care.data programme questions remain unanswered [1] and opportunities to demonstrate better transparency have to date, been turned down.
For anyone interested in the care.data rollout, professionals, patients and public alike, it is worrying to see the continued secrecy which shrouds the programme. We’ve been told online (but most in the public will still not know) an initial rollout in 4 CCG areas is now planned [2], but at which GP practices remains unclear.
On October 12th I asked that the care.data programme board minutes should be made public. The request is still open.[3]
“They seem hell bent on going ahead. I know they listened, but what did they hear?”
Questions asked by hundreds of people at multiple listening events remain unpublished and unanswered. Risks need resolved.
It is ironic that for a programme whose stated aim is to gather patient information in order to answer open questions about care, it is so unwilling to give information back to answer the questions we, the ‘data subjects’ have about the programme.
I believe it is important to ensure that the questions are transparent, criticisms addressed and clarified, open issues solved and questions answered ahead of the pathfinder rollout to ensure the greatest success of the programme.
If the programme proceeds on an opt out basis, the risk is increased that it will not meet Data Protection regulation[4], which requires informed use of personal data. This puts GPs at risk. [5]
All the people who made the effort to attend these events for the benefit of the programme and the public good deserve answers. This would minimise the risks the public raised, which remain unresolved.
It is also important for maintaining trust in the integrity and value of user participation and engagement at other NHS events, and in this programme in particular.
Public and Transparent Feedback was Promised
I wrote to Mr. Tim Kelsey, Director, at the Patients and Information Directorate, NHS England today to ask, once again, for the release of public feedback.
Now two months ago, when I spoke with him after the NHS AGM in London on September 18th about care.data, the public questions have still not been put into the public domain.
He agreed that the raw feedback from all the care.data listening events, which included all the open questions asked by participants, would be published, “Shortly.”
This feedback includes questions from the NHS Open Days on June 17th (4 locations), the stand-alone care.data events since, and those from the care.data advisory sessions hosted in Peterborough and Coin Street, London [6].
NHS England claims there have been hundreds of events. The website says some took place in my county, though I haven’t heard of any and neither has my CCG. Those of which I am aware and six attended, all generated a huge number of participant questions on paper, post-its and electronically, which participants were told would be published and answered, including put on the Open Day website ‘later in the summer'[7]:
“Feedback from this session is being incorporated into the overall report from the care.data listening phase which will be published later in the summer and linked to from this site.”
This is still to happen, and now nearing the end of November, is somewhat overdue.
My own questions at four events were on process and I believe it is important to get these clarified BEFORE the pathfinder:
- How will you communicate with Gillick competent children [8], whose records may contain information about which their parents are not aware? [note also RCGP online roadmap p.15][9]
- How will you manage this for elderly or vulnerable patients in care homes and with diminished awareness or responsibility?
- When things change in scope or use, how will we be informed of changing plans for use or users, on an ongoing basis? [Data protection principle 2] [10]
- For any future changes, how will we be given the choice to change our opt out or opt in? Consent is not a one-time agreement but needs managed on a continual, rolling basis – how will this be achieved?
Campaigners have also raised remaining, unresolved issues.
Key legal questions remain, including on Opt Out
I am starting to become concerned that the opt out is STILL not on a statutory footing. Will the Secretary of State make good his verbal agreement in law?
What legal changes will be made that back up the verbal guarantees given since February? If none are forthcoming, then were the statements made to Parliament untrue? [11]
“people should be able to opt out from having their anonymised data used for the purposes of scientific research.”
I am yet to see this legal change and to date, the only publicly stated choice is only for identifiable data [12], not all data, as stated by the Minister.
So too the promised extra governance on a legal basis has not yet happened.
It is worth a note that although the Health and Social Care Act 2012 may have steamrollered the legal position of the patient and GP, and that confidentiality no longer comes first, informed consent even if assumed, is still in other circumstances to be obtained fairly:
“Consent obtained under duress or on the basis of misleading information does not adequately satisfy the condition for processing.” [ICO]
Should this principle not also apply even if GPs are legally obliged to release data without patient consent? [I feel that needs more discussion, so will write about consent in my next post.]
There is much made of ‘new legal protection’ of our data but in fact it is impossible to see it provides any such thing, and yes, I have read it. The Care Act 2014 did not get amended with any binding or truly clear provisions to make data more confidential or secure.
Concerns of many people centre on commercial use, and re-use of data, and these are not addressed by the loose terms for the benefit of adult health and social care’ or the ‘promotion of health’. [part 4 p.120] Data sold all year may have met this criteria, but is this how we expect our health records to be used without our express permission?
“We will use Mosiac, appended to the ICD10 code diagnoses, to create national Mosaic profiles. These estimates and propensities will be sold to public and commercial organisations to enable them to target resources more effectively and efficiently…Other data characteristics that are also linked to Mosiac can then be used to understand broader lifestyle characteristics of those most at risk to ensure that messages and communications are appropriate and well targeted.” [July register]
So I hope it is clear, that these concerns are not only mine, but remain unanswered for the broader participants of listening events, gathered throughout the last year.
Questions from others
I’m publishing here the filtered and NHS England written, summary response of the 26th June event [14], I received as an attendee. (40 people, of whom ca 10 NHS England and HSCIC staff).
I disagreed with one of the statements made at our table at the meeting, and pointed out it was not factual. History as I understand, and has been stated by HSCIC in FOIs, will not be deleted. Yet this was allowed to be included in the notes sent to all:
“communicate that identifiable information can be deleted.”
The workshop was about how to access ‘hard-to-reach’ groups, so focused on communications methods. You will see that many statements are about how to market the programme, and do not clarify questions of substance, although many were asked on the day about scope definition, and future data changes.
Questions have not yet been addressed, such as Gillick, on children in care, young offenders, the forces, avoiding ‘propaganda-ish’ sounding and bias in the materials, to ensure the ‘adequate requirements’ for data processing.
You can see from this, that although the listening events may be deemed to have been a success, the answering part is still missing.
How are NHS England measuring success? What does good look like? I guarantee from a public perspective, it’s not there yet.
Long term benefit must not be harmed in the rush for a pilot tick-box
Since the programme is heralded as so vital for the NHS, I believe we should not be making the best of a bad job, but shaping process, security and communications to be world class, worthy of our NHS.[15]
We also need to see a long-term cost benefit plan – if we don’t know how some of these future processes are to be managed, how will we know what they will cost, and are they worth it?
The project should not aim for a quick and dirty pilot rollout. Perhaps there is a need to tick the ‘on time’ box for an NHS England target or meet a job description appraisal, as I would have had when I was responsible for project implementations in my past commercial industry role?
As it stands it is not NHS England/DoH who has the most to lose if this goes ahead as is. They must look at the big picture and accept their responsibility for this project, decide not to rush it and not expect the public and GPs to carry its risk.
At the weekend, in a speech about TTIP I heard the phrase, it’s “a classic case of socialising the risk and privatising the profit.”
So too it feels for me on care.data. NHS England wants all the benefit of our information, including from its sale, but it is we, individual patients and GPs who will be harmed if its security, commercial use [16], or everyday trust & confidentiality are compromised.
The Department of Health must look beyond party political aims pre-election. This is for the good of the NHS, which belongs to us all.
We must see open questions on process and content openly answered, for professionals and public alike.
Only then, can we trust that the infrastructure and promises made behind the scenes have set the foundation for this scheme to be worthy of our most intimate and confidential data.[17]
What can Patients do now?
“The policy and practical answers we need to ensure success, will not fit on a flyer or SMS.”
I have spoken with some of my fellow attendees since these events, including for example Stan Burridge, the Research Lead on Service User Involvement at Pathway London. (A charity providing healthcare to the homeless and which works with others on policy and best-practice approach sharing. Their recent work on dentistry outreach achieved a 0% no-show rate – getting the vital care needed for their clients and saving ££ for NHS dentist provision.)
His comments are a good summary of what has happened since:
“In the events, opinions could be expressed, questions asked, and I was made to feel they were valid questions, but they’re doing very little to answer them so that it makes a difference.
“I feel I was engaged with the process, but it’s doing nothing for the people on the margins.
“They should be given an informed choice to opt in, an uninformed choice not to opt out is not the same.
It is unclear what patients can now do, to get the answers we have asked for. We want to make a positive difference to make the project better.
The listening events seem to have been a one way process, and participation for PR purposes, rather than real engagement. The policy and practical answers we need to ensure success, will not fit on a flyer or SMS. They can’t be communicated as part of the pilot rollout. We need them published, addressed and ironed out up front.
Stan summed up exactly what I feel and what I have heard from many others:
“They seem hell bent on going ahead. I know they listened, but what did they hear?”
****
[1] A patient’s open letter to NHS England
[2] CCG pathfinder announcement
[3] care.data programme board minutes and materials FOI
[4] ICO Guide to Data Protection
[5] Medical Protection and care.data concern
[6] Coin Street care.data advisory group public event, Sept 6th
[7] NHS England Open House event 17th June
[8] Gillick and data protection for children
[10] ICO Data Protection guidelines
[11] Hansard, Parliament 25th February 2014
[12] Parliamentary briefing note on care.data
[13] Questions from the Open House, incl. Leicester
[14] NHS England summary of feedback and statements from public event at Mencap, June 26th 2014
[15] Post from July 21st HSCIC roadmap event, future data use
[16] Commercial use of data with brokers – call for consumer data transparency