Building Public Trust [4]: “Communicate the Benefits” won’t work for care.data

care.data communicating the benefits as its response to the failed communications in spring 2014, has failed to deliver public trust, here’s why:

To focus on the benefits is a shortcut for avoiding the real issues

Talking about benefits is about telling people what the organisation wants to tell them. This fails to address what the public and professionals want to know. The result is not communication, but a PR exercise.

Talking about benefits in response to the failed communications in spring 2014 and failing to address criticism since, ignores concerns that public and professionals raised at macro and micro level.  It appears disingenuous about real engagement despite saying ‘we’re listening’ and seems uncaring.

Talking about only the benefits does not provide any solution to demonstrably outweigh the potential risk of individual and public health harm through loss of trust in the confidential GP relationship, or data inaccuracy, or loss, and by ignoring these, seems unrealistic.

Talking about short term benefits and not long term solutions [to the broken opt out, long term security, long term scope change of uses and users and how those will be communicated] does not demonstrate competency or reliability.

Talking about only the benefits of commissioning, and research for the merged dataset CES, doesn’t mention all the secondary uses to which all HSCIC patient level health data are put, [those reflected in Type 2 opt out] including commercial re-use and National Back Office: “2073 releases made from the National Back Office between April 2013 and December 2013. This includes 313 releases to police forces, 1531 to the Home Office and 229 to the National Crime Agency.” [HSCIC, July2,  2014].

This use of hospital records and other secondary data by the back office, without openly telling the public, does not feel  ethical and transparent.

Another example, is the past patient communications that expressly said, ‘we do not collect name’, the intent of which would appear to be to assure patients of anonymity, without saying name is already stored at HSCIC on the Personal Demographics Service, or that name is not needed to be identifiable.

We hear a lot about transparency. But is transparent the same fully accurate, complete and honest? Honest about the intended outcomes of the programme. Honest about all the uses to which health data are put. Honest about potential future scope changes and those already planned.

Being completely truthful in communications is fundamental to future-proofing trust in the programme.

NHS England’s care.data programme through the focus on ‘the benefits’ lacks balance and appears disingenuous, disinterested,  unrealistic and lacking in reliability, competency and honesty. Through these actions it does not demonstrate the organisation is trustworthy.  This could be changed.

care.data fundamentally got it wrong with the intention to not communicate the programme at all.  It got it wrong in the tool and tone of communications in the patient leaflet.  There is a chance to get it right now, if the organisation  would only stop the focus on communicating the benefits.

I’m going to step through with a couple of examples why to-date, some communications on care.data and use of NHS data are not conducive to trust.

Communication designed to ‘future-proof’ an ongoing relationship and trust must be by design, not afterthought.

Communications need to start addressing the changes that are happening and how they make people feel and address the changes that create concern – in the public and professionals – not address the  goals that the organisation has.

Sound familiar? Communications to date have been flawed in the same way that the concept of ‘building trust’ has been flawed. It has aimed to achieve the wrong thing and with the wrong audience.

Communications in care.data needs to stop focussing on what the organisation wants from the public and professionals – the benefits it sees of getting data – and address instead firstly at a macro level, why the change is necessary and why the organisation should be trusted to bring it about.

When explaining benefits there are clearly positives to be had from using primary and secondary data in the public interest. But what benefits will be delivered in care.data that are not already on offer today?

Why if commissioning is done today with less identifiable data, can there be no alternative to the care.data level of identifiable data extraction? Why if the CPRD offers research in both primary and secondary care today, will care.data offer better research possibilities? And secondly at a micro level, must address questions individuals asked up and down the country in 2014.

What’s missing and possible to be done?

  1. aim to meet genuine ongoing communication needs not just legal data protection fair processing tick-boxes
  2. change organisational attitude that encourages people to ask what they each want to know at macro and micro level – why the programme at all, and what’s in it for me? What’s new and a benefit that differs from the status quo? This is only possible if you will answer what is asked.
  3. deliver robust explanations of the reason why the macro and micro benefits demonstrably outweigh the risk of individual potential harms
  4. demonstrate reliability, honesty, competency and you are trustworthy
  5. agree how scope changes will trigger communication to ‘future-proof’ an ongoing relationship and trust by design.

As the NIB work stream on Public Trust says, “This is not merely a technical exercise to counter negative media attention; substantial change and long-term work is needed to deliver the benefits of data use.”

If they’re serious about that long term work, then why continue to roll out pathfinder communications based on a model that doesn’t work, with an opt out that doesn’t work? Communications isn’t an afterthought to public trust. It’s key.

If you’re interested in details and my proposals for success in communications I’ve outlined in depth below:

  • Why Communicate Changes at all?
  • What is change in care.data about?
  • Is NHS England being honest about why this is hard?
  • Communicate the Benefits is not working
  • A mock case study in why ‘communicate the benefits’ will fail
  • Long term trust needs a long term communications solution
  • How a new model for NHS care.data Communication could deliver

Why Communicate Changes?

As Sir Nick Partridge identified in the HSCIC audit in April 2014, for the public and their health data, there should be ‘no surprises’.

He understood that surprises destroy trust people have in an organisation.

Communication is a way of imparting information, ensuring understanding, get action and change behaviour. Communication is vital in any relationship and in the case of the NHS organisations that want to use the public’s data for secondary uses in the long term, it must be a long term relationship.

You could decide one option in any new programme is not to tell people affected about change. As the Summary Care Record programme did this week. This is shortsighted and I’ve written separately why.

care.data made this mistake in 2013.  Let’s not tell people. Since then, the communications have focussed on convincing the public and professionals of the benefits of the programme. Eighteen months on, and few people have changed their perception of the principles on care.data.

Why doesn’t this ‘benefits’  approach work and what can be done instead?

The whole programme is a change programme, not a technology programme. It’s all about people. This demands change in attitudes and action, belief and behaviours.  Telling people why it’s good for them fails to address fears. If you do not do that, people continue to be afraid of change and do not move forward. changecurve
What is change in care.data about?

care.data will:

1. change the purpose of what our identifiable, individual level stored medical data is routinely used for and for many people, how frequently it is used – from identifiable data being exclusive to care involving patient and clinician, to being passed on to third parties for other secondary uses. Where QOF may have extracted aggregated statistics, individual identifiable data will now be extracted and stored at the Health and Social Care Centre.

2. change the perception of responsibility for our data, creating new and additional legally responsible  owners and controllers for the data. NHS England and HSCIC will take on new duties for data previously held by the GP practice.

3. change the perception of confidentiality. No matter how secure the data will be held, more people may access them than have done in the past. Data are by default then perceived as being less confidential than previously.

4. change the perception of the control the patient has over their own information. So far, information was on files shared between GP and other medics in direct care. Now under care.data, third parties may access it, so if there is a mistake it could be harder to correct and have wider implications. There is an element of the unknown and this creates uncertainty.

To date the programme of communications has seemed over complex and under honest.

To start with, it’s much simpler than is made out. What are you trying to change and why?

Is NHS England being honest about why this is hard?

The key for NHS England and NIB may be a question to ask themselves:
Why have they not got the confidence to address the 4 changes in detail, and back up their need with a well evidenced benefits plan?

Perhaps because commissioning is widely unpopular, associated with greater privatisation, it is the elephant in the care.data discussion.

Commissioning purposes, were the only purposes in the original plan. Research was added later.

Changes in confidentiality, in data ownership and control are unavoidable because this is required in the new model.

These are unpopular changes for many people and professionals, set against a backdrop of unpopular and untrusted changes in the NHS as a whole. All the more reason to have a well evidenced business plan and robust cost-benefit argument.

If you want people to trust these changes are good changes, show them why.

Benefits for the organisation, for NHS England – the NHS Commissioning Board – have been the focus to date. But for the public ensuring that commissioners get a more joined up picture of costs has a flip side that is perceived as a risk, not a benefit.

It will mean it is easier to understand where cuts  savings can be made.

The Benefits plan emphasised CCG benefits of care.data to enable them to:

“Measure activity and cost for a specific type of pathway and see activity and cost of patients who are admitted or are at variance to the pathway and compare this activity across practices, localities and CCGs to ensure that pathways of care being commissioned represent best practice and best value.” [p8 Benefits Plan 2.1]

“Track how many patients registered at the practice are attending A&E either frequently or with complaints that could be seen in the practice with the success criteria of lower A&E attendance rates.”

“Identify how many patients have prescriptions that are not dispensed. Assess the effectiveness of prescribing and seek improvements (if necessary) in the collection of medicines. Success criteria: Increase in the proportion of dispensed medicines.”

These macro benefits for the benefit of the organisation have been the focus. The micro concerns that the individuals expressed have not been addressed.

So far it has not worked to ignore questions that have been asked by professionals and public.

To demonstrate the the organisations are trustworthy, they must address the concerns and questions raised, instead of the focus on getting patients to understand the programme outcomes as wanted by the organisation.

When NHS England says ‘communicate the benefits’ many in the public and professionals wonder, for whom?

Communicate the Benefits is not working 

Every minister and every NHS England leader that speaks fervently about the path to digital success seems keen for its benefits to  be communicated.

Key players appear determined the public and professionals will see things their way, effectively ‘come round’  ‘be convinced of the benefits’ or even ‘be converted’. One even suggested in Bristol, a lack of “can-do attitude”.

This completely ignores the founding fundamentals of medicine and the nub of most criticism. By ignoring fundamental concerns, IT professionals and leaders inadvertently create the very communications problem that they see as a barrier to extracting the data. They appear to be ignoring flaws and carrying on regardless which will lead to a repeat of the same problems as in the past. This included perceived harm by patients and professionals. This is not a trustworthy approach, so people don’t trust what is said.

The most commonly heard line from NHS England since day one of the care.data delay, is that it is all about communicating the benefits.

In effect saying, if only the public understood the benefits, then the  thorny issues of press story embarrassment will be overcome.

If only the public understood the benefits, people will sign on the dotted line in local plans and simply abstain from objecting in national ones.

If only the professionals understood the benefits, then care.data  can access their data, THEN everything will be easy, all the lovely roadmaps will go ahead and digital will be our NHS salvation.

Statements I hear repeated by national and key regional players include:

“1.4m professionals don’t understand the benefits of sharing data. ”  and

“The public don’t understand the benefits.”

People in any change process move from resistance to acceptance to support. They will not do it by magic. “Benefits” is not a magic wand to wave about and make it all right.

The magic is helping people to reach the new state themselves. You cannot make people feel trust, only show them why you are trustworthy. You cannot make people change their belief, but show them why a new belief is of value and worth changing their position on.

Remember that public trust is not about the public, but about ensuring the organisation is trustworthy? It’s not a question of the public and professionals understanding the benefits. It’s a question of whether the team behind care.data can be trusted to do that, they must openly accept that things that are broken and need fixed.

Once the broken things are fixed, the programme can be demonstrably more trustworthy.

For example, if the Type 2 opt out cannot be fixed until a future time why on earth continue with care.data communications?

Because here is a prediction. Just as many professionals, groups and even I told NHS England and HSCIC care.data teams in September 2013 these changes will not work if imposed and with the communications based on a poor fair processing plan, here is how that conversation will play out.

A mock case study in why ‘communicate the benefits’ in the pathfinder and beyond will fail

If pathfinder communications roll out now, what are they saying on opt out?

Here’s my fictional scenario assuming Type 2 opt out is not fixed [11] before care.data comms rollout, forgive loose wording on the comms leaflet part, as it’s not in the public domain it’s not real. This is hypothetical:

NHS care.data comms: We’re going to use your confidential health records from GPs for all sorts of purposes, scope may change in future, but please trust us to share them with all the right people. Look at all the benefits!

Public: Who decides who all the right people are, will it be the same as hospital data were shared with before that I didn’t know about? [5] For commercial comparison websites, refining insurance premiums, given to the police and Home Office? Can you explain the benefit of those uses to me?

NHS care.data comms: Don’t worry, the Care Act 2014 change the law and we won’t pass the GP part of your records to commercial users, well not ‘purely for commercial use’ and we’ll ignore your questions on Back Office use – and, oh, look at all the benefits!  

Public: We were told at an NHS England event that the new rules hadn’t ruled out categorically commercial users or re-use if it was ‘for the purposes of health’ for example. So how will I know if users and access rules change in future? You just expanded who could use the SCR and didn’t plan to tell any of us about that?

NHS care.data comms: Don’t worry [we’re not going to answer those questions – because you’re right, we’re not ruling out commercial re-use, and we don’t have any change plan in place to tell you about future changes, that would cost money and God forbid GPs or CCGs might realise they might have ongoing care.data communications costs, if we don’t fund them centrally]. We’ll keep your data secure!

Public: Secure setting access seems to apply ONLY for the pathfinder stage and after that it’s unclear, it says: “This secure data facility is the only way that customers will be able to access the linked general practice and HES data during the care.data pathfinder stage. There is no information available at present about specific controls that will apply following any future decision to proceed beyond the pathfinders to national roll out.” [Customer requirements addendum Aug 2014]  [13] So how will I know secure access rules change in future and you plan to let users get data in their own locations again, like for HES?] You’re not listening and answering my sound questions!

NHS care.data comms: You’re not listening – look at the benefits! You can of course be selfish and choose not to share your GP data at all. But anyway, why would you because we can still use your hospital records HES, and mental health clinic records, and maternity data and…. look at all the benefits!

Public: What?  No, *you’re* not listening. I want to share with research, and you can have my anonymous data for planning, but don’t want anything going to all those random other users, so without another granular choice, I opted out of my data used for secondary uses.

NHS care.data comms: Yes, well, it’s complicated. When we said we could do that… We offered you an opt out, now there’s only one that works which is the GP held data extraction. Please ignore what we said before. . look at all the…

Public: What? Why can I no longer choose to opt out of all onward data sharing for secondary uses? You are still using my identifiable data for secondary purposes even though I expressly dissented?

NHS care.data comms: We have not kept that past promise made but we might in future. We really mean to, honestly. Please ignore that. [Ignore that we’re not apologising either.] And look at all the benefits! 

Public: What? WHAT?  Secretary of State in 2014  [9] and David Cameron in 2012 [10] promised I could opt out, even of anonymised use of my data.

NHS care.data comms: We cannot tell you exactly when we might keep it.  But we will. Just trust us. Look at all the benefits! 

Public: So you’re technically incompetent or promised something that you did not intend to keep. Or just got it wrong, and that’s forgivable but at least tell me when it will be respected. If it’s technical, how can I trust you’ll keep my data safe? If it was intentional not to enact it, and you still haven’t kept it one year on, why should we trust you will keep it now? Perhaps you never wanted us to be able to opt out at all? I can only trust you, if you fix this and are honest with me about it.

NHS care.data comms: But it will be fine. Your data will be extracted and used in the ways we told you in this leaflet. Just trust us. Look at all the benefits! That’s what our communications approach says will work.

Public:      Has left the building….

Yes, this sounds a little facetious and is deliberately over-the-top. But this is a sense of what underlies how it comes across to many in the public. Benefits is a word the public hears day in day out in the press and it’s got DWP negative connotations. Benefits has become a bad word.

“Just trust us,” is not going to work. ‘Look at all the benefits!’ is not going to work. The public really has to question, what is the intent behind that mantra because it is hard to see it as anything other than, “please just let us get past this tick-box exercise.” The questions are sound. The answers are missing.

So far the programme has tried to show what the benefits are. It has failed to demonstrate why those claimed benefits are necessary and require change.

If this can’t be done, the programme really must question itself – where are the measurable benefits in the programme that justify its delivery?

The Customer Requirement itself state: “By providing such users with extracts of the pseudonymous CES file, there is a risk of malicious re-identification of patients from inference (a so-called “jigsaw attack”). This risk will need to be taken into account when the HSCIC determines what views of the data should be made available to different accredited users.”  [ Customer Requirements Plan 2.1]

Real Risk: So long as there is profit to be made from commercial use of data the public will continue to mistrust that their data will not be “at risk of malicious re-identification of patients from inference (a so-called “jigsaw attack”).”

Long term trust needs a long term communications solution

How this is being addressed must not only work for the pathfinder, but must be a long term solution.  This could be changed if policy supported permanent security not a policy that will undermine it:

“This secure data facility is the only way that customers will be able to access the linked general practice and HES data during the care.data pathfinder stage. There is no information available at present about specific controls that will apply following any future decision to proceed beyond the pathfinders to national roll out.” [Customer requirements addendum Aug 2014]

Issues that are raised in questions at public meetings are talked about, but rarely solved. I am yet to hear good answers to many of the questions raised at  2014 events.

The public understands how data are both used well, & how they are misused.

In terms of specific uses of data, the greatest opposition was for “health records being sold to private healthcare companies to make money for government” (84%), according to the RSS data trust deficit work. If records are instead “shared with private healthcare companies to develop more effective treatments”, opposition reduces to 45%.11 [2]

com_sale

If the organisation wanting data is to appear trustworthy, the concerns the public has must be addressed.

Even some of the questions in its own finely polished version of public feedback contains unanswered questions.

So why not answer them? Because the public is not clever enough to understand the answers? Go back to the section “What is change in care.data about?” and try again.

You accept the public understands the benefits but don’t see why many feel  the risks do not justify the potential benefits? Read on.

Do you understand what other risks the public feel are valid and are not being addressed? Read on.

The role of Data Guardian was announced nine months ago, and was ‘at the earliest opportunity’ to be put on a statutory footing. It’s not yet.

The Type 2 opt out was supposed to work when care.data was rolled out 18 months ago. It doesn’t yet.

Two important things that were intended to underpin public trust were communicated but have not been done. That doesn’t appear reliable.

Secondary uses for Commissioning and Research purposes are not the only uses to which health data collected for care, and now stored at HSCIC are put.

“2073 releases made from the National Back Office between April 2013 and December 2013. This includes 313 releases to police forces, 1531 to the Home Office and 229 to the National Crime Agency.” [HSCIC, July2,  2014]

This use of Hospital records and secondary data uses by the back office, without telling the public, does not feel ethical and transparent.

We talk a lot about transparency. We hear too little of honesty. What is said that will be done, must happen in reality or it appears dishonest.

Being completely truthful is fundamental to future-proofing trust in the communications process. Honest about intentions of the programme. Honest about ALL the uses to which health data are put. Honest about future scope changes already planned.

How could a new model for NHS care.data Communication deliver

So let’s come back to what is needed and is missing today:

  1. aim to meet genuine ongoing communication needs not legal tick-boxes
  2. change organisational attitude that encourages people to ask what they each want to know at macro and micro level – why the programme at all, and what’s in it for me? Only possible if you will answer what is asked.
  3. deliver robust explanations of the reason why the macro and micro benefits demonstrably outweigh the risk of individual potential harms
  4. demonstrate reliability, honesty, competency and you are trustworthy by fixing things that are broken, and doing what you say will happen
  5. agree how scope changes will trigger communication to ‘future-proof’ an ongoing relationship and trust by design, not afterthought

All these points 1- 5 should be designed now.

GPs / CCGs in the pathfinder – what will your ongoing costs be every time a new use or user is planned by NHS England – why not open up the data to other government departments? DWP could use it for fraud checks in real time in the job centres? Apply to be an MP, first let me do a mental health history report?  Every newborn’s genomic data is to be sold worldwide through Genomics England?

Clearly there are ethical uses of data and lines that would be too far. But who decides what and where are they? Instead of moving them depending on need and who is in power, it would be ethical good practice for EVERY change in use, purpose or new user group to trigger a communication before it is enacted.  Data protection law and ethical good practice demands that people have the right to know what happens to their data before the change. The Secretary of State and Prime Minister have said the public will have the right to opt out of data uses. Opt out can only happen up front, not after the event.

A concrete tool to demonstrably show competency, honesty and reliability, is a personal data usage report showing who accessed my data when and why.

This audit is clearly already possible for the Summary Care Record today (hence the assurance to patients that every smart card shows who used the patient record, and that every access marked as unconsented by the user raises a warning.] However, patients can’t yet see this themselves. And it covers only data extracted for direct care, not HES/SUS or other secondary use stores.

If that can be achieved across the NHS for all uses of data, by the creation of a personal data usage report as a personal audit, then point 1 could in part also be achieved and provide a delivery mechanism for change notifications. The process of what event should trigger that change notification, would need worked out. A change of use? A change of user? Scope creep of every kind should trigger a change notification. This was a serious flaw in the SCR communications this week. Who will access it next? Is there no limit on users, and as for secondary uses, who decides where that line is? Every change should trigger communication. Every change should be infrequent and not taken lightly. Neither should the public’s support be taken for granted.

I asked about the question of an ongoing patient communication process at the King’s Fund NIB meeting. I asked yesterday. And I’ve asked in the past.

“How will programme planners ensure an ongoing change management process to notify patients of any future changes to what data will be taken from their records, in who may use it, or in what they might use it for?”

There is no answer yet. Mr.Kelsey said at the King’s Fund, they should be held to account. Well this is something that they must be accountable for.

If there is truly a desire to future-proof the NHS they must ensure a future-proofed data sharing process.

Data sharing needs a rolling consent model of how any change in extraction, use or users will be communicated and consent renewed or withdrawn.

It must be a known and communicable solution before rolling out pathfinder communications explaining how opt out works.

Designing the policy comes before the technology solution that will deliver the mechanism to provide the process.

Sticking a collective head in the sand and ignoring this because it is difficult, might push off the problem, but it will come back, and be worse.

If the NIB plans are genuine about future plans for consent then why do something half baked now that will further harm public trust?

“By April 2016 NIB will publish, in partnership with civil society and patient leaders, a roadmap for moving to a whole-system, consent-based approach, which respects citizens’ preferences and objections about how their personal and confidential data is used, with the goal of implementing that approach by December 2020.” [NIB plans, WS4]

I have serious concerns that the current care.data communications can deliver any long term solution and if true, what is it costing in terms of money and trust? Will it be worth it to get those few patients data at any cost?

A pilot is only a pilot if it tests. If they are not testing a long term communications approach that will be copy-pasted  in the national rollout, then what on earth ARE they testing?

What should those solutions specifically address and how? I wrap up in Building Public Trust [5]: Future solutions for health data sharing in care.data.

 

####

Part one: A seven step top line summary – What I’d like to see change addressing public trust in health data sharing for secondary purposes.

Part two: a New Approach is needed to understanding Public TrustFor those interested in a detailed approach on Trust. What Practical and Policy steps influence trust. On Research and Commissioning. Trust is not homogeneous. Trust  is nuanced even within the single relationship between one individual and another. It doesn’t exist in a vacuum.

Part three: Know where you’re starting from. What behaviours influence trust. Fixing what has already been communicated is vital before new communications get rolled out. Vital to content of your communications and vital for public trust and credibility.

This is Part four: Communicate the Benefits won’t work – For those interested in more in-depth reasons, I outline in part two why the communications approach is not working, why the focus on ‘benefits’ is wrong, and fixes.

Part five: Future solutions – why a new approach may work better for future – not to attempt to rebuild trust where there is now none, but strengthen what is already trusted and fix today’s flawed behaviours; honesty and reliability, that  are vital to future proofing trust. Seven vital pillars of wisdom for trust.

[1] NHS England October 2014 http://www.england.nhs.uk/2014/10/23/nhs-leaders-vision/

[2] SCR June 2015 pharmacy rollout http://systems.hscic.gov.uk/scr/library/poc_report.pdf

Polls of public feeling:

[2] Royal Statistical Society Data Trust Deficit http://www.statslife.org.uk/news/1672-new-rss-research-finds-data-trust-deficit-with-lessons-for-policymakers

(2b] Dialogue on data – work carried out through the ADRN

[3] Without care.data health service has no future says director http://www.computerweekly.com/news/2240216402/Without-Caredata-we-wont-have-a-health-service-for-much-longer-says-NHS

[4] Caldicott Review 2: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] HSCIC Data release register

[6] BMA LMC Vote 2014 http://bma.org.uk/news-views-analysis/news/2014/june/patients-medical-data-sacrosanct-declares–bma

[7] Why Wanting a Better Care.Data is not Luddite: http://davidg-flatout.blogspot.co.uk/2014/04/why-wanting-better-caredata-is-not.html

[8] Talking to the public about using their data is crucial- David Walker, StatsLife http://www.statslife.org.uk/opinion/1316-talking-to-the-public-about-using-their-data-is-crucial

[9] Jeremy Hunt Hansard Col 148 “this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research.” http://www.publications.parliament.uk/pa/cm201314/cmhansrd/cm140225/debtext/140225-0001.htm

[10] BBC News. Everyone ‘To Be Research Patient’, Says David Cameron. December 5, 2011. http://www.bbc.co.uk/news/uk-16026827

[11] Type 2 opt out does not work http://www.telegraph.co.uk/news/health/news/11655777/Nearly-1million-patients-could-be-having-confidential-data-shared-against-their-wishes.html

[12] care.data programme board http://www.england.nhs.uk/ourwork/tsd/care-data/prog-board/

[13] care.data customer requirements summary – addendum August 2014 http://www.hscic.gov.uk/media/15109/Customer-requirement-summary-addendum—caredata-updated-addendum/pdf/Customer_requirement_summary_addendum_-_care.data_addendum_v2.0.pdf