Tag Archives: lessons learned

OkCupid and Google DeepMind: Happily ever after? Purposes and ethics in datasharing

This blog post is also available as an audio file on soundcloud.


What constitutes the public interest must be set in a universally fair and transparent ethics framework if the benefits of research are to be realised – whether in social science, health, education and more – that framework will provide a strategy to getting the pre-requisite success factors right, ensuring research in the public interest is not only fit for the future, but thrives. There has been a climate change in consent. We need to stop talking about barriers that prevent datasharing  and start talking about the boundaries within which we can.

What is the purpose for which I provide my personal data?

‘We use math to get you dates’, says OkCupid’s tagline.

That’s the purpose of the site. It’s the reason people log in and create a profile, enter their personal data and post it online for others who are looking for dates to see. The purpose, is to get a date.

When over 68K OkCupid users registered for the site to find dates, they didn’t sign up to have their identifiable data used and published in ‘a very large dataset’ and onwardly re-used by anyone with unregistered access. The users data were extracted “without the express prior consent of the user […].”

Are the registration consent purposes compatible with the purposes to which the researcher put the data should be a simple enough question.  Are the research purposes what the person signed up to, or would they be surprised to find out their data were used like this?

Questions the “OkCupid data snatcher”, now self-confessed ‘non-academic’ researcher, thought unimportant to consider.

But it appears in the last month, he has been in good company.

Google DeepMind, and the Royal Free, big players who do know how to handle data and consent well, paid too little attention to the very same question of purposes.

The boundaries of how the users of OkCupid had chosen to reveal information and to whom, have not been respected in this project.

Nor were these boundaries respected by the Royal Free London trust that gave out patient data for use by Google DeepMind with changing explanations, without clear purposes or permission.

The legal boundaries in these recent stories appear unclear or to have been ignored. The privacy boundaries deemed irrelevant. Regulatory oversight lacking.

The respectful ethical boundaries of consent to purposes, disregarding autonomy, have indisputably broken down, whether by commercial org, public body, or lone ‘researcher’.

Research purposes

The crux of data access decisions is purposes. What question is the research to address – what is the purpose for which the data will be used? The intent by Kirkegaard was to test:

“the relationship of cognitive ability to religious beliefs and political interest/participation…”

In this case the question appears intended rather a test of the data, not the data opened up to answer the test. While methodological studies matter, given the care and attention [or self-stated lack thereof] given to its extraction and any attempt to be representative and fair, it would appear this is not the point of this study either.

The data doesn’t include profiles identified as heterosexual male, because ‘the scraper was’. It is also unknown how many users hide their profiles, “so the 99.7% figure [identifying as binary male or female] should be cautiously interpreted.”

“Furthermore, due to the way we sampled the data from the site, it is not even representative of the users on the site, because users who answered more questions are overrepresented.” [sic]

The paper goes on to say photos were not gathered because they would have taken up a lot of storage space and could be done in a future scraping, and

“other data were not collected because we forgot to include them in the scraper.”

The data are knowingly of poor quality, inaccurate and incomplete. The project cannot be repeated as ‘the scraping tool no longer works’. There is an unclear ethical or peer review process, and the research purpose is at best unclear. We can certainly give someone the benefit of the doubt and say intent appears to have been entirely benevolent. It’s not clear what the intent was. I think it is clearly misplaced and foolish, but not malevolent.

The trouble is, it’s not enough to say, “don’t be evil.” These actions have consequences.

When the researcher asserts in his paper that, “the lack of data sharing probably slows down the progress of science immensely because other researchers would use the data if they could,”  in part he is right.

Google and the Royal Free have tried more eloquently to say the same thing. It’s not research, it’s direct care, in effect, ignore that people are no longer our patients and we’re using historical data without re-consent. We know what we’re doing, we’re the good guys.

However the principles are the same, whether it’s a lone project or global giant. And they’re both wildly wrong as well. More people must take this on board. It’s the reason the public interest needs the Dame Fiona Caldicott review published sooner rather than later.

Just because there is a boundary to data sharing in place, does not mean it is a barrier to be ignored or overcome. Like the registration step to the OkCupid site, consent and the right to opt out of medical research in England and Wales is there for a reason.

We’re desperate to build public trust in UK research right now. So to assert that the lack of data sharing probably slows down the progress of science is misplaced, when it is getting ‘sharing’ wrong, that caused the lack of trust in the first place and harms research.

A climate change in consent

There has been a climate change in public attitude to consent since care.data, clouded by the smoke and mirrors of state surveillance. It cannot be ignored.  The EUGDPR supports it. Researchers may not like change, but there needs to be an according adjustment in expectations and practice.

Without change, there will be no change. Public trust is low. As technology advances and if we continue to see commercial companies get this wrong, we will continue to see public trust falter unless broken things get fixed. Change is possible for the better. But it has to come from companies, institutions, and people within them.

Like climate change, you may deny it if you choose to. But some things are inevitable and unavoidably true.

There is strong support for public interest research but that is not to be taken for granted. Public bodies should defend research from being sunk by commercial misappropriation if they want to future-proof public interest research.

The purpose for which the people gave consent are the boundaries within which you have permission to use data, that gives you freedom within its limits, to use the data.  Purposes and consent are not barriers to be overcome.

If research is to win back public trust developing a future proofed, robust ethical framework for data science must be a priority today.

Commercial companies must overcome the low levels of public trust they have generated in the public to date if they ask ‘trust us because we’re not evil‘. If you can’t rule out the use of data for other purposes, it’s not helping. If you delay independent oversight it’s not helping.

This case study and indeed the Google DeepMind recent episode by contrast demonstrate the urgency with which working out what common expectations and oversight of applied ethics in research, who gets to decide what is ‘in the public interest’ and data science public engagement must be made a priority, in the UK and beyond.

Boundaries in the best interest of the subject and the user

Society needs research in the public interest. We need good decisions made on what will be funded and what will not be. What will influence public policy and where needs attention for change.

To do this ethically, we all need to agree what is fair use of personal data, when is it closed and when is it open, what is direct and what are secondary uses, and how advances in technology are used when they present both opportunities for benefit or risks to harm to individuals, to society and to research as a whole.

The potential benefits of research are potentially being compromised for the sake of arrogance, greed, or misjudgement, no matter intent. Those benefits cannot come at any cost, or disregard public concern, or the price will be trust in all research itself.

In discussing this with social science and medical researchers, I realise not everyone agrees. For some, using deidentified data in trusted third party settings poses such a low privacy risk, that they feel the public should have no say in whether their data are used in research as long it’s ‘in the public interest’.

For the DeepMind researchers and Royal Free, they were confident even using identifiable data, this is the “right” thing to do, without consent.

For the Cabinet Office datasharing consultation, the parts that will open up national registries, share identifiable data more widely and with commercial companies, they are convinced it is all the “right” thing to do, without consent.

How can researchers, society and government understand what is good ethics of data science, as technology permits ever more invasive or covert data mining and the current approach is desperately outdated?

Who decides where those boundaries lie?

“It’s research Jim, but not as we know it.” This is one aspect of data use that ethical reviewers will need to deal with, as we advance the debate on data science in the UK. Whether independents or commercial organisations. Google said their work was not research. Is‘OkCupid’ research?

If this research and data publication proves anything at all, and can offer lessons to learn from, it is perhaps these three things:

Who is accredited as a researcher or ‘prescribed person’ matters. If we are considering new datasharing legislation, and for example, who the UK government is granting access to millions of children’s personal data today. Your idea of a ‘prescribed person’ may not be the same as the rest of the public’s.

Researchers and ethics committees need to adjust to the climate change of public consent. Purposes must be respected in research particularly when sharing sensitive, identifiable data, and there should be no assumptions made that differ from the original purposes when users give consent.

Data ethics and laws are desperately behind data science technology. Governments, institutions, civil, and all society needs to reach a common vision and leadership how to manage these challenges. Who defines these boundaries that matter?

How do we move forward towards better use of data?

Our data and technology are taking on a life of their own, in space which is another frontier, and in time, as data gathered in the past might be used for quite different purposes today.

The public are being left behind in the game-changing decisions made by those who deem they know best about the world we want to live in. We need a say in what shape society wants that to take, particularly for our children as it is their future we are deciding now.

How about an ethical framework for datasharing that supports a transparent public interest, which tries to build a little kinder, less discriminating, more just world, where hope is stronger than fear?

Working with people, with consent, with public support and transparent oversight shouldn’t be too much to ask. Perhaps it is naive, but I believe that with an independent ethical driver behind good decision-making, we could get closer to datasharing like that.

That would bring Better use of data in government.

Purposes and consent are not barriers to be overcome. Within these, shaped by a strong ethical framework, good data sharing practices can tackle some of the real challenges that hinder ‘good use of data’: training, understanding data protection law, communications, accountability and intra-organisational trust. More data sharing alone won’t fix these structural weaknesses in current UK datasharing which are our really tough barriers to good practice.

How our public data will be used in the public interest will not be a destination or have a well defined happy ending, but it is a long term  process which needs to be consensual and there needs to be a clear path to setting out together and achieving collaborative solutions.

While we are all different, I believe that society shares for the most part, commonalities in what we accept as good, and fair, and what we believe is important. The family sitting next to me have just counted out their money and bought an ice cream to share, and the staff gave them two. The little girl is beaming. It seems that even when things are difficult, there is always hope things can be better. And there is always love.

Even if some might give it a bad name.

********

img credit: flickr/sofi01/ Beauty and The Beast  under creative commons

Building Public Trust in care.data sharing [1]: Seven step summary to a new approach

Here’s my opinion after taking part in the NIB #health2020 Bristol event 24/7/2015 and presentation of plans at the June King’s Fund hosted event. Data sharing includes plans for extraction and uses of primary care data by third parties, charging ahead under the care.data banner.

Wearing my hat from a previous role in change management and communications, I share my thoughts in the hope the current approach can adapt and benefit from outside perspectives.

The aim of “Rebuilding and sustaining Public trust” [1] needs refocused to treat the cause, not only the symptoms of the damage done in 2014.  Here’s why:

A Seven Step Top Line Summary

1. Abstract ‘public trust’ is not vital to the future of data sharing. Being demonstrably worthy of public trust is.

2. Data-sharing is not vital to future-proof the NHS. Using knowledge wisely is.

3. A timed target to ‘get the public’s data’, is not what is needed. Having a stable, long term future-proofed and governable model is.

4. Tech solutions do not create trust. Enable the positive human response to what the org wants from people, enabling their confident ‘yes to data-sharing.’ [It might be supported by technology-based tools.]

5. Communications that tell the public ‘we know best, trust us’ fail.  While professional bodies [BMA [2], GPES advisory group, APPG report calling for a public benefits plan, ICO, and expert advice such as Caldicott] are ignored or remain to be acted upon, it remains challenging for the public to see how the programme’s needs, motives and methods are trustworthy. The [Caldicott 2] Review Panel found that commissioners do not need dispensation from confidentiality, human rights & data protection law.” [3] Something’s gotta give. What will it be?

6. care.data consistency. Relationships must be reliable and have integrity.
“Trust us – see the benefits” [But we won’t share the business cost/benefit plan.]
“Trust us – we’re transparent” [But there is nothing published in 2015 at all from the programme board minutes] [4]
“Trust us – we’ll only use your data wisely, with the patient in control” [Ignore that we didn’t before [5] and that we still share your data for secondary uses even if you opted out [6] and no, we can’t tell you when it will be fixed…]

7. Voices do not exist in a vacuum. Being trustworthy on care.data  does not stand alone but is part of the NHS ‘big picture’.
Department of Health to GPs: “Trust us about data sharing.’  [And ignore that we haven’t respected many of  your judgement or opinions.]
NHS England to GPs: “Trust us about data sharing.’  
[And ignore our lack of general GP support: MPIG withdrawal, misrepresentation in CQC reports] NHS England and Department of Health to professionals and public: “The NHS is safe in our hands.’ Everyone: “We see no evidence that plans for cost savings, 7 day working, closures and the 5YFV integration will bring the promised benefits. Let us ‘see the holes’, so that we can trust you based on evidence.”

See the differences?

Target the cause not Symptom:

The focus in the first half, the language used by NHS England/NIB/ DH, sets out their expectations of the public. “You must trust us and how you give us your data.”

The focus should instead to be on the second half, a shift to the organisation, the NHS England/NIB/ DH, and set out expectations from the public point-of-view. ” Enable the public to trust the organisation. Enable individual citizens to trust what is said by individual leaders. This will enable citizens to be consensual sharers in the activity your organisation imposes – the demand for care.data through a statutory gateway, obliging GPs to disclose patient data.

The fact that trust is broken, and specifically to data-sharing that there is the deficit [A] between how much the public trusts the organisation and how the organisation handles data, is not the fault of the public, or “1.4 M NHS staff”, or the media, or patient groups’ pressure. It’s based on proven experience.

It’s based on how organisations have handled data in the past. [5] Specifically on the decisions made by DH, and the Information Centre and leaders in between. Those who chose to sell patient data without asking the public.

The fact that trust is broken is based on how leadership individuals in those organisations have responded to that. Often taking no responsibility for loss.

No matter how often we hear “commissioners will get a better joined up picture of care needs and benefit you”, it does not compensate for past failings.

Only demonstrable actions to show why it will not happen in future can start that healing process.

Target the timing to the solution, not a shipping deadline

“Building trust to enable data sharing” aims at quick fixes, when what is needed is a healing process and ongoing relationship maintenance.

Timing has to be tailored to what needs done, not an ‘artificial deadline’. Despite that being said it doesn’t seem to match reality.

Addressing the Symptoms and not the Cause, will not find a Cure

What needs done?

Lack of public trust, the data trust deficit [A] are symptoms in the public to be understood. But it is the causes in the organisations that must be treated.

So far many NHS England staff I have met in relation to care.data, appear to have a “them and us” mentality. It’s almost tangibly wrapped up in the language used at these meetings or in defensive derision of public concerns: “Tin foil hat wearers”, “Luddites” [7] and my personal favourite, ‘Consent fetishists.’ [8] It’s counter productive and seems borne from either a lack of understanding, or frustration.

The NIB/DH/NHS England/ P&I Directorate must accept they cannot force any consensual change in an emotion-based belief based on past experiences, held by the public.

Those people each have different starting points of knowledge and beliefs.  As one attendee said, “There is no single patient replicated 60 million times.”

The NIB/DH/NHS England/ P&I Directorate can only change what they themselves can control. They have to model and be seen to model change that is trustworthy.

How can an organisation demonstrate it is trustworthy?

This means shifting the focus of the responsibility for change from public and professionals, to leadership organisation.

There is a start in this work stream, but there is little new that is concrete.

The National Data Guardian (NDG) role has been going to be put on a legal footing “at the earliest opportunity” since November 2014. [9] Nine months.

Updated information governance guidance is on the way.

Then there’s two really strong new items that would underpin public trust, to be planned in a ‘roadmap’: the first a system that can record and share consent decisions and the second, to provide information on the use to which an individual’s data has been put.

How and when those two keystones to public trust will be actually offered appear unknown. They will  encourage public trust by enabling choice and control of our data. So I would ask, if we’re not there yet on the roadmap, how can consent options be explained to the public in care.data communications, if there is as yet no mechanism to record and effect them? More on that later.

Secondly, when will a usage report be available? That will be the proof to demonstrate that what was offered, was honoured. It is one of the few tools the organisation(s) can offer to demonstrate they are trustworthy: you said, we did. So again, why jeopardise public trust by rolling out data extractions into the existing, less trustworthy environment?

How well this is done will determine whether it can realise its hoped for benefits. How the driving leadership influences that outcome, will be about the organisational approach to opt out, communicating care.data content decisions, the way and the channels in which they are communicated, accepting what has not worked to date and planning long-term approaches to communicating change before you start the pathfinders. [Detailed steps on this follows.]

Considering the programme’s importance we have been told, it’s vital to get right. [10]

i believe changing the approach from explaining benefits and focus on public trust, to demonstrating why the public should trust demonstrable changes made, will make all the difference.

So before rolling out next data sharing steps think hard what the possible benefits and risks will be, versus waiting for a better environment to do it in.

Conclusion: Trust is not about the public. Public trust is about the organisation being trustworthy. Over to you, orgs.

####

To follow, for those interested in nitty gritty, some practical suggestions for progress in Building Public Trust in data sharing:

This is Part one: A seven step top line summary – What I’d like to see change addressing public trust in health data sharing for secondary purposes.

Part two: a New Approach is needed to understanding Public Trust For those interested in a detailed approach on Trust. What Practical and Policy steps influence trust. On Research and Commissioning. Trust is not homogeneous. Trust  is nuanced even within the single relationship between one individual and another. It doesn’t exist in a vacuum.

Part three: Know where you’re starting from. What behaviours influence trust. Fixing what has already been communicated is vital before new communications get rolled out. Vital to content of your communications and vital for public trust and credibility.

Part four: Communicate the Benefits won’t work – How Communications influence trust. For those interested in more in-depth reasons, I outline in part two why the communications approach is not working, why the focus on ‘benefits’ is wrong, and fixes.

Part five: Future solutions – why a new approach may work better for future trust – not to attempt to rebuild trust where there is now none, but strengthen what is already trusted and fix today’s flawed behaviours; honesty and reliability, that  are vital to future proofing trust

####

Background References:

I’m passionate about people using technology to make their jobs and lives better, simpler, and about living well. So much so, that this became over 5000 words. To solve that, I’ve assumed a baseline knowledge and I will follow up with separate posts on why a new approach is needed to understanding “Public Trust”, to “Communicating the benefits” and “Being trustworthy and other future solutions”.

If this is all new, welcome, and I suggest you look over some of the past 18 months posts that include  public voice captured from eight care.data  events in 2014. care.data is about data sharing for secondary purposes not direct care.

[1] NHS England October 2014 http://www.england.nhs.uk/2014/10/23/nhs-leaders-vision/

[2] BMA LMC Vote 2014 http://bma.org.uk/news-views-analysis/news/2014/june/patients-medical-data-sacrosanct-declares–bma

[3] Caldicott Review 2: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[4] Missing Programme Board documents: 2015 and June-October 2014

[5] HSCIC Data release register

[6] Telegraph article on Type 2 opt out http://www.telegraph.co.uk/news/health/news/11655777/Nearly-1million-patients-could-be-having-confidential-data-shared-against-their-wishes.html

[7] Why Wanting a Better Care.Data is not Luddite: http://davidg-flatout.blogspot.co.uk/2014/04/why-wanting-better-caredata-is-not.html

[8] Talking to the public about using their data is crucial- David Walker, StatsLife http://www.statslife.org.uk/opinion/1316-talking-to-the-public-about-using-their-data-is-crucial

[9] Dame Fiona Caldicott appointed in new role as National Data Guardian

[10] Without care.data health service has no future says director http://www.computerweekly.com/news/2240216402/Without-Caredata-we-wont-have-a-health-service-for-much-longer-says-NHS

Polls of public feeling:

[A] Royal Statistical Society Data Trust Deficit http://www.statslife.org.uk/news/1672-new-rss-research-finds-data-trust-deficit-with-lessons-for-policymakers

(B] Dialogue on data – work carried out through the ADRN

 

 

The care.data coach ride: communications – all change or the end of the line?

Eleven months ago, care.data was put on hold and promises made to listen to professional and public opinion, which would shape programme improvement.

Today, Sir Bruce Keogh of NHS England said: “an unprecedented shift of resources and care into GP surgeries was necessary to help the NHS withstand the twin pressures of rising demand and tight budgets.”
[The Guardian, 19 Jan 2015]

care.data right now, seems like the straw on the camel’s back that GPs do not need, and that in its current format, many patients do not want.

Why the rush to get it implemented and will the costs of doing so, – to patients, to professionals and to the programme – be worth it?

What has NHS England heard from these listening events?

The high level ‘you said, we did’ document, sharing some of the public concerns raised with care.data, has been published by NHS England.

It is an aggregated, high level presentation, but I wonder if it really offers much more insight than everyone knew a year ago? It’s a good start, but does it suggest any real changes have taken place as a result of listening and public feedback?

Where are we now, what does it tell us, and how will it help?

Some in the media argue, like this article, that a:

“massive privacy campaign effectively put a halt to it last year.”

In reality it was the combination of the flaws in the care.data plans for the GP  data extraction and sharing programme, and past NHS data sharing practices, which was its own downfall.

Campaigners merely pointed these flaws out.

Once they were more apparant, many bodies involved in good data sharing and those with concerns for confidentiality, came together with suggestions to make improvements.

But to date and a year after patients first became aware of the issues, even this collaboration has not yet solved patients’ greatest concern, that data is being given, without the individuals’ knowledge or consent, to third parties for non-clinical care, without oversight once they receive it.

The HSCIC 2013-15 Roadmap outlined HSCIC  would ‘agree a plan for addressing the barriers to entry into the market for new commercial ventures’ using our data provided by the HSCIC and:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

 

Working with care.data was first promised, to ‘innovators of all kinds’  just as HES was delivered to commercial businesses, [including reportedly Google, and PA Consulting getting 15 years of NHS data], all with unclear and  unproven patient benefit or UK plc economic development and gain.

 

Patients are concerned about this.

 

They have asked about the assurance given that the purposes are more defined but still don’t rule out commercial users, re-use licences have not been categorically ruled out, and patients have asked further, detailed questions, which are still open.

View some of them for yourself here:  including coercion, disability inclusion, and time and time again concerns over the accuracy and quality of records, which may be uploaded, and mistakes never deleted upon which judgments are made, from records which the patient may never have seen.

care.data events have been hosted by and held for a group of charities, other care.data listening events held by the care.data advisory group, [include Peterborough and Coin Street, London]  [you can view the 26th November Manchester event with questions from 33 minutes in] and those held as part of the NHS Open House event in June [from 01:13.06 in the NHS Open House video], all asked sensible detailed questions on process and practice which are still to be addressed, which are not in the high level ‘you said, we did.’

Technical and practical processes of oversight have been changed to improve the way in which data was shared, but what about data use that has been the crux of patient concern?

How will the questions that remain unanswered be addressed? – because it seems the patient letter, posters and flyers won’t do it.

What now?

Communications are rolling out in pathfinders

All year the message has been the same: communication was poor.

“We have heard, loud and clear, that we need to be clearer about the care.data programme and that we need to provide more support to GPs to communicate the benefits and the risks of data sharing with their patients, including their right to opt out.” [October 2014, Mr. Kelsey, NHS England]

The IIGOP report on care.data outlined in December 2014 what still remains to be done and the measures required for a success.

These go far beyond communications issues.

But if pathfinders are being asked to spend time and money now, it must be analysed now, what will new communications materials look like, compared with those from a year ago.

Whilst I would agree that communications were poor, the question that remains to be asked is why? Why was communication poor? Why did a leaflet that was criticised by ICO, criticised by the GPES advisory group, criticised by many more and glaringly a failed piece of communication to outsiders, why was all that advice and criticism ignored and it got sent [or not sent] to patients across England?

[Sept 2013 GPES Advisory] “The Group also had major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”.

We could say it doesn’t matter. However it is indicative of the same issues now, as then, and throughout the year. There has been lots of positive advice given, shared, and asked for at patient listening events. If this is the extent of “you said, we did”, feedback is still being ignored. That matters.

Because if it continues to be, any new communications will have the same failure-to-launch that they did a year ago.

In the last year we have heard repeatedly, that the pause will enable the reshaping of communications materials.

Sadly, the bell hasn’t rung yet, on what really needs done. It looks to me as though the communications people have done their best, dealing with glaring gaps in content.

Communications materials are not ready, because it’s not clear where care.data is going, or what’s the point of the trip.

bellbroken

 

All change?

It has failed to address the programme as a change issue.

That is what it is at its core, and it is this failure which explains why it has met so much resistance.

If the 26th November Manchester questions are anything to go by the reason for the change as to why our data is needed at all, remains very unclear, for professionals and patients.

How patients will be empowered to manage its ongoing changes into the future, is also undefined.

In addition, there has been little obvious, measurable change in the substance of the programme communication in the last 12 months.

New materials suggest no real changes have taken place as a direct result of listening to public feedback at all. They may have from feedback that was given before the pause, but what impact has the pause had?

If you disagree, look over the GP care.data leaflet from 2013 and see what changes you would make now. Look at the 2013 patient leaflet and see what substantial improvement there is. Look at the basic principles of data protection and see if the care.data programme communications clearly and simply address them any better now.

What are the new plans for new communications, and how do they pick up on the feedback given at ‘hundreds’ of listening events?

The communications documents are a good start at addressing a complex set of questions.

However, whilst they probably meet their spec it doesn’t meet their stated objective: to show clear ‘we did’ nor a clear future action plan.

The listening feedback may have been absorbed, but hasn’t generated any meaningful new communications output.

It shows as far as listening goes, real communications in this one-way format, may have reached the end of the line.

How can patients make a decision on an unknown?

The new communications in posters and the ‘you said, we did’, state that access to the information collected will be limited in the pathfinder – but it does not address the question in the longer term.

This is a key question for patients.

It should be simple. Who will have access to my data and why?

No caveats, no doubts, no lack of clarity.

Patients should be properly informed how ALL their data is being used that is held by HSCIC. The opt out talked in February 2014 of two options; for data to be extracted under care.data at GPs and all the other data already stored at the HSCIC from hospitals and elsewhere. To explain those two different options patients first need told about all the data which is stored, and how it is used.

Talk about the linkage with other datasets, the future extraction and use of social care data, the access given via the back office to police and other non-health government departments. Stop using ‘your name will not be used’ in materials like the original patient leaflet – It may be factual for care.data per se, but is misleading on what of our personal data is extracted and used without our consent or awareness – most of us don’t know the PDS extracts name at all.

Being cagey does not  build trust. Incomplete explanation of uses would surely not meet the ICO data protection requirements of fair processing either. And future uses remain unexplained.

For care.data this is the unknown.

NHS England is yet to publish any defined future use and scope change process, though its plan is clearly mapped:

caredatatimeline

 

There must be a process of how to notify patients either of what will be extracted, or who will be given access to use it > a change process. A basic building block for fair processing. Not a back door.

It needs to address: how is a change identified, who will be notified within what time frame before the extraction, how will the training and access changes be given, and how will patients be informed of the change in what may be extracted or who may be using it and be given the right to change their opt in / out selection. The law requires fair processing BEFORE the change happens.

We patients should also be made aware what impact this choice has on data already extracted, and that nothing will be deleted from our history. Even if its clearly a mistake. How does that affect reports?

Communication is impossible whilst the content & scope is moving.

I’ve been banging on, quite frankly,  about scope, since March.

This is what needs done. Pull over, and get the fixes done.

> Don’t roll out any comms in a pathfinder yet. They’re not ready.

> First sort out the remaining substance so you know what it is that materials are communicating.  What, who, why, when, how?

The IIGOP report lists clearly all that needs done and how to measure their success: it’s not communications, it’s content.

The final technical, security and purposes pieces still need resolved; practical questions on opt out,  legislation needed to make sure the  opt out really is robust, that the so-called ‘one strike and out’ isn’t just a verbal assurance but actually happens, and that future access is defined beyond the pathfinder – who will have access at and outside the new secure lab – not only for the pilot, but future.

Get the definition of scope limited so as to meet fair processing, and get the future scope change communication process ironed out.

How will patients be communicated to not only now, not in a pathfinder, but for every change that happens in the future which has a fair processing requirement?

Only then can the programme start to truly address change and communications with meaningful messages. Until then, it’s PR.

Once you know what you’re saying, how to say it becomes easy.

If it’s not proving easy to do well, we need to ask why.

change>>>References>>>

 1. You said, we did NHS England presentation

2. IIGOP report into care.data

3. Pharmacists to access DWP data – example of scope change who accesses data and why, which fails fair processing without a change process in place to communicate

>>>>>>>>>

For anyone interested in considering the current materials in detail, see below: this doesn’t address the posters shared in the Manchester event or what is missing, but many of the messages are the same as in the ‘you said, we did’ and it’s a start.

>>>>>>>>>

Addendum:

1. The “co-production” approach to materials

2. Why a scope change management process is vital to trust for care.data.

3. Some feedback on the high level ‘you said, we did’ document

4. What do communications require to improve from those before?
5. Hard questions

 

1. The “co-production” approach to materials

The IIGOP report on care.data outlined in December 2014 asked a very sound question on page 8:

“What are the implications of using locally developed communications material (“co-production”) for subsequent national rollout ?”
The Programme is developing a “co-production” approach to initial GP and patient-facing material, based on feedback from the care.data “listening period” and from local events and formal research.
“The intent is to ensure that there is local ownership of material used to communicate with professionals and patients in the Pathfinder stage.”
To ask a basic tenet of change management: what’s in it for them?
It’s unclear to what level of detail the national materials will go, and how much local sites will create.

 

If I were at CCG or GP level and responsible for ‘local ownership’ of communications from this national programme, I’d be asking myself why I am expected to reinvent the wheel? I’d want to use national standards as far as possible.

Why should local organisations have to produce or design materials which should be communicating the intent of a programme whose purpose is to be identical for every one of the 62 million in England registered with a GP? Let’s hope the materials are national.

What benefit will a local level site see, by designing their own materials – it will cost time and money – where’s the benefit for the patients in each practice, for the GPs and the programme?
Is it too cynical to ask, has NHS England not got the resources to do this well and deliver ready-done?
If so, I should urge a rethink at national level, because in terms of time and people’s effort this multiple duplication will be a costly alternative.
It also runs the risk of costly mistakes in accuracy and inconsistency.
There appears to date to be no plan yet how future changes will be communicated. This must be addressed before the pathfinder and in any current communication, and all local sites need the same answer because the new decisions on extraction, will be at national level.

2. Some feedback on the high level ‘you said, we did’ document:

page 9: “present the benefits” – this fails to do so  – this is however not a failing of this presentation – there is simply still no adequate cost benefit document available in the public domain.

page 11: “keep data safe” – the secure lab is mentioned – a great forwards step compared with HES access – and it states analysts will only access it there in the pathfinder – but what about after that?

page 13: “explain the opt out clearly”: “You can opt out at any time. Just talk to your GP Practice.” > I have, but as far as I know my data is still released by the HSCIC from HES and wider secondary collections of data, which I did not know were extracted and did not consent to being used for secondary purposes. Opt out doesn’t appear to actually work. Please let me know if that’s a misunderstanding on my part. I’d be delighted to hear it is functional.

page 15: “legislative changes” – the biggest concern patients raise over and over again, is sharing data beyond their direct care with commercial companies and for non-NHS purposes. This has not been excluded. No way round that. No matter how you word it and made harder by the fact that data was released from HES in July to Experian for use in mosaic. If that makes the definition, then it’s loose.

The one-strike-and-out is not mentioned in materials, although it was discussed on Nov 26th in Manchester. When is the legislation to actually happen?

Both this and the opt out are still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

page 17: “access safeguards” – the new audit trail is an excellent step. But doesn’t help patients know if OUR data was used, it’s generic. We need some sort of personal audit trail of our consent, and show how it is respected in what data is released, to who, when, and why. The over emphasis of ‘only with legal access’ is overdone as 251 has been used to approve data access for years without patient knowledge or consent. If it is to be reassuring, it is somewhat misleading; data is shared much more widely than patients know. If it is to answer questions asked in the listening feedback events, there needs to be an explanation of how the loop will be closed to feed the information back and how it will be of concrete benefit.

And in general:

Either “this will not affect the care you receive”  or it will. Both sentences cannot be true.  Either way, there should be no coercion of participation:

“If you decide to opt out it won’t affect the care and treatment you receive. However, if significant amounts of people do opt out, we won’t be able to collect enough information to help us improve NHS services across the nation.”
Agreement must in usual medical environments, be given voluntarily and freely, without pressure or undue influence being exerted on the person either to accept or refuse.

3. What do communications require to improve from those before?

a. Lessons Learned for improvement:

The point of the pause was in order to facilitate the changes and improvement needed in the programme, whose flaws were the reason to stop in February. All the questions need shared so that all the CCGs can benefit from all the learning. If all the flaws are not discussed openly, how can they be fixed? Not only being fixed, but being seen to be fixed would be productive and useful for the programme. [The IIGOP report on care.data outlined in December 2014 covers these.]

b. Consistency:

Raw feedback will be vital for CCGs and GP practices to have. It has not been released and the ‘you said, we did’ is a very high level aggregate of what was clear last February. Since then, the detailed questions are what should be given to give all involved the information to able to understand, and to have the answers for consistently.

This way they will be properly prepared for the questions they may get in any pilot rollout. If questions have already been asked in one place, the exact same answer should be reproduced in another.

c. Time-saving:

If the same question has already been asked at a national or regional event, why make the local level search for the same answer again?  This could be costly and pointless multiplied many times over.

d. Accuracy:

Communications aren’t always delivered correctly. They can be open to misinterpretation or that the comms team simply gets facts wrong.  That would fail data protection requirements and fail to protect GPs. How will this accuracy be measured if done at local level and how will it be measured and by whom?

The IIGOP report asked: “What are the success criteria for the Pathfinders? How will we know what has worked and what has not? “

I know from my own experience that either the communications team or consultants can misunderstand the facts, or something can easily become lost in translation, from the technical theory to the tangible explanation.

4. Future change: Control of scope change for linkage and  access

Current communications may address the current pathfinder extraction, but they are not fit for purpose for a rollout which is intended to be long term and ever changing.

So what exactly is it piloting? – a “mini” approach? – if so, to what purpose? or is it just hoping to get X amount of data in, done and dusted, as ‘a start.’

If the pathfinder patients are only told a sub-set of information in a pilot rollout, we should ask:

a. why? Is this in order to make the idea sound more appealing?

b. how will it be ensured that their consent, or lack of objection, is fully informed and therefore meets Data Protection requirements?

and finally

c. how will future changes be communicated? This must be addressed before the pathfinder and in any current communication.

For example; who gets access to data may change so you can’t say only “” access to the information collected will only be given to a limited number of approved analysts who will have to travel to a new secure data facility that the HSCIC is setting up.”

Pharmacists who have access to this data for direct care, may also now be getting access to DWP data.

“the Royal Pharmaceutical Society has already said that the new measures could affect trust between patients and pharmacists.” [EHI Dec 30th 2014]

When patients signed up for the SCR at a GP practice they may not realise it is shared with pharmacies. When data is shared with the Department of Work and Pensions, citizens may not realise it could be shared with pharmacies.  Neither told the other when signing up that future access would allow this cross referencing and additional access.

This is a real life scenario that should not be glossed over in a brochure. A hoped for ‘quick-fix’ now, will simply cause later problems, and if data is used inappropriately, there may not be another opportunity for winning back trust again.

To get it legally wrong now, would be inexcusable.

Here’s why it would be better to do no more communications now:

5. Hard questions can’t be avoided

Currently, comms still avoid the hard questions, and those are the ones people want answers for. Open questions remain unaddressed.

Raw questions asked in July at a charities’ event are, with some post-event reshaping and responses here. Note how many are unknowns.

Changes have been suggested to be constructive.

One attendee of a public listening event commented online in October 2014, on the NHS England CCG announcement:

“I am one of those that has tried hard to engage with you to try and make sure that people can be assured that their personal and private information will not be exploited, I feel that you have already made the decision to press ahead regardless and feel very let down.

“Please publish the findings of your listening exercise and tell people how you intend to respond to their concerns before proceeding with this.”

People have engaged and want to be involved in making this programme work better, if it has to work at all like this.

Q: Where is the simple, clear public business case for cost and benefits?

The actual raw questions have been kept unpublished for no clear purpose. It could look like avoiding answering the hard questions.

The IIGOP report captures many of them; for example on process of competence, capacity and processes – and the report shows there is still a need to “demonstrate that what goes on ‘under the bonnet’ of Pathfinder practice systems operates in the same way that patients are being told it does.”

When is the promised legislative change to actually happen? The opt out is still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

It’s all about trust and that relationship, like the communication and feedback responses, has to be two-way.

care.data related December news you may have missed in the holiday

January looks like it’s going to be a busy NHS news month and December set out a very information rich programme.

Do you need a catch up from the holidays time? I know I could do with going back to September really, I blinked and missed the last quarter. But lots of news came in at the end of year, in typical holiday time, which is relevant to care.data, health data sharing and its backdrop:

[1] December 18th:  The Independent Information Governance Oversight Panel report raises questions about the preparation for a pilot stage of the care.data programme.

A very thorough and  most significant report. I considered this is more detail here.

[2] December 22nd: The Primary Care Support (PCS) Services procurement. Launched in November 2014 interested suppliers were asked to respond to a Pre-Qualification Questionnaire (PQQ).

“Members of our Stakeholder Group, staff from the PCS Service and experts in the procurement team have been evaluating the responses received from the PQQ. We have now produced a short list of suppliers to invite to the next stage of the procurement. We will be announcing the shortlisted suppliers in January 2015.”

How will this affect primary care records’ management and is that unknown being factored into current decision making?

[3] December 28th The Guardian reported the delayed Rose Report would be out in January and say the NHS is hampered by poor management structure.

[4] December 30th Poulter announces DWP prescription check “The government is planning to give High Street pharmacists access to Department of Work and Pensions IT systems to check whether patients in England are entitled to free prescriptions.”

This raises a raft of questions on data protection with implications for patient confidentiality, expected purposes, informed consent and data linkage.

[5] December: a New HSCIC Code of Confidentiality

A longer read and leaves not everyone content it addresses all the needed questions. Opt outs and technical solutions on anonymisation remain two areas of undefined detail relevant for care.data.

[6] January 2nd: IIGOP annual report How health and social care organisations are implementing recommendations about sharing information.

This is a key publication on data sharing as a whole [not only care.data] – snuck in on one of the quietest days of the year perhaps? Some points of particular mention are those which set expectations for legislation change:

“During a debate in the House of Lords in May 2014, in the face of criticism of the care.data programme, the Government said it was sympathetic to calls for IIGOP to be placed on a statutory footing.”

One can only expect then it is a question of when, not if, the IIGOP role will become enshrined in law. Before the next major data sharing step for care.data, the planned pathfinders perhaps?

The second piece of law needing defined and actioned goes back almost a year to February 2014 and Mr. Hunt’s promise of a statutory opt out, which would seem fundamental to any next step step and pilots.

On opt out IIGOP said:

“It is the view of IIGOP that progress at a nationwide level in achieving appropriate sharing of information for direct care will not be satisfactory until core building blocks are in place, including agreement on terminology, clarity on consent and consistency of arrangements for objection and “opt out.”

That opt out refers to all medical data sharing, not only that for care.data, which comes in for criticism but notes some positive side effects:

“The unintended consequence of care.data was a positive cycle of change.”

Most positively, the report notes the changed attitude to public awareness and expectations around personal data management:

“Over the past year, the subject of information governance has moved from the backwaters of organisational management into the mainstream of public discussion. Debate about when it is right to share people’s care data is no longer restricted to policymakers, technical experts and medical ethicists.”

[7] January 5th: The Health and Social Care Information Centre will launch a secure data lab for viewing sensitive patient data in March, allowing it to support the pathfinder stage of NHS England’s controversial care.data programme.

What about opt out – technical feasibility and the Ministers promises to put it into legislation, still not done yet?

[8] Public health commissioning in the NHS 2015 to 2016 plan

Everything connected to everything in the market matters in the bigger picture. See [2], [4] and consider commercial data uses.

[9] Predictions from professionals for 2015 via EHI Insider: A clear direction for NHS IT was set in 2014; but could be disrupted by the general election due on 7 May, according to experts asked for their predictions for healthcare IT in 2015.

So, this quarter is getting off to an information-rich start with the December releases of reports and news having laid an interesting foundation for the coming quarter. And election purdah at the end of March…

[10] My own care.data wish list – no more surprises please  – what will care.data plans hold for 2015?

 

****

References:

[1] IIGOP care.data report https://www.gov.uk/government/publications/iigop-report-on-caredata

[2] Primary Care support services outsourcing / transformation http://www.england.nhs.uk/commissioning/wp-content/uploads/sites/12/2014/12/Final_Stakeholder_Update_December_2014-.pdf

[3] The Rose Report http://www.theguardian.com/society/2014/dec/28/nhs-management-system-complex-rose-report

[4] www.ehi.co.uk/news/EHI/9813/poulter-announces-dwp-prescription-check

[5] HSCIC code of confidentiality http://systems.hscic.gov.uk/infogov/codes/cop/code.pdf

[6] IIGOP Annual Report: https://www.gov.uk/government/publications/iigop-annual-report-2014

[7] HSCIC secure data lab news: http://www.ehi.co.uk/news/primary-care/9815/hscic-data-lab-to-launch-in-march

[8] Commissioning plans: https://www.gov.uk/government/publications/public-health-commissioning-in-the-nhs-2015-to-2016

[9] 2015 Predictions: http://www.ehi.co.uk/news/primary-care/9800/coming-up-in-2015

[10] My own wish list fior care.data in 2015:  http://jenpersson.com/care-data-2015-list/

Oh, and my New Year’s Resolution, I’m cutting my posts in half. Nothing over 1000 words.

A care.data Christmas carol

“Marley was dead: to begin with. There is no doubt whatever about that.” [A Christmas Carol, Charles Dickens, 1843]

“Is care.data dead?” I was asked after our children’s nativity today, “what happened to that GP record sharing project?”  The local priest, you may think of all people, wondered what had become of the news stories we had discussed at Easter.

Not dead, I assured him, though it was suggested recently that the Caldicott led Independent Information Governance Oversight Panel (IIGOP) report [1], would be the final nail in the coffin of the past approach [2], and would spell doom ahead in any care.data future were the programme not to follow its recommendations.

I told him the story of the care.data year.

So, are you sitting comfortably? For Christmas is a time of storytelling. At its heart, the story of a birth, which has been handed down through generations.

But here, I borrow from the most famous of all English Christmas stories, a Christmas Carol, by Charles Dickens from 1843. Let us begin.

“Come in!” exclaimed the Ghost. “Come in! and know me better, man!”

The ghost of care.data past rattled its chains and brought no joy in 2014, haunting the current programme with news of past data sharing practices.  At the start of the year, much was made of the 25 years of past use of our health records with third parties about which the public had never been told nor asked for permission, we were told there had never been breaches [3], and there was surprise expressed by NHS England leadership at why care.data, the plan to extract GP records now in addition, should have struck such a nerve in the public. Then they actually ran an audit that told the full story.

Various reports have since tried to vanquish those ghosts which have haunted the rollout of care.data in the past year. Sir Nick Partridge in May led the Review of Data Releases by the NHS IC which looked back at health data sharing of the existing HSCIC held data, and in November, he examined the progress up to the present.[4]  The extent of third party releases including actuarial firms, organisations in the US and China, and commercial re-use was a complete surprise to the public and, his report appeared to suggest to many like him in management as well.

The IIGOP Report published last week on the care.data Programme Board looks to the future. It sets out a thorough set of specific recommendations, questions and tests to meet before it could be reasonable to proceed to a data extraction in the care.data pilot.

The first independent report on care.data, prepared and released under the oversight of the new Data Guardian, Dame Fiona Caldicott, it also captures many sensible and practical questions raised by patients at events all year.

In some ways, whilst sad to see what so many have said was needed has only come to be addressed by an independent body rather than NHS England, recognising the current weaknesses can only be seen as positive to bring about changes. It may have a hope of restoring public and professional trust.

What next steps will come from this for a care.data relaunch by NHS England, and when in future, remain to be seen. [Updates may be here, or here or sometimes here].

Perhaps if the current course of actions is averted, we may not ‘see a vacant seat’ if it all falls apart in 2015 after all.

The CCGs have been given a huge responsibility which is not of their making, if NHS England continues to pilot under CCG-steered rollouts.[5]

One would hope that given the right amount of time needed to manage this change process, and  with the right supporting skills and tools for the practicalities, the care.data programme will take a changed form in the year ahead. It may yet be saved.

But it does seem often that timing is of the essence, and we move from one artificial deadline to the next. The public and GPs wait without the security and confidence of a realistic schedule.  Waiting we wonder if we will reach the next chime due, or the next ghost to haunt the programme will arrive and cause new fright.

It’s no cure all, but it appears the IIGOP has given the programme the gift of one last wonderful opportunity to get this right. It’s requirements are sizeable and will take time to execute sensibly. The report illuminates a future path for progress and shows what must be altered today, to avoid the future it predicts otherwise.

The outcome of care.data rests in the hands of the DH and NHS England. Dependent on the public and professions seeing change.

As Scrooge learns:

“But if the courses be departed from, the ends will change.” [A Christmas Carol, Charles Dickens, 1843]

Ignore the wisdom of the ghosts at your peril. For a changed future outcome,  the actions of the present must change first.

So, humour me awhile, and let’s consider some of the bigger themes in the care.data Christmas carol that CCGs may wish to consider as it deals with preparing for pathfinder pilots…

Chapter 1. “This boy is Ignorance. This girl is Want. Beware them both, and all of their degree, but most of all beware this boy, for on his brow I see that written which is Doom, unless the writing be erased…” [A Christmas Carol, Charles Dickens, 1843]”

What information is getting through from listening events? [6]

There should be no excuse for poverty in the world today, and whilst in my bigger picture wish list, to deal with want would come first, in my care.data Christmas carol list, it is ignorance which cannot be tolerated.

There is no excuse for ignorance, for lack of information, or wondering what questions needed answers to date at the care.data programme board of NHS England.

“How do we explain care.data vs SCR”, “Can you tell me exactly who will access my data?”, “If future purposes change and I want the opportunity to withdraw & opt out, how will I get told?”

The IIGOP report states clearly the current gaps in knowledge and what must be done to fill them, for various parties.

Together with two other major reports this year on health data sharing and care.data: Partridge, and the November 2014 APPG report [7], professional bodies have provided plenty of information and asked plenty of questions which no one now can ignore.

Misplaced statements that there have been no breaches do nothing for public confidence, when later reports show that is ignorant or inaccurate. Big Brother Watch published its report into NHS Data Breaches in November. It found that data security is an ongoing problem, and that over the last four years patient confidentiality had been breached at least 7,255 times.[8]

Facts and answers now need to address the IIGOP report in depth, and meet patients’ past questions, to lay to rest some of the issues which have haunted the programme in the press; unexpected commercial uses, and re-use of data through commercial data licenses, for example.

Adequate time must be given to the CCGs, GPs and patients to be fully informed of the programme and the choice(s) on offer. This is not an IT rollout, but a series of process changes, which need human understanding and acceptance. “What’s in it for me?” versus “What risks may harm me?” need thinking time to be fairly presented and the patient choice collected.

To avoid potential doom whether it be significant opt out or failure to meet fair processing leaving GPs at risk [9], to adequately communicate through effective education, will take effort.

Chapter 2. “Every one of them wore chains like Marley’s Ghost; some few (they might be guilty governments) were linked together; none were free.” [A Christmas Carol, Charles Dickens, 1843]

Understand the links of who, why and what, of data sharing: 

The decision making, the process steps, how patients are told of changes in the programme today and will be in future, how the public perceives their data is exploited, are all linked together by very simply: who stores and uses the data, and for what purposes.

For the programme, it would be wise to understand the importance of the interaction of these parts of the process. Linked appropriately together, and working well, trust will keep the system together.  It fails, and no matter how good the technology is, without trust, the system will fail to deliver its expectations. If too many may opt out, or opt out disproportionately in certain population segments it would harm data quality.

When at the HSCIC data sharing discussion in July it was clear some data recipients were yet to grasp this interdependency, and the effect their attitudes to data use have on each other.

If one [class of] data recipient in future receives or uses data inappropriately, it will harm public faith in all users.

For patients, to have true transparency I believe care.data should be explaining exactly how the data linkage system [10] works, and all the other silos of data it already holds. The personal demographics service, stores a whole set of personal data of which the public maybe unaware, and yet may find used to link data collected from all sorts of parts of health and social care. If NHS data sharing is to be explained, do it all. To avoid doing this, will merely store up a future risk of yet more surprises for patients and damage trust further.

Chapter 3: “I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you. [A Christmas Carol, Charles Dickens, 1843]

Commercial use of data will be detrimental to public confidence.

By looking ahead to see what the ghost of care.data future might bring, the forecast doom of the present course, may yet be avoided.

As patients told NHS England at the Open House event [11], we’re fed up with commercial data mining, and the same was reflected by a representative group of citizens in various polls this year.[12]

How is the non-NHS data world changing? What of the upcoming EU data legislation?  How does commercial data industry itself perceive legislation in the UK?

In the 2013 Experian keynote address the Nectar Head of Customer Marketing noted, “legislation has not kept up to speed with where we are going’ [16:57] [13]

Perhaps it is opportune to reflect on one of the oldest Biblical themes at Christmas, choose which master you serve.

Back at NHS England and the IC, discussions in April 2013 seek to ‘create a vibrant market of data intermediaries , for example.

Which purposes should this serve? The health of the nation, or the wealth of the nation? Can one justly serve both equally?

“You fear the world too much,” she answered, gently. “All your other hopes have merged into the hope of being beyond the chance of its sordid reproach. I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you.” [A Christmas Carol, Charles Dickens, 1843]

It would appear to patients that by  mixing commercial purposes in with legitimate health, and health research purposes,  the data commissioning system has created its own downfall.[14]

The purposes whilst amended in the Care Act 2014, are so broad as to leave too much commercial use open under ‘purposes of health’. How would that rule out pharmaceutical marketing for example?

For many patients, use outside their own healthcare and its provision and planning is a real hot chestnut.

If patients are in disagreement over commercial uses for example, they have no choice but to opt out of research uses as well. This multi-option choice, or the removal of commercial use needs addressed.

If research wants more data, we would do well to define and restrict commercial use in legislation, much more specifically.

Chapter 4 : “You wish to be anonymous?” [a Christmas Carol, 1843]

There has been much disagreement and misunderstanding of how data will be used, anonymous or what non-identifiable really means.

Media reporting at the start of the year frequently focused on the collection of care.data as ‘anonymous data.’  Bah, humbug! that is factually incorrect.

CCGs need to make sure that their own staff understanding is correct, as well as passing on information if they are to be intermediaries on behalf of NHS England. At CCG meetings I attended, many staff confused care.data with direct care/SCR.

The default position if patients do nothing is the sharing of date of birth, full postcode, gender and ethnicity, and the NHS number is a unique identifier. Plus all the other codes and conditions.

It is still unclear how the data which has already been extracted without consent or fair processing, can be controlled by patients who may not wish to share identifiable data from their hospital visits, mental or community health.

bbc_notdentifiable

If patients can’t control data already held at HSCIC, why will they want to share more additional data, from primary care?

Learning from looking back on 2014

My own looking back on my care.data journey in 2014 is here.

medConfidential has a rather good summary of the year here. [15]

“Spirit,” said Scrooge submissively, “conduct me where you will. I went forth last night on compulsion, and I learnt a lesson which is working now. To-night, if you have aught to teach me, let me profit by it.” [A Christmas Carol, Charles Dickens, 1843]

From past lessons learned in 2014, one would hope the future rollout will profit from them and take the time, and use the tools it needs, to get to a brighter future.

Looking ahead: news for 2015 came at the end of the year.

Sir Partridge in the Telegraph, November 27 he said:

“We must make sure there are no surprises for the public about how their information is being used, that they have a choice in this and that we are honest about the balance of risk. Every single one of us has a part to play in making sure we get this right…

“The HSCIC is still improving its practices. It is also endeavouring to increase its transparency.”

The November 2014 APPG report said, what everyone appears to agree on:

“the public had been inadequately consulted in the early stages of the Care.data programme and that it was therefore correct to halt the programme to allow further public consultation.” [APPG report]

It goes on to say, “Organisations providing health or social care services must succeed in both respects [examining the Public Interest] if they are not to fail the people that they exist to serve,” and with that in mind a Public Benefits Plan should be drawn up, to support public transparency.

Public transparency would be improved by publishing the public’s questions from multiple listening events at which attendees were promised answers and follow up. The conversations did not always ask easy questions, but all the more reason to address them publicly for all; it will make the programme better.

So, if the care.data programme learns from that which has haunted care.data in the past year, and NHS England now grapples with all the questions and criteria of the IIGOP report, and increases its public transparency, stakeholders can look to the future with a renewed hope. But only if there is change made to the present course of actions.

“Scrooge was at first inclined to be surprised that the Spirit should attach importance to conversations apparently so trivial; feeling assured that they must have some hidden purpose.” [A Christmas Carol]

 What must surely happen now, is to use the IIGOP report as a basis of lessons learned. To see gaps in knowledge, and to build processes and procedures which set up the future. Some of these must be at national level, such as ‘How patients will be informed of future scope change’ so CCGs will need answers from NHS England even if pilots should be ‘co-produced’.
Quite frankly, only muppets would not want to wait and do all this in all the appropriate time needed. The coming General Election is perhaps seen as a key reason to artificially rush it through. But at what cost? Who is the programme for, party politics or the public good?

“What do you think of the show so far?”

Clearly the National Data Guardian and IIGOP, the APPG and others making many wise recommendations, find the approach so far lacking. To carry on as is, will bring predictable doom. But by using the IIGOP report insights, there is the hope that the outcomes of the current path may yet be avoided.

Which version of the care.data future will the NHS England Patients and Information Directorate choose to follow, and invite the CCGs to join them on, writing the next chapter of the care.data story in 2015?

“No space of regret can make amends for one life’s opportunity misused.” [A Christmas Carol, Charles Dickens, 1843]

***

Let’s hope 2015 is a good year, that the wish list of questions finds answers, and let’s hope there are no more care.data surprises.

Thank you for all the kind blog comments and questions I’ve received over the last year. I hope it helps keep patients’ voice heard. For all those or their representatives I have met and spoken with in the last year who have no voice at the table; the homeless, the travellers, the women and children in refuges, those concerned with public stigma, we must continue to challenge so their datasharing is, in the words of others; safe, consensual and transparent.

“I HAVE endeavoured in this Ghostly little book, to raise the Ghost of an Idea, which shall not put my readers out of humour with themselves, with each other, with the season, or with me. May it haunt their houses pleasantly, and no one wish to lay it.
Their faithful Friend and Servant,
C. D.

Now; let’s get back to the present today:

“What’s to-day, my fine fellow?” said Scrooge.

“To-day!” replied the boy. “Why, Christmas Day.”

“Merry Christmas,  and so, as Tiny Tim observed, God bless Us, Every One!”

  [A Christmas Carol, Charles Dickens, 1843]

***

Image from a Muppets Christmas Carol, 1992

References:

[1] The IIGOP report https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[2] EHI ‘Care.data Review Raises Questions‘ http://www.ehi.co.uk/news/ehi/9808/care.data-review-raises-questions

[3] BBC Radio 4, February 4 2014 http://www.bbc.co.uk/programmes/p01rmpdy

[4] Nov 2014, Progress of HSCIC data sharing review by Sir Nick Partridge https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/380042/HSCIC_Report_Summary_of_progress_261114_FINAL.pdf

[5] 7 Oct 2014, CCGs to help deliver care.data pilots http://www.england.nhs.uk/2014/10/07/ccgs-care-data-programme/

[6] What information is being heard at Listening events? http://jenpersson.com/pathfinder/

[7]The APPG Report – Nov 2014 – http://www.patients-association.com/Portals/0/APPG%20Report%20on%20Care%20data.pdf

[8] Report into NHS Data breaches http://www.bigbrotherwatch.org.uk/wp-content/uploads/2014/11/EMBARGO-0001-FRIDAY-14-NOVEMBER-BBW-NHS-Data-Breaches-Report.pdf

[9] on GP indemnity: care.data MPS advice to members http://www.medicalprotection.org/uk/membership-indemnity-updates/care.data

[10] The data linkage service http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf

[11] The Open House June 2014, public questions http://jenpersson.com/care-data-communications-core-concepts-part-two/

[12] Privacy and Personal Data IPSOS Mori poll https://www.ipsos-mori.com/researchpublications/researcharchive/3407/Privacy-and-personal-data.aspx

[13] 2013 Experian keynote address the Nectar Head of Customer Marketing

[14] care.data downfall parody http://paulbernal.wordpress.com/2014/02/25/tim-kelsey-discovers-care-data-is-in-trouble/

[15] medConfidential bulletin https://medconfidential.org/2014/medconfidential-bulletin-19-december-2014/

 

Thinking to some Purpose – a new era, a new look

Regular readers here or on twitter, may notice the new-look.

I’m moving away from The Amateur Book Blogger banner, and will be posting simply as me, as I go on.  The start of the summer holidays seemed as good a day as any, to saunter out into the sunshine on my own.  [I may even see if it’s worth updating my resultant twitter handle @TheABB]. The reason? This week, the View From Here Magazine announced it will be closing on November 1st, 2014. After seven  years on the writing team, it is not only the end of an era, but perhaps the start of a something new.

I started on the comms side, announcing writing events and industry news, and later moved into interviews. It’s been an amazing experience. Editor Mike French was a great remote-mentor. We’ve met only once, at the launch of his latest novel, Convergence, in The Dandelion Trilogy.  Mike both enabled and encouraged me to interview some great writers, editors, scouts and publishers, every quarter. I learned something new each time, from every contribution, and had great fun. All of which I enjoyed, but some stand out in the memory more than others, and every one was unique.

I travelled to The London Book Fair in 2010, the year the Icelandic volcanic ash prevented many traveling from abroad by plane.  The resulting bonus, many people’s meeting schedules became unexpectedly less full. I got squeezed in to film a serendipitous  interview with Jamie Byng at Canongate and  spoke with Helen Garnons-Williams, which led to producing a three part interview with her, the then newly head-hunted Editorial Director for Fiction at Bloomsbury UK.

Thank you to all whom I have interviewed since 2006, but also to readers and fellow unpublished writers who supported me, the team, and made the community at The View From Here what it is. With eclectic tastes, I learned much on writing, but also enjoyed the art of the creative collective.

The most recent interview I did for them, was here, with Isabel Allende. In her wide ranging career, it was hard to know what to ask and how to narrow it down, but one thing stays with me, in all she said, on the role of a writer:

“Writers have no obligation to comply with the official story or the official version, their only obligation is with their own consciousness.  Honesty above all.”

The other part of my writing recently has been more akin to her engagement in politics and civil society. I’ve been on twitter really only for the last nine months, throughout the difficult pregnancy of care.data, pronounced care [dot] data. If you missed it, that’s the government proposed scheme to suck up our GP medical records, merge them with data already held at the central Health and Information Centre from our hospital care, and then use the new, richer record for commissioning purposes and potentially more, as yet undefined.  Since our hospital and other health sourced-data is already sold to private companies and will continue to be so in future, but without having asked for informed consent, I’ve been a very skeptical critic and lay voice for positive changes for these wide secondary uses. [In case you’ve landed here for the first time,  I’ve a background in tech database implementations, communications and change, and I took it upon myself to fully understand and follow the subject, a year ago when I came across the topic online, by accident.]

It looks now, as though some improvements on past failings will  happen, but much remains undefined in detail, and as we all know, that’s where the devil likes to sup. I look forward to seeing some of the recently discussed changes and definitions in the Care Act, for example, becoming concrete.

So, that’s the reason for the insignificant changes on my part, and should I explain the image? I’ve chosen my favourite coffee mug for my header photo, with my favourite scarf. I use both often. The latter, reminds me a little of Bridget Riley’s op art. As a retro fan that appeals to me. The former, depicts the cover of Susan Stebbing’s most popular work Thinking to some purpose (1939) which was described on the cover of the first Pelican Books edition as being:

“A manual of first-aid to clear thinking, showing how to detect illogicalities in other people’s mental processes and how to avoid them in our own”

The work arose out of a synopsis she wrote for a series of radio broadcasts intended for the BBC. Published on the eve of the Second World War, Stebbing wrote:

“There is an urgent need to-day for the citizens of a democracy to think well. It is not enough to have freedom of the Press and parliamentary institutions. Our difficulties are due partly to our own stupidity, partly to the exploitation of that stupidity, and partly to our own prejudices and personal desires.”

Her words seem very timely.

To borrow from Wikipedia here: “This metaphor seems to me to be appropriate, because potted thinking is easily accepted, is concentrated in form, and has lost the vitamins essential to mental nourishment. You will notice that I have continued  the metaphor by using the word ‘vitamins.’ Do not accept the metaphor too hastily: it must be expanded.”

I wrote about use of language and the need for common sense in its use around our health, as well as food marketing, in a previous post. But on the book, Professor Stebbing [British philosopher 1885- 1943] went on to say:

Potted meat is sometimes a convenient form of food; it may be tasty, it contains some nourishment. But its nutritive value is not equivalent to that of the fresh meat from which it was potted. Also, it must have originally been made from fresh meat, and must not be allowed to grow stale. Similarly a potted belief is convenient; it can be stated briefly, sometimes also in a snappy manner likely to attract attention. A potted belief should be the outcome of a belief that is not potted. It should not be held on to when circumstances have changed and new factors have come to light. We should not allow our habits of thought to close our minds, nor rely upon catch-words to save ourselves from the labour of thinking. Vitamins are essential for the natural growth of our bodies; the critical questioning at times of our potted beliefs is necessary for the development of our capacity to think to some purpose.”

So here’s to that, my ‘critical questioning’ may have shifted from one arena into another, but I hope I continue ‘thinking to some purpose’.

care.data communications and core concepts [Part one]

“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is doublespeak talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”

Today at the Health Select Committee Mr. Tim Kelsey, on behalf of NHS England, said that care.data pilots will be in October/ November and in the meantime they are listening to the “constructive challenge to NHS England how to build trust in the [care.data] programme.”

Here’s my real experience of that listening, why it may not help and what still needs done. (And in under 4 months if in time to be of any use for the pathfinder pilots, which are only of use to the whole if done properly. )

[Part one]  care.data communications and core concepts – Ten takeaways from the Open House event.

The NHS England led Open House Day [1] on June 17th was a listening opportunity according to the draft agenda for:

“patients and the public to influence the work of NHS England at national and regional level.”

Here are some of the things I learned:

1. Public Awareness

Mr.Kelsey asked the room (he was in London, other locations took part by live link) how many have:

a) heard of care (dot) data and

b) how many think they understand what it is is?

We couldn’t see his room, but he said ‘about half’ understood it. Our room’s show of hands was similar.

My reaction: One would expect everyone attending to have heard of it, the event after all was billed as in part about care.data. The level of understanding should be higher than the average in the public, since many (in Basingstoke at least) were NHS England or more involved than the average citizen.

Feedback overall was consistent with the latest MORI Ipsos poll [2] commissioned by the Joseph Rowntree Reform Trust in which the minority know it well and over 50% say they have never heard of it. That’ s a long way to go to reach people, inform them adequately to meet legal Data Protection minimums and let them enact their patient choice.

ipsosmori_q4know

2. Communications Message & Scope

A consistent, frequent communications message is that ” there are FAQs and materials, we have the answers, we just need to communicate them better.”

My response: communication is failing because the core scope of what care.data is, is fluid. Without something concrete and limited, it cannot be explained neatly. As one NHS England communications member of staff said to me this week, ‘we haven’t got an elevator pitch.’  So it’s not about the materials or the methods, it’s the substance that is flawed. When you’re talking about extracting, storing, sharing and selling some of our most intimate information, a vague notion of pooled experience is not good enough to trust. People want to know exactly what information, is being shared for what purpose, with whom, where. And how long will they keep it for?  NHS England simply do not have the answers to that, so, that elevator pitch? It’s never going to get off the ground in a meaningful way. And anything less than the answers to those questions, doesn’t meet the Fair Processing requirement of Data Protection Law.

Today at the Health Select Committee Mr.Kelsey was asked, will patients be able to trace in future where their data went? There was a rare and stunning silence. And after a benefits statement, there was still no answer given to the question. [update: Hansard now available, Q525/526]

Scope cannot be fluid and changing – the use of our personal information that we sign up to today, must stay what we agreed to tomorrow.

Data Protection requires that the minimum data is extracted so this ever increasing scope creep, but only *one* chance at opt out are at odds with each other.  What plans are in place to meet Data Protection fair processing EVERY time new things should be added and more data could be extracted? It’s a legal necessity. An ongoing change communications process MUST be in place.

3. Timing

Mr. Kelsey said, on rollout timing that NHS England would take it  ‘as slowly as we need to.’

My response: This reiterates the ‘no artificial deadlines’ but appears to be doublethink in contrast with the statement confirming  ‘autumn 2014’ extraction for Pathfinder (pilot) 100-500 practices. How will the pathfinder (pilot) locations be ready to test a communications process which as yet does not exist? How will it pilot a consent process for young people, the vulnerable, those with complex health system needs, the at risk, those outside ‘the system’ with GP records? A process which by its nature must be applied to any opt in or opt out choice, if others make a decision on their behalf yet from the meetings’ discussion, whose informed consent appears not even begun to be considered?  Or how will solutions to past Data protection Law failings be found from thin air, when data has been breached in the past, continues to be shared in the present and there is no solution to resolving those failings for the future?

4. Language simplification

There is a tendency to oversimplify the language of the Care Act, into ‘care.data will not be used for any purpose other than ‘health benefit’ – whereas benefit is not mentioned in the wording:

Care Act 2014My response: Is to question why this is? Does benefit sound better than promotion perhaps? Again, words should be used accurately.

5. Users simplification of the Care.Act wording

The actual wording is ‘the promotion of health’.

NHS England are similarly very keen to point out explicitly that care.data  cannot possibly be used for insurance or marketing purposes, such as junk mail.

My response:  Yet again, the wording of the Care Act does not state this explicitly. In fact, it leaves pharmaceutical marketing for example, quite open, ‘for the promotion of health’. And there is no legal barrier in the Care Act per se, for firms which receive data for one purpose, such as BUPA the hospital provider in London, using it for another, such as BUPA as refining premiums. BUPA Health Dialog received individual level patient data in the past. How do those patients know what it was then used for or shared with? Perhaps Data Sharing Agreements can specify this, but the Care Act, does not.

Claims to rule out “solely commercial” can’t be backed up by the wording of the Act. Will “the promotion of health” still permit uses such as marketing by pharmacies or ‘healthy eating’ campaigns from big food chains?  There is no obvious definition – and leaves wide interpretation open.

When Sir Manning spoke at the Health Select Committee he (rightly) said HSCIC can only restrict and determine what they do ‘within the law’. The law needs to be tight if the purposes are to be tight. Loose law, loose uses.

6. Use by Data Intermediaries to continue

care.data will continue to be on offer to third party Data Intermediaries it was confirmed in the panel Q&A.

My response: some third party intermediaries in part perform outsourced data services for the NHS. But do they also use the data within their own business to inform their business intelligence markets? They sell knowledge gleaned from raw data onwards,  or have commercial re-use licenses for raw data over which we in the public have no visibility or transparency.  We cannot see within these businesses how they build their own ‘Chinese walls’, self-imposed restrictions to ensure security between different parts of the same umbrella organisation. Allowing third parties to re-sell data means control over its use, owners and management is lost forever. Not secure, transparent or trustworthy. I explore their uses with commercial brokers more here in a previous post. [3] Considering I was told that my personal confidential data will not be shared with third parties, in a letter signed by the Secretary of State for Health, I am most unhappy about this. I will find it hard to trust new statements of best intent, without legislation to govern them.

7. Data Lab – restricting user access

Mr. Kelsey indicated that going forward the default access to our health data will be on the premises of HSCIC, the so called “Fume cupboard” or “Data Lab.” However he noted, this would not be for all, but be the ‘default’.

”The default will be access it on the premises of the IC. That won’t be universal for all organisations….”

My questions: Whilst a big improvement from giving away chunks of raw data via CD or to remote users, these processes need documented and publicly communicated for us to trust they will work. When will it be built and operational? How will we know who all the end users are if the same rules do not apply to all? How will those exceptions be granted? Documented? Audited? Will raw data extraction still be permitted? It’s the exceptions which cause issues and in future, the processes and how they are seen to be governed must be whiter than white. For those with direct access, users of the HDIS or HES, will a transparent list of users be published? At least for now, they do not show up on extraction audits so the public cannot see what those users access or why. So, a good step, but can’t stand alone.

Until this secure data lab is physically built, any data extracted cannot go into it. That won’t happen by October/November I should think. So will NHS England be prepared to extract data anyway, into a setting they *know* is LESS secure and a NOT yet a safe setting?

8. Governance

We were informed, an Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, has agreed to advise the care.data Programme Board to evaluate the first phase pathfinder (pilot) stage.

My feedback: I find this interesting not least because the Information Governance Review [4] under her direction in March 2013 decided that commissioning purposes were insufficient reason to extract identifiable data. Personal confidential data should only be disclosed with consent or under statute and “while the public interest can also provide a legal basis for disclosure it should not be relied upon for routine data flows. [footnote, p.63]”

What value is Independent Governance if it has no legislative teeth and can only advise? At the Health Select Committee today, he said she would be able to offer a view, and a number of parties will be able to express views & be ‘in agreement’. But I wonder who owns the ultimate final go/ no-go decision whether the pilot should progress to full roll-out?

9. Anonymous Sounds Safer

Feedback on the handout: The care.data notes need not only to be accurate but transparently truthful.

In my opinion, words are again misused words to indicate that data is anonymous. 1706204_datauses Whilst the intention of the merged CES output (GP records combined with HES files) may be that some users will see only pseudonymous data, the extracted and stored data is identifiable unless opted out. Name is held in the Personal Demographics Service. [5] This is one of the key communications messages I have taken up with HSCIC, NHS England, raised to the DH through my MP. To reassure the public by saying name is not stored, is deliberately deceptive unless it states simultaneously that it may already be held in the PDS and/or linked on demand.[6]

1706datauses

The Partridge Review [7] has dispensed with the notion that data is anonymous once and for all. Now it must be managed accordingly as identifiable data within Data Protection law and communications must stop misusing the anonymous concept to reassure the public.

“It’s a beautiful thing, the destruction of words.”                                 ( George Orwell, 1984)

10. My own experience of engagement

The most interesting part of the day for me personally however, were the discussions which were unstructured and when we were free to talk amongst ourselves. Unfortunately, that was very little. The structure (at least in Basingstoke and appeared similar on screens elsewhere) was based around tables of about 10 which included at least two NHS England staff at each.

At the end of the morning session, before lunch, as the other participants had left the table, a Communications person and I got into conversation on the differences between care.data, the Summary care Record (SCR) and where Patient Online was to fit in our understanding of which data was used for which purpose.

We discussed that since care.data is only monthly retrospective extracts, not for real-time record access, it would not be a suitable basis for Patient Online access – care.data is for secondary uses. So, we moved onto the challenges of SCR access at local level and how it will be possible to offer everyone Patient online when so many have opted out of the Summary Care Record. We began to talk stats of SCR availability and actual use in hospitals.[8]

Sadly, the table facilitator appeared to decide at that point, that our discussion needed guidance and rushed to fetch a senior member of staff from Strategic systems. And rather than engaging me in what had been a very positive, pleasant two-way conversation, with the Comms person asking me questions and our exchange of views, the Strategic Head took over the conversation with her NHSE team member, effectively restricting further discussion, even with her body positioning and language. Being informed is OK, as long as its the ‘right’ information?

I don’t think that’s what patient engagement is about. The subject needs real, hard discussion, not just managed exchange using pre-designed template cards of topics that we are told we ‘should’ discuss. Perhaps ignorance is strength, but in my opinion, keeping Communications staff informed only ‘on message’ and not of the wider facts and concerns is shortsighted and does them, and patients, a disservice, but then again:

“If you want to keep a secret, you must also hide it from yourself.” (George Orwell, 1984)

For [Part two] care.data communications and core concepts – Questions, Communications and Actions : link here >>

*****

[1] The NHS England Open House recording June 17th http://www.nhsengland-openhouse.public-i.tv/core/portal/NHSopenhouse

[2] IPSOS Mori poll conducted for the Joseph Rowntree Foundation: http://www.ipsos-mori.com/Assets/Docs/Polls/jrrt-privacy-topline-nhs-2014.pdf

[3] My post on uses of our records with commercial Data Brokers – http://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] The Information Governance Review ‘Caldicott 2‘ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] The Personal demographics Service at HSCIC (including name) http://systems.hscic.gov.uk/demographics/pds/contents

[6] The Data Linkage Service at HSCIC http://www.hscic.gov.uk/dles

[7] The Partridge review: http://www.hscic.gov.uk/datareview

[8] Summary Care Record use statistics https://www.whatdotheyknow.com/request/scr_care_settings_with_viewing_c#incoming-446569

***

Fun fact: George Orwell’s Nineteen Eighty-Four is currently number 5 in the UK Classics Fiction Amazon ranking. And 86th in fiction overall. Sales up over 5,000% in the US since the Snowden revelations, a year ago.

MORE BACKGROUND ON THE EVENT:

Within the other programmes of Patient Online and Patient Participation, care.data was a one hour session. It included the blue plasticine people short animation, a speech by Mr.Kelsey, a 15 minute table discussion on one pre-given theme from a range of four, reading aloud the summary of that discussion from each table within the room, one question per venue raised outside the room to the panel via video link in London, and their answers. Our discussion topics were brief, controlled and relatively superficial. It could have been a productive day’s workshop on only that.

The Open House  took place simultaneously in four venues across England, Basingstoke, Leicester, York and London, connected through a live videolink at a number of points throughout the day. The recording in part, can be viewed here.

I attended the Basingstoke event, particularly keen to learn about national programmes such as care.data and hear about any updated plans for its rollout, to learn about patient online, and to meet the NHS England team in the South as well as other interested people like me. I hoped for some real public discussion and to hear others get their questions aired, shared and on the table for resolution.

I met one other ‘only’ patient and whilst I was kindly told by a further active PPG organiser, that I should never refer to myself as ‘only’ a patient, but you know what I mean. I’ve applied as a lay rep on our local CCG for an opening next year, until then, I’m learning as much as I can from others. Other attendees I met were those already more closely involved with NHS England in some way already. As NHS England staff, facilitators, representatives from Clinical Commissioning Groups, Patient Leaders and PPG leaders.

care.data communications and core concepts [Part two]

“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”

For part one of this post see here >>care.data communications and core concepts [Part one]

1984Other sessions on the 17th Open House included:

Patient participation in general practice: exploring how can you be involved in the changes in general practice, including the introduction of the Friends and Family Test and changes to the GP contract in relation to Patient Participation Groups.

Patients Online: This session was to enable attendees to find out more about work to increase the number of patients who can access their health records online, book GP appointments online and order repeat prescriptions. The accompanying film was described by a fellow table guest as, ‘awful. Too long, dull and dry.’  It felt that there was a lot of weight given to this part of the day and that the uses of data during the event were all mixed into one pot. care.data will not be the source for patient online access, yet we came away thinking of the data as one source to enable that purpose. Poor communication or clever marketing, will depend on your point of view.

The big picture however, of how our health records will be used and bring benefit is in my opinion, being manipulated and purposes conflated to make one thing seemingly lead to another, which are in fact unrelated.

care.data is for secondary purposes, not direct care use by physicians for example. We are told this sharing of data is a requirement for other things as well. Firstly for patient safety and quality. And for integration between services.

Integration

Mr.Kelsey said at the Open House day, (around 36:00 minutes in, if you listen yourself) “we’ve all heard this word integration, I’m not terribly sure what it means, but I think what it means is that local people have a proper say in the way that health services are designed. So to give you voice, to give the local community voice, care.data is really important….”

I should hope that Mr.Kelsey has a jolly good understanding of integration and knows exactly that it is the merging of health and social care under the motto ‘transformation’. Social care under ADASS and health care are under all sorts of pressures to integrate, budgets are being pooled, shared and ring-fenced in various discussions, including my local county Health & Adult Social Care Select Committee:

“…Director Adults’ Services, told the (Chichester) Committee [9] in November 2013: The Care Bill would mean a radical whole system change involving the biggest ever transformational change for Adults’ Services The Council was building the foundations for further significant change.”
Perhaps on the day, he meant something else.

Mr. Kelsey did, in his speech note however, that the programme should be respecting the fact it is *their* data, *not* the NHSs. (This is in contrast to his previous position in which patients should not be given an opt out choice – Prospect Magazine, 2009 when his stance was “no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised”).

It’s an argument oft repeated that we should *own* our data, but somewhat meaningless if it took a campaign and public outcry to require an opt out mechanism, and put the programme on hold. I feel the language is being manipulated to create the impression we don’t already own or have rights to our health data. The opposite is true.  And many know that, just see the killer question below from Leicester. As long as records are held only at GP level, we will have much greater control and visibility of their use, than if shared centrally.

Many I have spoken with ask why it is not possible to leave data at local GP level for only clinical care, and extract nothing identifiable from hospitals without consent?

Other People’s Questions

In that vein, I summarise what 4 other people asked Mr. Kelsey and his panel in London about care.data on the day, and what I felt was missing from the answers to give balanced communications. The locations of about 80-100 people at each, were each allowed to put forward one question to the panel via web link, the question selected from all those discussed at the tables, by an organiser at the site. They covered Benefits / Data Uses / Confidentiality / Communications.

View them for yourself here, from 01:13.06 in the NHS Open House video:

Question selected to be asked from Basingstoke: “If people opt out of giving data will then the results not then be inaccurate?”

The larger volume of data, the better quality the data will be, the greater the benefits will be. Choosing not to opt out. That will, depending on the volume of that, affect data quality to a degree we won’t know that. Over time, once people’s concerns have been addressed, we hope that quality will improve.

Missing from the answer: [10] HES data is cleaned, SUS data is not, and both are known to have significant quality issues on validity and accuracy. The data has been extracted and stored for twenty plus years. Higher volume of data does not equate with a higher quality of data. You don’t make a better quality haystack, just by adding more hay. The volume of data is less important than it be representative of all parts of the population, but there is a risk that those opting out tend to be, as one GP has told me, ‘the white middle class and educated leaving others overly represented’. Only having more data is not a solution for quality.

*****

Question from Leicester: “Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”

Panel: New legislation was brought in which made it very clear, data could only be released for the benefit for health and care, and it cannot be released solely for commercial purposes – yes, data can go to a private sector organisation, yes commercial companies, but only where they are working for the benefit of health and care, for example, Dr.Foster Intelligence, or other data information intermediaries who do a lot of work with data and who do a lot of work with the NHS to help inform decisions. Data will still be available to commercial companies. The other point, there is going to be independent scrutiny, which will be formalised within the law, to have independent scrutiny by the Confidentiality Advisory Group, which already exists which can independently scrutinise the releases.

Missing from the answer: care.data is not for clinical care. This indeed is our data and belongs to patients not NHS England, and should be respected as the NHS Constitution requires. Data continues to be released, and will continue to be so even under the Care Act legislation, to third parties in financial transactions. No recipient organisation by function (such as insurance) is excluded per se, rather recipients are judged based on their intended use of the data. The precise terms are open under the Act :

Care Act 2014****

Question from London: “How do you propose to reset expectations and perceptions, with any future communications, and  given that the way the first round was handled, provoked apparently such strong public resistance and suspicion about the NHS England motives?”

Panel spokesperson: We didn’t get it right the first time round, partly because we approached that at the National level. There was a leaflet that went out nationally. We will work with the 100-500 GP practices, and work co-produce materials in those areas and work with what is already there locally, GP practices, LMCs, PPGS, Healthwatch, using local knowledge, and patients so we can make sure everyone can understand, we understand how we can communicate this, what the concerns are, so we can get the message across, so everyone can understand what the choice is and what this is about.

Mr.Kelsey added: …[…]This isn’t about us and you, this is about us collectively. How do we ask patients and citizens for permission to use their personal information…we need to get that conversation right.”

Communications materials

Draft FAQs and information sheets to use in those conversations were on the table for participants information and to take away. The Data Uses page wording is interesting but poorly phrased, as it misled a couple on my table to think the ‘extraction’ was not identifiable. (see point 9 above). And the Benefits case study header is “How might it reduce variations in cancer treatment & care” but concludes that actually the Cancer Registry already does this, and they instead mean something similar would be useful for diabetes. This misuse of benefits makes me think, they’re finding it jolly difficult to find real ones. But if we all at these public meetings, believe the presented stories with the positive spin as fact, then fact they will become.

“And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth.” (George Orwell, 1984)

What next?

It is vital in my mind that care.data communications match reality of what needs done technically and in procedures, to drive expectations of what care.data will deliver and when. Why does an easy read brochure make no mention whatever of who data may be sold to? There is no mention of what organisations continue to receive HES and wider data. Instead it talks about data being shared to ‘know the health needs of everyone’ yet the very people who are outside the system are the ones whose needs we don’t know today – there is a huge amount  known from the rest of the existing patients’ needs from QOF and other GP data extractions, even that used in CPRD for research – purposes for which GP records under care.data are not approved.

The current doublespeak between the comms message and the reality are so far apart, between the technical possibility of what can be done well now, and what needs done to achieve the hoped for benefits, that the current message is setting up the project for failure and benefits will not be realised any time soon. It’s not ready to roll out through ‘improved communications’.

To be fair, the smaller workshop I attended on the 27th, flagged ‘still need to consider how best to engage here’ with many population groups. But it appears to me the Communications teams are effectively doing their best to package something which is not ready to be wrapped. To dot the i on the report, when the chapters aren’t in place yet.

“They were engaged in producing something called an Interim Report, but what it was that they were reporting on he had never definitely found out. It was something to do with the question of whether commas should be placed inside brackets, or outside..” [1984, George Orwell]

I’ve worked on both technical and change management/ communications teams [in another industry]. Project teams’ close working and each having an understanding of the other is vital. But the team members I have met so far, appear to work in silos, without enough linkage to know the functional gaps between them, in technical system, procedures and the link to change & comms. There is no way in my lay opinion, that a pilot of these half-formed knowns will be ready for autumn. For the NHS England leadership to continue to plug that it is, with messages of emotional manipulation of why more data is needed, will condemn care.data to Room 101.  A tortuous drawn out reformation of an existing concept. When really it needs planned afresh from the ground up to get the needs of the people it should serve designed into its consent, collection and communications processes – not added on as the ribbon at the end.

I was more optimistic about the benefits in the past, as long as the procedures around consent, governance and security were addressed. Having spoken with and listened to the needs and concerns of various charity representatives this week, at another smaller event, I am much less so.  Their complex needs, people who go in and out of different parts of the health and social care system at different times in their lives, with real concerns around confidentiality and risks have not begun to be addressed. Real issues for all of disclosure to GPs to ensure care may affect us all. But for many of their clients, they have needs which often carry huge trust and security issues which could put not only their medical care, but their faith in the charities and people working with them, in jeopardy.

I may be in a minority, but I’d rather have my factual understanding and ask hard questions than hear only a tailored communications message, if we are to get this right for our public good.
“Being in a minority, even in a minority of one, did not make you mad. There was truth and there was untruth, and if you clung to the truth even against the whole world, you were not mad.” (George Orwell, 1984)

I therefore asked the group at the end of the morning workshop, as Mr.Kelsey had done at the Open House event, how many of the attendees were really comfortable and confident that they knew what care.data was so that they could be a go-to point for questions, or even advocate for the programme as NHS England hoped.

Did they understand what data would be extracted, why and used by whom. About 1/6 raised  a hand. That’s *after* the event at the end of the morning spent discussing what issues exist for hard-to-reach, or as one attendee said ‘easy-to-ignore’ groups, and how communications channels will reach them.

One said he did not need to know all the facts to help be a comms channel. Another said he wouldn’t advocate for something he himself did not believe in. It was the first time we started to get genuine cross-group discussion, when in the meeting the table model had been employed again, but for those groups, disabilities, challenges, societal issues are not in silos.  Real debate, of hard issues is needed, and yes it’s awkward and might not be able to be ‘managed’ in the same way, but it’s real.

Our group identified a similar basic concept need across their client interests – a rolling consent model which allows opt in and out to change over time. Consent not only for what parts of planned uses the data would be used, but should also consider what parts of the record they are happy to share. Military, youth offenders, teens, the at-risk nature of these groups may mean they wish sections of their history to be restricted if not used for clinical care. And they may wish to share data when under the care of a GP but restrict it again, when under a military one. Or teens may be happy to permit data sharing at another time in their lives, but not permit access to their whole history. The DH Youth Offender expert raised the prickly issue of teen confidentiality and how will consent be gathered when parents may not tell them about the scheme at all, thinking there is ‘nothing to know’. We explained the concept of Gillick to the comms staff and that it’s not about an age of consent in the normal legal sense. What happens if a teen finds out their data has been extracted and wants it removed as teen or adult? We asked about name stored in the Personal Demographics Service and asked why data could not be deleted if clinician and patient both agreed a mistake had simply been made.

These complex and simple core questions need asked to get the whole thing built on a sound and trusted foundation. And they need to be in place for a pilot to make it worth having at all.

If the needs, concerns and understanding of the reps in the room can’t be addressed in a dedicated workshop, how will a remote campaign achieve it for the population at large?

Some at our table asked why the system needs  more data when you haven’t managed or used much of what we had in the past? I would also ask what progress is to be expected on unresolved quality and procedural issues with the current systems and data? Simply adding more hay to make a bigger haystack, does not make it easier to find a needle.

No wonder we can ask if it is really not just about commercial uses which comms don’t want to talk about, wonder why you never mention the data linkage service using PDS data [5] held and have concerns of overzealous surveillance by Big Brother.

There are risks becoming so heavily reliant on centralised data. Recently, patients have been wrongly deleted from GP lists, leaving them without a doctor through the cleaning firm’s administrative or process error.

Some are concerned that patients lose trust in their GP and withhold information. Others about this honey-pot of data for the individual citizen’s security. Professionals have voiced concern for GPs and consultants if factual misrepresentation  by statistics used for ‘ranking and spanking’ will adversely impact their decision making and make them more risk averse. In a negative way. Or with respect to waiting times and treatment, the heavy use of data in measurement creates a risk that it is misrepresenting the facts through lack of context or even, as in several high profile press cases recently, that such pressure is felt, that records are falsified.[12]

“And when memory failed and written records were falsified—when that happened, the claim of the Party to have improved the conditions of human life had got to be accepted, because there did not exist, and never again could exist, any standard against which it could be tested.”                                 (1984, George Orwell)

I’m concerned about all of the above. Perhaps holding care.data in room 101 until it is a manageable and explainable concept, backed up with technically and procedurally sound processes, would be the best place for it, for some time to come. Results and expectations create failure if they cannot marry up in reality.  This isn’t about communications. If you don’t really know what you’re communicating and can’t get it understood easily, then it’s back to the drawing board.

My concerns about care.data are heightened, not allayed by the NHS England apparent relentless rollout and focus on communications. Whilst they say in doublespeak it will take as long as it needs, there is talk of a Oct-Nov pilot launch. A pilot must test the finished model at small scale, not a less-than-half-ready one. Whilst the public push is all about finding the right communications, what is needed is fixing flaws in core concepts.

Doing without it, and waiting, would be better than doing it wrong.

*****

For part one of this post see here with ten learnings from event feedback >>care.data communications and core concepts [Part one]

UPDATE: 3rd July 2014 – If you want to give your views on proposals to introduce tighter controls and safeguards on the use of personal health and care data do so by 8th August to Room 2N12. https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data

Or respond online here> http://consultations.dh.gov.uk/data-sharing/protecting-health-and-care-information

[links 1-8 reference Part One]

[1] The NHS England Open House recording June 17th http://www.nhsengland-openhouse.public-i.tv/core/portal/NHSopenhouse

[2] IPSOS Mori poll conducted for the Joseph Rowntree Foundation: http://www.ipsos-mori.com/Assets/Docs/Polls/jrrt-privacy-topline-nhs-2014.pdf

[3] My post on uses of our records with commercial Data Brokers – http://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] The Information Governance Review ‘Caldicott 2‘ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] The Personal demographics Service at HSCIC (including name) http://systems.hscic.gov.uk/demographics/pds/contents

[6] The Data Linkage Service at HSCIC http://www.hscic.gov.uk/dles

[7] The Partridge review: http://www.hscic.gov.uk/datareview

[8] Summary Care Record use statistics https://www.whatdotheyknow.com/request/scr_care_settings_with_viewing_c#incoming-446569

[9] Minutes of the November Health & Adult Social Care Select Committee in Chichester http://www2.westsussex.gov.uk/ds/cttee/hasc/hasc141113ucmins.pdf

[10] The Quality of Nationally Submitted Health and Social Care Data, England – 2013, Second annual report, Experimental statistics – http://www.hscic.gov.uk/catalogue/PUB11530

[11] My post on commercial use of data with brokers

[12] Falsified hospital waiting times: The Telegraph http://www.telegraph.co.uk/health/healthnews/10590713/One-in-four-hospitals-records-false-waiting-times.html

***

Sales of 1984 have rocketed since the Snowden story broke in 2013: http://www.latimes.com/books/jacketcopy/la-et-jc-nsa-surveillance-puts-george-orwells-1984-on-bestseller-lists-20130611-story.html

If at first you don’t succeed – try, try again. But think about changes first.

On June 24th 2014, it is the 700th anniversary of the Battle of Bannockburn, at which the Scots defeated the English, and their ruling King, Edward the second.

The legend of Robert the Bruce ahead of the battle, hiding out in a cave on the run after six defeats,  is renowned the world over. The Scot saw a spider building a web. Time and time again the spider would fall and then climb slowly back up to try again. After many attempts, the spider managed to begin to weave a web on the cave wall and achieved its aim. Robert the Bruce, so the story goes,  was inspired by the spider not to give up and went on to defeat the English at Bannockburn. The motto of the story is usually:

“If at first you don’t succeed – try, try again.”

Whilst perseverance is an admirable trait, stubborness may not be. Trying the exact same thing which failed previously, in precisely the same way, may be said to be either determined or foolish. Trying again, but incorporating learnings from the past failure with flexibility to incorporate learning-by-doing, seems an altogether smarter choice.  Modifications for improvement and changes in action and their execution based on lessons learned have a higher chance of success*.

“Bannockburn is arguably the most famous battle to be fought and won by the Scots in Scotland, but it is widely acknowledged to be more than that— it continues to conjure up ideas of freedom, independence, patriotism, heroism, perseverance, and triumph against overwhelming odds.” [Bannockburn Heritage Centre]

In projects, overwhelming odds against achieving success can be built-in from the beginning, through lack of foresight to plan how to measure it. If you don’t know how you will measure success, it is hard to know when it has been achieved and at what cost. To measure success, you first need to know tightly what are your defined project scope and purposes. This helps set the goals of what you want to achieve technically, its  human understanding and crucially, expectations of how and when success will be measured.

Steve Jobs is sometimes quoted:

“You can’t just ask customers what they want and then try to give that to them. By the time you get it built, they’ll want something new.”

Trying again isn’t always about trying the same model, rolling out the original communications plan louder, or slower, or just again, but about embracing changes and adding in flexibility for future change.  Change is not a single event, but a process, and any attempted project launch needs to be prepared to learn from the past but also to plan for the future, as that process occurs. The scope of the project however, must stay tightly controlled, or risks losing control of budget and achieving the project aims.

By being visionary about what will be needed in future and aiming to be ahead of the design specifications there is room left for learning-by-doing in the ‘how’ you want to achieve the project, but it can’t allow deviance to become an entirely different ‘what’ of project scope.

To try and meet a future goal, basing it only on present specifications and expectations, means it will be outdated and fail when you reach the future implementation date. By launch date, the design and functionality are already outdated and not fit for purpose.

To compensate for that, measurable bite-sized chunks of projects, can be a way of frequent checking in to see if you are still on track with the overall aims of what you want to achieve, whilst retaining the flexibility to adapt to the human aspects of progress, and how you will achieve it.

Measures of success therefore need to be taken frequently to stay on track, ensuring alignment with your defined project scope and purposes. ‘Checking in’ to see if you are still on the correct course. This helps set the goals of what you want to achieve technically, in human terms and on a timeline, which crucially sets expectations of how and when success will be seen to have been achieved.

Some of the success at Bannockburn was recorded at the time in poetry. More recently, the themes have been preserved in music.

If the Flower Of Scotland tribute to Robert the Bruce, the Scots’ ‘almost National Anthem’ at least in terms of sporting events, is not your thing, you might prefer Aaliyah’s rendition of the theme, Try Again. Though her wardrobe choices are slightly more surprising than the Corries.

The theme is the same. To think again, before trying again, is wise.

“Those days are past now
And in the past they must remain
But we can still rise now
And be the nation again
That stood against him
Proud Edward’s Army
And sent him homeward,
Tae think again.”

Flower of Scotland, the Corries, 1967

*****

For more recent celebrations see: http://www.visitscotland.com/

Photo credit: Dilip Barman via photo.net ‘ thistle near Bonar Bridge north of Inverness, Scotland.

*My lessons learned from experience of change management in  global projects rolling out SAP, 2001-2006.

Appendix F. For successful technology, reality must take precedence over public relations.

Richard Feynman
Richard Feynman via brainpickings.org bit.ly/1q1qWLt

June 6th 1986. Six months after the disaster, the Report to the Presidential Commission was released about The Space Shuttle Challenger.

Just over twenty eight years ago, I, like fellow children and citizens around the world, had watched the recorded images from January 28th 1986. We were horrified to see one of the greatest technological wonders of the world break up shortly after launch and crash into the sea minutes later. The lives of Challenger’s seven crew were lost, amongst them the first ‘ordinary citizen’ and member of the teacher in space project, mother of two, Christa McAuliffe.

As part of the follow up audit and report, Richard Feynman’s personal statement was included as Appendix F. Personal observations on reliability of the Shuttle. You can read his full statement. Below are just his conclusions and valuable lessons learned.

“If a reasonable launch schedule is to be maintained, engineering often cannot be done fast enough to keep up with the expectations of originally conservative certification criteria designed to guarantee a very safe vehicle. In these situations, subtly, and often with apparently logical arguments, the criteria are altered so that flights may still be certified in time.

They therefore fly in a relatively unsafe condition, with a chance of failure of the order of a percent (it is difficult to be more accurate).

Official management, on the other hand, claims to believe the probability of failure is a thousand times less. One reason for this may be an attempt to assure the government of NASA perfection and success in order to ensure the supply of funds. The other may be that they sincerely believed it to be true, demonstrating an almost incredible lack of communication between themselves and their working engineers.

In any event this has had very unfortunate consequences, the most serious of which is to encourage ordinary citizens to fly in such a dangerous machine, as if it had attained the safety of an ordinary airliner.

The astronauts, like test pilots, should know their risks, and we honor them for their courage. Who can doubt that McAuliffe was equally a person of great courage, who was closer to an awareness of the true risk than NASA management would have us believe?

Let us make recommendations to ensure that NASA officials deal in a world of reality in understanding technological weaknesses and imperfections well enough to be actively trying to eliminate them. They must live in reality in comparing the costs and utility of the Shuttle to other methods of entering space. And they must be realistic in making contracts, in estimating costs, and the difficulty of the projects.

Only realistic flight schedules should be proposed, schedules that have a reasonable chance of being met.

If in this way the government would not support them, then so be it. NASA owes it to the citizens from whom it asks support to be frank, honest, and informative, so that these citizens can make the wisest decisions for the use of their limited resources. For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.”

Richard Feynman, 1918 -1988

“The Challenger accident has frequently been used as a case study in the study of subjects such as engineering safety, the ethics of whistle-blowing, communications, group decision-making, and the dangers of groupthink. It is part of the required readings for engineers seeking a professional license in Canada and other countries.” [Wikipedia]

Feynman’s Appendix F: Personal Observations on Reliability of the Shuttle is well worth a read in full.

From a business management point of view, Lessons Learned are integral to all projects and there is no reason why they cannot apply across industries. But they are frequently forgotten or ignored, in a project’s desire to look only ahead and achieve future deliverables on time.

Lessons learned can make a hugely important contribution to positive change and shaping outcomes. Assessing what worked well and how it can be repeated, just as important as learning from what went wrong or what was missing.

Public relations efforts which ignore learning from the past, and which fail to acknowledge real issues and gloss over reality doom a project to failure through false expectation. Whether due to naivety, arrogance, or under leadership pressure, it can put a whole project in jeopardy and threaten its successful completion.  Both internal and external stakeholder management are put at unnecessary risk .

In the words of Richard Feynman, “For successful technology, reality must take precedence over public relations.”