals, were then and would still be now. I welcome anything that will help families feed their children well. The work by the Trussel Trust and others, shows what desperate measures are needed to help children who need it most.
But why impose it via this method on all without rigorous planing and evaluation? My school certainly doesn’t feel it has happened, and has had a ‘a couple of emails’, it’s a bit of an unknown. Instead, I now have to decide, to keep my kids in hot dinners, take them out, or keep our preferred mix and feel wasteful.
Where do you draw the line between support and interference in our family life?
You could say don’t look a gift horse in the mouth, but it’s what is going into my children’s mouths that matters most. Jamie Oliver did his darnedest to educate and bring in change, showing school meals needed improvement in quality across the board. What has happened to those quality improvements he championed? Abandoned in free school & political dogma. Where is the analysis for true quality change, rather than change for a point of policy? Is our children’s health a political football, which is being given as a concession in this Parliament, now rushed through to get checked-off, without being properly checked out first?
It seems there were pilots and trials but we haven’t heard much about them. There is plenty of history, but where is current discussion? I agree with David Laws, on the closure of school kitchens, but this mother believes current infrastructure and education should be fundamental to this programme, not coming in later as a secondary support measure. I wouldn’t normally choose to link to the Mail, but no other broadsheet seems to have covered it since the Department for Education guidance was issued last week.
Mr. Laws said,
“It is going to be one of the landmark social achievements of this coalition government – good for attainment, good for health, great for British food, and good for hard working families.
Ignore the critics who want to snipe from the sidelines.”
I don’t want to be a critic from the sidelines, I’d like to be an informed citizen and a parent with choice. This is a consumer choice and health issue, having an effect on a practical aspect of my parenthood. It’s not a tenet of education substance. Like this person, I want to ask and understand. How will it affect the majority? Will this have a positive effect on the nutrition children get, which may be inadequate today? What guarantees are there that adequate food safety and quality issues are properly and independently governed? Will it be overall less costly and beneficial to children and parents? Will it reduce stigma? Will it increase hot dinners consumed and reduce packed lunch intake? (So much less healthy, we are told.) Is the cost worth the benefit for a minority or even for the many? Will it benefit our children’s health?
Free, but what will it really cost?
Honestly, I don’t know. But that’s my main concern. It’s being done in such a rush, I don’t think anyone knows.
I looked in two previous posts at the background theory  to commercial uses of our data, then, the background to my concerns of commercial use with data intermediaries.  This is now part three, my glimpse into commercial use in real-world practice. It’s become rather a saga.
Here’s the short version: “In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. We need to shout a bit louder, that we are not a product for sale. It’s not only that there is an increased risk in a move of our health records from binder to byte and broadening access to them. We take issue with the change of approved purposes from care, to commercial use.”
At the Health Select Committee on July 1st,  I believe Sir Manning misses the key issue the public has with care.data and health record sharing, when he gave a response to Q562 to David Tredinnick MP:
‘We made big mistakes over the last 10 years’
“I am saddened by some of the comments that have been made this afternoon about the lack of trust and also by the impugning of our motivation. [...]
We made big mistakes over the last 10 years, and we have a once-in-a-generation chance to get it right. I am absolutely clear that we have to engage the public in an open debate about the balance of risks and benefits. There will always be risks with data. There were risks with the Lloyd George envelope; notes were lost, they flew and went all over the place. There will always be risks, but those risks and the benefits are both enhanced by the technology.”
Whilst I applaud Sir Manning’s apology, and his call for open debate, I think he misses here the fundamental point of disagreement the public has with the HSCIC current practice. Selling our health data.
It’s not only that there is an increased risk in a move from binder to byte and broadening their access.We take issue with the change of approved purposes from care, to commercial use.
And these commercial (ab)uses in current form must stop if we are to trust the governance system in future.
Health Records for Commercial sale
HSCIC currently sells our health records for commercial purposes, to intermediaries with commercial re-use licenses, and had no consent nor our permission for this in the past, it continues to do so in the present and appears to have no concern or intention to stop doing so, for the future.
Mr. Kelsey added at the HS Committee,
“We have a very big job to do, and I hope that you will hold us to account in delivering it.”
To which I can only reply, it is you who say it. But who is accountable? The Open Debate which Sir Manning calls for has not been taken up by NHS England. We are told this is a programme of national importance, one which Mr. Kelsey has repeatedly said, including to the Health Select Committee previously, on which the entire future of the NHS depends. Why then, no national discussion, no news since the pause and a focus on updated communications of the current plan. The current plan with flaws in consent collection, scope determination, confusion of purposes.
There are so many ways this could be improved and gotten right, but not by November and without public debate.
There’s been no apology for the data sharing policy developed since 2010 which has encouraged commercial trading and enabled this erosion of security, confidentiality and trust in the data management system of our nation’s health records. No one at the Department of Health has said, we got this policy wrong. No one at NHS England, the same people if under a different label. Poor Sir Manning at the Information Centre who carried out their policy, has been left to say there were ‘big mistakes’ made. But not by him since July 2013.
Trust and care.data off course
That our trust now lies in tatters, is not the fault of the Health Select Committee member to whom Sir Manning says, he is saddened and disappointed. It’s not Joe Public’s fault who had no idea this was going on, until six months ago. Where did these policies and plans since 2010 come from? Where did the use of our data go so astray and why is flagship care.data now so terribly off course? Mr. Cameron outlined it in 2011. What happened in the three years?
Health records for sale
As I wrote in a previous post,
“Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace, this re-use of data is now becoming normalised.”
But should it be normal that our medical records are for sale?
When celebrity Michael Schumacher’s notes are for sale,  being offered concretely to the media, we all see that is wrong. Just imagine 70 million copies of Schumi’s record, each with our own name on it, being offered to anyone outside of those who need it for our care. Offered to these commercial for-profit data intermediaries. It’s not a theory – this is what is happening to our records, today. Don’t accept the ‘anonymised’ statements, they’re simply not true. Identifiable data and pseudonymous data has been sold. The register confirms it, and that was only a 10% sample.
“To earn the public’s trust in future, we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”
I think banning data sharing for commercial use and re-use would be a good start.
What is it to be used for and why?
When we think of our health records being used by others, we need to separate the uses of the data, in order to understand different ways it is used, who uses it and why. Data once it is processed becomes knowledge which is used as Business Intelligence. It is common in discussion to conflate use in care with care.data. It’s even in the name. But the uses of care.data are secondary. Not to be used by clinicians caring for us, not replacing hospital notes to give to consultants when we are referred for a hospital stay. Not providing discharge papers. It’s only approved for commissioning and sketchily [imo] approved for risk stratification. [ref p.5 ] 
care.data extracted from GP surgeries, is not even approved for research purposes, but to read all the recent debates you’d think research depended on it. Research using GP extracted patient data, is not an approved use of care [dot] data. Research using GP extracted patient data is not an approved use of care [dot] data. Repeat, ad nauseaum.
What is already being done, and what is used legitimately i research such as public health (albeit without our past knowledge or consent), is with our hospital data, HES, SUS, Mental Health data, usually with CAG review, and through 251 approval sometimes through DAAG review at HSCIC – it is available and is on sale to all sorts of other non-care providers. And that is planned to continue.
The records extracted so far, when not used for research appear in recent years increasingly used for comparison, the concept of ‘ranking and spanking’ professionals and providers of healthcare. They are also used in commissioning, payment validation and understanding costs and spending. But beyond that, there are all sorts of others who still come under the umbrella of ‘health purposes’ but don’t directly benefit the NHS or individual patients. What is their demand and what are they being supplied?
In the newly created NHS marketplace, customers at individual level are patients, or at a market level they could be any part of the healthcare buying structure, a GP practice, a Clinical Commissioning Group, a Hospital Trust.
The challenge of any demand and supply chain process, is that you need a market willing to pay at the price you are prepared to sell. And you need to offer what they want to buy. For that, the buyers must see a value in the data they want to obtain. Where is the value for these areas of use: Generic NHS Business Intelligence, Generic Commercial Intelligence and Pharmaceutical intelligence?
Health records as Business Intelligence
Some companies take data and process it before selling it to NHS and other health providers in England. This provides a third party service and skill set which the HSCIC nor the NHS Trust for example, has themselves, such as IMS Health.
Al sorts of other places and individuals perform these services. They include a wide range of commercial organisations, small and large.
Health records as Commercial Marketing Intelligence
Commercial buyers however, can include wanting data for identity verification, fraud prevention and background checks. Services such as Experian offer. These may be what the loose definition in the Care Act would say are now banned, but are they? What is to say that a company which offers the use of private health services, healthy eating or pharmaceutical marketing is not providing information to others, for the promotion of health?
“Experian employs more than 12,500 people in 34 countries worldwide, supporting clients in more than 60 countries. Annual sales are $3.1 billion (£1.7bn/ v2.5bn).”
Identity verification can be done, matching data across a biographic footprint, ” in databases, established for 45 million UK citizens and hold in excess of 1 billion records.”
“Experian public sector currently works with 380 plus local authorities, 52 police and investigatory bodies, as well as central government agencies including DVLA, HMRC, DWP and the Cabinet Office.” 
There is clearly a lot of data sharing in the public sector, about which we may understand very little. But mostly the buyers of data want to sell something. Companies buy lists of people to use in marketing campaigns, who might be interested in what they’re selling — and companies also want to learn more about their current customers.
This is where I find the level of detail and what is done with our data, more than a little freaky.
Every UK consumer is classified into one of 22 types, aggregated into six groups. The 22 types are linked to six decision-making styles, providing insight into consumers’ motivations when using different media and the processes they go through in deciding about products and services.
I don’t know what segment I am in. But I know that I will have data stored in many of those different data sources they mention. So do they actually know more about my habits and inclination, that I have self-awareness? If their tool has over 850 million input sources which they process, it’s more than likely. 34 million email addresses, 20 million mobile phone numbers, 49.7m names and addresses.
Experian may well have much of this data from the electoral roll (unless like me, you opted out of these uses) but in the HSCIC January-April 2014 register of releases  data was given to Experian for use in Mosaic. (see July – 132kb right of page)
“Mosaic is Experian’s powerful cross-channel consumer classification designed to help you understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” 
That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. In fact, I find it threatening in a similar vein to the visceral reaction that the Facebook experiment generated this week online.
As SF Gate reported,
“Using unsuspecting members as human guinea pigs is repugnant. And when the biggest social network on the planet does it, can its leaders be trusted with their own technology?”
This idea that just because one can and the technology permits it, does not mean that one should. It just feels wrong to find out others may manipulate our thinking and behaviours in such a targeted way. Just as Experian does with consumer data:
“Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…”
Individual households? Understanding my behaviours, gives them information which they use to nudge or influence my decision making. Understanding our behaviour ‘in extraordinary detail’ helps companies market and sell more to customers.
There are other re-uses even for health purposes, which seem less transparent and more about us as general consumers, rather than for our health. For example, the use of HES data is in social marketing targeting:
“In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included OmegaSolver and Harvey Walsh.”
How will HSCIC know how data will be used after release and how will it be audited and how often? When it comes to human tissue, the HTA only audits tissue banks in the UK once every three years. That’s a long time in between audits if something has gone horribly wrong in best practice.
Health records as Commercial Pharmaceutical Intelligence
To global pharma it is again not the data itself which is of value, but in the knowledge it reveals. The pharma business intelligence. It can show at an individual level what is being prescribed or show any gaps it reveals, which will allow pharma, to address ‘unmet clinical need.’ The data already compares hospital prescribing and reports make recommendations used by NICE on what drugs to use and recommend. My concern is that to treat the worried well who have cash to spend, will deflect attention from the needs of the sick and poor and that even if only at postcode level, we will be targeted for pharmaceutical marketing.
“The parties will initially look at how anonymised, integrated health data can be used to identify unmet clinical need in patients with diabetes. In the UK, diabetes affects approximately 2.9 million adults overall, with more than 90% of these patients having type 2 diabetes. This makes diabetes one of the most common chronic medical conditions and represents a significant strain on U.K. health services.”
“The partnership with IMS Health will give AstraZeneca access to pre-existing anonymised electronic health records, which include clinical outcome, economic and treatment pattern data. In addition, the companies will jointly develop a customised research and data analysis platform. The information will provide a deeper insight into how medicines that are already on the market are working in real-world settings across Europe, painting a picture of unmet needs …”
We can look at this more than one way. Some feel strongly commercial use should exclude Big Pharma. On the one hand, the State and Government does not own manufacturing of drugs nor medical products. Though we used to do both. Recently, that we did own, has been increasingly sold to commercial buyers or venture capitalists.
The State and pharma work together, often through University research, to create future health solutions, drugs and the drive towards personalised medicine and diagnostic tests. When companies which own our data are sold and bought internationally what happens to our data they own? Boots Alliance bought data from HSCIC, and they are about to be bought by US Walgreens. So many questions.
Those more informed than me will know all about the challenges of pharmaceutical companies, the patent cliff, mergers and diversification. IP, diagnostic tests and generics in the market. Big Pharma and the State are working together in much research to find solutions and discoveries to current and future medical issues.
How far does cooperation stretch and when does it become inappropriate? Is commercial interest supportive of State practice or driving decision making policy? Should commercial companies fund any costs at our NGOs? And do those which buy the most data, get a bigger slice of the influence of what conclusions reports using the data, reach? Whilst there is a public move to #Alltrials I believe we should demand #Allreports in the public interest as well. I would like to have transparency at HSCIC how their reports are funded, when working with partners which are frequently commercial pharma partnerships.
Mr. Hunt recently defended to the Health Select Committee the reasons why a commercially supported pharma lobbying group was used to advise on the NHS Commissioning plan – the Specialised Healthcare Alliance. Supported by 14 pharma companies, these corporate members are contributing £12,000 each towards the costs of the Alliance for 2014.
Are we really seeing transparency on who is driving change in our health service?
The Richness of our records open for Exploitation
The value of Big Data is only extracted by exploiting its richness. And these days, with mobile phones, social media and shopping habits tracked by the minute, the average citizen like me, it seems can’t easily avoid being part of it, whether we want to be or not.
But if we don’t even have the right to control and own our data and we can’t control the knowledge generated from it, how can we control who knows what about us and what they use it for? If we’re unaware of its existence, how can we understand its impact on our life to make free and uninfluenced choices in what we buy, for example? Or understand how we may be segmented and discriminated against. And this is aside from the assumption that the data held is accurate and that as a result, no mistaken judgements are being made about us.
As for our health data, how can we control its use by these massive data managers if we don’t even know who they are at the end of a chain of re-use licenses?
Put Business Intell, Commercial Intell and Pharma together
The vast amounts of data already held and analysed to the nth degree by these data intermediaries, means that making even more data available to them is going to increase the segmentation and risk of identification. They already have data on individuals and is it not enough that they make analysis at household level as shown by Mosaic? Individual health level data seems that they could put a final piece in the puzzle and know exactly who in which house had which ailments, their lifestyle risk factors could be refined and these data brokers would be able to look inside our very bodies.
One which fits data together, we do know from the HSCIC data release register, and press reports in March, is Harvey Walsh. The company tracks individuals pathway data, over time and the website now says:
“Harvey Walsh use non-sensitive and non-identifiable HES data for patient pathway mapping that is used by the healthcare industry with the NHS to improve the quality of healthcare management and service delivery by better understanding how patient cohorts move around the healthcare system.”
[Harvey Walsh's system] “AXON holds non identifiable and non-sensitive HES (Hospital Episode Statistics) data and other sources of data including GP Practice Prescribing, QOF, Demographic and NHS personnel data sets.”
Data snapshots combine to give a Picture over a Lifetime
So now, not only can these companies understand us in infinite detail, but can do so over our lifetime. We are tracked over time and anaylsed not as a snapshot, but as a living album of snaps, moving across time. They know what we do commercially, in our lifestyle and how it interacts with our health and what may affect our consumer habits and help nudge our decision making. Put them together, and it starts to feel like I’m on The Truman Show.
I’d like to know though, once the data is processed, what happens to the new combined knowledge set, it creates? The original raw data as extracted may not be given to others, but is it the same product and protected, if it now shows up as a small piece, in a bigger jigsaw?
Omega Solver took their product offline this year, after privacy campaigners identified the risk of identifying individuals.
Acxiom as a world data leader example, is a company which provides consumer data and analytics for marketing campaigns and fraud detection. Its databases contain information about 700 million consumers worldwide.
“For more than 40 years, Acxiom has been a leader in harnessing the powerful potential of data.”
It seems others share my concerns, as this article on how data brokers use of our data is creepy, from Julia Angwen showed up in my alert feed this week, and another in ProPublica from last September. As she says,
You can see more on this, in her interview with PBS News:
Our lifetime data is attractive to commercial marketing and all sorts of organisations who wish to understand us and sell to us. The one purpose, possibly the least trusted I have not really touched on. Hospital records have been shared with insurers and used for refining policy. Records have been sold to re-insurers, even since January 2014. And these insurers mine and use data much more deeply than we want to imagine. In fact, as I finish this I see the FT front page tomorrow carries a current story how insurers trawl our Big Data.
HSCIC Data Sharing Agreements will prevent Data Merger?
IMS Health UK & Ireland’s general manager, Michael Sanvoisin shows that exploiting the different data sets ‘out there’ in Big Data, is kind of the whole point. 
“The smartest use of data will be the effective combination of all the various sources of open data and patient information services available in the marketplace, augmented by companies’ own internal information and data from other reliable and reputable sources.”
IMS Health is working in partnership with the MHRA – and in particular the clinical practice research datalink (CPRD) – to help the UK increase its capabilities to build cohorts of patients for clinical trials. This has led to the linkage of IMS Health’s Hospital Treatment Insights (HTI), the aggregation of HES and prescribing data, to the CPRD. This powerful linked dataset enables the identification of specific patient cohorts and allows companies to monitor patient flow between primary and secondary care. IMS Ardentia’s Costed Care Pathways (CCP) sequences clinical events together with detailed financial information to give a longitudinal view of a particular patient care pathway.” 
When these global companies have in addition, bought data from HSCIC, where is the transparency for patients to know what internal practice at these private companies prevents all data becoming one Big Data set, in identifiable or pseudonymous formats, and sold or shared onwards with others?
The Recent register states explicitly, that IMS will not do this, that the data will not be sold onwardly, but how about theknowledge they create from it?
“ANDromeda is an engagement tool enabling greater market access with a tailored need across all functions within pharmaceutical companies.
And in the UK, are involved in work shaping our health market: “that may involve looking at how primary care organisations operate or focusing even closer on area-level commissioning, such as GP consortiums.”
Where is our Data being Used?
“The effective combination of IMS Health’s proprietary data assets, in addition to the vast swathes of open data being made available, can help inform key strategic decisions for both the NHS and pharma. Moreover, it can drive an increase in joint working towards shared benefits and therefore transform healthcare services in the UK and beyond.”
“in the UK and beyond.” So I ask myself, which countries outside the UK have received our medical records? Remembering that non-US citizens have no privacy rights in the US, if it landed there, we can say good bye to ever getting control of that knowledge back again.
Indeed HES extracts have been given to places in the US, specifically the University of California, the FOI request I got back confirmed. The Partridge Report contained two examples of data which has gone to Kyoto University. Yes, Japan. And remember, if the data is completely aggregated and anonymised it’s not included in these registers, because it is open, green data. So what exactly went to California, Japan and who knows where else. No one knows 100%. The Report only sample tested 10% of all releases.
IMS received 251 access (which is required for confidential data without consent) for identifiable data extracted from hospital pharmacy systems, sent to HSCIC and linked with HES (hospital records). The main customer for these products will be the pharmaceutical industry. (Lines 101-2).
IMS Health is massive, as is the global health data they hold.
On the IMS One intelligent cloud, the company connects more than 10 petabytes of complex healthcare data on diseases, treatments, costs and outcomes to enable our clients to run their operations more efficiently.
Drawing on information from 100,000 suppliers, and on insights from more than 45+ billion healthcare transactions processed annually, IMS Health’s 9,500+ professionals drive results for over 5,000 healthcare clients globally. Customers include pharmaceutical, medical device and consumer health manufacturers and distributors, providers, payers, government agencies, policymakers, researchers and the financial community.
Another user of our data is Optum UK (formerly United Health Group, and if that sounds familiar it was Simon Stevens  last employer). I wonder for example, does that mean it is also used by Optum Insight in the US? This presentation by Christopher M. Blanchette, shows different data providers of ‘RWE’ real-world evidence and where their data is sourced.
If international companies have NHS England patient data and re-use licence, is it likely in to have been exported around the world or how can we know in which locations it is used? I want to know how often data is given directly to International companies? How often is data given to companies in the UK, who have foreign centres outside the UK, which would routinely share that data with their central systems and therefore export it? It is a basic right of data management to require fair processing for identifiable data, to know who has it for what purpose.
How do we protect consumers’ concerns?
And as US Commissioner Julie Brill’s report shows, in the States there are concerns how this data is used and they are acting on it. Are we doing the same here?
Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told, the data controller, the Health and Information Centre, does not know. And he can’t ask for what data is held in pseudonymous format – even though the data is pseudonymous with a key to make it linkable with new identifiable data coming in, so to me, that makes little sense. It is by its nature, re-identifiable.
But if HSCIC won’t release it in a Subject Access Request (SAR), we can then only surmise, whether our individual data was contained in bulk data transfers. So from the released data register, we should look at what types of companies are using pseudonymous (so called ‘amber’ data), and assume our own data was indeed included.
Overseas Data Distribution and Protection
care.data, it was said at the Health Select Committee meeting by Mr.Kelsey in March, was only for use in the UK but the HES/SUS data application form includes a field for use overseas. So, does that mean policy for export has changed for all data, or should they have spoken more precisely meaning only that “GP data extracted in care.data” was only to be used in the UK?
Because IMS, again, already has access to primary data from CPRD and secondary care data according to line 10 from HES. And whilst, it states “[Note added 28/3: The data are onwardly released only in aggregate form] I am curious – where does ‘onward’ mean? There is no Ltd. on the company name, no territory or geography indicated in the register. So if data is released to an American firm, should we assume it sits on US servers and is accessed directly by their US staff? Does onward only restrict them from giving the raw, identifiable data they received, to others outside IMS? Is it availble in non-aggregate form inside the whole of the IMS system? I, in the general public, can’t tell from the register and IMS is hardly going to tell me. We should be able to find out. I’ve found it a challenge, and my FOI request to HSCIC  to find out what data may have been given to US or Asian organisations, was tougher than my entire lifetime of dental appointments combined. It shouldn’t be difficult. Patients should be able to easily ask, to whom did you give my health data and where, for what?
Do we know enough about the plans to use and commercially re-use our data for commercial ‘health purposes’ as being broadly defined in the Care Act? If not, patients should be asking. GPs don’t have time.
Why does it matter? Because legal jurisdiction of data is still (perhaps outdatedly) physically geographic at least in aspects with which I am familiar. When working on global implementations of confidential employment data, we had to gain legal advice from each territory submitting data, on how we should legally properly manage data from over 50 countries in the world and its access by regional and global teams in the US, Europe or Asia. And on simple terms, we should always handle, process and use data in a way the individual expects and feels common-sensed appropriate to the purpose for which it was submitted. British citizens are not protected by US privacy laws because they apply only to US citizens.
“Existing laws do not sufficiently address data brokers’ handling of sensitive data in marketing or risk mitigation contexts,”
says Julie Brill’s statement. Well they don’t protect us Brits, at all, so I want to know if it’s being used abroad.
Few in England, will expect their data to have been made as freely available at identifiable individual pathway level, as it appears to have been in recent years. Do I at least have the chance to protect my children’s future data privacy, if not my own now?
Surely we can trust Data Protection Laws?
Because of the legal status of data which is deemed “de-identified” or “anonymized”, it is claimed they don’t violate our rights to health information privacy – Data Protection law accords us only the right to fair processing, not to prevent its processing, due to the the Health and Social Care Act 2012 which requires its extraction — but if it’s possible to re-identify longitudinal data sets – and if the whole point of getting these data sets together is to combine them, surely common sense would say, it may be legal, but that doesn’t make it right. There are other DPA expectations which HSCIC also fails to meet. The Minimum data required, for example. Deletion. Accuracy. I am guessing that every single one of the eight Principles have been broken by our data extracted before the HSC Act 2012. Yet, everyone seems to be ignoring this.
When it comes to Data Protection, identifiable data is treated differently from anonymous data. Amber individual level ‘pseudonymous’ data, is not the same as aggregated anonymous statistics and the care.data privacy impact assessment  confirms the risk of re-identification, yet the data is being treated as if it is anonymous. I can’t believe people working in the field believe themselves these data groups should be looked on as being equal. In my opinion, it’s not so much a case of wearing rose-tinted spectacles, it’s more like a blindfold on the wise monkeys; hear no evil, see no evil. 
I can quite clearly state on behalf of many, we feel that our rights to privacy have been and continue to be violated, no matter what the letter of the law says.
Whilst HSCIC may see only its own data sharing practices in a silo, that’s not how the impact of its sharing works in real life. It’s a join the dots between different data sets from different sources.
Can Good Governance Give us Confidence?
We are told that data-sharing agreements make it illegal for the data to be combined with other data held by the recipient, to make it identifying. But if the Data Controller doesn’t know what data the company already has, and doesn’t even keep track of what data has been given to them already, it must be impossible for individuals within these massive corporations to know the impact of adding their piece of the jigsaw puzzle. Over time, they will not track either, what from their company has already gone into creating the Big Data picture.
We could only rely on release controls and good governance, but for the past ten years reported in HSJ and the Partridge Review, it appears some datasets have been inappropriately shared without audit, which would have spotted the mistake. Governance is simply inadequate. In my opinion, not with malicious intent. Rather, simply, the data sharing strategy has been too fast for its own good practices to keep up. Now, it has to catch up fast.
As awareness increases, so too is the push back on the privacy grab. How do we feel about losing our individual rights, the removal of confidentiality and consent, the right to freedom from cold-calling, and to know who has our data for what reasons. And do we feel the same if we lose those rights in the name of commercial or public interests?
The British public is pushing back on banking failures and resents increasingly to see the minority of individuals benefiting commercially at the expense of the many. We resent the paternal state definition of the ‘Public Good’.
The public interest considered by CAG in reviews of data release applications, must consider protecting both the public interest in research access to confidential patient data and the public interest in a confidential health service. Add to that the public interest of providing a national health service, and its safe to say ‘the public interest’ will be hard to satisfy for all of the people, all of the time and will be subjective.
“that the purpose for which the data will be used should be in the public interest and for the provision of health and care services; [and] that any approved processing must respect and promote the privacy of patients and care service users… ” (Hansard, 10 March 2014, Col.137)
Perhaps even more subjective, is the atmosphere of public interestand how interested the public is, in how how level decisions affect us on the ground. Certainly, Snowden and other data sharing revelations have coloured the muddy backdrop of how our data is gathered and used by others, and increased calls for transparency.
The Department of Health will be furious with the Home Office I expect this weekend, as they triggered a massive outcry over the perceived lack of transparency and scrutiny afforded to MPs and civil society over the Data Retention and Investigatory Powers Bill. Even Radio 2 gave it 20 minutes coverage.  (From 01:36.40) This kind of governmental out-of-touchness with the public and the perceived desire to hide something in the rush to the new legislation, is what undermines trust in all areas of the public-state relationship.
It implies a paternal notion, of “we know best, so just trust us little children.” Well, that ain’t gonna fly. Seahaven is not “the way the world should be.”
Patient empowerment to own our Health Records
This flawed process, within and beyond NHS data sharing, has also created a sense of loss and disempowerment. Whilst presentations are all about ‘patient centred’ care, and ‘personalised medicine’ sounds so about the individual patient, it seems safe to say patients have been left out of the digital decision making and sharing how those decisions will affect the public on the ground. This for care.data, should have been central to plans to ensure support and success. There are still unfilled positions supposed to be filled by patient organisations or patients on the tech board.
It seems endemic to new programmes too. Or have patient organisations been widely involved in the genomic plans for the nation and not told us? Unlikely.
The talk thus far, does not match the walk. Knowledgable patient involvement is as desired by some of those leading parts of NHS patient engagement, as a chocolate teapot is useful. One is documented having said on another programme, “this was not a suitable point for patient involvement.” Either you want patients involved or not. Involved means from the beginning. Not as the decoration at the end, a way to tick the engagement box.
The notional idea of patient empowerment in this programme is tokenism, if the most basic principle of care, the only thing I can control in my consultation – my patient confidentiality – is treated with such little respect.
Is the public good really defined and does it outweigh the private good and our long established rights of consent and confidentiality? Does it vary depending on circumstance and if so, who decides?
It certainly doesn’t seem to be us, the patients in healthcare. Nor as citizens in any other field of our personal data.
If you don’t pay for the product, you are the product
In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. Maybe we need to shout a bit louder, that we are not a product. We do not all want the knowledge of our health & lifestyle to be for sale.
We’ve got used to these third party uses through the recent media revelations and the acceptance that current Government seems to be prepared to sell anything the State has in its possession. I wonder how representative that is of what the people would choose to do?
So at the risk of repetition, let’s not forget the basics:
The list of past customers in the Partridge Review of those who received data before April 2013 shows the extent of what was hidden from us for twenty years.
Should we be asking, what may be hidden still?
By stretching the scope of the potential discussion around the ‘industrialisaton’ and use of our health records for secondary purposes, we must not normalise the basics which we at first, found so surprising. We need to get them fixed first. Then, only then, will patients be willing to look at broader future scope. If I can’t trust you to manage my hospital record when I broke an ankle, why would I want to trust you with my genomes in future? It reveals a complete disconnect at NHS England level with the public in care.data thinking.
Come back to reality and listen to patients’ real concerns. We don’t want our data given to third parties, these data brokers and intermediaries or to continue re-use licenses. Even if it’s for ‘the promotion of health’ the purposes in the Care Bill.
And honestly? NHS England and the Department of Health shouldn’t want that acceptable in policy either, because they need to know who has our data, to govern it to make sure it is acceptable. As Sir Nick says in his report, the future data governance must be:
“meticulous, fool-proof and solid as a rock”
One more big mistake in who received our data in the future, and all cards will be off the table. For this to work, you need to properly manage it. And all this at the time where NHS England has now decided to outsource population wide databases, through the Steria outsourcing. Ha. Get that outsourcing security wrong, and for all your future programmes, as Truman would say, “Good morning, and in case I don’t see ya: Good afternoon, good evening, and good night!”
In the words of more Americans for whom I have a respect & love of their self-determined own words, Simon and Garfunkel, ‘Slow down, you move too fast.’
Julie Brill’s Statement made a recommendation in the US:
“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”
We should feel that we consent to this mining of our health, wealth and lifestyles and know what is done with that knowledge. I feel disempowered because in finding out how my health data is used, I’ve discovered a brave new world of how my personal data is used. By commercial business. By Government. By suits and wonks as may be nicknamed. I am not equipped or informed enough to understand it all, but I’m doing my best to find out.
We need to trust in the people who manage these systems, who drive the policy and who advise the two, to work together and make technology work well for the rest of us. It should work well with privacy and security, and functionally.
Patients must speak up and Ask Questions
Patients must start asking more questions about these commercial uses and re-use licenses, because whilst the commercial intermediaries may access data for the purposes permitted in the Care Act, we are not a partner in patient engagement. Our data is being mined in the name of NHS improvement. Our samples being gathered in the name of science.
We are the product for sale. Our name, and everything else about us.
“These days, when we use the word “privacy,” it usually has a political meaning. We’re concerned with other people and how they might affect us. We think about how they could use information about us for their own ends, or interfere with decisions that are rightfully ours. We’re mindful of the lines that divide public life from private life. We have what you might call a citizen’s sense of privacy.
I watched two unequal sides play the beautiful game in the 2014 World Cup in Brazil semi-final. The host nation was crushed in a 7-1 defeat. Germany simply outclassed them and once they had the first goal pressed their advantage to drive home another quickly, after which the Brasilian side didn’t have a hope. As a team, they fell apart.
Inequality in what should have been a good match, resulted in tears.
There was a lot worse than tears in this story of inequality last week, when the team at the heart of tech dating agent Tinder fell apart. “When news broke that a former vice president of partner-matching Tinder filed a sexual harassment suit against the mobile dating app company, the most salacious parts of the complaint quickly spread around the Internet, reported Chloe Angyal.” See the rest of the story via Reuters. Or the Techcrunch version.
It appears the issues are more about the personal rather than professional relationship gone wrong, but in any event the male-female public exploitation in the media, the story of power and punishment is damaging personally and professionally. Frankly, I’m not that interested in the nasty side of the story. But does it harm the appearance of women working in start-ups and tech?
Are women perceived as equals in tech? Do we perceive ourselves as equal or are we our own worst enemies in how we manage and speak of other women, in leadership roles?
To become leaders, we must first start at entry level. I wonder in part if the langauge we use in tech has put women off entering the world of ‘the geek.’ The recent workforce numbers released by Google and surrounding other tech firms in silicon valley show women are unequally represented. I wonder if the imbalance is a result of concrete skill sets – the numbers of girls studying maths, physics, engineering appear ever dwindling -, fitting into the corporate environment – the unusual set up of game style office for example – or nature of work. And how much is down to expectations. “Nice girls don’t play games, they do something sensible.” In fact, in my experience tech is a nice place to be. Geeks are more accepting based on value-add to the team goal in a flat team structure, than I’ve found working in white-collar management for example, where in-house politics starts to play a role. However, some women find that the working environment in either, can’t meet their needs for the other part of their life, parenthood.
Whilst more women in the UK are working than ever, it’s not always in the jobs or employment type which are equally well paid or sought after. Cashiers, waitressing, care roles. Women are over represented in jobs that offer flexibility and there is great gender inequality in pay.
But it was Alistair McLellan’s comment I found more fascinating on the types of criticism female leadership receive, than the stats they found. Again, like the Tinder slanging match, treatment which women both meet out and receive, may be different from that of their male counterparts.
“It is the nature rather than the level of criticism that is different for female leaders, and it tends to be more pernicious and undermining of a leader’s resilience.”
I do wonder if we women are guilty as charged, of being more critical of fellow leading women than men. Or is it that we find bold and assertive women somehow more threatening, as more out of the ordinary, than the same behaviours in male managers? Am I guilty of thinking that ever myself? Do we criticise women in terms of emotion and men according to performance? Are an angry man and an angry woman on the front bench seen as equals? Would both be told to ‘calm down dear’? Does the politics of white-collar management deter women from leadership?
“Time and again it is suggested to HSJ that a female leader is struggling because she is neurotic, devious, scatter-brained and/or self-centred; or that her troubles have arisen because she is a flirt or a sycophant and has been overpromoted as a result.”
“And before female readers get too angry at their male colleagues, the critics are just as likely to be women – or indeed, those who would normally consider themselves strong supporters of equality.”
I’ve been in the receiving position. My female manager suggested I was overpaid and overpromoted. I had been offered another role in another company. I stuck to my guns and received the salary rise I hoped for. I was twenty-two. I went on to various jobs, salary increases and promotions in the same company. And I’ve always worked daft hours, given my all for the team and made sure the company always had their money’s worth. You can look to women leaders and say, it can be done. There are good role models to show it is possible.
But if there are fewer women in tech, it is for reasons I may not understand. It is an area where in my own experience, everyone who works together on a project and sees knowledge and result as a common goal, are pretty uncaring from whom a solution comes. Appreciation and team accolades were fairly distributed in my own experience.
I don’t think it is peculiar to tech to have too few women represented, although it could be fair to say the environment has its own quirks. (Just visit Google’s London office for example.) It’s challenging but a fun place to be in the tech workplace. It’s often project based, demanding a quick learning curve, with weird and wonderful hours supporting parts of the world you’ve never heard of. You need to be prepared to do a lot for each other, often at short notice, pulling out all the stops for a last minute fix and testing. It demands a lot of flexibility, energy, problem solving, teamwork and humour.
Whilst similar human qualities are also necessities as a parent, the flexibility aspect can be something which managing the other role of parent, can absorb entirely. The cost of childcare is prohibitive for many going back into anything other than a similar type of demanding role and environment with its according payscale which they left, if mothers want anything left to take home after costs. But for me personally the question then becomes, do I want a lifestyle in which I would see my children neither for breakfast nor read them a bedtime story? Or do I work in a non-tech job and give up on the past?
So perhaps it’s a question of why women have to leave the workplace in general rather than tech. Perhaps we simply can’t go back into that environment with the flexibilty we need in the other part of our life, as a parent?
Why this matters to tech, and the implications for society are here. Women in tech, like women in politics are necessary to offer balance of opinion, experience and expectations. Just as importantly I believe it should reflect all the different parts of society in ethnicity, able and disabled, religion and other areas. I’ve gained all sorts of valuable experiences working in the voluntary sector, as a mother and having free time for other learning since having children. But it is mainly my professional experience that is still examined in applications.
Whilst past experience in tech is of great value now, to go back and functionally design the system I once worked with, I would need a tech refresher. But that would be easy. What is much harder, is the expectation of my partner that for our children, I would be the one expected to take time off for sickness, unless I had a full time carer for them. And even if we were to split time off 50/50 we’d find it hard. Business travel is not compatible with home & family. So that kind of role I once had, is impossible. So the choice now to have a high-level tech job and put my children second, if sick or for six weeks of the summer holidays, is not a choice I feel fair to make, which would put my wants first and my children’s needs second. And that’s the reality of my choice. It is perhaps a luxury to have any choice at all.
In effect, in motherhood, we might call for employment equality. We may be entitled to it. But we may not always be able to really choose it in reality. In Japan, this is a real problem on a number of levels. What’s the solution?
In Alistair McClellan’s words,
“The answer to these double standards is simple: we must all be alive to criticism that is skewed by prejudice, however subtle, and hold ourselves and others to account to combat it.”
NHS England has an opportunity to do that in patient involvement organisation / positions on the tech board right now.
I do hope that some informed tech and non-tech women are considered.
The Japanese women, might have hit the nail on the head when it comes to most people’s beliefs about motherhood and working in leadership positions.
“I think only a small number of women can pursue leadership positions,” she said.
“I think in our society you have to choose whether you want to have a career or be a mother; you can’t do both.”
If you were an employer with two women of similar skill sets and experience, one with young and one without or with older children, would you see her role as a mother as a negative effect on the likelihood of employing her? I believe so.
Not because of the fact she had children, but because of the potential secondary demand on her time. As a ‘working’ mother, a woman always has a second job.
For female employees in tech, I believe that counts against us. I believe I will only be able to go back to full time tech work as an older woman, once my children are out of school. That will bring challenges of its own. So whilst we may seek equality, and we told we are all equal, I do wonder when it comes to the paid, working life:
Yesterday, July 3rd, was Kafka’s birthday. I started to write about him, and fell asleep with a book in my hand, waking in Kafkaesque style this morning not knowing where I was or why. But thank goodness, I did not wake up as a beetle. 
The overly used descriptor Kafkaesque has more recently come to take on a generic meaning, and his name associated with a dark view of the state and surveillance.  I wonder what he would have made of it?
The surveillance state is more contemporary than ever in mainstream thought, since Snowden, a year ago. We can look at The Trial, in which the protagonist is accused of an unknown crime, under assumed guilt and secrecy surrounding the process and reflect on the latest moves towards a secret court in the UK. In ‘The Great Wall of China‘ Kafka considered both points of the debate how to protect the People from outsiders, the Barbarians. As we see security at airports tightened today against an invisible threat, its central theme as valid today as in the 1920s, exploring the authority’s exploitation of fear and uncertainty over what constitutes a nation and what should be defended. In Das Schloss ‘the Castle‘ the authorities are drowning in documents, but cannot find the one which is relevant to the accused. Kafka questions the purpose of massive data gathering when the authorities appear not use the documents they collect. Both the latter stories mentioned in Alan Greenblatt’s article, on the Surveillance Society. 
His work is perhaps more relevant than ever.
As a Germanist, his work featured strongly in my studies, but I appreciate it more now, and am currently working on a project which is based in the time of his life (1883 -1924) and into the second world war.
It was both a fascinating and demanding time and place to live.
He was a German speaker living in what is now, the Czech Republic. The issues of identity and belonging are everyday ones for the residents like him, in a country whose borders were fluid and changing. Whose government switched the state language between Czech and German, and issued new passports in his lifetime, more than once, and in state institutions in which it was dictated how many employees should be of which – Czech or German – ethic origin. It is little spoken of today, but the fifty years before WWII set the stage for the struggle of ethnicity and its horrific consequence for millions of ordinary citizens in post war Czechoslovakia and its neighbours. The resulting forced migrations  of 3 million ethnic Germans from the Sudetenland alone, and the deaths of a disputed number in the region of half a million, and up to two million more who disappeared, is a little talked of consequence of the war and its preceding years.
He died before this, in 1924. His best known works are those in which the State, power, identity and emotional struggles are entwined in dark and often unexpected situations.
His work is ever popular, and his many themes, quotes and associated artwork are widely used. His concepts contemporary.
He was reportedly an avid reader, and advocated reading books which challenge:
“I think we ought to read only the kind of books that wound and stab us. If the book we are reading doesn’t wake us up with a blow on the head, what are we reading it for?”
– from a letter to Oskar Pollak (January 27, 1904)
“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is doublespeak talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”
Today at the Health Select Committee Mr. Tim Kelsey, on behalf of NHS England, said that care.data pilots will be in October/ November and in the meantime they are listening to the “constructive challenge to NHS England how to build trust in the [care.data] programme.”
Here’s my real experience of that listening, why it may not help and what still needs done. (And in under 4 months if in time to be of any use for the pathfinder pilots, which are only of use to the whole if done properly. )
[Part one] care.data communications and core concepts – Ten takeaways from the Open House event.
The NHS England led Open House Day  on June 17th was a listening opportunity according to the draft agenda for:
“patients and the public to influence the work of NHS England at national and regional level.”
Within the other programmes of Patient Online and Patient Participation, care.data was a one hour session. It included the blue plasticine people short animation, a speech by Mr.Kelsey, a 15 minute table discussion on one pre-given theme from a range of four, reading aloud the summary of that discussion from each table within the room, one question per venue raised outside the room to the panel via video link in London, and their answers. Our discussion topics were brief, controlled and relatively superficial. It could have been a productive day’s workshop on only that.
The Open House took place simultaneously in four venues across England, Basingstoke, Leicester, York and London, connected through a live videolink at a number of points throughout the day. The recording in part, can be viewed here.
I attended the Basingstoke event, particularly keen to learn about national programmes such as care.data and hear about any updated plans for its rollout, to learn about patient online, and to meet the NHS England team in the South as well as other interested people like me. I hoped for some real public discussion and to hear others get their questions aired, shared and on the table for resolution.
I met one other ‘only’ patient and whilst I was kindly told by a further active PPG organiser, that I should never refer to myself as ‘only’ a patient, but you know what I mean. I’ve applied as a lay rep on our local CCG for an opening next year, until then, I’m learning as much as I can from others. Other attendees I met were those already more closely involved with NHS England in some way already. As NHS England staff, facilitators, representatives from Clinical Commissioning Groups, Patient Leaders and PPG leaders.
Here are some of the things I learned:
1. Public Awareness
Mr.Kelsey asked the room (he was in London, other locations took part by live link) how many have:
a) heard of care (dot) data and
b) how many think they understand what it is is?
We couldn’t see his room, but he said ‘about half’ understood it. Our room’s show of hands was similar.
My reaction: One would expect everyone attending to have heard of it, the event after all was billed as in part about care.data. The level of understanding should be higher than the average in the public, since many (in Basingstoke at least) were NHS England or more involved than the average citizen.
Feedback overall was consistent with the latest MORI Ipsos poll  commissioned by the Joseph Rowntree Reform Trust in which the minority know it well and over 50% say they have never heard of it. That’ s a long way to go to reach people, inform them adequately to meet legal Data Protection minimums and let them enact their patient choice.
2. Communications Message
A consistent, frequent communications message is that ” there are FAQs and materials, we have the answers, we just need to communicate them better.”
My response: communication is failing because the core scope of what care.data is, is fluid. Without something concrete and limited, it cannot be explained neatly. As one NHS England communications member of staff said to me this week, ‘we haven’t got an elevator pitch.’ So it’s not about the materials or the methods, it’s the substance that is flawed. When you’re talking about extracting, storing, sharing and selling some of our most intimate information, a vague notion of pooled experience is not good enough to trust. People want to know exactly what information, is being shared for what purpose, with whom, where. And how long will they keep it for? NHS England simply do not have the answers to that, so, that elevator pitch? It’s never going to get off the ground in a meaningful way. And anything less than the answers to those questions, doesn’t meet the Fair Processing requirement of Data Protection Law.
Today at the Health Select Committee Mr.Kelsey was asked, will patients be able to trace in future where their data went? There was a rare and stunning silence. And after a benefits statement, there was still no answer given to the question. [update: Hansard now available, Q525/526]
Mr. Kelsey said, on rollout timing that NHS England would take it ‘as slowly as we need to.’
My response: This reiterates the ‘no artificial deadlines’ but appears to be doublethink in contrast with the statement confirming ‘autumn 2014′ extraction for Pathfinder (pilot) 100-500 practices. How will the pathfinder (pilot) locations be ready to test a communications process which as yet does not exist? How will it pilot a consent process for young people, the vulnerable, those with complex health system needs, the at risk, those outside ‘the system’ with GP records? A process which by its nature must be applied to any opt in or opt out choice, if others make a decision on their behalf yet from the meetings’ discussion, whose informed consent appears not even begun to be considered? Or how will solutions to past Data protection Law failings be found from thin air, when data has been breached in the past, continues to be shared in the present and there is no solution to resolving those failings for the future?
4. Language simplification
There is a tendency to oversimplify the language of the Care Act, into ‘care.data will not be used for any purpose other than ‘health benefit’ – whereas benefit is not mentioned in the wording:
My response: Is to question why this is? Does benefit sound better than promotion perhaps? Again, words should be used accurately.
5. Users simplification
NHS England are similarly very keen to point out explicitly that care.data cannot possibly be used for insurance or marketing purposes, such as junk mail.
My response: Yet again, the wording of the Care Act does not state this explicitly. In fact, it leaves pharmaceutical marketing for example, quite open, ‘for the promotion of health’. And there is no legal barrier in the Care Act per se, for firms which receive data for one purpose, such as BUPA the hospital provider in London, using it for another, such as BUPA as refining premiums. BUPA Health Dialog received individual level patient data in the past. How do those patients know what it was then used for or shared with? Perhaps Data Sharing Agreements can specify this, but the Care Act, does not.
6. Use by Data Intermediaries to continue
care.data will continue to be on offer to third party Data Intermediaries it was confirmed in the panel Q&A.
My response: some third party intermediaries in part perform outsourced data services for the NHS. But do they also use the data within their own business to inform their business intelligence markets? They sell knowledge gleaned from raw data onwards, or have commercial re-use licenses for raw data over which we in the public have no visibility or transparency. We cannot see within these businesses how they build their own ‘Chinese walls’, self-imposed restrictions to ensure security between different parts of the same umbrella organisation. Allowing third parties to re-sell data means control over its use, owners and management is lost forever. Not secure, transparent or trustworthy. I explore their uses with commercial brokers more here in a previous post.  Considering I was told that my personal confidential data will not be shared with third parties, in a letter signed by the Secretary of State for Health, I am most unhappy about this. I will find it hard to trust new statements of best intent, without legislation to govern them.
7. Data Lab – restricting user access
Mr. Kelsey indicated that going forward the default access to our health data will be on the premises of HSCIC, the so called “Fume cupboard” or “Data Lab.” However he noted, this would not be for all, but be the ‘default’.
”The default will be access it on the premises of the IC. That won’t be universal for all organisations….”
My questions: Whilst a big improvement from giving away chunks of raw data via CD or to remote users, these processes need documented and publicly communicated for us to trust they will work. How will we know who all the end users are if the same rules do not apply to all? How will those exceptions be granted? Documented? Audited? Will raw data extraction still be permitted? It’s the exceptions which cause issues and in future, the processes and how they are seen to be governed must be whiter than white. For those with direct access, users of the HDIS or HES, will a transparent list of users be published? At least for now, they do not show up on extraction audits so the public cannot see what those users access or why. So, a good step, but can’t stand alone.
We were informed, an Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, has agreed to advise the care.data Programme Board to evaluate the first phase pathfinder (pilot) stage.
My feedback: I find this interesting not least because the Information Governance Review  under her direction in March 2013 decided that commissioning purposes were insufficient reason to extract identifiable data. Personal confidential data should only be disclosed with consent or under statute and “while the public interest can also provide a legal basis for disclosure it should not be relied upon for routine data flows. [footnote, p.63]“
What value is Independent Governance if it has no legislative teeth and can only advise? At the Health Select Committee today, he said she would be able to offer a view, and a number of parties will be able to express views & be ‘in agreement’. But I wonder who owns the ultimate final go/ no-go decision whether the pilot should progress to full roll-out?
9. Anonymous Sounds Safer
Feedback on the handout: The care.data notes need not only to be accurate but transparently truthful.
In my opinion, words are again misused words to indicate that data is anonymous. 1706204_datauses Whilst the intention of the merged CES output (GP records combined with HES files) may be that some users will see only pseudonymous data, the extracted and stored data is identifiable unless opted out. Name is held in the Personal Demographics Service.  This is one of the key communications messages I have taken up with HSCIC, NHS England, raised to the DH through my MP. To reassure the public by saying name is not stored, is deliberately deceptive unless it states simultaneously that it may already be held in the PDS and/or linked on demand.
The Partridge Review  has dispensed with the notion that data is anonymous once and for all. Now it must be managed accordingly as identifiable data within Data Protection law and communications must stop misusing the anonymous concept to reassure the public.
“It’s a beautiful thing, the destruction of words.” ( George Orwell, 1984)
10. My own experience of engagement
The most interesting part of the day for me personally however, were the discussions which were unstructured and when we were free to talk amongst ourselves. Unfortunately, that was very little. The structure (at least in Basingstoke and appeared similar on screens elsewhere) was based around tables of about 10 which included at least two NHS England staff at each.
At the end of the morning session, before lunch, as the other participants had left the table, a Communications person and I got into conversation on the differences between care.data, the Summary care Record (SCR) and where Patient Online was to fit in our understanding of which data was used for which purpose.
We discussed that since care.data is only monthly retrospective extracts, not for real-time record access, it would not be a suitable basis for Patient Online access – care.data is for secondary uses. So, we moved onto the challenges of SCR access at local level and how it will be possible to offer everyone Patient online when so many have opted out of the Summary Care Record. We began to talk stats of SCR availability and actual use in hospitals.
Sadly, the table facilitator appeared to decide at that point, that our discussion needed guidance and rushed to fetch a senior member of staff from Strategic systems. And rather than engaging me in what had been a very positive, pleasant two-way conversation, with the Comms person asking me questions and our exchange of views, the Strategic Head took over the conversation with her NHSE team member, effectively restricting further discussion, even with her body positioning and language. Being informed is OK, as long as its the ‘right’ information?
I don’t think that’s what patient engagement is about. The subject needs real, hard discussion, not just managed exchange using pre-designed template cards of topics that we are told we ‘should’ discuss. Perhaps ignorance is strength, but in my opinion, keeping Communications staff informed only ‘on message’ and not of the wider facts and concerns is shortsighted and does them, and patients, a disservice, but then again:
“If you want to keep a secret, you must also hide it from yourself.” (George Orwell, 1984)
“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”
Patient participation in general practice: exploring how can you be involved in the changes in general practice, including the introduction of the Friends and Family Test and changes to the GP contract in relation to Patient Participation Groups.
Patients Online: This session was to enable attendees to find out more about work to increase the number of patients who can access their health records online, book GP appointments online and order repeat prescriptions. The accompanying film was described by a fellow table guest as, ‘awful. Too long, dull and dry.’ It felt that there was a lot of weight given to this part of the day and that the uses of data during the event were all mixed into one pot. care.data will not be the source for patient online access, yet we came away thinking of the data as one source to enable that purpose. Poor communication or clever marketing, will depend on your point of view.
The big picture however, of how our health records will be used and bring benefit is in my opinion, being manipulated and purposes conflated to make one thing seemingly lead to another, which are in fact unrelated.
care.data is for secondary purposes, not direct care use by physicians for example. We are told this sharing of data is a requirement for other things as well. Firstly for patient safety and quality. And for integration between services.
Mr.Kelsey said at the Open House day, (around 36:00 minutes in, if you listen yourself) “we’ve all heard this word integration, I’m not terribly sure what it means, but I think what it means is that local people have a proper say in the way that health services are designed. So to give you voice, to give the local community voice, care.data is really important….”
I should hope that Mr.Kelsey has a jolly good understanding of integration and knows exactly that it is the merging of health and social care under the motto ‘transformation’. Social care under ADASS and health care are under all sorts of pressures to integrate, budgets are being pooled, shared and ring-fenced in various discussions, including my local county Health & Adult Social Care Select Committee:
“…Director Adults’ Services, told the (Chichester) Committee  in November 2013: The Care Bill would mean a radical whole system change involving the biggest ever transformational change for Adults’ Services The Council was building the foundations for further significant change.”
Perhaps on the day, he meant something else.
Mr. Kelsey did, in his speech note however, that the programme should be respecting the fact it is *their* data, *not* the NHSs. (This is in contrast to his previous position in which patients should not be given an opt out choice – Prospect Magazine, 2009 when his stance was “no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised”).
It’s an argument oft repeated that we should *own* our data, but somewhat meaningless if it took a campaign and public outcry to require an opt out mechanism, and put the programme on hold. I feel the language is being manipulated to create the impression we don’t already own or have rights to our health data. The opposite is true. And many know that, just see the killer question below from Leicester. As long as records are held only at GP level, we will have much greater control and visibility of their use, than if shared centrally.
Many I have spoken with ask why it is not possible to leave data at local GP level for only clinical care, and extract nothing identifiable from hospitals without consent?
Other People’s Questions
In that vein, I summarise what 4 other people asked Mr. Kelsey and his panel in London about care.data on the day, and what I felt was missing from the answers to give balanced communications. The locations of about 80-100 people at each, were each allowed to put forward one question to the panel via web link, the question selected from all those discussed at the tables, by an organiser at the site. They covered Benefits / Data Uses / Confidentiality / Communications.
Question selected to be asked from Basingstoke: “If people opt out of giving data will then the results not then be inaccurate?”
The larger volume of data, the better quality the data will be, the greater the benefits will be. Choosing not to opt out. That will, depending on the volume of that, affect data quality to a degree we won’t know that. Over time, once people’s concerns have been addressed, we hope that quality will improve.
Missing from the answer:  HES data is cleaned, SUS data is not, and both are known to have significant quality issues on validity and accuracy. The data has been extracted and stored for twenty plus years. Higher volume of data does not equate with a higher quality of data. You don’t make a better quality haystack, just by adding more hay. The volume of data is less important than it be representative of all parts of the population, but there is a risk that those opting out tend to be, as one GP has told me, ‘the white middle class and educated leaving others overly represented’. Only having more data is not a solution for quality.
Question from Leicester: “Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”
Panel: New legislation was brought in which made it very clear, data could only be released for the benefit for health and care, and it cannot be released solely for commercial purposes – yes, data can go to a private sector organisation, yes commercial companies, but only where they are working for the benefit of health and care, for example, Dr.Foster Intelligence, or other data information intermediaries who do a lot of work with data and who do a lot of work with the NHS to help inform decisions. Data will still be available to commercial companies. The other point, there is going to be independent scrutiny, which will be formalised within the law, to have independent scrutiny by the Confidentiality Advisory Group, which already exists which can independently scrutinise the releases.
Missing from the answer:care.data is not for clinical care. This indeed is our data and belongs to patients not NHS England, and should be respected as the NHS Constitution requires. Data continues to be released, and will continue to be so even under the Care Act legislation, to third parties in financial transactions. No recipient organisation by function (such as insurance) is excluded per se, rather recipients are judged based on their intended use of the data. The precise terms are open under the Act :
Question from London: “How do you propose to reset expectations and perceptions, with any future communications, and given that the way the first round was handled, provoked apparently such strong public resistance and suspicion about the NHS England motives?”
Panel spokesperson: We didn’t get it right the first time round, partly because we approached that at the National level. There was a leaflet that went out nationally. We will work with the 100-500 GP practices, and work co-produce materials in those areas and work with what is already there locally, GP practices, LMCs, PPGS, Healthwatch, using local knowledge, and patients so we can make sure everyone can understand, we understand how we can communicate this, what the concerns are, so we can get the message across, so everyone can understand what the choice is and what this is about.
Mr.Kelsey added: …[...]This isn’t about us and you, this is about us collectively. How do we ask patients and citizens for permission to use their personal information…we need to get that conversation right.”
Draft FAQs and information sheets to use in those conversations were on the table for participants information and to take away. The Data Uses page wording is interesting but poorly phrased, as it misled a couple on my table to think the ‘extraction’ was not identifiable. (see point 9 above). And the Benefits case study header is “How might it reduce variations in cancer treatment & care” but concludes that actually the Cancer Registry already does this, and they instead mean something similar would be useful for diabetes. This misuse of benefits makes me think, they’re finding it jolly difficult to find real ones. But if we all at these public meetings, believe the presented stories with the positive spin as fact, then fact they will become.
“And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth.” (George Orwell, 1984)
It is vital in my mind that care.data communications match reality of what needs done technically and in procedures, to drive expectations of what care.data will deliver and when. Why does an easy read brochure make no mention whatever of who data may be sold to? There is no mention of what organisations continue to receive HES and wider data. Instead it talks about data being shared to ‘know the health needs of everyone’ yet the very people who are outside the system are the ones whose needs we don’t know today – there is a huge amount known from the rest of the existing patients’ needs from QOF and other GP data extractions, even that used in CPRD for research – purposes for which GP records under care.data are not approved.
The current doublespeak between the comms message and the reality are so far apart, between the technical possibility of what can be done well now, and what needs done to achieve the hoped for benefits, that the current message is setting up the project for failure and benefits will not be realised any time soon. It’s not ready to roll out through ‘improved communications’.
To be fair, the smaller workshop I attended on the 27th, flagged ‘still need to consider how best to engage here’ with many population groups. But it appears to me the Communications teams are effectively doing their best to package something which is not ready to be wrapped. To dot the i on the report, when the chapters aren’t in place yet.
“They were engaged in producing something called an Interim Report, but what it was that they were reporting on he had never definitely found out. It was something to do with the question of whether commas should be placed inside brackets, or outside..” [1984, George Orwell]
I’ve worked on both technical and change management/ communications teams [in another industry]. Project teams’ close working and each having an understanding of the other is vital. But the team members I have met so far, appear to work in silos, without enough linkage to know the functional gaps between them, in technical system, procedures and the link to change & comms. There is no way in my lay opinion, that a pilot of these half-formed knowns will be ready for autumn. For the NHS England leadership to continue to plug that it is, with messages of emotional manipulation of why more data is needed, will condemn care.data to Room 101. A tortuous drawn out reformation of an existing concept. When really it needs planned afresh from the ground up to get the needs of the people it should serve designed into its consent, collection and communications processes – not added on as the ribbon at the end.
I was more optimistic about the benefits in the past, as long as the procedures around consent, governance and security were addressed. Having spoken with and listened to the needs and concerns of various charity representatives this week, at another smaller event, I am much less so. Their complex needs, people who go in and out of different parts of the health and social care system at different times in their lives, with real concerns around confidentiality and risks have not begun to be addressed. Real issues for all of disclosure to GPs to ensure care may affect us all. But for many of their clients, they have needs which often carry huge trust and security issues which could put not only their medical care, but their faith in the charities and people working with them, in jeopardy.
I may be in a minority, but I’d rather have my factual understanding and ask hard questions than hear only a tailored communications message, if we are to get this right for our public good.
“Being in a minority, even in a minority of one, did not make you mad. There was truth and there was untruth, and if you clung to the truth even against the whole world, you were not mad.” (George Orwell, 1984)
I therefore asked the group at the end of the morning workshop, as Mr.Kelsey had done at the Open House event, how many of the attendees were really comfortable and confident that they knew what care.data was so that they could be a go-to point for questions, or even advocate for the programme as NHS England hoped.
Did they understand what data would be extracted, why and used by whom. About 1/6 raised a hand. That’s *after* the event at the end of the morning spent discussing what issues exist for hard-to-reach, or as one attendee said ‘easy-to-ignore’ groups, and how communications channels will reach them.
One said he did not need to know all the facts to help be a comms channel. Another said he wouldn’t advocate for something he himself did not believe in. It was the first time we started to get genuine cross-group discussion, when in the meeting the table model had been employed again, but for those groups, disabilities, challenges, societal issues are not in silos. Real debate, of hard issues is needed, and yes it’s awkward and might not be able to be ‘managed’ in the same way, but it’s real.
Our group identified a similar basic concept need across their client interests – a rolling consent model which allows opt in and out to change over time. Consent not only for what parts of planned uses the data would be used, but should also consider what parts of the record they are happy to share. Military, youth offenders, teens, the at-risk nature of these groups may mean they wish sections of their history to be restricted if not used for clinical care. And they may wish to share data when under the care of a GP but restrict it again, when under a military one. Or teens may be happy to permit data sharing at another time in their lives, but not permit access to their whole history. The DH Youth Offender expert raised the prickly issue of teen confidentiality and how will consent be gathered when parents may not tell them about the scheme at all, thinking there is ‘nothing to know’. We explained the concept of Gillick to the comms staff and that it’s not about an age of consent in the normal legal sense. What happens if a teen finds out their data has been extracted and wants it removed as teen or adult? We asked about name stored in the Personal Demographics Service and asked why data could not be deleted if clinician and patient both agreed a mistake had simply been made.
These complex and simple core questions need asked to get the whole thing built on a sound and trusted foundation. And they need to be in place for a pilot to make it worth having at all.
If the needs, concerns and understanding of the reps in the room can’t be addressed in a dedicated workshop, how will a remote campaign achieve it for the population at large?
Some at our table asked why the system needs more data when you haven’t managed or used much of what we had in the past? I would also ask what progress is to be expected on unresolved quality and procedural issues with the current systems and data? Simply adding more hay to make a bigger haystack, does not make it easier to find a needle.
No wonder we can ask if it is really not just about commercial uses which comms don’t want to talk about, wonder why you never mention the data linkage service using PDS data  held and have concerns of overzealous surveillance by Big Brother.
Some are concerned that patients lose trust in their GP and withhold information. Others about this honey-pot of data for the individual citizen’s security. Professionals have voiced concern for GPs and consultants if factual misrepresentation by statistics used for ‘ranking and spanking’ will adversely impact their decision making and make them more risk averse. In a negative way. Or with respect to waiting times and treatment, the heavy use of data in measurement creates a risk that it is misrepresenting the facts through lack of context or even, as in several high profile press cases recently, that such pressure is felt, that records are falsified.
“And when memory failed and written records were falsified—when that happened, the claim of the Party to have improved the conditions of human life had got to be accepted, because there did not exist, and never again could exist, any standard against which it could be tested.” (1984, George Orwell)
I’m concerned about all of the above. Perhaps holding care.data in room 101 until it is a manageable and explainable concept, backed up with technically and procedurally sound processes, would be the best place for it, for some time to come. Results and expectations create failure if they cannot marry up in reality. This isn’t about communications. If you don’t really know what you’re communicating and can’t get it understood easily, then it’s back to the drawing board.
My concerns about care.data are heightened, not allayed by the NHS England apparent relentless rollout and focus on communications. Whilst they say in doublespeak it will take as long as it needs, there is talk of a Oct-Nov pilot launch. A pilot must test the finished model at small scale, not a less-than-half-ready one. Whilst the public push is all about finding the right communications, what is needed is fixing flaws in core concepts.
Doing without it, and waiting, would be better than doing it wrong.