care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two]

How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.

How have we arrived where we are now, at a Grand Pause in the care.data performance? I looked at the past, reviewed through the Partridge Review meeting in [part one here] the first half of this post from attending the HSCIC ‘Driving Positive Change’ meeting on July 21st. (official minutes are online via HSCIC >>  here.)

Looking forward, how do we want our data sharing to be? I believe we must not lose sight of classical values in the rush to be centre stage in the Brave New World of medical technology. [updated link  August 3rd]* Our medical datasharing must be above and beyond the best model standards to be acceptable technically, legally and ethically, worldwide. Exercised with discipline, training and precision, care.data should be of the musical equivalent of Chopin.

Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.

reputation
Pharma Times – July/Aug 2014 http://www.pharmatimes.com/DigitalOnlineArea/digitaleditionlogin.aspx

Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data.  They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.

Can we rise to the Challenge to be a world leader in Data Sharing?

If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.

How can we expect China [1] with whom the British Government recently agreed £14 billion in trade deals, [2] India, the country to which our GP support services are potentially poised to be outsourced through Steria [3] or any other organisations, governments and universities in other countries which have received data in the past such as the US and Japan, (as seen in the list of recipients excel file [4]) how can we expect them to treat our data with the respect and security it deserves?  We must demand of ourselves, that we outperform to a standard demanded beyond the expectations of the strongest critics. Ethically,  legally and technically.

How can we expect it of them, if our own Government departments: HMRC[5], the Cabinet Office, the Home Office [6] cannot arrange their data management in a first-class manner? They all set the scene. Each set of Big Data does not stand alone in these department silos. They each need to get their act together, if the UK should be a model to follow. [Even more so if we are expected to accept private data sharing at scale: update August 3rd: departmental plans to share across Whitehall].

How the 70 million patient records and years of longitudinal, in depth data already held,  is treated now, will determine the setting for the extractions of future data, whether for care [dot] data, or other regional safe-haven access, and beyond into any national genomics programme.  [updated since first published on July 25th: August 1st a £300M package was announced for the 100K Genome Project.]

Chopin played his last concert in London. It was a magnificent and professional performance, remembered for posterity [7]. Will these highly anticipated programmes bring about success or disaster?

Will data sharing in England be of the level of classical brilliance or downgraded to a common reality show?

There is a risk that by trying to please and pandering to competing, sometimes conflicting self-interests of paying data users, the HSCIC becomes a variety act. Trying to be all things to all comers, it will fail to please the critics, water down its aim of world-class standards and simply not be able to compete on a world stage because the quality of its own data, the support it gets from bona fide research, and the trust of the providers of its material, the public, will be lost.

But outside interests not only influence the performance, but often call the tune. What data is extracted vs what is not? Which reports are funded and which are not? Which diseases and conditions are being addressed by clinical researchers and which are not? Is it a case of some conditions are more equal than others, and if so, where is the transparency in that decision making? Where research institutions accept funding from multi-national institutions whose ethics are not always in line with their own, does it compromise their intellectual independence for the sake of monetary  gain?

And how does this influence outputs of selected research? As this [unrelated] blog argues [8], this is something I feel at risk, “although collaborations with industry are important, so are the freedoms scientists enjoy to explore new ideas unrestricted by commercial arguments.  Academics should be free to work with companies when they want to, but also remain free to choose not to.”

Has the review of the past by the critics brought us  any closer to future next steps?

The majority of the attendees were playing the same score, asking questions for the future, at the HSCIC July 21st meeting. Similar questions came up, were acknowledge but mostly unanswered, and agreed that discussions to move them forward will be had again.

The vast majority asked, how will processes work?  How will good ideas become reality and by when?

Research users asked many similar and related questions. What is a Remote Data Lab? The so-called HRRDL safe data settings which enable secure and transparent use of data in a locked-down setting as opposed to what has happened in the past, giving raw data out by email, excel, CD Rom, via the Cloud to recipients for them to manipulate, store or even re-sell onwards. How would it operate and would users need to physically go to Leeds? How would their use their own tools and bring them to the data? Could they get a fast track pathway for ‘accredited’ data users to speed up the request process? Could they get concrete examples of data sharing released to the public, to show what kinds of data is held, shared and used for different purposes? Lots of questions remain to be answered, but Sir Manning said, “undoubtedly a Data Lab Service would be part of their offering from next year.”

A number of questions concerned consent and opt-out of research purposes. Multi-layered opt outs could offer a best-practice ethical model suggested in the table discussion I sat at, by the hospital data governance officer and HSCIC rep [a proposal in fact made in June  by medConfidential]. But if users opt out of research at HSCIC release level, one researcher asked at another table, would for example, anyone opting out from research purposes therefore be opted out for potential clinical trials in which they could be asked for explicit consent? Another in data governance, suggested a fair processing portal as a tool for ongoing communication and consent management.

It seems the research community sees how strongly the public feel about non-research commercial use. It will encourage opt out of secondary uses. Because of the mistrust in the use by other non-research players, the commercial intermediaries and the insurers (three included in the audit sample have refused to delete data since having been requested by HSCIC to do so) bona fide research may lose out on records, of those who would otherwise be happy to share for medical purposes. But there are options. If these uses are all conflated into a single opt out, but research wants a multiple consent model in order to stand a chance of patients opting in to one area and not the other, then they need to stand up and ask for it. Either by having the secondary purposes restricted or the opt in/out choices expanded.[9] I’ve read here that medConfidential has suggested a local opt out model which could technically and consensually enable this.

Governance questions were raised, including some asked by Data Governance responsible owners at an acute trust. Where would the documented process for proof of consent and the legal basis for data sharing visible and accessible to users? How will HSCIC carry out audits – onsite, by process only, or will they ensure data held by third parties will not make data they receive from HSCIC makes patients identifiable? Could HSCIC help identify a national guideline & tool for decision making on determining a definition of ‘pseudonymous’ data? Could statistics of rejected as well as the approved applications, the details of the applicant requests and reason for rejection be included in the transparent documentation of applications for data release (aka CAG does already today.) This should increase trust in the system and clarify the process for buyers.

Penalties were an oft recurring theme. How would the one strike and out work? What would happen in an organisation in which a commercial partner researcher made a mistake, but data was also used by the same organisation in patient safety audits. Would the organisation be banned from future data use as a whole? Surely an accidental wrong note would not be considered as serious as a malicious breach? Reassuringly I believe from a public point of view, the panel replied, if quietly, they didn’t think the public would see the difference. Clearly another area with lots of questions, and discussion to be had again.

Local patient representative group and charity representatives, asked how the DAAG lay person appointments process would work and be transparent. Considerations for lay involvement should include, they suggested, lay-shadowing to any position, to ensure knowledge-sharing, patient involvement mentoring, and in effect ensuring attendance by a back-up if the lay person was unable to attend.

All these questions need robust consideration and response. the HSCIC plans follow up and more involvement.

Lack of time is an artificial excuse to justify not doing something. It’s not a valid reason why we should not do it at all.

What happens next? – care.data

When it came to care.data, going forward, the panel confirmed that the Care Act 2014 would affect some changes, but details were yet to be determined. There was no more definition given to the broad wording, which even Ben Goldacre had recently expressed on twitter he felt left the purposes so open as to be meaningless. Sir Manning reflected on July 1st at the Health Select Committee how insurers were likely to remain approved users, but it would be a fine definition of purposes which would determine which type of data they could receive.[10] [Q428 Hansard July 1st, below extract:]

“We suggested to them that we wish to gather further information about the use, and we have identified that the use does not include—indeed, it would be illegal—using the data to set individual subscriptions for insurance purposes. My understanding at this stage is that their current use would still be in line with the Care Act.”

There would be a review put  before CAG in September and Parliament, before coming into effect potentially in January. The CAG would be looking at the types of data users and giving guidance on for example, use for commercial purposes by intermediaries, clinical trials and pharma. Seeking “principle” cases, to use as models how sharing should be. But there would be “a question of balancing the interests of commercial companies, the health and wealth of the economy.”

I personally would be interested to hear comment by Dr.Poulter after the Partridge Review, and if he now believes data should be disseminated as widely as it has been. In Parliament in March he gave a statement, at least to me seemed that it was very tightly controlled. The Partridge review shows otherwise. On what will our trust be rebuilt?

“Under section 261, the HSCIC cannot disseminate or share data that could be used to identify an individual other than a provider of care except where there is another legal basis for doing so, which, as we have said, would be only in extreme circumstances such as a civil emergency.” [Hansard, March 25th 2014, Col 57WH] [11]

I look forward to understanding, and it can only make any sense ‘before’ the care.data pathfinder pilots, how the opt out will prevent identifiable data leaving HSCIC and that it will include pseudonymous data, as the care.data PIA has said it is potentially identifiable, and most agree that is an understatement. Will the onward dissemination include ‘amber’ data flows as NHS England indicated in January or has that changed? And when will we see that the opt out really has become more than fine words?

“Moreover, the Government have already introduced the commitment that if someone has concerns about their data being used in such a way, they can ask their GP practice to note their objection and opt out of the system, after which no identifiable data about them will flow from their GP practice to the HSCIC. Directions to the HSCIC under section 254 of the 2012 Act, which are separate from the amendments considered by the House as part of the Care Bill, will ensure that that commitment to patients has legal force.” [Hansard, March 25th 2014, Col 57WH]

For our care.data data management to be world class in future, we need experts to set up the right technical environment, to all want the same acoustics to resonate with everyone inside and outside the hall, and be well disciplined.  All the participants in the shared symphony need to play well together and agree to play to the best of their abilities. They must all be of the same high standards, ethically, technically and legally, and play in harmony. And above all, they must keep listening to both themselves and their critics, to what outside voices are saying. They cannot afford for another flop. But they cannot afford to only get better through practice, hoping it will be alright on the night and carrying on as they have in the past without addressing their known flaws.

They must be absolutely performance ready, before they invite the public back again.

Only when the technical and process framework is tested and final should we public, be invited to come back and give NHS England and HSCIC another chance. It’s not to say there would not be adjustments as a result of pilot learnings, that would be right and proper if there were, but it shouldn’t be guinea pigging real people with real records, if there were significant known weakness or concern for some of the data users as identified in the Partridge Review – on retention, deletion, foreign use, Back Office, or not reaching everyone who should be informed, for example. There is no point in us lining up now to get in, when the performance time and even the programme details are not set.

On hold since February with almost no communications since and no national public debate, where does the care.data programme go from here?

Will our health data sharing be a virtuoso performance, or will we end up with a second rate show, where we will look back and say, we had all the right notes, but played them all in the wrong order? There is also an accredited safe haven consultation, another rushed scoping exercise, which confuses the data sharing debate, conflating clinical and secondary use. But a programme of huge significance and process change. Deadline for feedback until August 8th.

care.data appears to be set on its own artificial timeline for curtain up with a pilot rollout in the autumn, [even though they say there isn’t any deadline],  isn’t listening [even though they say they are] {look at the call from the BMA for opt out as an example} and isn’t playing to the same tune at all. They seem to be playing jazz, when the serious datasharing world is calling for Chopin.

Leaders from government and NHS England continue to call for the show to go on regardless of readiness. They appear to want to go ahead to extract, without all these concrete questions addressed, and do not aim higher than to focus on communication to achieve only the minimum that’s required to get past the Data Protection Act legally.  Without technical and process solutions in place at the new Data Controller’s, the HSCIC; then our data will fail to be safe, consensual and transparent, and fail to be fit for the 21st century.

Our data and processes will lose the respect of data sharing bodies not just inside the UK, but worldwide, and on a global stage open to all through social media and the www. If it is not played correctly, it will be set up for misuse by poor players, breach, damage to trust and another performance failure all over again. Why not get this right? It could really put England’s data sharing research capabilities on a world stage like no other. Why press ahead just to make the best of a bad job? We are surely capable of Chopin.

There are many many good reasons to get the responses to Monday’s Driving Positive Change right. It would be wrong and catastrophic for all the existing data users, if we were to push ahead with a large scale extraction, when the system nor process is ready to receive it, with no clear reason at all. It would irrevocably damage the future NHS data management model for all, for the sake of a paper deadline.

Then the critics would indeed have good cause to shut the whole darn theatre down for everyone.

###

[1] TTP China business agreement (systems used in the NHS /NPfIT)

[2] the British Government recently agreed £14 billion in trade deals – http://www.conservativehome.com/platform/2014/07/63302.html

[3] India, & outsourcing our GP support services are poised to be outsourced through Steria (shortlist since ruled out)

[4] foreign countries to which data has been released, as seen in the list of HSCIC Data recipients excel file List of NHS IC data releases [excel 185kb]

[5] Government data: HMRC plans for data sale http://www.bbc.co.uk/news/uk-27086401

[6] Government data scandal of lost records at the Home Office http://www.theguardian.com/lifeandstyle/2014/jul/19/child-abuse-inquiry-lucy-mangan

[7] Chopin’s last concert in London http://www.chopin-society.org.uk/articles/chopin-last-concert.htm

[8] A blog post I enjoyed on why Universities and Commercial companies collaborate in research [author not connected]

[9] A proposed local opt out model to enable consensual local choice and research by medConfidential https://medconfidential.org/wp-content/uploads/2014/06/2014-06-11-Achieving-local-choice-and-consensual-research-use.pdf

[10] Handling patient data – the Health Select Committee July 1st

[11] [Hansard, March 25th 2014, Col 57WH]

* minor adjustments made 3rd August, to reflect the latest £300M investment news in the 100K Genome Project

***