An ode to care (dot) data

To be or not to be, that is the question.
O, what men dare do!
Two gentleman of Verona
Measure for measure
and in a Midsummer’s Night’s Dream
And like the baseless fabric of this vision
imagined there would be much ado about nothing.
Mum’s the word!
But this denoted a foregone conclusion.
Open-eyed conspiracy!
Wherefore are these things hid?

Oft expectation fails, and most oft there
Where most it promises.
The plan would be a winter’s tale.
But as you like it
or as not
Damn’d be him that first cries, ‘hold enough’!
These tedious old fools!
The tempest doth make delay.

Will the work done be love’s labour lost?
Will the storm nay be calmed?
Sigh no more, ladies, sigh no more,
Men were deceivers ever.

Would they want that chinks be earned
Gold? Yellow, glittering, precious gold?
No, Gods, I am no idle votarist!
All gold and silver rather turn to dirt!
As ’tis no better reckon’d, but of those
who have want.
“Shylock, we would have moneys,” you say so
the pound of flesh which I demand of him
is dearly bought. ‘Tis mine.

What might be toward, that this sweaty haste
Doth make the night joint-laborer with the day:
Who is’t that can inform me?
Friends, Romans, countrymen, lend me your ears!
Who bare my letter, then, to Romeo?
The letter was not nice but full of charge,
Of dear import, and the neglecting it
May do much danger!

Ignorance is the curse of God;
knowledge is the wing wherewith we fly to heaven.
No legacy is so rich as honesty.

For all this same, I’ll hide me hereabout.
His looks I fear, and his intents I doubt.
And exempt from public haunt,
finds tongues in trees.
You are thought here to the most senseless and fit man for the job.
Alas poor Yorrick
a fellow of infinite jest, of most excellent fancy.
Conscience doth make cowards of us all.

And enterprises of great pitch and moment
With this regard their currents turn awry,
And lose the name of action.
What’s more to do,
Which would be planted newly with the time,
How poor are they that have not patience!
Yet, do thy worst, old Time: despite thy wrong.

Don’t trust the person who has broken faith once?
The quality of mercy is not strain’d
I have spoke thus much
To mitigate the justice of thy plea
If we should fail –
We fail!
But screw your courage to the sticking-place,
And we’ll not fail.
All’s well if all ends well.
Love all, trust a few, do wrong to none.

Now this overdone or come tardy off,
though it make the unskillful laugh,
cannot but make the judicious grieve,
the censure of the which one must in your allowance
o’erweigh a whole theatre of others.

What’s done can’t be undone.
Forget, forgive, conclude, and be agreed: Our doctors say this is no time to bleed.

*****
Words taken in tribute,  from the works of Shakespeare
(23 April 1564 – 23 April 1616). 

All his words, not necessarily in the right order.
Celebrated on the date of the 450th anniversary of his birth, on  Metro considered, what if Shakespeare had Twitter?

Care.data – Getting the ducks in a row

Good Friday has different meanings and traditions across the cultures. For some the most sombre day of their church calendar. For others, another Bank Holiday and start of the long weekend in spring. For Mr.Cameron this year, getting stung by a jelly fish abroad.

For me, visiting family in a small nordic village, it’s the day of the annual duck race fundraiser.

2,000 numbered plastic ducks are thrown into fast moving water high upstream, and the public waits and watches anxiously as the toys approach the central village bridge and race beyond. The first to hit the finish line net at the weir after an arduous course, is the winner.

There are lots of obstacles along the route and some ducks get stuck. Children are allowed to pick up those off-track in side eddies and hurl them back into the main channel. As a parent, you inevitably lose your child at some point in the crowd, fret they may have joined the ducks for a swim, and the whole race always takes longer than we expect.

So, it feels, as a citizen and patient, is the current progress of care.data.

There was a misjudged start. There’s lots of obstacles still to overcome. It looks like the finish line is getting clearer. And some believe it might take longer than first thought.

Whilst on holiday I’ve taken time to read over the recent letter, to colleagues, from Tim Kelsey & NHS England. It’s addressed to colleagues, which I’m not, so perhaps it feels a little like looking over someone’s shoulder on the train, but hey, It’s the only update we’ve got.

Looks like some positive acknowledgements and steps are in progress:

  • We will work with stakeholders to produce support materials, such as an optional template letter for patients and ways of making opting-out more straightforward
  • We need to do more to ensure that patients and the public have a clear understanding of the care.data programme
  • This work is continuing and we will update you on these changes separately 
  • We want to hear your views and suggestions so we can take action to improve and build confidence in the care.data programme. We will also be engaging with patient groups, GPs and other stakeholders through local and regional engagement events

Notably, it’s the first time NHS England has said opt out. In the past it has only ever been an objection. As a linguist, language is important to me. And the two are not synonymous no matter how often I may be told by NHS England that they are to be used interchangeably.

It’s the first time there really feels like more give, and less we’ll take without asking you first.

And it’s the first mention towards offering local and regional engagement.

There are some new hints which need explanation, such as a change towards who may use the data – described always as for secondary uses, clinicians and patients using it is new:

“Care.data is an initiative to ensure more joined-up data is made available to clinicians, commissioners, researchers, charities and patients.”
And there are some ideas which are making progress, but seem a little stuck.
“In addition, steps have already been taken in making changes to the law”…

Whilst changes have been put into the Care Bill, other rather sensible ones, such as legal penalties for data misuse were rejected. And the purposes are still so loose as to be possible to give data for a wide range of ‘health purposed’ clients. That was the day in which it appeared fewer than 50 MPs were in the chamber to hear the Care Bill debate in which nearly 500 came in to vote. (How they can reasonably and effectively vote on something in which they did not hear the debate, I don’t understand.) These are legal changes I believe which need hurled back to Parliament to get them on track again.

Experts much wiser than me, have made a proposal of comprehensive amendments, and seem, from my lay understanding, both really positive and practical.

The “optional template letter for patients” may be something GP practices could consider using to contact individuals where they know that leaflets were not delivered. Even Dame Fiona Caldicott did not receive hers. (BBC PM listen from 33:30)

If centrally, it is known where they did not reach patients, it would be helpful for GP practices to then be able to evaluate if there is an additional need to contact their patients. For example, in my area, no one I have spoken to received a leaflet.

Perhaps that might seem trivial now, and in the past, but for trusting the scheme I believe it is really important to know why that was. Because since no opt out was originally planned I want to know that the intention was truly to tell us all. Did they print enough? Distribute enough? Follow up at all? I’ve asked to find out.  After all, it was our state money that paid for it. A previous Freedom of Information request, on the status of its distribution with Royal Mail, from Phil Booth of MedConfidential appears to contradict ministerial mutterings that said an exception was invoked. I know that for myself, I had not opted out of junk mail, yet I still didn’t get one. I knew to look out for it and inspected my pizza flyers and dog walking leaflets in every post in January. No leaflet and all of my friends were the same.

If the experts such as Dame Fiona, the GPES advisory group which in September had:

major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”

and ICO felt the leaflet went out with the wrong content and was rushed then I want to know why, so that the same people are not making the same decisions, and will cost us time and trust again. Why it went ahead against every expert’s better advice is important to understand. “Regrettable that you are not now able to take any of our comments into account” was ICOs comment and the sentiment seems echoed by Dame Fiona on today’s radio broadcast.

Even a lay person like me, could see it was a disaster about to happen.

My suggestion, was that role-based patient communication would be much more understandable. Take some stereotypical sample citizens, map their ‘day-in-the-life’ using HSCIC data systems, show how these interactions send data to HSCIC and map them to show what data is extracted and where it goes, is stored and may be viewed and distributed by whom. There are an awful lot of individual scenarios so no model may match any real patient experience, but looking at it backwards, take all the HSCIC systems and extract a situation which would send the data up. A&E, School nurse, Electronic Prescription Service, Choose&Book, GP screening. Mental health call centre. It would be possible.

People should know what data, is extracted when, why and who will use it. Visuals are better than words. The leaflet failed in the case of care.data, but would an individual letter have achieved more, in just a few sentences?

More has been achieved to raise our awareness of the Health and Social Care Information Centre and Government uses of our health data, through all the hoo-ha in the press, and the re-tweet by David Nicholson of the care.data downfall parody, than by the original leaflet. Perhaps the leaflet’s measure of success was not intended to be a 100% reach at all. I hope we’ll understand more soon.

(** for updated thought 19th April see note below.) Should we presume an ‘optional template’ means that no paid letter will be provided from NHS England to all? GP practices may decide to use the ‘optional’ template to send out letters now. Professor Mathers had called for one. But I wonder if GPs themselves will be expected to bear the cost, of an imposed central initiative for which there is no choice to participate and yet the GPs are legally liable Data Controllers for complaints? If no funding is offered, and GP practices decide not to send letters out, it would seem a risk trade off. The risk of a patient complaining or indeed legal action, if they did not know their data was going to be extracted and and potential risk for harm ensued. Yet fair processing should be a Data Protection Act requirement. But is it for care.data?

This week also saw the list of number of patients published by GP practice. Helpfully with postcode. So if my practice were to want to post a letter to every patient in my area, at 53p second class, it would cost around four thousand pounds. I don’t know if they get any bulk discounts and one per household might reduce numbers. But that’s a lot of money – but perhaps (**) it may be covered centrally after all, though the letter does not indicate that? (I now also know how few over 90 yr old men are registered, if interested).

It seems like there is much positive going on in the undercurrents of the care.data developments, which the general public cannot see, such as the care.data advisory group work-in-progress.

There would seem much which needs work in a very short space of time for relaunch in autumn. But if Dame Fiona Caldicott, Chair of the panel set up to advise NHS and Ministers on the use and governance of patient information, said she thinks we need longer, then I am sure she is right. To take as long as is needed to get it right would seem sensible. To rush and fail a second time, would be irretrievable. Surely, her advice would not be ignored again?

The HSCIC this week also released the Framework Agreement between the Department of Health and HSCIC. 

It will be interesting to see if this affects and changes the HSCIC roadmap. In my opinion, it should. The care.data addendum to widen commercial uses was pushed back but is still to resurface. There is still no clarity around commercial re-use licenses. These commercial drivers should come out if Mr.Hunt’s rock solid assurance is to be believed which, “puts beyond any doubt that the HSCIC cannot release identifiable, or potentially identifiable, patient data for commercial insurance or other purely commercial purposes.”

At the moment I would hope the HSCIC roadmap would change in its commercial focus:

“especially in relation to the potential sale of data”. 

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

It remains to see if it does.

That framework is a good read with a hot coffee (and a short snaps if you are where I am). What’s missing for me, is any reassurance at all that the HSCIC will remain public. There is a large chapter on what process would need to be followed if it were to change structure or be merged. And therefore does not rule out a private owner of the single central repository for our health, social care, research and recipient of integrated ONS data in future.

“Any change to its core functions or duties, including mergers, significant restructuring or abolition would therefore require further primary legislation. If this were to happen, the Department would then be responsible for putting in place arrangements to ensure a smooth and orderly transition, with the protection of patients being paramount.”

It would appear to me, that a future intent to privatise the ownership of care.data and more could remain open. Certain aspects of the day-to-day functions were potentially to be outsourced in a past ISCG roadmap. I would hope the core will remain firmly State owned.

Bizarrely, duck races are not treated equally across the globe. Wisconsin recently repealed their ban. It seems almost as bizarre, as the idea of selling our taxpayer financial and VAT data. Or our school pupils personal details. I wish I could say, one of these stories were not true.

What the duck is going on with Government’s attitude to our personal data?  The Cabinet Office seems to be failing to give out legally required Freedom of Information responses, and yet happily selling the knowledge of our health, wealth and our children?

“These regulations also allow the department to disclose individual pupil information, subject to the Data Protection Act 1998, to named bodies and persons who, for the purpose of promoting the education or well-being of children in England are conducting research or analysis; producing statistics; or providing information, advice or guidance. The department may decide to share pupil and children’s information with third parties on a case by case basis where it is satisfied that to do so would be in accordance with the law and the Data Protection Act, and where it considers that such disclosure would promote the education or well-being of children.”

So if McDonalds wants to run a healthy eating campaign, would they qualify?

Open Data does not equate (must read) with being open with all of our data. Tables and summaries at aggregated level of statistics are nothing to do with individual level data. Before any Government body considers if they should enable private and other organisations to use data more freely and effectively, and their stance on charging and profit from use of data, they should think twice.

Remember the daft Deregulation Bill 162? It revokes the need to sell pre-packed knitting yarn by net weight and other nonsense. Perhaps it is the ‘Exercise of regulatory functions’ which is the root cause of much of these  issues on the monetisation of our data:

Clause 63 provides a power for a Minister of the Crown to issue guidance on: how regulatory functions can be exercised so as to promote economic growth;

Sections 60-67 of the Deregulation Act currently passing through Parliament allow the removal of any regulation that conflicts with the interests of a profit-maker. If your body manages data, there’s really only going to be one way to meet the obligations of Bill 162. Sell it.

Someone needs to tell all the departments, if you have any chance at all of getting care.data through to the finish line, stop giving away or selling any of our personal data which we trusted you with for an entirely different original purpose.

Whilst there are many people working on many manoeuvres to get all the ducks ready to relaunch for care.data, the Government has to pay attention to the whole race. If we lose faith in the Government to make wise decisions on what will be done with all data we share for a given purpose and find later it is given to others without our knowledge, we won’t trust it with our health data. If the data warehouse may one day be sold off, then all the gameplanning and rules in between will appear to have been pointless.

This is not a race to the finish with the least bad option. Care.data needs to be exemplary if it is to have any chance of reaching the podium as the world leader in patient data-sharing management. It’s got one second chance to get a relaunch.

Without public trust it will flounder. Without GPs to patient communications thoroughly thought out it and funded, it is destined for a rough ride. Without further legislative changes, it’s not going far enough to be convincing of real commitment to change.  Without these three, it will not reach the finish line.

The best summary of why we need still much work and how to respect so many of these under good governance, came out this week, from the Chair of CAG. However, we cannot expect to have all of the answers in six months time. The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data.”

So between Dr. Taylor and Dame Caldicott the wise seem to indicate more than 6 months is needed.

There are encouraging signs, but many issues don’t seem to be addressed yet at all, from the recent NHS England letter nor Framework Agreement. Above all, in common with the tax data sharing, pseudonymous is not equal to anonymous. It’s not only what HSCIC currently determines as identifiable, which we need vital improved governance to protect.

In any upcoming public communications, I pray don’t patronise the public saying that ‘name and address will not be extracted’ as the last FAQs and poster did. Explain instead what the Personal Demographics Service stores already, educate us how the PDS and linkage works and why. Details like this must not get lost in any rushed relaunch.

And other departments’ decisions must not put it in jeopardy.

Whilst care.data is getting its ducks in a row, the wider Government approach to data management seems to have gone, I can’t help but say, absolutely quackers.

——-

** 19th April Update: This via twitter comment says, if GPs get patient letters made available they only have to address them to send to their patient list. Will this happen in this case? Good news for informed communications? Let’s hope so.

No Security Blanket – why consent packages fail our children – care.data and more

As a mother, I want to know that my children’s personal data, when it is collected by any organisation, will be kept safe and used in ways I would expect. I see it as my responsibility safeguarding my children today, to also think of their future.

We should seek to protect the fundamentals in the Universal Declaration of human rights for all:

Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment.

In effect, these basic human rights seek to prevent discrimination and interference.

But it feels as though the world around us in England has gone mad. Risking stigma, discrimination, giving our kids’ personal information quite freely away and with it, their future autonomy.

Here’s five recent case studies and why they fail our young people.

The Department of Education’s National Pupil Database & Personal Demographics Service

What About Youth is reportedly using contact details directly from the Personal Demographic Service (PDS) data stored at HSCIC and the schools’ database, the Department of Education’s National Pupil Database, and giving them to IPSOS Mori, the poll research organisation to carry out the What About Youth? study on behalf of the Health and Social Care Information Centre, funded by the Department of Health. To contact our 14-16yr olds directly.

“Your contact details were taken from NHS Registration data, held by the Health and Social Care Information Centre and the Department of Education’s National Pupil Database, which contains details of every pupil in England. The NHS Registration data has been used as it is a reliable source of details such as name, address, date of birth and NHS Number. It does not include any medical data so we don’t know anything about any illnesses or conditions you have had or received treatment for.

We have received approval to use your contact details only for this study. We won’t be using them for any other purpose, nor will we share them with anyone else. “

I don’t know that any parent would find that an expected use of their personal contact details to be contacted by the third party directly.

How is the questionnaire coded I wonder, whilst “the answers will not have the child’s name and address on, so no-one who sees them will know whose they are,” the “aim of the study is to make it easier for doctors, nurses and local authorities to help young people.” So it would appear Local Authority is going to be coded at least. And your individual postcode. And child’s age and gender and ethnicity and more.

If the child (14-16yr olds) agrees to being re-contacted, I would want to know as a parent exactly how, when and for what. But parents are encouraged not to influence the child completing the form, so we may never know. The survey asks about all sorts of insecurities, not all of which I believe every 14 year old will have yet considered. Is it right that the State should intrude with these topics into my child’s private time and thoughts? The content deserves scrutiny from parents before the children are involved. At least, not done in school, we get a letter and know about it at home.

But how can the project ethically ask my child to give their consent to share intimate details not only about themselves but about our whole household and potentially agree to future contact, whilst expressly asking me not to be involved in the decision?

I wonder how pupils will feel whose parents suggest they would prefer their child does not complete it?

Surely if the Department of Education’s National Pupil Database is obligatory it should not assume OK to give out personal contact details to anyone? Some families choose to be ex-directory. Does the cross-purposes use of the Personal Demographics Service make that now impossible?

Should our children and parents, who trust that their personal details are used for registering for the basic rights of health and education, not be allowed to trust those contact details are held in confidence, rather than shared with third parties?

What is the government thinking about, as it manages our young people’s data privacy?

The National Citizen Service and Health Data stored at the Health and Information Centre

While I was looking more closely at the DAAG (HSCIC) minutes this week as related to care.data, I looked at the approval for consent advice and request for future data linkage with the National Citizen Service (NCS) project, open to all 16 and 17-year-olds in England. The request checked that the consent was appropriate for future sharing of Mental health and Hospital Records with the Cabinet Office.

While I was at it, I took a look a close look at the NCS sign up process. At the bottom of the online register in small print was the required check box to proceed:

I agree to my personal data being stored, shared and used by the NCS Trust and other organisations to inform me of NCS and graduate opportunities and to support the delivery of NCS and its graduate programme. I agree to the NCS Terms & Conditions and Privacy Policy.

Then you need to click down twice, to the T&C and Privacy Policy.
From the Terms&Conditions we need to take another step:

Information about you : We will never pass any details you provide to us on to anyone other than those specified in our privacy policy.

You also need to go to the separate Privacy Policy. which turns out stating there is virtually nothing private about managing your personal data after you enquire at all – but is in fact a  ‘Data Sharing Policy’:

 “By submitting the Expression of Interest form you agree to your personal data being stored, shared and used by the NCS Trust (the data controller) and the following organisations: NCS contractors and their sub-contractors, government bodies, strategic partners of NCS, fraud detection organisations, organisations supporting the delivery of NCS or other organisations (including any organisation running or supporting all or part of NCS in the future).”

You must agree or cannot proceed with the application.

Where does the consent to link to a child’s medical Mental Health and Hospital records get asked I wonder? Does it get expressly asked later in the project or on paper because it does not get asked online in the Young Person nor the Adult/Guardian’s sign up. Is this the consent process the DAAG approved? Is it just meant to be included in the blanket “government bodies”? Perhaps the wording is still to be amended?

Sign the child (and your own ‘Guardian’ details) up for NCS and there is no choice but to accept that data sharing agreement. You must accept it to sign up for the programme but there is an open ended who, when and for what in the blanket consent …”supporting all or part of NCS in the future.” The NCS sign-up and consent doesn’t explicitly mention sharing data with named sub-contractors anywhere either.

The charities involved may do great work. But why Serco? Is this the organisation that we would wish to be managing our young people’s personal data? Think I agree with Navca on this one. By signing away rights …”in the future,” we have no idea WHO will own the data  later.

Should our children who need this NCS programme most, not be allowed to particpate unless their personal and potentially medical details go to all these unknown future places?

UCAS and student applications – further education

When I read recently in the Guardian about Ucas selling student records of our under 18s applying to university I was equally surprised.

At a time when teen deaths from alcohol consumption often mixed with energy drinks appear regularly in the news, it is highly irresponsible to me as a parent, to know that a commercial company promoted new energy drinks by sending cans to 17,500 selected students in order to create a “social media buzz”. I know from my own experience, university is often the place we are first exposed to a regular bar life. And so does business.

This goes far beyond the scope of what our teens signing up should expect their data to be used for. Who will decide what products and what uses of data will be acceptable in future?

I am fed up of these blanket consent approaches which deny a service unless we also sign away the knowledge of our personal habits and preferences for others to commercially exploit.

This mixing of purposes in which data privacy is to one’s disadvantage, is an abuse of trust. And it is the importance of trust and exploiting mixed purposes, which for me, has been so starkly highlighted in the management of our medical records.

Dental Service – the NHS Business Service Authority


When I signed the form to pay for my recent dental treatment I read the small print. The Dental Admin Assistant shared my surprise to find that the data processing takes place outside the UK, and requires data sharing with processors in ‘India or Sri Lanka.” WHO WILL USE IT WHERE and FOR WHAT PURPOSES? I am required to sign the form to agree to pay for my treatment. It gives permission to share with Dept of Work and Pensions, HM Revenue and Customs, local authorities and CCGS (then PCTs). But why should the one signature to bind them all, mean sending my personal confidential data abroad, outwith EU data laws even?

Is there fair processing on this form, does it indicate properly for what purposes the wide ranging bodies will be given access? Surely they don’t all need it for “fraud prevention and to ensure correctness” about my dental check up?

If the government bodies are all working together and can share data at will under these blanket assumptions, without our explicit consent or knowledge, then a great number of people will be rightly concerned. I am concerned by powers this Memorandum gives NHS Protect and the Border Agency from 2011 and I am a legitimate resident. ” To provide a centre of excellence for NHS anti-crime work by applying a strategic, coordinated and intelligence led approach.”  I only went for a scale-and-polish!

This default to wide sharing seems to be increasingly seen as the norm. Surely it should be assumed that the minimum data should be shared with the minimum necessary recipients? Current policies seem to have confused a drive for Open Data with giving away our privacy.

How could it be done differently?

If I sign a form to pay for my dental treatment, surely it should be only that. If you want other permissions, ask in other check boxes. I believe our NHS should be managing our NHS data within our borders, but that is a separate debate.

This blanket consent approach excludes the service unless you are happy to give open ended access to your personal data to Government and its contractors.

Should I not be allowed to have NHS dental treatment, for which I pay on completion, unless my personal details go to all these other places?

Let’s consider an alternative. Enable the ability to say yes to paying for my treatment, without sharing fully identifiable data with other government bodies or sending it abroad.

It is one thing to share truly anonymised data. And quite another to extract identifiable personal details for at minimum ten years or longer. Time limit the consent.

If the 14-16yr old on the What About Youth questionnaire agrees to ‘future contact’ they presumably are agreeing to  having identifiable data and contact data kept with their answers, to enable that future contact.

If children agree to the NCS blanket sign up, they are signed up for an unspecified time. These sign ups remove our children’s autonomy later in life, and they can never get it back.

Right now, I wouldn’t let my children’s personal data anywhere near any of these systems if I wanted to retain any future control of it at all. But do I have a choice? My children are in school, and that will mean in the Department of Education’s National Pupil Database. And they will have NHS records. I see some subject access requests ahead.

Given past historical purposes of the ONSET project at the Home Office, Contact Point and DWP I would want to keep my kids’ data free from all of these.

Some may ask, why does it matter?

Because this joining up of services is interweaving systems whose aim is on the one hand compassion and care, with those on the other which are punitive and controlling. Their aims are not aligned. And inevitably it is the systems which shout loudest, under any government of the day, whose opinion tips the balance of purpose and decision making. And recent claims of micro managing in Health show, top down control usually wins.

Because I believe the earlier we label our children the harder it is for them to become anything more.  Inevitably labels shape expectations. Not only for the individual but those who interact with them. It is only the very best educators and social care staff or police or medics who manage to put those aside and see the individual in each episode of contact. The future intent for care.data is integration of data sharing between medical contact, social care and education, under local authorities, health and wellbeing boards and more. How far would the impact of one wrong label spread in a child’s lifetime, in different places?

Because our children should enter adulthood with as few restrictions placed upon their development and self-determination as possible. Even, I would argue, those children who need the contact with all those organisations. I could argue, all the more so, precisely because they have those extra needs and contact. They may need excellent care and transition between youth and adult services. They need it facilitated first and foremost by qualified individuals who are trusted to do the job they trained for and have a vocational passion to complete. Yes the staff need data, but proportionate to the individual need, for the time period it is needed. We need to protect the extra vulnerable in many extra ways.

And we also need to protect the fundamentals in the Universal Declaration of human rights for all. Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment. In effect, these basic human rights seek to prevent discrimination and interference.

Our young people don’t care about the risks of personal data sharing?

Our young people are more savvy than we give them credit for. In a world of shared selfies and social media, it can be wrongly assumed that they are careless with their own privacy. This  Electronic Patient Records work run by the Academy of Engineering in 2010, with support from the Wellcome Trust, came out with a report and seven key questions p.39 which are very pertinent today. The young people identified themselves the risks of prejudice and discrimination. The concerns they raise are no different from concerned adults. Our young people are switched on to the risks of personal data sharing.

When it comes to our children’s data, organisations should be going the extra mile to be transparent. I believe they should carefully consider how the public will perceive anything that looks hidden. Consents should be all up front on the top layer of sign up forms. One consent per sentence. If you want to contact my children, ask me first. And if you offer a public service, would you consider first not piggy-backing a commitment to sharing with other bodies or commercial companies on to the consent package?

Why these blanket consents fail our children

These blanket consents are ubiquitous in modern data sharing, from the obvious supermarket sign ups, to which even David Cameron does not consent, to the totally surprising in education and health. Yet he happily signed us up under a blanket assumed opt in to be ‘willing research patients.’ This mixing of purposes under one blanket consent, in which looking after your data privacy is to one’s disadvantage, or criticised as selfish, is an abuse of trust. And an abuse of our children’s future freedoms. They fail to give proper governance of who will own the data once shared. They fail to give proper information of what it may be used for. And they fail to clearly limit the time period for which the consent is given, and after which data will be destroyed.

Not only trust, but the needs of genuine purposes in the public interest are undermined by mixing all these purposes into one consent. Worse still, assuming yes for all these conflated uses unless you opt out.

If there had been singular purpose, care.data would have been easier to understand and less likely to have failed to win our support.

I for one, am fed up with blanket consent. We can do it differently. We can do better for our children.

 

{cartoon: From Al.com via Scott Stantis 2007}

care.data – Transparency and Remit vs Truth and Responsibility

A year ago Big Brother Watch wrote that an opt out right had been won from the original plan to extract all our GP records without any choice. Caught trying to avoid the DPA and Fair processing, ICO recommended the need for a public awareness campaign.

At that time, I was a merry mother unaware of the machinations of our civil society. Then the powers-at-be closed my local mini blood mobile (I had just started as a donor) and decided to sell off our plasma supply, which was considered a rather poor idea so I read all the Annual Reports and asked questions about it. And I started to pay rather more close attention to what was going on in health. Now I listen to Radio 4 not 2, I buy papers (actual, printed versions) and would you believe, watch Parliamentary TV. And if you want more scandal which actually matters more than your average soap, you should too.

On the 8th April the Health Select Committee (at least part of it) interviewed Sir Kingsley Manning and Max Jones from the Health and Social Care Information Centre. The hope for us, as citizens and patients whose data this current debate is about, is that we will gain insight and understanding into how our medical records have been used in the past and are being so now. This will enable us to trust in the intent of how HSCIC will handle our patient data in the future, whether under the care.data or any other label.

If HSCIC and Government wants to achieve this, they seem to be going a backwards way about it.

Stop talking transparency and remit, and start talking truth and responsibility.

The question was asked how decisions are made within HSCIC by their Data Access Advisory Group about our patient data management. Specifically, it discussed the subject of an application from last summer by the Cabinet Office OC/HES/030 – Project National Citizen Service Data Linkage Project. It was included only 6 months later in the January 2014 minutes.

The very application title, reveals its intent, to link the mental health and hospital records of our young people who take part in the National Citizen Service together with their NCS project gathered data.

Caught with this concrete ‘Out of Committee’ governance approach, the HSCIC staff were both adamant in response to the MP’s question in insisting that no data was shared. 

“Q230 Barbara Keeley: What was requested was linkage of data, wasn’t it? It was linkage to medical data.
Kingsley Manning: No, he was asked by the Cabinet Office to give professional advice on the consent model they were considering. He gave that advice, which was a perfectly sensible thing for him to do. That was the end of the matter.”

Well, I’m sorry but I’ve read the document, And the DAAG minutes say clearly “The intention was to link to HES/MHMDS in the future.” I paste it below.

So, that was not the end of the matter, but is in fact the beginning. The intent is for future data sharing. Our young people at the start of their adult lives, by the very fact of taking the initiative and enquiring to take part in the Activities / Community Project-based work of the NCS, will find their intimate health records linked with the project data, with an unspecified end date.This is a real and active request which was approved, not some past mistake to dismiss. It was and still is approved,for future data sharing.”

Whilst I may believe HSCIC that no data was shared last summer,  and I might believe you were trying to be factual in answering the question, I do not believe that even you could think that consent advice was the sole intent of the DAAG approval, had you read the minutes of your own DAAG meeting. And clearly you had or would not have been so adamant in the answers.

The Guardian article Mrs. Keeley MP mentions, also had their own opinion of the relationships between the parties involved.

Bizarrely almost, we are repeatedly told as reassurance that any organisation with access to pseudonymous health data, which tries to re-identify the individuals whose data it was, would be doing so illegally. Yet the Cabinet Office wants to take medical records and match it to known individuals on their youth programme and keep and share those enriched records without it seems, any qualms at all?

Our trust needs to be based on absolute truth, not manufactured transparency. Truth is bigger and complete with background intent. Not just scraping out the minimum facts in carefully worded language to be legally compliant.

To increase our public trust, we have been told we will know who has had our data in the past, when and for what purposes. In Parliament on March 25th Dan Poulter Health Minister said,  “a report detailing all data released by the HSCIC from April 2013, (including the legal basis under which data was released and the purpose to which the data are being put), will be published by HSCIC on April 2.”

It didn’t happen. HSCIC made available only some. Those made under some sort of data agreement. What of those with direct access to HES at their site, or the police, others have asked?

The Commissioning Board NHS England, tells us repeatedly that they contacted every household in England by leaflet to tell us about care.data and our ‘choice’ to object.

It didn’t happen. Many did not get a leaflet, not just those who opted out of junk mail. Tim Kelsey said he was looking into it. With urgency. Two months later, not a cheep!

So far, we have no report or indication there will be any. Why there were not enough or not delivered leaflets? What they are doing to fix that? It cost the equivalent of at least 50 nurses’ annual salary and the best publicly avaialble information we have from the Information Commissioner’s Office, is that it should never have gone ahead at all. 

So who is taking responsibility for that? Over £1M of public money junked through some letter boxes for the dog to eat. Which no one could understand because it was deliberately obtuse.

And so we come to our future Data Controllers HSCIC. Who seem to have no control at all.

Based on their own admission they have no idea where our medical records are being used, by whom today, and yet we are expected to trust them to use care.data wisely in future?

Barbara Keeley: So have you got the information because I have asked for it twice, but not been given it? For all those 249 organisations with a commercial reuse licence, can we know who all the end users of our data are?

Kingsley Manning: No, because they are using it and putting it into additional services. So, for example, a company such as McKinsey or KPMG would have used it to support Monitor or the NHS TDA in advising on the transformation of health care services.

The Chair of the Heath and Social Care Information Centre has no idea know who has our medical and personal confidential data or what they are using it for.

You get the feeling now, that they are only looking into all of this because they got caught having had no audits in the past of data recipients. Sir Nick Patridge is now leading a review due in a couple of weeks. I sincerely and respectfully hope that his review is more transparent than the last.

Who has taken responsibility for where we have got to in the last year?

Government? Mr. Poulter, Hunt or Cameron, whose plan is this anyway? There has been nothing but dismissive comment which fails to address serious issues and party political point scoring, or no comment at all but how “fantastic for humanity” it will be. Yet care.data is meant ‘only for commissioning.’ See why we’re confused Mr. Hunt and Poulter when you both claim care.data has entirely different purposes? Where is the truth we can trust?

NHS England? Mr. Kelsey now seems to be hiding behind a tree. Or perhaps playing jazz as he tweeted the night before the Public Health Select Committee the last time. Whilst I appreciate it was at a health conference, Nero and Rome sprang to mind. I’ve asked nicely and been ignored, what happened and who is fixing it? Will there be some sort of public progress announcement from NHS England, perhaps from Ciarán Devane, who is on NHS England Board and now chairing the Care.data Advisory Committee trying to latch the stable door? There’s just been stunning silence since the pause announcement.

HSCIC? Clearly nothing to expect from them. Because Kingsley Manning and Max Jones seemed to believe everything was in their remit, legal, and not their fault if the directions from government and NHS England allowed sharing data with all comers. And their Get-Out-of-Jail-Free-Card, they shared concern with the Department of Health about the publicity campaign. (Admittedly, 3 months after the GPES advisory group and others had done so).

Amazingly, Kingsley Manning seemed to thrust the opt out rate from HES into the arena as some sort of achievement. in terms of the number of people who have acted to opt out, it is 14 over the past four years.”

Which only confirms how few of us knew HSCIC stored it and could link Secondary Uses data with Personal Demographic data on demand. (Compared with how many are opting out now we know, of care.data).

And whilst until this whole debacle I and most of the public did not know our hospital records were shared with any other organisations, beyond the NHS and legitimate public research, we now find the gradually closing net around our health data uses, means understanding it has gone to all sorts of commercial organisations. And clearly HSCIC has been caught doing something which now feels wrong even if legal, the HSCIC defended not the action, but their legitimacy for doing so:

Kingsley Manning: We operate according to the Act as it has been passed. We make decisions on the basis of the current regulations. It is not our job to make a judgment on whether we agree or disagree with the nature of a commercial organisation. That is not a criterion on which we act.

Q270 Barbara Keeley: So you are prepared to release even sensitive data out to organisations that just want to do a price comparison website on different pay procedures between different hospital consultants. That was what you did.
Kingsley Manning: I am terribly sorry, but we are bound by the law and the regulations. Under the current regulations that is perfectly legal and legitimate. Indeed, it is arguable that it is a benefit to the health and social care system as a totality. That is an argument that you, Parliament and the public will have to consider.

As part of the public, I have considered it. Too often in the last 8 months. Even whilst making yellow pea soup today, I was thinking how wrong it is for the government to sell our confidential data without having asked us if they could have it in the first place. To take something without asking, we teach our children, is wrong.

Not one person responsible for their part in the execution of the care.data rollout has yet said they are sorry as an apology. I am terribly sorry here, was interchangeable with ‘well, pardon me.’ 

But a true apology for such an almighty mess (Ben Goldacre said so on twitter in better words on February 22nd, but I try and keep readable above a PG rating), would at least be an admission that there is room for improvement. Improvement we can hope to build trust upon. Right now, we have vital Public Health research which it appears, is now on hold and costing money, because it is lumped in with all these commercial uses.

People are opting out of clinical research. And withholding information from their GPs.

Between the three of your organisations, Government, NHS England and HSCIC, if you want us to trust your intentions for the handling of our NHS patient data in future, try harder. Try to seem truthful and seem like you care. And mean it.

Because right now, it only looks like you’re sorry you got caught. You’re playing pass-the-parcel with responsibility. And using our public money to do so.

Kingsley Manning said previously, we should have “intelligent grown up debate” around care.data. Please, lead the way. For right now, it feels like kids squabbling in the back of the car, hoping we’ll just muddle though to get to October and they can ask, “are we there yet?”

As anyone with kids will know, that doesn’t make for happy parents.


********* For reference, the Health Select Committee extract about the Cabinet Office OC/HES/030 – Project National Citizen Service Data Linkage Project *********

Barbara Keeley: There was a lot of saying, “It’s nothing to do with us, guv; this all happened in the past.” You answered the question in that way when this person was a very senior manager, to the extent that he accompanied the Secretary of State on a trip to the United States to sign a data-sharing memorandum of understanding, and, to me, it is astonishing that you should say that the person who had been the chair of the DAAG did not have that responsibility and that you are still wriggling to try to get out of that now. I am not happy with that answer, Chair; I just do not think that is acceptable. 

Kingsley Manning: I am sorry. We are trying to be as transparent as possible.

Barbara Keeley: I don’t think so. I really don’t think so.
Kingsley Manning: May I just talk you through the history of this so that you can get a sense of it? [see full text for history] At that point, we knew that Dr Davies was redundant. He had been made redundant on the abolition of the information centre, and we put in place a plan to deal with that. He was in post. We were not in a position—
Q222 Barbara Keeley: Sorry—you had a plan to make him redundant last year?
Kingsley Manning: No, no. He was made redundant by virtue of the abolition of the NHS IC. It was not our decision.
Q223 Barbara Keeley: So you kept him on for eight or nine months?
Kingsley Manning: We kept him on because we needed to have cover on clinical governance and on clinical advice.
Q224 Barbara Keeley: In fact, he was a very senior manager, and he did accompany the Secretary of State on the visit when they shared the memorandum of understanding. And—
Kingsley Manning: He did. I was there also.
Q225 Barbara Keeley: Let me say a bit more. This is the person that you were making redundant, but you let him chair the DAAG, and he made a number of controversial decisions, including the decision out of committee to release the sensitive medical records of individual teenagers—
Kingsley Manning: I am sorry; that is not true, I am afraid.
Q226 Barbara Keeley: It was reported to be true—
Kingsley Manning: I think you are referring to the fact that he was asked to give advice by the Cabinet Office. He had actually worked for the Cabinet Office on the matter. He gave advice on the consent model that they were going to use. We never released any data and we have not been asked for any data by the Cabinet Office on this matter.
Q227 Barbara Keeley: This was reported last summer by The Guardian newspaper that the sensitive medical records of teenagers on the National Citizen Service were released. That was apparently “an out-of-committee decision” by the chair. Dr Mark Davies was allowed to make decisions out of committee as the chair, and that decision was apparently taken last summer.
Max Jones: I can clarify that Mark Davies did provide advice, as is one of DAAG’s functions, on the consent model, which was being considered by the Cabinet Office, but we have not received a request for that data, nor have we provided any data. The discussion that Mark had was referenced and recorded in the January—I think it was January; I’ll check in a minute—DAAG minutes.
Q228 Barbara Keeley: At least six months after the discussions took place.
Max Jones: That may be the case.
Q229 Barbara Keeley: So this is the person that you are going to make redundant—
Max Jones: No data was requested nor shared. Advice was requested on the consent model, which was given.
Q230 Barbara Keeley: What was requested was linkage of data, wasn’t it? It was linkage to medical data.
Kingsley Manning: No, he was asked by the Cabinet Office to give professional advice on the consent model they were considering. He gave that advice, which was a perfectly sensible thing for him to do. That was the end of the matter.
 Max Jones: And that was recorded in the minutes of DAAG held—
Q231 Barbara Keeley: Yes, I have a copy of that in front of me. You talked earlier, and it is quite important, about transparency. To have recorded this six months after it happened and to then be trying to change something—I am not aware that The Guardian was challenged on the fact that data had been released. It seems there is a very hurried after-the-event style of things happening here, and that is not good for transparency. This is being talked about quite a bit. People’s confidence in what you do has been really undermined by this and the fact that there could have been any suggestion of linkage to medical records for those people taking part in the National Citizen Service. For heaven’s sake, there are all kinds of undertakings made to them as they sign up to that service, and quite rightly. They even have an opt-in for their personal data, so to even consider that, and not to have documented what was happening until six months after the event, just makes you look shady.
 Kingsley Manning: I agree, but we did not have a data request. I absolutely agree, by the way, with your essential point, which is the sensitivity of linking these data in any way with receipt of data—benefits and all the rest of it.

Care.Data – Raw Highlights from The Health Select Committee

Words from The Health Select Committee 8th April 2014 – created via Wordle

From the Health Select Committee hearing on Tuesday April 8th, I have waded through all the words to come out with what I think are raw highlights of the key learnings and issues raised. The original in context, is here. The image is an indication of the emphasis of who spoke about what, based on word count alone.

Highlights from the Health Select Committee Members:

“…because what was happening in that meeting was that a lot of wriggling was going on”
“But you wrote to us, Mr Jones, with Mr Kelsey. Following on from my colleagues, we are not quite sure that the answers are very helpful. Could you turn to the letter and I will ask you for some information? This is very concerning and I hope this will be published on someone’s website—either yours or certainly the Health Committee’s website—so that people can see some of these answers and follow them up.”
“When things go wrong, as they appear to have done, we are entitled to ask you questions. I am absolutely appalled. I think the majority of us are, which is why you are back here again to try to work out why you don’t know what is going on in your organisation. This is a simple thing. It is either in the agreement, or it is not. “
“If we go back to the insurance actuaries—the Staple Inn Actuarial Society—these comments are from the report that it produced on the use of 188 million records taken from HES. It talked about the data as being “highly detailed”. We get an answer back saying that the data are in aggregated and anonymised form. Don’t forget that the HES database started off as an admin database for handling payments and information about patients. It was never set up to feed into the insurance industry, was it? After it had run all the things that it wanted for commercial reasons against hospital data, it said that HESID “does allow all periods of care for” a patient “to be identified and linked””
“Well, there is, because normally in the civil service, when there is a debate about something, civil servants will prepare a report, and find out the information and give it to the Minister, so that the Minister tells Parliament the correct position. That is not happening here, is it? A Minister can go into the Chamber and say something that is totally wrong…”
“We need to know what is out there now. There is a very strong feeling—I subscribe to it—that this data is not protected enough and has been let go. It is out there. You mentioned that there were 249 commercial reuse licences, of which 112 are left, but some of the ones I mentioned are also selling it on to other people. We have had lots of examples.”
“I looked at this [HES & other systems opt out] form and I found it difficult. We have been navigating around this system. After all these quite intrusive demands for information, we get on to an explanation of what happens if you request your patient information to be removed or anonymised. It states that “your data will be anonymised rather than removed”, but it goes on to say that there is a further step where you can request removal of your records from the NHAIS. Then it says this most damning thing: if you do that, your GP would no longer wish to have you on their list, and you would not be called for screening for things such as aortic abdominal aneurysm, which is a serious condition. Effectively, that is saying to people, “Yes, we can remove your records, but your GP wouldn’t want you on his list, and you wouldn’t be called for quite serious medical screening.” Surely there is something that falls short of that where a person can say, “I don’t want my records sold to these commercial companies, or to be used by insurance actuaries or comparison websites; I just want them used for my care.” I have asked the Minister this. You have produced a form that, I have to tell you, is quite scary. It is quite intrusive and it is quite scary. It says that if you fill it right to the end—it is quite confusing as to whether there are different steps here—your GP would no longer wish to have you on their list, and you wouldn’t be called for screening for serious medical conditions.” [note this is not the care.data opt out, but an additional choice]
“What we are talking about is audit. Can you audit? There are apparently going to be audits. Can you audit all the data releases? Can you say for all the HES data where it has gone, who is using it and for what?”
“there is a real difference from your pronouncements of what you say is the situation with data and what the people out there—commercial organisations that have HES data and already have large databases—are saying.”
“You have been seeking to demonstrate to us that you believe that the control regime you apply is effective for HES data, but now we are saying that for GP data, the control regime in future will be fundamentally different.”
“You said it would be treated differently “at its launch”. What changes do you anticipate? In other words, are we actually saying that we will pretend to give you additional security until we get that information from the public and the GPs, and after that we will subject it to different tests? In other words, this is a con job isn’t it? Dick Turpin with or without a mask is still Dick Turpin.”
“We don’t. There is actually no right to opt out in law. The Secretary of State has agreed that any objection will be dealt with, but we do not have a legal right.”
“That is CPRD, isn’t it? Is there any plan to bring CPRD under the HSCIC?”
“But the question I put to the Minister, which we do not seem to be getting to, is that I think there is a very strong drive for people to say, “I want my individual health records to be used for my care, and even for commissioning that care, but not for all these other uses.”  I think that is a very powerful desire. Why shouldn’t people ask for that?  The data is about them.”
“The implied consent model breaks down at the point at which people’s data starts to be used for marketing purposes.”
“It is different if your data is being used by researchers and academics, and by people who have built up a career and have integrity.”
“A lot of people are not comfortable that their data are used for such things, and nor am I.  You say that, constitutionally, you cannot make that distinction, but that is the point at which we lose confidence in the consent that was always there.”
““Without pseudonymisation, you risk substantial levels of patient and citizen objections. Without pseudonymisation, you lose data and devalue your dataset. Without pseudonymisation, the GP patient relationship is damaged and care may be impaired.” I must say, I think the patient reasons are a lot more compelling than the IT management reasons.”
“would it not be prudent to wait until you have that report on cyber-security before we press ahead with the data extraction?”

Highlights from the Health and Social Care Information Centre (HSCIC) Max and Manning:
“we have inherited the duties and responsibilities of the information centre and its 500 people, although they have been rewritten in the Act, but that is one part of what is now an organisation of 2,200 people”
“if you can demonstrate where we have not acted within the current law and the current regulations…”
“We need to be much more transparent about that.”
“The security threat and the volume of data are much greater, and the public’s confidence in public bodies to handle data—not just us, but across the whole public sector—has significantly changed. ”
“When I became chairman last June, it was clear that the approaches that had been adopted by the information centre were no longer entirely appropriate, given both the degree of data we were able to collect and a change in public expectations. It was also clear that some of the processes that the previous information centre had been operating were not as transparent or as consumer-friendly, if you like.”
“We think that, as of April 2013, there were 249 organisations that had extant data-sharing agreements issued by the NHS information centre…those data-sharing agreements applied to where we are issuing pseudonymised or identifiable data. This is where there is a theoretical risk of identification, so that is where we have data-sharing or data-reuse agreements in place.  There were 249 in April that had been issued by the NHS IC of which, in April this year, there remain 112, so they are running off as we go forward.”
“One of the areas that we think they should look at is indeed the extent to which we share or should share data with other Government bodies. This is an area where there is a lack of clarity and a great deal of sensitivity. We know from our research, by the way, that one area where we have absolute sensitivity is in this. People are very, very worried about the use of their medical records in any way that might have an impact on their tax returns, their benefits payments, their housing, or any of these things. This is where we would very much welcome the advice of Parliament and CAG—the extent to which this is possible. At the moment, as you know, we have not released any data to DWP or any such body but we absolutely recognise that it is a key issue.”
“The organisation used our logo without coming to us to seek our permission to do so. They were entitled to have access to that data under the agreement which they had..”
“We have an accountable relationship with our sponsor branch within the Department of Health, which results in us having a formal monthly meeting. I meet the permanent secretary on a monthly basis. That is the nature of an arm’s length body. We are accountable, then, through our attempt to be as transparent as possible to the public and Parliament.”
“Government policy has for a long time been to encourage the use of this data to advance both the health and social care system in this country and the economy.”
“.. I have a suspicion that it is because they [GPs] will not get paid if you are not on the list*.  You won’t appear on the register, and if you are not on the register, they won’t get paid.” [*not with reference to care.data but to the ‘third’ opt out form to opt out for other systems stored at HSCIC].
“At its launch it will be fundamentally different, because that was the basis on which the independent advisory group agreed to the extraction going forward. That was the basis, as I understand it, that NHS England negotiated with the RCGP and the BMA and other representatives. I think that is entirely appropriate.”
“As you are probably aware, there is considerable pressure from medical charities and researchers on the limitations—”
“There are no plans that I am aware of. Just for clarity we do handle data on behalf of CPRD to ensure the pseudonymisation process. We act as a contractor for CPRD”
“I cannot answer that question. I do not have that responsibility. You have to address the question to NHS England.”
“We are extremely concerned about the current threats to data security across the whole health and social care system. We will be carrying forward a series of actions, as I said, to significantly increase our surveillance and measures to attempt to get an enhanced level of assurance across the system as a whole.”
“The record of our ability to deliver high-quality technology systems is in the fact that the lights are on and on all the time in the NHS.”
“We are planning [for care.data launch] on the basis of what has been the last announcement, which is that it will be, I think, in October.”
“We have a good record. I used to be part of the Connecting for Health regime. We had a good working relationship with Atos running the choose and book service. Its delivery and performance on this first extract with the GP extraction software over the last few weeks has been encouraging.”
“Some of the older systems we have within the health and social care system simply cannot handle objections.”
“Patients have the ability to record two types of objection. The first type of objection is to any detailed information about them leaving their GP practice to the HSCIC. “
“The issue regarding what we would call dynamic consent—giving consent for different purposes—is one that we are conscious of. We think that we need to move in that direction.”
“I completely accept that the current consent models are too limited and that the objection process is too complicated. We need to be able to make it reversible as well.”
“the position in terms of care.data is entirely circumscribed.  We have already identified that that data is to be used only for very specific purposes; it will not go beyond that purpose.”
“All Governments have seen that as being a base upon which we can support and promote our health care and pharmaceutical industries. The health care research industry in this country is worth £5 billion a year, which is critical to the UK economy, and it is fundamentally linked to availability of data. The fact that we have that data is critical to the continuation of that research industry in this country. We must therefore balance issues such as privacy, access and the support of the industry. People have to have that debate, but we need to identify benefits from this data, as well as the issues you have raised.”
“Secondly, we have to recognise that we as the HSCIS have an awful lot of other information. When we think about pseudonymisation, we are going to link these data we collect to other data sources”
“We are therefore talking to the research community. It may well be a sensible solution with regard to supporting commissioning, where we may look at the costs and feasibility, to move to a situation where we will effectively provide an analytical service where researchers and others can effectively undertake the research within our data lab. That is something we think is a very good idea. HMRC do it already, and we have looked at that, and also the CMS in the States, which is the equivalent body to ourselves. We think it is very good. I am meeting with the MRC in the near future to discuss it for researchers. “
“In so doing, there was a view taken by the Department of Health and their lawyers that the document that we then produced did not meet the constitutional requirements of being a code of practice. What we did do was publish a guide to confidentiality which meets all the requirements of the code of practice. “
“In terms of your care record, if you opt out of type 1, your data will not be transferred for the purpose of the care.data programme for secondary uses. It won’t affect, by the way, the transfer of data for direct care.  It won’t impact on any direct service to you as a patient.”
“In terms of the number of people who have acted to opt out, [from secondary uses of hospital data, HES] it is 14 over the past four years.”
“we welcome the proposed involvement of the CAG, which would bring precisely that ethical and moral dimension to these decisions. We agree entirely that that dimension has been absent in the past..”
“It does cover HES data. At the moment, the only users of that HDIS service are in the public sector, not the private sector, during the trial period. We also make sure that all individuals who are users have been through individual training.”
“There are always going to be lots and lots of people who want to accumulate lots and lots of data in their own boxes. One of the reasons why we are interested in exploring the idea is because we are getting a plethora of databases being accumulated in universities and various other places. That gives us a technical problem because of the transformation errors that arise. These databases therefore are changed as they go through time.  I suspect that we are always going to have individuals who say, “I want to have my particular database.” We will have to discuss whether that will be feasible; there will always be that tension.”
“I know it is antiquated, but the danger is not the technology, but the people.”
“it deals with security and may include matters that we do not want to have in the public domain, but I am sure we could share it with the Committee on an individual basis. However, I do not want to go through the detail.”
“Our website is incredibly complicated, to say the least—I think we all recognise that. It is extremely good if you plough through it, but if you are unlucky, you will end up downloading 10 million lines of prescribing data.”
“You have raised an interesting point. When somebody says they do not want us to hold their record, do we delete it?”

HSCIC website

What is Care.data? Defined scope is vital for trust.

It seems impossible to date, to get an official simple line drawn around ‘what is care.data’. And therefore scope creep is inevitable and fair processing almost impossible. There is much misunderstanding, seeing it as exclusively this one-time GP load to merge with HES. Or even confusion with the Summary Care Record and its overlap, if it will be used in read-only environments such as Proactive care and Out-of-hours, or by 111 and A&E services.  The best unofficial summary is here from a Hampshire GP, Dr. Bhatia.

Care.data is an umbrella initiative, which is planned over many years.

Care.data seems to be a vision. An ethereal concept of how all Secondary Uses (ref.p28) health and social care data will be extracted and made available to share in the cloud for all manner of customers. A global standard allowing extract, query and reporting for top down control by the men behind the curtains, with intangible benefits for England’s inhabitants whose data it is. Each data set puts another brick in the path towards a perfect, all-knowing, care.data dream. And the data sets continue to be added to and plans made for evermore future flows. (Community Services make up 10 per cent of the NHS budget and the standards that will mandate the national submission of the revised CIDS data is now not due until 2015.)

Whilst offering insight opportunity for top down cost control, planning, and ‘quality’ measures, right down to the low level basics of invoice validation, it will not offer clinicians on the ground access to use data between hospitals for direct care. HES data is too clunky, or too detailed with the wrong kinds of data, or incomplete and inaccurate to benefit patients in care of their individual consultants. Prof Jonathan Kay at the Westminster Health Forum on 1st April telling hospitals, to do their own thing and go away and make local hospital IT systems work. Totally at odds with the mantra of Beverley Bryant, NHS England of, ‘interoperability’ earlier the same day. An audience question asked, how can we ensure patients can transfer successfully between hospitals without a set of standards? It is impossible to see good value for patients here.

Without a controlled scope I do not wish to release my children’s personal data for research purposes. But at the moment we have no choice. Our data is used in pseudonymous format and we have no known publicly communicated way to restrict that use. The patient leaflet, “better data means better care” certainly gives no indication that pseudonymous data is obligatory nor states clearly that only the identifiable data would be restricted if one objected.

Data extracted now, offers no possibility to time limit its use. I hope my children will have a long and happy lifetime, and can choose themselves if they are ‘a willing research patient’ as David Cameron stated in 2010 he would change the NHS Constitution for. We just don’t know to what use those purposes will be put in their lifetime.

The scope of an opt-in assumption should surely be reasonably expected only to be used for our care and nothing else, unless there is a proven patient need & benefit for otherwise? All other secondary uses cannot be assumed without any sort of fair processing, but they already are.

The general public can now see for the first time, the scope of how the HSCIC quango and its predecessors have been giving away our hospital records at arms-length, with commercial re-use licenses.

The scope of sharing and its security is clearly dependent on whether it is fully identifiable (red),  truly anonymous and aggregated (green, Open data) or so-called amber. This  pseudonymous data is re-identifiable if you know what you’re doing, according to anyone who knows about these things, and is easy when paired with other data. It’s illegal? Well so was phone hacking, and we know that didn’t happen either of course.  Knowledge once leaked, is lost. The bigger the data, the bigger the possible loss, as Target will testify. So for those who fear it falling into the wrong hands, it’s a risk which we just have to trust is well secured. This scope of what can be legitimately shared for what purposes must be reined in.

Otherwise, how can we possibly consent to something which may be entirely different purposes down the line?

If we need different data for real uses of commissioning, various aspects of research and the commercial ‘health purposes,’ why then are they conflated in the one cauldron? The Caldicott 2 review questioned many of these uses of identifiable data, notably for invoice validation and risk stratification.

Parents should be able to support research without that meaning our kids’ health data is given freely for every kind of research, for eternity, and to commercial intermediaries or other government departments. Whilst I have no qualms about Public Health research, I do about pushing today’s boundaries of predictive medicine. Our NHS belongs to us all, free-at-the-point-of-service for all, not as some sort of patient-care trade deal.

Where is the clear definition of scope and purposes for either the existing HES data or future care.data? Data extractions demand fair processing.

Data is not just a set of statistics. It is the knowledge of our bodies, minds and lifestyle choices. Sometimes it will provide knowledge to others, we don’t even yet have ourselves.

Who am I to assume today, a choice which determines my children have none forevermore? Why does the Government make that choice on our behalf and had originally decided not to even tell us at all?  It is very uncomfortable feeling like it is Mother vs Big Brother on this, but that is how it feels. You have taken my children’s hospital health records and are using them without my permission for purposes I cannot control. That is not fair processing. It was not in the past and it continues not to be now.  You want to do the same with their GP records, and planned not to ask us. And still have not explained why many had no communications leaflet. Where is my trust now?

We need to be very careful to ensure that all the right steps are put in place to safeguard patient data for the vital places which need it, public health, ethical and approved research purposes, planning and delivery of care. NHS England must surely step up publicly soon and explain what is going on. And ideally, that they will take as long as necessary to get all the right steps in the right order. Autumn is awfully close, if nothing is yet changed.

The longer trust is eroded, the greater chance there is long term damage to data quality and its flawed use by those who need it. But it would be fatal to rush and fail again.

If we set the right framework now, we should build a method that all future changes to scope ensure communication and future fair processing.

We need to be told transparently, to what purposes our data is being used today, so we can trust those who want to use it tomorrow. Each time purposes change, the right to revoke consent should change. And not just going forward, but from all records use. Historic and future.

How have we got here? Secondary Uses (SUS) is the big data cloud from which Hospital Episode Statistics (HES) is a subset. HES was originally extracted and managed as an admin tool. From the early days of the Open Exeter system GP patient data was used for our clinical care and its management. When did that change? Scope seems not so much to have crept, but skipped along a path to being OK to share the data, linked on demand even with Personal Demographics or from QOF data too, with pharma, all manner of research institutions and third party commercial intermediaries, but no one thought to tell the public. Oops says ICO.

Without scope definition, there can be no fair processing. We don’t know who will access which data for what purposes. Future trust can only be built if we know what we have been signed up to, stays what we were signed up to, across all purposes, across all classes of data. Scope creep must be addressed for all patient data handling and will be vital if we are to trust care.data extraction.

***

 

care.data – 3. A mother’s journey: Fears and Facts

MGM 1939 The Wizard of Oz

My final of 3 parts response to The Times article recently which mentioned unfounded fears which ‘evaporate like candyfloss’.

The Wizard of Oz that article touched upon, is a threatening fantasy story for many children. But the threats created by the removal of the confidentiality between patient and GP in care.data are real.

We risk patients who will not go to the family GP for care, knowing that the record may be seen by someone other than our trusted local doctor. Or who hold back facts which will influence their treatment. Teens may not visit a clinic believing it can no longer treat them anonymously. These are threats for Public Health. There are other risks of concern for particular groups such as those with disabilities.

Separately, but it seems ever more often built into the current narrative, is the path towards Electronic Patient Record access, which will need all sorts of privacy issues addressed within families and for the vulnerable. The at-risk woman made to reveal her medical record by a threatening partner checking up on her, or checking that there is nothing about him. Women may not speak up with their GP. Carers may even inadvertently, put pressure on the elderly at home, to know all. I know there will be many who want to access their own record. I would myself if it did not mean a fully identifiable record held at a central level. But we should not march on leaving the vulnerable behind a digital divide. It is not just ‘Internet banking’. My fear is that for those who want no electronic record, it will not just mean getting no front end access. It should not be created at all.

Identifiable extraction and re-identifiable data releases to third parties increase the risks of identity fraud, discrimination in education, insurance, and employment. And risk of provider fraud by the commercial third party providers now used ever more widely in the NHS, since the Health and Social Care Act 2012.

It is between these third parties that NHS England demands identifiable data shared for invoice validation. Did Mr. X get treatment Y from provider A? Has the Health and Social Care Act created a dichotomy for NHS confidentiality? Some common identifier is needed to match data with other data held too.

Whilst identifiable data is ‘a no brainer’ for clinical use, we should not be expected to have it extracted, stored, and available to link on demand for bespoke requests to any customer. The vague ‘health purposes, benefiting health and social care’ as undefined yet a small body, with little public oversight at the arms-length HSCIC decides if they are met.

There are decisions reached, out of committee, which are not detailed in the minutes of approval meetings. With only 4 people on the group, it would be easy no matter how well intentioned, for the decision to be much more swayed by someone approaching the group outside of the process, or for there to be conflict of interest. It’s quite a different set up at the Health Research Authority. I fear that my idea of legitimately approved uses in research differ with those of the MRC. Who champions the patient when I have no voice at the table?

Why should a Cabinet Office get given personal confidential information on teenagers, requesting both physical and mental health data, who are taking part in a non-health project, as was done last summer, and which only got documented in January? Even with consent, that seems excessive and unnecessary. We have no control over what future governments may want our data for. The HSCIC Data Advisory Group is yet to fully publicly document those purposes, alongside each new application in any detail. (Compared with CAG which lists a named individual applicant and precise purpose).

Will my children be labelled with a condition which they might outgrow but their notes share it with others for their lifetime and beyond? Will they be stigmatised and discriminated against by deciding NOT to share records and be seen as hiding something? Some people comment, ‘it doesn’t matter I’m not a celebrity or state figure’, as if that somehow entitles one to a greater degree of privacy. But even if we accept that, what of our children, who knows who they may yet become?

We have no idea to what uses their data may be put in our children’s adulthood. We have no idea where it may be stored. Their NHS number is with them from cradle to grave and will be increasingly used across health and non-health settings. The future of medical research and its applications are unimaginable today.

If we are to give them away, it must be  under the strictest of governance and well documented and workable processing solutions.There is a strong argument for allowing queries to share information, not extracts of actual data. The master copy, nor in-part sections of the database, would not leave the secure environment at HSCIC.

Facts often inform and can chase away fears. But until the needed changes are made in process and governance, these fears cannot ‘evaporate like candyfloss.’ They are founded on facts, and shared by many professional bodies as well as individuals.

The leadership team and others needs to stop trying to scare us into submission too. Patients will die if we don’t carry on with care.data.  The end of the NHS is nigh. Tim Kelsey told the Health Select Committee if 90% opt out there will be no NHS. Well, perhaps that is the crux of the question. What is the NHS today? Whom does it serve? It belongs to all of us. If you’re doing something that means the end is nigh, then hurry up and tell us what.

If we see care.data as business intelligence in order to make financial transactions flow between a disparate set of providers, then yes, without it, the payments process may need to change or fail without our data. But for patients, that is not what the NHS is about. We want to make it work, but not at the expense of the age old principle of good care: confidentiality.

What needs to happen? 
Fix the Data Protection for pseudonymous data.
Fix boundaries for scope creep, and vague changing purposes.
Fix the failure of Fair Processing and put in place a continual change communications’ plan.
Facilitate the objection and clarify what it means, as offered by the Secretary of State.
Focus on the reality of care.data now, not Online Patient Access in a down-the-line vision.
And fundamentally, be honest with us patients.
Engage with patients without commercial drivers.

Why are we really funding this massive top-down programme, and leaving local hospitals unable to interact? That is what patients need when they transfer between care settings. Beverley Bryant said in London at a conference this week, that ‘interoperability’ was key. Yet between hospitals the Clinical Informatics Director, NHS England, emphasized at the same event, the need for local systems and that there would be no top down support or directive for enforced  interoperability standards. There is a massive disconnect between two leaders in the same quango. I fear this is the biggest challenge – what is care.data really about? The business case cover, according to the February 2014 Board Performance Pack, was still not in place.

To face up to and fix these issues, will take courage. The question should be, not what are we patients afraid of, but have our future Data Controllers, NHS England and HSCIC, the head and heart for the task ahead?

care.data – 2. A mother’s journey in Oz: communication & choice

David Aaronovitch’s Times’ opinion article on March 27th stated data privacy fears have made health-data sharing “toxic” and that campaigners are nothing but a ‘man with a megaphone’, like the Wizard of Oz. My response, part two. Communications & Choice.

1939 – The Wizard of Oz – MGM

Honesty, clarity and real communication, not PR, is fundamental to a renewal of trust across these areas.

The announcement via HSJ today comes, that the HSCIC Chair had concerns over the impact of the care.data leaflet drop, and asked the Department of Health to intervene. One wonders then, who made the decision to go ahead? 

On care.data communications, the Times commentator said HSCIC has probably thought, “Stick out a leaflet, bish, bash, bosh.” The result seems to be more ding, dong. The balloon upped and left before anyone was ready to go  and ICO, GPs, representatives from the BMA and others, including the campaign group, had well founded, and serious concerns.

I spoke with HSCIC communications and managers directly last October, as well as my MP and the Department of Health, to flag how misleading I felt it was for patients to say ‘your name is not extracted’ when it is held at HSCIC already but most of us did not know that. Many of the same leaflet concerns were, much more significantly than by little ol’ me, raised by both GPES advisory group in September and ICO before the launch. So now, despite the £1-2M state funded doormat drop leaflet & cartoon, it’s all up in the air.

(Whilst I know for HSCIC with its own budget of £220M and control of a £1BN annual spend, it may be peanuts, but what a waste of money. At a conservative estimate of £1M for the leaflet drop, at least 50 nurses could have been employed for a year on that. That makes me cross.) We still have no explanation of why so many did not get delivered, what they did when they heard they had not been nor any plans to clarify that. It was our money spent. We deserve to know.

I received a reply to my October letter, from the Secretary of State to assure me that ‘patient identifiable data was not and will not be shared with third parties’. I think with subsequent information coming out about releases, that is at best, may I say, questionable? It has been shown that patient data at individual level has been shared, and we know with researchers for sure. They are not my clinicians, they are not the only third party who may have access. It’s clearly documented by CAG and releases by DAAG from 2013 have just been released in detail for the first time today.

Through the campaign groups’ and ICO intervention that demanded a national communications programme and the subsequent ICO FOI release about the leaflet review and its shortcomings, we go a significant step forwards towards transparency why the leaflet failed to work for patients. It shows that all the issues we found after the event; junk mail vs letter, hard to reach groups, unclear language, missing opt out form, lack of internal communication and the Information Commissioner’s concerns were clearly known but ignored in advance. Why it happened, who made the decision to go ahead anyway and what follow up will be, remains to be seen. With all the past experience and tools at the disposal of NHS England it is stretching my credulity to believe it was simply poorly executed. Let’s not forget, the original plan was to not tell us at all.

We need to stop hearing we need a fix to communications. I’m trying to understand why, with everything at their disposal, they could want or have allowed to let such a thing happen? It was no surprise the leaflet drop was a disaster. HSCIC communications, leaders and now it seems the Department of Health knew clearly. So why go ahead?

The point of the communication should have been to give us fair processing and the leaflet said, ‘you have a choice.’ I have a duty to my children to safeguard their own health, its provision in a safe State health service and to safeguard their autonomy for future. As it stands, it seems an impossibility to choose all three.

Whilst the leaflet nominally gives us a choice, I struggle to see what value it is. It is some, but limited. The only choice we have truly, is before the extraction happens. A GP in Hampshire devised this flow chart to try to help his patients understand it. Anyone can object now and opt in later. But once opted in, there is no get out clause.

If I don’t opt my children out now, they are in for life whether they later want to exercise their Right to be be Forgotton, or not. If I change my mind later and want to opt out (after a media scandal huge breach, for example. Or perhaps my child grows to become a public figure, or contracts a rare condition and we worry about discrimination), it is impossible. Records will just be re-labelled as pseudonymous. Really?

So, if I share their data for secondary purposes by doing nothing, by allowing their data sharing with even health purposed non-NHS intermediaries who sign up to care.data, it feels like I may as well flog it on ebay myself. But although I want to share it, under good governance only for their care and its commissioning, that is impossible.

Surely we should be able to have their health records used only for their care and its direct management, in all forms? Pseudonymous is not anonymous. But we’ve been given a very limited choice. We can only restrict fully ‘identifiable’ data flows according to the leaflet.
The data that HSCIC already holds, is simply given a new label, the HES ID instead of my NHS number, and linked depending on the bespoke request design, I don’t know what else modified, and then exchanged for cash with buyers from commercial health analysts to medical researchers to intermediaries. Amendment to the Care Bill changes nothing, because as long as ‘health purposes’ are served, the customers are deemed acceptable.

What real kind of patient choice is that? Is my hospital data in pseudonymous, potentially re-identifiable form required from all, for all purposes, for all time whether I like it or not? They haven’t given us that choice in the only communication which we were meant to have received (but no one in my area did), the leaflet ‘Better information, means better care‘.

Right now, the only options are to restrict fully identifiable patient confidential data sharing. The leaflet says this means 1) you can restrict a flow between GP and HSCIC of the NHS Number, DOB, Postcode and Ethnicity, and/or 2) flowing out from the HSCIC, for anything other than commissioning to the regional DSCRO (One of 11 Data processing Centres at regional level). The second option also prevents researchers, even with Regulation 5, Section 251 approval, from obtaining red, fully identifiable data.

However, the objection code is not yet operational, so right now, our fully identifiable hospital data may be released without our knowledge or consent. Other data, considered non-personal, diagnoses, GP practice code, other local IDs from our records can still be shared. And according to September meeting minutes, there is no need to respect an objection for pseudonymous data.

To restrict identifiable flow for care.data from the GP record, we need to apply the code 9Nu0 to our record. 9Nu4 restricts the identifiable HES data flow. But NHS number is extracted with anonymous and aggregated data to identify who opts out. Since that must be matched with HES data to find the record we want restricted already at HSCIC, I don’t see how that can  work without landing, matching and being pseudonymised for all of us. I await to be corrected.

We cannot restrict pseudonymous, potentially identifiable data sharing from HES at all. Patients were not told us before HES was extracted, that it would have all these secondary uses, and now they tell us, tough luck? Without fair processing, it’s not even legal. The Health and Social Care Act, the Secretary of State’s direction of Section 251, and waiving the common law of confidentiality all still require us to be informed before the event.

There is no clarity on the options offered in the leaflet or mention of sharing pseudonymous data even if you opt out. That is not choice. The only publicly loud supporters of real choice are campaigners who provided an opt out form, that official channels still have not.

Six weeks into the six month pause, there has been no public communication to give us any clue what is going on to improve the situation, neither by NHS England nor the Secretary of State for Health.  This is not good communication. And knowing that many parents, including friends, have no idea about the initiative I just feel this is wrong.

I’ve written to my MP for the second time. I found in the whirlwind of information and my frustration, that Twitter #caredata and #datasharing offers an informed group of interested individuals. Thank goodness for their support, insights & banter in this tumultuous journey trying to understand what is going on. Until the ‘pause’, HSCIC and NHS England staff would engage and answer questions, too. Now they seem to have gone very quiet.

Like Dorothy, after seeing behind the curtain of how political and state decisions are made and executed, I have been surprised that so much happens ‘about us, without us,’ and will now never be quite as naive. We all deserve the full story, as patients and citizens. According to Jeremy Hunt at frequent presentations, and Tim Kelsey at Strata and other events, we are on the cusp of a brave new world of health data use and its wide ranging impact in our future healthcare provision of personalised medicine. If they expect to use me in that, I want to know how. So right now, there is no way I’m going home, until we know how the story ends.

Now, all this is not very constructive. Not like me at all. But what is past cannot be brushed away without clear answers. That would effectively say, ‘we don’t care we wasted your state money. We don’t care we misled you. We don’t care what you think.’ Get out the broomstick and clear up what went wrong and why. Then we can start fresh and see if together we can find solutions which fit the needs.

We are more than a cohort, and we are not a commodity. We need change.

If we should be Cameron’s ‘willing research patients’, then tell us precisely what that involves. Give me a definition with a limited scope. I support appropriate research use. Aside from the fact that we didn’t know about this either, research approved by CPRD, Thin, QResearch all have a different approach however, from the commercial and apparently limitless dynamic of care.data. It is quite one thing for researchers to access data and contact us for trials. Quite another to find without our knowledge our data may have been exchanged for cash and I want to know it has not been used in research abroad nor with projects with which my ethics may fundamentally disagree.

Data is not just a collection of codes and academic algorithims. It is the detailed knowledge of the inner workings of our mind, bodies and lifestyle which we entrusted to our medical guardians. Of individual people who did not ask nor sign up to become part of Big Data.Treat my children’s data with the respect that it deserves.

No number of animations, leaflets or letters with ‘improved communication’ is going to gloss over the fundamental fixes needed in handling patient data. Show us the flaw and what you have done to fix it. Along the lines of, ‘you said’, ‘we did’. Real communication.

And if you do decide to give us real choice, then make it statutory for life. Choice will only be worth having if we know that what we choose today, does not get transformed into something else tomorrow. It needs more than a magic wand to wave away the issues. Let’s hope the new care.data advisory group, can make it happen.