care.data – 3. A mother’s journey: Fears and Facts

MGM 1939 The Wizard of Oz

My final of 3 parts response to The Times article recently which mentioned unfounded fears which ‘evaporate like candyfloss’.

The Wizard of Oz that article touched upon, is a threatening fantasy story for many children. But the threats created by the removal of the confidentiality between patient and GP in care.data are real.

We risk patients who will not go to the family GP for care, knowing that the record may be seen by someone other than our trusted local doctor. Or who hold back facts which will influence their treatment. Teens may not visit a clinic believing it can no longer treat them anonymously. These are threats for Public Health. There are other risks of concern for particular groups such as those with disabilities.

Separately, but it seems ever more often built into the current narrative, is the path towards Electronic Patient Record access, which will need all sorts of privacy issues addressed within families and for the vulnerable. The at-risk woman made to reveal her medical record by a threatening partner checking up on her, or checking that there is nothing about him. Women may not speak up with their GP. Carers may even inadvertently, put pressure on the elderly at home, to know all. I know there will be many who want to access their own record. I would myself if it did not mean a fully identifiable record held at a central level. But we should not march on leaving the vulnerable behind a digital divide. It is not just ‘Internet banking’. My fear is that for those who want no electronic record, it will not just mean getting no front end access. It should not be created at all.

Identifiable extraction and re-identifiable data releases to third parties increase the risks of identity fraud, discrimination in education, insurance, and employment. And risk of provider fraud by the commercial third party providers now used ever more widely in the NHS, since the Health and Social Care Act 2012.

It is between these third parties that NHS England demands identifiable data shared for invoice validation. Did Mr. X get treatment Y from provider A? Has the Health and Social Care Act created a dichotomy for NHS confidentiality? Some common identifier is needed to match data with other data held too.

Whilst identifiable data is ‘a no brainer’ for clinical use, we should not be expected to have it extracted, stored, and available to link on demand for bespoke requests to any customer. The vague ‘health purposes, benefiting health and social care’ as undefined yet a small body, with little public oversight at the arms-length HSCIC decides if they are met.

There are decisions reached, out of committee, which are not detailed in the minutes of approval meetings. With only 4 people on the group, it would be easy no matter how well intentioned, for the decision to be much more swayed by someone approaching the group outside of the process, or for there to be conflict of interest. It’s quite a different set up at the Health Research Authority. I fear that my idea of legitimately approved uses in research differ with those of the MRC. Who champions the patient when I have no voice at the table?

Why should a Cabinet Office get given personal confidential information on teenagers, requesting both physical and mental health data, who are taking part in a non-health project, as was done last summer, and which only got documented in January? Even with consent, that seems excessive and unnecessary. We have no control over what future governments may want our data for. The HSCIC Data Advisory Group is yet to fully publicly document those purposes, alongside each new application in any detail. (Compared with CAG which lists a named individual applicant and precise purpose).

Will my children be labelled with a condition which they might outgrow but their notes share it with others for their lifetime and beyond? Will they be stigmatised and discriminated against by deciding NOT to share records and be seen as hiding something? Some people comment, ‘it doesn’t matter I’m not a celebrity or state figure’, as if that somehow entitles one to a greater degree of privacy. But even if we accept that, what of our children, who knows who they may yet become?

We have no idea to what uses their data may be put in our children’s adulthood. We have no idea where it may be stored. Their NHS number is with them from cradle to grave and will be increasingly used across health and non-health settings. The future of medical research and its applications are unimaginable today.

If we are to give them away, it must be  under the strictest of governance and well documented and workable processing solutions.There is a strong argument for allowing queries to share information, not extracts of actual data. The master copy, nor in-part sections of the database, would not leave the secure environment at HSCIC.

Facts often inform and can chase away fears. But until the needed changes are made in process and governance, these fears cannot ‘evaporate like candyfloss.’ They are founded on facts, and shared by many professional bodies as well as individuals.

The leadership team and others needs to stop trying to scare us into submission too. Patients will die if we don’t carry on with care.data.  The end of the NHS is nigh. Tim Kelsey told the Health Select Committee if 90% opt out there will be no NHS. Well, perhaps that is the crux of the question. What is the NHS today? Whom does it serve? It belongs to all of us. If you’re doing something that means the end is nigh, then hurry up and tell us what.

If we see care.data as business intelligence in order to make financial transactions flow between a disparate set of providers, then yes, without it, the payments process may need to change or fail without our data. But for patients, that is not what the NHS is about. We want to make it work, but not at the expense of the age old principle of good care: confidentiality.

What needs to happen? 
Fix the Data Protection for pseudonymous data.
Fix boundaries for scope creep, and vague changing purposes.
Fix the failure of Fair Processing and put in place a continual change communications’ plan.
Facilitate the objection and clarify what it means, as offered by the Secretary of State.
Focus on the reality of care.data now, not Online Patient Access in a down-the-line vision.
And fundamentally, be honest with us patients.
Engage with patients without commercial drivers.

Why are we really funding this massive top-down programme, and leaving local hospitals unable to interact? That is what patients need when they transfer between care settings. Beverley Bryant said in London at a conference this week, that ‘interoperability’ was key. Yet between hospitals the Clinical Informatics Director, NHS England, emphasized at the same event, the need for local systems and that there would be no top down support or directive for enforced  interoperability standards. There is a massive disconnect between two leaders in the same quango. I fear this is the biggest challenge – what is care.data really about? The business case cover, according to the February 2014 Board Performance Pack, was still not in place.

To face up to and fix these issues, will take courage. The question should be, not what are we patients afraid of, but have our future Data Controllers, NHS England and HSCIC, the head and heart for the task ahead?