Tag Archives: commercial uses

The Economic Value of Data vs the Public Good? [2] Pay-for-privacy, defining purposes

Differentiation. Telling customers apart and grouping them by similarities is what commercial data managers want.

It enables them to target customers with advertising and sales promotion most effectively. They segment the market into chunks and treat one group differently from another.

They use market research data, our loyalty card data, to get that detailed information about customers, and decide how to target each group for what purposes.

As the EU states debate how research data should be used and how individuals should be both enabled and protected through it, they might consider separating research purposes by type.

While people are happy for the state to use their data without active consent for bona fide research, they are not for commercial consumer research purposes. [ref part 1].

Separating consumer and commercial market research from the definition of research purposes for the public good by the state, could be key to rebuilding people’s trust in government data use.

Having separate purposes would permit separate consent and control procedures to govern them.

But what role will profit make in the state’s definition of ‘in the public interest’ – is it in the public interest if the UK plc makes money from its citizens? and how far along any gauge of public feeling will a government be prepared to go to push making money for the UK plc at our own personal cost?

Pay-for-privacy?

In January this year, the Executive Vice President at Dunnhumby, Nishat Mehta, wrote in this article [7], about how he sees the future of data sharing between consumers and commercial traders:

“Imagine a world where data and services that are currently free had a price tag. You could choose to use Google or Facebook freely if you allowed them to monetize your expressed data through third-party advertisers […]. Alternatively, you could choose to pay a fair price for these services, but use of the data would be forbidden or limited to internal purposes.”

He too, talked about health data. Specifically about its value when accurate expressed and consensual:

“As consumers create and own even more data from health and fitness wearables, connected devices and offline social interactions, market dynamics would set the fair price that would compel customers to share that data. The data is more accurate, and therefore valuable, because it is expressed, rather than inferred, unable to be collected any other way and comes with clear permission from the user for its use.”

What his pay-for-privacy model appears to have forgotten, is that this future consensual sharing is based on the understanding that privacy has a monetary value. And that depends on understanding the status quo.

It is based on the individual realising that there is money made from their personal data by third parties today, and that there is a choice.

The extent of this commercial sharing and re-selling will be a surprise to most loyalty card holders.

“For years, market research firms and retailers have used loyalty cards to offer money back schemes or discounts in return for customer data.”

However despite being signed up for years, I believe most in the public are unaware of the implied deal. It may be in the small print. But everyone knows that few read it, in the rush to sign up to save money.

Most shoppers believe the supermarket is buying our loyalty. We return to spend more cash because of the points. Points mean prizes, petrol coupons, or pounds off.

We don’t realise our personal identity and habits are being invisibly analysed to the nth degree and sold by supermarkets as part of those sweet deals.

But is pay-for-privacy discriminatory? By creating the freedom to choose privacy as a pay-for option, it excludes those who cannot afford it.

Privacy should be seen as a human right, not as a pay-only privilege.

Today we use free services online but our data is used behind the scenes to target sales and ads often with no choice and without our awareness.

Today we can choose to opt in to loyalty schemes and trade our personal data for points and with it we accept marketing emails, and flyers through the door, and unwanted calls in our private time.

The free option is to never sign up at all, but by doing so customers pay a premium by not getting the vouchers and discounts.  Or trading convenience of online shopping.

There is a personal cost in all three cases, albeit in a rather opaque trade off.

 

Does the consumer really benefit in any of these scenarios or does the commercial company get a better deal?

In the sustainable future, only a consensual system based on understanding and trust will work well. That’s assuming by well, we mean organisations wish to prevent PR disasters and practical disruption as resulted for example to NHS data in the last year, through care.data.

For some people the personal cost to the infringement of privacy by commercial firms is great. Others care less. But once informed, there is a choice on offer even today to pay for privacy from commercial business, whether one pays the price by paying a premium for goods if not signed up for loyalty schemes or paying with our privacy.

In future we may see a more direct pay-for-privacy offering along  the lines of Nishat Mehta.

And if so, citizens will be asking ever more about how their data is used in all sorts of places beyond the supermarket.

So how can the state profit from the economic value of our data but not exploit citizens?

‘Every little bit of data’ may help consumer marketing companies.  Gaining it or using it in ways which are unethical and knowingly continue bad practices won’t win back consumers and citizens’ trust.

And whether it is a commercial consumer company or the state, people feel exploited when their information is used to make money without their knowledge and for purposes with which they disagree.

Consumer commercial use and use in bona fide research are separate in the average citizen’s mind and understood in theory.

Achieving differentiation in practice in the definition of research purposes could be key to rebuilding consumers’ trust.

And that would be valid for all their data, not only what data protection labels as ‘personal’. For the average citizen, all data about them is personal.

Separating in practice how consumer businesses are using data about customers to the benefit of company profits, how the benefits are shared on an individual basis in terms of a trade in our privacy, and how bona fide public research benefits us all, would be beneficial to win continued access to our data.

Citizens need and want to be offered paths to see how our data are used in ways which are transparent and easy to access.

Cutting away purposes which appear exploitative from purposes in the public interest could benefit commerce, industry and science.

By reducing the private cost to individuals of the loss of control and privacy of our data, citizens will be more willing to share.

That will create more opportunity for data to be used in the public interest, which will increase the public good; both economic and social which the government hopes to see expand.

And that could mean a happy ending for everyone.

The Economic Value of Data vs the Public Good?  They need not be mutually exclusive. But if one exploits the other, it has the potential to continue be corrosive. The UK plc cannot continue to assume its subjects are willing creators and repositories of information to be used for making money. [ref 1] To do so has lost trust in all uses, not only those in which citizens felt exploited.[6]

The economic value of data used in science and health, whether to individual app creators, big business or the commissioning state in planning and purchasing is clear. Perhaps not quantified or often discussed in the public domain perhaps, but it clearly exists.

Those uses can co-exist with good practices to help people understand what they are signed up to.

By defining ‘research purposes’, by making how data are used transparent, and by giving real choice in practice to consent to differentiated data for secondary uses, both commercial and state will secure their long term access to data.

Privacy, consent and separation of purposes will be wise investments for its growth across commercial and state sectors.

Let’s hope they are part of the coming ‘long-term economic plan’.

****

Related to this:

Part one: The Economic Value of Data vs the Public Good? [1] Concerns and the cost of Consent

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

****

image via Tesco media

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

 

The Economic Value of Data vs the Public Good? [3] The value of public voice.

Demonstrable value of public research to the public good, while abstract, is a concept quite clearly understood.

Demonstrating the economic value of data for private consumer companies like major supermarkets is even easier to understand.

What is less obvious is the harm that the commercial misuse of data can do to the public’s perception of all research for the public good.[6]

The personal cost of consumer data exploitation, whether through the loss of, or through paid-for privacy, must be limited to reduce the perceived personal cost of the public good.

By reducing the personal cost, we increase the value of the perceived public benefit of sharing and overall public good.

The public good may mean many things: benefits from public health research like understanding how disease travels, or good financial planning, derived from knowing what needs communities have and what services to provide.

By reducing the private cost to individuals of the loss of control and privacy of our data, citizens will be more willing to share.

It will create more opportunity for data to be used in the public interest, for both economic and social gain.

As I outlined in the previous linked blog posts, consent [part 1] and privacy [part 2] would be wise investments for its growth.

So how are consumer businesses and the state taking this into account?

Where is the dialogue we need to keep expectations and practices aligned in a changing environment and legal framework?

Personalisation: the economic value of data for companies

Any projects under discussion or in progress without adequate public consultation and real involvement, that ignore public voice,  risk their own success and with it the public good they should create.

The same is true for commercial projects.  For example, back to Tesco.

Whether the clubcard data management and processing [8] is directly or indirectly connected to Tesco, its customer data are important to the supermarket chain and are valuable.

Former Tesco executive, spoke about that value in a 2013 interview:

“These are slow-growing industries,” Leahy said. “The difference was in the use of data, in the way Tesco learned about its customers. And from that, everything flowed.”[9]

By knowing who, how and when citizens shop, it allows them to target the sales offering to make people buy more or differently. The so-called ‘nudge’ moving citizens in the direction the company wants.

He explained how, through the Clubcard loyalty program, the supermarket was able to transition from mass marketing to personalized marketing and that it works in other areas too:

“You can already see in some areas where customers are content to be priced as customers: risk pricing with insurance and so on.

“It makes a lot of sense in health pricing, but there will be certain social policy restriction in terms of fair access and so on.”

NHS patient data and commercial supermarket data may be coming closer in their use than we might think.

Not only closer in their similar desire to move towards personalisation [10] but for similar reasons, in the desire to use all the data to know all about people as health consumers and from that, to plan and purchase, best and cheapest…”in reducing overall cost.”

It is worth thinking about in an economy driven by ideological austerity, how reducing overall cost will be applied, by cutting services or reducing to whom services are offered.

What ‘nudge’ may be applied through NHS policies, to move citizens in the direction the drivers in government or civil service want to see?

What will push those who can afford it, into private care and out of those who the state has to spend money on, if they are prepared to spend their own, for example.

What is the data that citizens provide through schemes like care.data designed to achieve?

“Demonstrating The Actual Economic Value of Data”

Tim Kelsey, speaking at Strata in 2013 [11] talked about: “Demonstrating The Actual Economic Value of Data”. Our NHS data are valuable in both economic and social terms.

[From 12:17] “It will help put the UK on the map in terms of genomic research. The PM has already committed to the UK developing 100K gene sequences very rapidly. But those sequences on their own will have very limited value without the reference data that lies out there in the real world of the NHS, the data we’ll start making available form next June […]. The name of the programme by the way is care dot data.”

The long since delayed care.data programme plans to provide medical records for secondary use, as reference data for the 100K genomics programme. The programme has the intent to “create a lasting legacy for patients, the NHS and the UK economy.”

With consent.

When the CEO of Illumina talks about winning a US $20bn market [12] perhaps it also sounds economically appealing for the UK plc and the austerity-lean NHS. Illumina is the company which won the contract for the Genomics England project sequencing of course.

“The notion here is that it’s really a precursor to understand the health economics of why sequencing helps improve healthcare, both in quality of outcome, and in reducing overall cost. Presuming we meet the objectives of this three-year study–and it’s truly a pilot–then the program will expand substantially and sequence many more people in the U.K.” [Jay Flatley, CEO]

The idea of it being a precursor leaves me asking, to what?
“Will expand substantially” to whom?

As more and more becomes possible in science, there will be an ever greater need for understanding between how and why we should advance medicine, and how to protect human dignity. Because it becomes possible may not always mean it should be done.

Article 21 of the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the application of biology and medicine, also says:  “The human body and its parts shall not, as such, give rise to financial gain.”

How close is profit making from DNA sequencing getting to that line?

These are questions that raise ethical questions and questions of social and economic value. The social legitimacy of these programmes will depend on trust. Trust based on no surprises.

Commercial market research or real research for the public good?

Meanwhile all consenting patients can in theory now choose to access their own record [GP online].  Mr Kelsey expressed hopes in 2013 that developers would use that to help patients:

“to mash it up with other data sources to get their local retailers to tell them about their purchasing habits [16:05] so they can mash it up with their health data.”

This despite the 67% of the public concerned around health data use by commercial companies.

So what were the commercially sensitive projects discussed by NHS England and Tesco throughout 2014? It would be interesting to know whether loyalty cards and mashing up our data was part of it – or did they discuss market segmentation, personalisation and health pricing? Will we hear the ‘Transparency Tsar‘ tell NHS citizens their engagement is valued, but in reality find the public is not involved?

To do so would risk another care.data style fiasco in other fields.

Who might any plans offer most value to – the customer, the company or the country plc? Will the Goliaths focus on short term profit or fair processing and future benefits?

In the long run, ignoring public voice won’t help the UK plc or the public interest.

A balanced and sustainable research future will not centre on a consumer pay-for-privacy basis, or commercial alliances, but on a robust ethical framework for the public good.

A public good which takes profit into account for private companies and the state, but not at the expense of public feeling and ethical good practice.

A public good which we can understand in terms of social, direct and indirect economic value.

While we strive for the economic and public good in scientific and medical advances we must also champion human dignity and values.

This dialogue needs to be continued.

“The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data. We need to use data but we need to use it in ways that people have reason to accept. Use ‘in the public interest’ must respect individual privacy. The current law of data protection, with its opposed concepts of ‘privacy’ and ‘public interest’, does not do enough to recognise the dependencies or promote the synergies between these concepts.”

[M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed 1]

The public voice from care.data listening and beyond, could positively help shape the developing consensual model if given genuine adequate opportunity to do so in much needed dialogue.

As they say, every little helps.

****

Part one: The Economic Value of Data vs the Public Good? [1] Concerns and the cost of Consent

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

****

[1] care.data listening event questions: https://jenpersson.com/pathfinder/

[2] Private Eye – on Tesco / NHS England commercial meetings https://twitter.com/medConfidential/status/593819474807148546

[3] HSCIC audit and programme for change www.hscic.gov.uk/article/4780/HSCIC-learns-lessons-of-the-past-with-immediate-programme-for-change

[4] EU data protection discussion http://www.digitalhealth.net/news/EHI/9934/eu-ministers-back-data-privacy-changes

[5] Joint statement on EU Data Protection proposals http://www.wellcome.ac.uk/stellent/groups/corporatesite/@policy_communications/documents/web_document/WTP055584.pdf

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

[10] Personalisation in health data plans http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-002-Adult-Social-Care-Informatics.pdf

[11] Tim Kelsey Keynote speech at Strata November 2013 https://www.youtube.com/watch?v=s8HCbXsC4z8

[12] Forbes: Illumina CEO on the US$20bn DNA market http://www.forbes.com/sites/luketimmerman/2015/04/29/qa-with-jay-flatley-ceo-of-illumina-the-genomics-company-pursuing-a-20b-market/

care.data – one of our business cases is missing

“The government takes the view that transparency is vital to healthy public services. It has created a new Statistics Commission to improve the quality of information collected (and to end arguments about “fiddling” figures).” [Tim Kelsey, New Statesman, 2001] [1]

In a time of continuing cuts to budgets across the public sector the members of the public have every right and good sense to question, how is public money spent and what is its justification.[#NHS2billion]

For the flagship data extraction care.data programme, it is therefore all the more surprising, that for the short and long term there is [2]:

a) no public proof of how much the programme is costing,
b) little around measurable tangible and intangible benefits,
c) or how the risks have been evaluated.

The Woolly Mammoth in the Room

The care.data programme has been running under its ‘toxic’ [3] brand in a similar form now, for two years.

When asked directly on costs at the Health Select Committee last month, the answer was, at best, woolly.

“Q655   Rosie Cooper: While I appreciate that, can you give us any rough figures? What would a CCG be contributing to this?

Tim Kelsey: I cannot answer that question, but we will very rapidly come back to you with the CCGs’ own estimates of the costs of the programme and how much of that cost is being met by the programme.” [Hansard January 2015][4]

The department appears very unwilling to make public and transparent its plans, risks and costs. I’ve been asking for them since October 2014, in a freedom of information request. [5]

They are still not open. Very much longer will look decidedly shady.

A few limited and heavily redacted parts were released [2] in poor quality .pdf files in Jan 2015, and don’t meet my request as there’s nothing from April-October 2014, and many missing files:

Transparent?

As I followed the minutes and materials released over the last 18 months this was a monstrous gap [7], so I have asked for it before.[8]

I had imagined there was reticence in making it public.
I had imagined, the numbers may be vague.
I hadn’t imagined it just didn’t exist at all.

For the programme whose watchword is transparency, this is more than a little surprising.  A plan had to be drafted to drive transparency, after the FOI was received [which I believe fails section 22 refusal criteria, as the decision to publish was made after the FOI]

– here’s the plan [9] – where are the outcomes?nessie

Is the claim that without care.data the NHS will fail, [10] no more than a myth?

 

Why does the business case and cost/risk analysis matter? What is the future of our data ownership?

 

Because history has a habit of repeating itself and there is a terrible track record in NHS IT which the public cannot afford [22] to allow to repeat, ever again.

The mentality that these unaccountable monster programmes are allowed to grow unchecked, must die out.

Of the NPfIT, Mr Bacon MP said: “This saga is one of the worst and most expensive contracting fiascos in the history of the public sector.”

Last autumn, a new case history [23] examined its rollout, including why local IT systems fail to deliver patient joined up digital records.

Yet, even today, as we hear that IT is critical to the digital delivery of NHS care and we must all be able to access our own health records, we read that tech funds are being cut.

Where is common sense and cohesion of their business planning?

These Big Data programmes do not stand alone, but interact with all sorts of other programmes, policies, and ideas on what will be done and what is possible in future for long term data purposes.

The public is not privvy to that to be able to scrutinise , criticise and positively contribute to plans. That seems short-sighted.

And what of previous data-based ventures? Take as a case study the Dr. Foster IC Joint Venture [NAO, February 2007] [24]

“The Information Centre spent £2.5 million on legal and consultancy advice in developing the joint venture, and setting up the Information Centre. The Information Centre contends that £855,000 of the money paid to KPMG was associated with costs for setting up the Information Centre which included business planning.

However, they could not provide an explicit breakdown of these costs […] We therefore calculate that the total cost to the taxpayer of a 50 per cent share is between £15.4 million and £16.3 million.”

“The Information Centre paid £12 million in cash for a 50 per cent share of the joint venture (see Figure 2 overleaf).

The UK plc made a sizeable investment here. The UK state invested UK taxes in this firm – so what’s the current business case for using data? How transparent are our current state assets and risks?

Being a shareholder in one half, it is fair to ask who are we now sharing the investment risk with or was this part sold soon after?[25] Was that investment a long-term one, or always meant to be so short term and are there any implications for the future of HSCIC?

In 2011 this report [26] another investment group, Bamboo holdings [related to other investor companies], wanted but did not succeed in selling its Dr. Foster stock at an acceptable price, said the portfolio introduction due in their words, to ‘poor performance’.  [Annual investor review from 2013 [p.5]

So what risks does the market see as a whole which are not made available to the public which affect how data is used and shared?

What of the other parts of Dr. Foster Research and so on, we, the state, went on to buy or sell later? It appears complex.

Is the commercial benefit to be made for private companies, seen as part of the big picture benefit to the UK plc or where does state investment and expectation for economic growth fit in?

What assessment has been made of the app market in the NHS and how patient data is expected in future to be held by the individual, released by personal choice to providers through phones?

Is a state infrastructure being built which in the surprisingly short term, may see few healthy people who store their data in it or will we see bias to exclude those with the money and technology to opt out who prefer to keep their health data in a handheld device?

What is the government plan for the future of the HSCIC and our data it manages? The provider Northgate was just bought by European private equity firm Cinven, which now manages a huge swathe of UK’s data [32] and HSCIC brought others in-house. [33]

“Its software and services are used by over 400 UK local authorities, all UK police forces, social housing providers in the UK and internationally, and NHS hospitals. Its IT projects support the sharing of information for criminal intelligence and investigations across UK police forces and the management of health screening records in the UK and in Ireland.”

All the easier to manage – or to manage to sell off?

Is the business plan future-proofed to survive the new age of health data management?

One of the problems with business cases for programmes which drag on and get swamped down in delays, is they become obsolete.

The one year mark has now passed in the announced care.data pause, announced on February 18th 2014.

The letter from Mr.Kelsey on April 14th 2014, said they would use the six months to listen and act on the view of patients, public, GPs and stakeholders.

Many of the open questions remain without any reply at all, never mind public answers to solutions to open issues.

The spine proposal by medConfidential [30] is one of the best and clearest proposals I have found with practical solutions to the failed opt out 9Nu4 for example.

Will these be addressed, or will NHS England answer the Data Guardian report and 27 questions [31] from December?

Is care.data arthritic or going quietly extinct? The last public information made available, is that it is rolling on in the background towards the pathfinders.

“By when will NHS England commit to respect the 700,000 objections to secondary data sharing already logged but not enacted?” [updated ref June 6th 2015]

How is the business plan kept up to date as the market moves on?

Is Big Data in the NHS too big to survive or has the programme learned to adapt and changed?

As Peter Mills asked a year ago, “Is the Government going to take this, as a live issue, into the next general election? Or will it (like the National Programme for IT) continue piecemeal, albeit without the toxic ‘care.data’ banner? “

The care.data programme board transparency agenda in Nov 2014 : “The care.data programme has yet to routinely publish agendas, minutes, highlight reports and finalised papers which arise from the care.data Programme Board.

“This may lead to external stakeholders and members of the public having a lack of confidence in the transparency of the programme.”

We all recognise the problem, but where’s the solution?

Where’s the cost, benefit and risk analysis?

Dear NHS England. One of your business cases is missing.
Why has the public not seen it?
Why are you making it hard to hunt down?
Why has transparency been gagged?

Like Dippy, the care.data business case belongs in the public domain, not hidden in a back room.

Like the NHS, the care.data full risk & planning files belong to us all.

Or is the truth that, like Nessie, despite wild claims, they may not actually exist?

***

more detail:

[1] New Statesman article, Tim Kelsey, 2001

[2]http://www.england.nhs.uk/ourwork/tsd/care-data/prog-board/ care.data programme board webpage

[3] http://www.infosecurity-magazine.com/news/nhs-caredata-pr-fiasco-continues/

[4] http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/17740.html

[5] https://www.whatdotheyknow.com/request/caredata_programme_board_minutes?nocache=incoming-621173#incoming-621173

[6] http://www.england.nhs.uk/wp-content/uploads/2015/02/cd-prog-brd-highlt-rep-15-12-14.pdf

[7] http://www.telegraph.co.uk/news/science/science-news/11377168/Natural-History-Museums-star-Dippy-the-dinosaur-to-retire.html

[8] https://jenpersson.com/care-data-postings-summary/

[9] http://www.england.nhs.uk/wp-content/uploads/2015/02/propsl-transpncy-pub-cd-papers.pdf

[10] http://www.computerweekly.com/news/2240215074/NHS-England-admits-failure-to-explain-benefits-of-caredata

[11] http://nuffieldbioethics.org/blog/2014/care-data-whats-in-a-dot-and-whats/

[12] http://www.theinformationdaily.com/2014/03/26/business-scents-boom-in-personal-information-economy

[13] http://www.hscic.gov.uk/article/3887/HSCIC-publishes-strategy-for-2013-2015

[14] https://jenpersson.com/flagship-care-data-2-commercial-practice/

[15] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[16] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[17] http://www.legislation.gov.uk/ukpga/2014/23/pdfs/ukpga_20140023_en.pdf

[18] https://jenpersson.com/hear-evil-evil-speak-evil/

[19] https://www.whatdotheyknow.com/request/nhs_patient_data_sharing_with_us

[20] http://www.hscic.gov.uk/hesdatadictionary

[21] http://www.bbc.co.uk/news/uk-politics-24130684

[22]  http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[23] http://www.cl.cam.ac.uk/~rja14/Papers/npfit-mpp-2014-case-history.pdf

[24] http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[25] http://www.healthpolicyinsight.com/?q=node/688

[26]http://www.albion-ventures.co.uk/ourfunds/pdf%20bamboo/Bamboo%20IOM%20signed%20interims%2030611.pdf

[27] http://www.v3.co.uk/v3-uk/news/2370877/nhs-needs-patients-digital-data-to-survive-warns-health-chief

[28 ]http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[29 ] http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[30] https://medconfidential.org/wp-content/uploads/2015/01/2015-01-29-A-short-proposal.pdf

[31] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[32] http://www.privateequitywire.co.uk/2014/12/23/215235/cinven-acquire-northgate-public-services

[33] http://www.ehi.co.uk/news/EHI/9886/hscic-starts-sus-and-care-id-transfer

 

The care.data coach ride: communications – all change or the end of the line?

Eleven months ago, care.data was put on hold and promises made to listen to professional and public opinion, which would shape programme improvement.

Today, Sir Bruce Keogh of NHS England said: “an unprecedented shift of resources and care into GP surgeries was necessary to help the NHS withstand the twin pressures of rising demand and tight budgets.”
[The Guardian, 19 Jan 2015]

care.data right now, seems like the straw on the camel’s back that GPs do not need, and that in its current format, many patients do not want.

Why the rush to get it implemented and will the costs of doing so, – to patients, to professionals and to the programme – be worth it?

What has NHS England heard from these listening events?

The high level ‘you said, we did’ document, sharing some of the public concerns raised with care.data, has been published by NHS England.

It is an aggregated, high level presentation, but I wonder if it really offers much more insight than everyone knew a year ago? It’s a good start, but does it suggest any real changes have taken place as a result of listening and public feedback?

Where are we now, what does it tell us, and how will it help?

Some in the media argue, like this article, that a:

“massive privacy campaign effectively put a halt to it last year.”

In reality it was the combination of the flaws in the care.data plans for the GP  data extraction and sharing programme, and past NHS data sharing practices, which was its own downfall.

Campaigners merely pointed these flaws out.

Once they were more apparant, many bodies involved in good data sharing and those with concerns for confidentiality, came together with suggestions to make improvements.

But to date and a year after patients first became aware of the issues, even this collaboration has not yet solved patients’ greatest concern, that data is being given, without the individuals’ knowledge or consent, to third parties for non-clinical care, without oversight once they receive it.

The HSCIC 2013-15 Roadmap outlined HSCIC  would ‘agree a plan for addressing the barriers to entry into the market for new commercial ventures’ using our data provided by the HSCIC and:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

 

Working with care.data was first promised, to ‘innovators of all kinds’  just as HES was delivered to commercial businesses, [including reportedly Google, and PA Consulting getting 15 years of NHS data], all with unclear and  unproven patient benefit or UK plc economic development and gain.

 

Patients are concerned about this.

 

They have asked about the assurance given that the purposes are more defined but still don’t rule out commercial users, re-use licences have not been categorically ruled out, and patients have asked further, detailed questions, which are still open.

View some of them for yourself here:  including coercion, disability inclusion, and time and time again concerns over the accuracy and quality of records, which may be uploaded, and mistakes never deleted upon which judgments are made, from records which the patient may never have seen.

care.data events have been hosted by and held for a group of charities, other care.data listening events held by the care.data advisory group, [include Peterborough and Coin Street, London]  [you can view the 26th November Manchester event with questions from 33 minutes in] and those held as part of the NHS Open House event in June [from 01:13.06 in the NHS Open House video], all asked sensible detailed questions on process and practice which are still to be addressed, which are not in the high level ‘you said, we did.’

Technical and practical processes of oversight have been changed to improve the way in which data was shared, but what about data use that has been the crux of patient concern?

How will the questions that remain unanswered be addressed? – because it seems the patient letter, posters and flyers won’t do it.

What now?

Communications are rolling out in pathfinders

All year the message has been the same: communication was poor.

“We have heard, loud and clear, that we need to be clearer about the care.data programme and that we need to provide more support to GPs to communicate the benefits and the risks of data sharing with their patients, including their right to opt out.” [October 2014, Mr. Kelsey, NHS England]

The IIGOP report on care.data outlined in December 2014 what still remains to be done and the measures required for a success.

These go far beyond communications issues.

But if pathfinders are being asked to spend time and money now, it must be analysed now, what will new communications materials look like, compared with those from a year ago.

Whilst I would agree that communications were poor, the question that remains to be asked is why? Why was communication poor? Why did a leaflet that was criticised by ICO, criticised by the GPES advisory group, criticised by many more and glaringly a failed piece of communication to outsiders, why was all that advice and criticism ignored and it got sent [or not sent] to patients across England?

[Sept 2013 GPES Advisory] “The Group also had major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”.

We could say it doesn’t matter. However it is indicative of the same issues now, as then, and throughout the year. There has been lots of positive advice given, shared, and asked for at patient listening events. If this is the extent of “you said, we did”, feedback is still being ignored. That matters.

Because if it continues to be, any new communications will have the same failure-to-launch that they did a year ago.

In the last year we have heard repeatedly, that the pause will enable the reshaping of communications materials.

Sadly, the bell hasn’t rung yet, on what really needs done. It looks to me as though the communications people have done their best, dealing with glaring gaps in content.

Communications materials are not ready, because it’s not clear where care.data is going, or what’s the point of the trip.

bellbroken

 

All change?

It has failed to address the programme as a change issue.

That is what it is at its core, and it is this failure which explains why it has met so much resistance.

If the 26th November Manchester questions are anything to go by the reason for the change as to why our data is needed at all, remains very unclear, for professionals and patients.

How patients will be empowered to manage its ongoing changes into the future, is also undefined.

In addition, there has been little obvious, measurable change in the substance of the programme communication in the last 12 months.

New materials suggest no real changes have taken place as a direct result of listening to public feedback at all. They may have from feedback that was given before the pause, but what impact has the pause had?

If you disagree, look over the GP care.data leaflet from 2013 and see what changes you would make now. Look at the 2013 patient leaflet and see what substantial improvement there is. Look at the basic principles of data protection and see if the care.data programme communications clearly and simply address them any better now.

What are the new plans for new communications, and how do they pick up on the feedback given at ‘hundreds’ of listening events?

The communications documents are a good start at addressing a complex set of questions.

However, whilst they probably meet their spec it doesn’t meet their stated objective: to show clear ‘we did’ nor a clear future action plan.

The listening feedback may have been absorbed, but hasn’t generated any meaningful new communications output.

It shows as far as listening goes, real communications in this one-way format, may have reached the end of the line.

How can patients make a decision on an unknown?

The new communications in posters and the ‘you said, we did’, state that access to the information collected will be limited in the pathfinder – but it does not address the question in the longer term.

This is a key question for patients.

It should be simple. Who will have access to my data and why?

No caveats, no doubts, no lack of clarity.

Patients should be properly informed how ALL their data is being used that is held by HSCIC. The opt out talked in February 2014 of two options; for data to be extracted under care.data at GPs and all the other data already stored at the HSCIC from hospitals and elsewhere. To explain those two different options patients first need told about all the data which is stored, and how it is used.

Talk about the linkage with other datasets, the future extraction and use of social care data, the access given via the back office to police and other non-health government departments. Stop using ‘your name will not be used’ in materials like the original patient leaflet – It may be factual for care.data per se, but is misleading on what of our personal data is extracted and used without our consent or awareness – most of us don’t know the PDS extracts name at all.

Being cagey does not  build trust. Incomplete explanation of uses would surely not meet the ICO data protection requirements of fair processing either. And future uses remain unexplained.

For care.data this is the unknown.

NHS England is yet to publish any defined future use and scope change process, though its plan is clearly mapped:

caredatatimeline

 

There must be a process of how to notify patients either of what will be extracted, or who will be given access to use it > a change process. A basic building block for fair processing. Not a back door.

It needs to address: how is a change identified, who will be notified within what time frame before the extraction, how will the training and access changes be given, and how will patients be informed of the change in what may be extracted or who may be using it and be given the right to change their opt in / out selection. The law requires fair processing BEFORE the change happens.

We patients should also be made aware what impact this choice has on data already extracted, and that nothing will be deleted from our history. Even if its clearly a mistake. How does that affect reports?

Communication is impossible whilst the content & scope is moving.

I’ve been banging on, quite frankly,  about scope, since March.

This is what needs done. Pull over, and get the fixes done.

> Don’t roll out any comms in a pathfinder yet. They’re not ready.

> First sort out the remaining substance so you know what it is that materials are communicating.  What, who, why, when, how?

The IIGOP report lists clearly all that needs done and how to measure their success: it’s not communications, it’s content.

The final technical, security and purposes pieces still need resolved; practical questions on opt out,  legislation needed to make sure the  opt out really is robust, that the so-called ‘one strike and out’ isn’t just a verbal assurance but actually happens, and that future access is defined beyond the pathfinder – who will have access at and outside the new secure lab – not only for the pilot, but future.

Get the definition of scope limited so as to meet fair processing, and get the future scope change communication process ironed out.

How will patients be communicated to not only now, not in a pathfinder, but for every change that happens in the future which has a fair processing requirement?

Only then can the programme start to truly address change and communications with meaningful messages. Until then, it’s PR.

Once you know what you’re saying, how to say it becomes easy.

If it’s not proving easy to do well, we need to ask why.

change>>>References>>>

 1. You said, we did NHS England presentation

2. IIGOP report into care.data

3. Pharmacists to access DWP data – example of scope change who accesses data and why, which fails fair processing without a change process in place to communicate

>>>>>>>>>

For anyone interested in considering the current materials in detail, see below: this doesn’t address the posters shared in the Manchester event or what is missing, but many of the messages are the same as in the ‘you said, we did’ and it’s a start.

>>>>>>>>>

Addendum:

1. The “co-production” approach to materials

2. Why a scope change management process is vital to trust for care.data.

3. Some feedback on the high level ‘you said, we did’ document

4. What do communications require to improve from those before?
5. Hard questions

 

1. The “co-production” approach to materials

The IIGOP report on care.data outlined in December 2014 asked a very sound question on page 8:

“What are the implications of using locally developed communications material (“co-production”) for subsequent national rollout ?”
The Programme is developing a “co-production” approach to initial GP and patient-facing material, based on feedback from the care.data “listening period” and from local events and formal research.
“The intent is to ensure that there is local ownership of material used to communicate with professionals and patients in the Pathfinder stage.”
To ask a basic tenet of change management: what’s in it for them?
It’s unclear to what level of detail the national materials will go, and how much local sites will create.

 

If I were at CCG or GP level and responsible for ‘local ownership’ of communications from this national programme, I’d be asking myself why I am expected to reinvent the wheel? I’d want to use national standards as far as possible.

Why should local organisations have to produce or design materials which should be communicating the intent of a programme whose purpose is to be identical for every one of the 62 million in England registered with a GP? Let’s hope the materials are national.

What benefit will a local level site see, by designing their own materials – it will cost time and money – where’s the benefit for the patients in each practice, for the GPs and the programme?
Is it too cynical to ask, has NHS England not got the resources to do this well and deliver ready-done?
If so, I should urge a rethink at national level, because in terms of time and people’s effort this multiple duplication will be a costly alternative.
It also runs the risk of costly mistakes in accuracy and inconsistency.
There appears to date to be no plan yet how future changes will be communicated. This must be addressed before the pathfinder and in any current communication, and all local sites need the same answer because the new decisions on extraction, will be at national level.

2. Some feedback on the high level ‘you said, we did’ document:

page 9: “present the benefits” – this fails to do so  – this is however not a failing of this presentation – there is simply still no adequate cost benefit document available in the public domain.

page 11: “keep data safe” – the secure lab is mentioned – a great forwards step compared with HES access – and it states analysts will only access it there in the pathfinder – but what about after that?

page 13: “explain the opt out clearly”: “You can opt out at any time. Just talk to your GP Practice.” > I have, but as far as I know my data is still released by the HSCIC from HES and wider secondary collections of data, which I did not know were extracted and did not consent to being used for secondary purposes. Opt out doesn’t appear to actually work. Please let me know if that’s a misunderstanding on my part. I’d be delighted to hear it is functional.

page 15: “legislative changes” – the biggest concern patients raise over and over again, is sharing data beyond their direct care with commercial companies and for non-NHS purposes. This has not been excluded. No way round that. No matter how you word it and made harder by the fact that data was released from HES in July to Experian for use in mosaic. If that makes the definition, then it’s loose.

The one-strike-and-out is not mentioned in materials, although it was discussed on Nov 26th in Manchester. When is the legislation to actually happen?

Both this and the opt out are still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

page 17: “access safeguards” – the new audit trail is an excellent step. But doesn’t help patients know if OUR data was used, it’s generic. We need some sort of personal audit trail of our consent, and show how it is respected in what data is released, to who, when, and why. The over emphasis of ‘only with legal access’ is overdone as 251 has been used to approve data access for years without patient knowledge or consent. If it is to be reassuring, it is somewhat misleading; data is shared much more widely than patients know. If it is to answer questions asked in the listening feedback events, there needs to be an explanation of how the loop will be closed to feed the information back and how it will be of concrete benefit.

And in general:

Either “this will not affect the care you receive”  or it will. Both sentences cannot be true.  Either way, there should be no coercion of participation:

“If you decide to opt out it won’t affect the care and treatment you receive. However, if significant amounts of people do opt out, we won’t be able to collect enough information to help us improve NHS services across the nation.”
Agreement must in usual medical environments, be given voluntarily and freely, without pressure or undue influence being exerted on the person either to accept or refuse.

3. What do communications require to improve from those before?

a. Lessons Learned for improvement:

The point of the pause was in order to facilitate the changes and improvement needed in the programme, whose flaws were the reason to stop in February. All the questions need shared so that all the CCGs can benefit from all the learning. If all the flaws are not discussed openly, how can they be fixed? Not only being fixed, but being seen to be fixed would be productive and useful for the programme. [The IIGOP report on care.data outlined in December 2014 covers these.]

b. Consistency:

Raw feedback will be vital for CCGs and GP practices to have. It has not been released and the ‘you said, we did’ is a very high level aggregate of what was clear last February. Since then, the detailed questions are what should be given to give all involved the information to able to understand, and to have the answers for consistently.

This way they will be properly prepared for the questions they may get in any pilot rollout. If questions have already been asked in one place, the exact same answer should be reproduced in another.

c. Time-saving:

If the same question has already been asked at a national or regional event, why make the local level search for the same answer again?  This could be costly and pointless multiplied many times over.

d. Accuracy:

Communications aren’t always delivered correctly. They can be open to misinterpretation or that the comms team simply gets facts wrong.  That would fail data protection requirements and fail to protect GPs. How will this accuracy be measured if done at local level and how will it be measured and by whom?

The IIGOP report asked: “What are the success criteria for the Pathfinders? How will we know what has worked and what has not? “

I know from my own experience that either the communications team or consultants can misunderstand the facts, or something can easily become lost in translation, from the technical theory to the tangible explanation.

4. Future change: Control of scope change for linkage and  access

Current communications may address the current pathfinder extraction, but they are not fit for purpose for a rollout which is intended to be long term and ever changing.

So what exactly is it piloting? – a “mini” approach? – if so, to what purpose? or is it just hoping to get X amount of data in, done and dusted, as ‘a start.’

If the pathfinder patients are only told a sub-set of information in a pilot rollout, we should ask:

a. why? Is this in order to make the idea sound more appealing?

b. how will it be ensured that their consent, or lack of objection, is fully informed and therefore meets Data Protection requirements?

and finally

c. how will future changes be communicated? This must be addressed before the pathfinder and in any current communication.

For example; who gets access to data may change so you can’t say only “” access to the information collected will only be given to a limited number of approved analysts who will have to travel to a new secure data facility that the HSCIC is setting up.”

Pharmacists who have access to this data for direct care, may also now be getting access to DWP data.

“the Royal Pharmaceutical Society has already said that the new measures could affect trust between patients and pharmacists.” [EHI Dec 30th 2014]

When patients signed up for the SCR at a GP practice they may not realise it is shared with pharmacies. When data is shared with the Department of Work and Pensions, citizens may not realise it could be shared with pharmacies.  Neither told the other when signing up that future access would allow this cross referencing and additional access.

This is a real life scenario that should not be glossed over in a brochure. A hoped for ‘quick-fix’ now, will simply cause later problems, and if data is used inappropriately, there may not be another opportunity for winning back trust again.

To get it legally wrong now, would be inexcusable.

Here’s why it would be better to do no more communications now:

5. Hard questions can’t be avoided

Currently, comms still avoid the hard questions, and those are the ones people want answers for. Open questions remain unaddressed.

Raw questions asked in July at a charities’ event are, with some post-event reshaping and responses here. Note how many are unknowns.

Changes have been suggested to be constructive.

One attendee of a public listening event commented online in October 2014, on the NHS England CCG announcement:

“I am one of those that has tried hard to engage with you to try and make sure that people can be assured that their personal and private information will not be exploited, I feel that you have already made the decision to press ahead regardless and feel very let down.

“Please publish the findings of your listening exercise and tell people how you intend to respond to their concerns before proceeding with this.”

People have engaged and want to be involved in making this programme work better, if it has to work at all like this.

Q: Where is the simple, clear public business case for cost and benefits?

The actual raw questions have been kept unpublished for no clear purpose. It could look like avoiding answering the hard questions.

The IIGOP report captures many of them; for example on process of competence, capacity and processes – and the report shows there is still a need to “demonstrate that what goes on ‘under the bonnet’ of Pathfinder practice systems operates in the same way that patients are being told it does.”

When is the promised legislative change to actually happen? The opt out is still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

It’s all about trust and that relationship, like the communication and feedback responses, has to be two-way.

A review of NHS news in 2014, from ‘the Spirit of the NHS Future’.

Respectful of all the serious, current news and that of the past year, this is a lighthearted look back at some of the stories of 2014. ‘The Spirit of the NHS Future’ looks forwards into 2015 & at what may still be changed.

***

The Spirit of the NHS Future  visits the Powers-at-be
(To the tune of The 12 Days of Christmas)

[click to open music in another window]

On the first day of Christmas
the Spirit said to me:
I’m the ghost of the family GP.

On the second day of Christmas
the Spirit said to me: a
two-tiered system,
in the future I foresee.

On the third day of Christmas
the Spirit said to me:
You told GPs,
merge or hand in keys,
feder-ate or salaried please.

On the fourth day of Christmas
the Spirit said, I hear:
“Save our surgeries”,
MPIG freeze,
partners on their knees,
blame commissioning on local CCGs.

On the fifth day of Christmas
the Spirit said to me:
Five Ye-ar Plan!
Call it Forward View,
digital or screwed.
Let’s have a new review,
keep ‘em happy at PWC.

On the sixth day of Christmas
the Spirit said to me:
Ill patients making,
out-of-Ho-urs-rings!
Callbacks all delayed,
six hours wait,
one one one mistakes.
But must tell them not to visit A&E.

On the seventh day of Christmas
the Spirit said, GPs:
see your service contract,
with the QOF they’re trimming,
what-will-this-bring?
Open Christmas Eve,
New Year’s no reprieve,
please don’t cheat our Steve,
or a breach notice will you see.

On the eighth day of Christmas
the Spirit said to me:
Population’s ageing,
social care is straining,
want is pro-creating,
obe-si-ty’s the thing!
Cash to diagnose,
statins no one knows,
indicator woes,
and Doc Foster staff employed at CQC.

On the ninth day of Christmas
the Spirit said to me:
Cash for transforming,
seven days of working.
Think of emigrating,
ten grand re-registration.
Four-teen hour stints!
DES and LES are fixed.
Called to heal the sick,
still they love the gig,
being skilled, conscientious GPs.

On the tenth day of Christmas
the Spirit said to me:
Many Lords a-leaping,
Owen’s not been sleeping,
private contracts creeping,
Circle’s ever growing.
Care home sales not slowing.
Merge-eve-ry-thing!
New bidding wars,
tenders are on course
top nine billion, more,
still you claim to run it nation-al-ly.

On the eleventh day of Christmas
the Spirit said to me:
Patient groups are griping,
records you’ve been swiping,
listening while sharing,
data firms are buying,
selling it for mining,
opt-out needs defining,
block Gold-acre tweets!
The care dot data* board
minutes we shall hoard,
troubled pilots loom.
Hi-de Partridge’s report behind a tree?

On the twelfth day of Christmas
the Spirit said to me:
disabled are protesting
sanctions, need arresting,
mental health is failing,
genomes we are trading,**
staff all need more paying,
boundaries set for changing,
top-down re-arranging,
All-this-to-come!
New hires, no absurd,
targets rule the world,
regulation first.
What’s the plan to save our service, Jeremy?

– – – – – –

Thanks to the NHS staff, whose hard work, grit and humour, continues to offer the service we know. You keep us and our loved ones healthy and whole whenever possible, and deal with us & our human frailty, when it is not.

Dear GPs & other NHS staff who’ve had a Dickens of a year. Please, don’t let the system get you down.

You are appreciated, & not just at Xmas. Happy New Year everyone.

“It is a fair, even-handed, noble adjustment of things, that while there is infection in disease and sorrow, there is nothing in the world so irresistibly contagious as laughter and good humour.”
Charles Dickens,   A Christmas Carol, 1843

– – – – –

*New Statesman, Dr Phil Whitaker’s Health Matters column, 20th March 2014, ‘Hunt should be frank about the economic imperative behind the urgency to establish the [care.data] database and should engage in a sensible discussion about what might be compromised by undue haste.’

**Genomics England Kickstarting a Genomics Industry

A care.data Christmas carol

“Marley was dead: to begin with. There is no doubt whatever about that.” [A Christmas Carol, Charles Dickens, 1843]

“Is care.data dead?” I was asked after our children’s nativity today, “what happened to that GP record sharing project?”  The local priest, you may think of all people, wondered what had become of the news stories we had discussed at Easter.

Not dead, I assured him, though it was suggested recently that the Caldicott led Independent Information Governance Oversight Panel (IIGOP) report [1], would be the final nail in the coffin of the past approach [2], and would spell doom ahead in any care.data future were the programme not to follow its recommendations.

I told him the story of the care.data year.

So, are you sitting comfortably? For Christmas is a time of storytelling. At its heart, the story of a birth, which has been handed down through generations.

But here, I borrow from the most famous of all English Christmas stories, a Christmas Carol, by Charles Dickens from 1843. Let us begin.

“Come in!” exclaimed the Ghost. “Come in! and know me better, man!”

The ghost of care.data past rattled its chains and brought no joy in 2014, haunting the current programme with news of past data sharing practices.  At the start of the year, much was made of the 25 years of past use of our health records with third parties about which the public had never been told nor asked for permission, we were told there had never been breaches [3], and there was surprise expressed by NHS England leadership at why care.data, the plan to extract GP records now in addition, should have struck such a nerve in the public. Then they actually ran an audit that told the full story.

Various reports have since tried to vanquish those ghosts which have haunted the rollout of care.data in the past year. Sir Nick Partridge in May led the Review of Data Releases by the NHS IC which looked back at health data sharing of the existing HSCIC held data, and in November, he examined the progress up to the present.[4]  The extent of third party releases including actuarial firms, organisations in the US and China, and commercial re-use was a complete surprise to the public and, his report appeared to suggest to many like him in management as well.

The IIGOP Report published last week on the care.data Programme Board looks to the future. It sets out a thorough set of specific recommendations, questions and tests to meet before it could be reasonable to proceed to a data extraction in the care.data pilot.

The first independent report on care.data, prepared and released under the oversight of the new Data Guardian, Dame Fiona Caldicott, it also captures many sensible and practical questions raised by patients at events all year.

In some ways, whilst sad to see what so many have said was needed has only come to be addressed by an independent body rather than NHS England, recognising the current weaknesses can only be seen as positive to bring about changes. It may have a hope of restoring public and professional trust.

What next steps will come from this for a care.data relaunch by NHS England, and when in future, remain to be seen. [Updates may be here, or here or sometimes here].

Perhaps if the current course of actions is averted, we may not ‘see a vacant seat’ if it all falls apart in 2015 after all.

The CCGs have been given a huge responsibility which is not of their making, if NHS England continues to pilot under CCG-steered rollouts.[5]

One would hope that given the right amount of time needed to manage this change process, and  with the right supporting skills and tools for the practicalities, the care.data programme will take a changed form in the year ahead. It may yet be saved.

But it does seem often that timing is of the essence, and we move from one artificial deadline to the next. The public and GPs wait without the security and confidence of a realistic schedule.  Waiting we wonder if we will reach the next chime due, or the next ghost to haunt the programme will arrive and cause new fright.

It’s no cure all, but it appears the IIGOP has given the programme the gift of one last wonderful opportunity to get this right. It’s requirements are sizeable and will take time to execute sensibly. The report illuminates a future path for progress and shows what must be altered today, to avoid the future it predicts otherwise.

The outcome of care.data rests in the hands of the DH and NHS England. Dependent on the public and professions seeing change.

As Scrooge learns:

“But if the courses be departed from, the ends will change.” [A Christmas Carol, Charles Dickens, 1843]

Ignore the wisdom of the ghosts at your peril. For a changed future outcome,  the actions of the present must change first.

So, humour me awhile, and let’s consider some of the bigger themes in the care.data Christmas carol that CCGs may wish to consider as it deals with preparing for pathfinder pilots…

Chapter 1. “This boy is Ignorance. This girl is Want. Beware them both, and all of their degree, but most of all beware this boy, for on his brow I see that written which is Doom, unless the writing be erased…” [A Christmas Carol, Charles Dickens, 1843]”

What information is getting through from listening events? [6]

There should be no excuse for poverty in the world today, and whilst in my bigger picture wish list, to deal with want would come first, in my care.data Christmas carol list, it is ignorance which cannot be tolerated.

There is no excuse for ignorance, for lack of information, or wondering what questions needed answers to date at the care.data programme board of NHS England.

“How do we explain care.data vs SCR”, “Can you tell me exactly who will access my data?”, “If future purposes change and I want the opportunity to withdraw & opt out, how will I get told?”

The IIGOP report states clearly the current gaps in knowledge and what must be done to fill them, for various parties.

Together with two other major reports this year on health data sharing and care.data: Partridge, and the November 2014 APPG report [7], professional bodies have provided plenty of information and asked plenty of questions which no one now can ignore.

Misplaced statements that there have been no breaches do nothing for public confidence, when later reports show that is ignorant or inaccurate. Big Brother Watch published its report into NHS Data Breaches in November. It found that data security is an ongoing problem, and that over the last four years patient confidentiality had been breached at least 7,255 times.[8]

Facts and answers now need to address the IIGOP report in depth, and meet patients’ past questions, to lay to rest some of the issues which have haunted the programme in the press; unexpected commercial uses, and re-use of data through commercial data licenses, for example.

Adequate time must be given to the CCGs, GPs and patients to be fully informed of the programme and the choice(s) on offer. This is not an IT rollout, but a series of process changes, which need human understanding and acceptance. “What’s in it for me?” versus “What risks may harm me?” need thinking time to be fairly presented and the patient choice collected.

To avoid potential doom whether it be significant opt out or failure to meet fair processing leaving GPs at risk [9], to adequately communicate through effective education, will take effort.

Chapter 2. “Every one of them wore chains like Marley’s Ghost; some few (they might be guilty governments) were linked together; none were free.” [A Christmas Carol, Charles Dickens, 1843]

Understand the links of who, why and what, of data sharing: 

The decision making, the process steps, how patients are told of changes in the programme today and will be in future, how the public perceives their data is exploited, are all linked together by very simply: who stores and uses the data, and for what purposes.

For the programme, it would be wise to understand the importance of the interaction of these parts of the process. Linked appropriately together, and working well, trust will keep the system together.  It fails, and no matter how good the technology is, without trust, the system will fail to deliver its expectations. If too many may opt out, or opt out disproportionately in certain population segments it would harm data quality.

When at the HSCIC data sharing discussion in July it was clear some data recipients were yet to grasp this interdependency, and the effect their attitudes to data use have on each other.

If one [class of] data recipient in future receives or uses data inappropriately, it will harm public faith in all users.

For patients, to have true transparency I believe care.data should be explaining exactly how the data linkage system [10] works, and all the other silos of data it already holds. The personal demographics service, stores a whole set of personal data of which the public maybe unaware, and yet may find used to link data collected from all sorts of parts of health and social care. If NHS data sharing is to be explained, do it all. To avoid doing this, will merely store up a future risk of yet more surprises for patients and damage trust further.

Chapter 3: “I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you. [A Christmas Carol, Charles Dickens, 1843]

Commercial use of data will be detrimental to public confidence.

By looking ahead to see what the ghost of care.data future might bring, the forecast doom of the present course, may yet be avoided.

As patients told NHS England at the Open House event [11], we’re fed up with commercial data mining, and the same was reflected by a representative group of citizens in various polls this year.[12]

How is the non-NHS data world changing? What of the upcoming EU data legislation?  How does commercial data industry itself perceive legislation in the UK?

In the 2013 Experian keynote address the Nectar Head of Customer Marketing noted, “legislation has not kept up to speed with where we are going’ [16:57] [13]

Perhaps it is opportune to reflect on one of the oldest Biblical themes at Christmas, choose which master you serve.

Back at NHS England and the IC, discussions in April 2013 seek to ‘create a vibrant market of data intermediaries , for example.

Which purposes should this serve? The health of the nation, or the wealth of the nation? Can one justly serve both equally?

“You fear the world too much,” she answered, gently. “All your other hopes have merged into the hope of being beyond the chance of its sordid reproach. I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you.” [A Christmas Carol, Charles Dickens, 1843]

It would appear to patients that by  mixing commercial purposes in with legitimate health, and health research purposes,  the data commissioning system has created its own downfall.[14]

The purposes whilst amended in the Care Act 2014, are so broad as to leave too much commercial use open under ‘purposes of health’. How would that rule out pharmaceutical marketing for example?

For many patients, use outside their own healthcare and its provision and planning is a real hot chestnut.

If patients are in disagreement over commercial uses for example, they have no choice but to opt out of research uses as well. This multi-option choice, or the removal of commercial use needs addressed.

If research wants more data, we would do well to define and restrict commercial use in legislation, much more specifically.

Chapter 4 : “You wish to be anonymous?” [a Christmas Carol, 1843]

There has been much disagreement and misunderstanding of how data will be used, anonymous or what non-identifiable really means.

Media reporting at the start of the year frequently focused on the collection of care.data as ‘anonymous data.’  Bah, humbug! that is factually incorrect.

CCGs need to make sure that their own staff understanding is correct, as well as passing on information if they are to be intermediaries on behalf of NHS England. At CCG meetings I attended, many staff confused care.data with direct care/SCR.

The default position if patients do nothing is the sharing of date of birth, full postcode, gender and ethnicity, and the NHS number is a unique identifier. Plus all the other codes and conditions.

It is still unclear how the data which has already been extracted without consent or fair processing, can be controlled by patients who may not wish to share identifiable data from their hospital visits, mental or community health.

bbc_notdentifiable

If patients can’t control data already held at HSCIC, why will they want to share more additional data, from primary care?

Learning from looking back on 2014

My own looking back on my care.data journey in 2014 is here.

medConfidential has a rather good summary of the year here. [15]

“Spirit,” said Scrooge submissively, “conduct me where you will. I went forth last night on compulsion, and I learnt a lesson which is working now. To-night, if you have aught to teach me, let me profit by it.” [A Christmas Carol, Charles Dickens, 1843]

From past lessons learned in 2014, one would hope the future rollout will profit from them and take the time, and use the tools it needs, to get to a brighter future.

Looking ahead: news for 2015 came at the end of the year.

Sir Partridge in the Telegraph, November 27 he said:

“We must make sure there are no surprises for the public about how their information is being used, that they have a choice in this and that we are honest about the balance of risk. Every single one of us has a part to play in making sure we get this right…

“The HSCIC is still improving its practices. It is also endeavouring to increase its transparency.”

The November 2014 APPG report said, what everyone appears to agree on:

“the public had been inadequately consulted in the early stages of the Care.data programme and that it was therefore correct to halt the programme to allow further public consultation.” [APPG report]

It goes on to say, “Organisations providing health or social care services must succeed in both respects [examining the Public Interest] if they are not to fail the people that they exist to serve,” and with that in mind a Public Benefits Plan should be drawn up, to support public transparency.

Public transparency would be improved by publishing the public’s questions from multiple listening events at which attendees were promised answers and follow up. The conversations did not always ask easy questions, but all the more reason to address them publicly for all; it will make the programme better.

So, if the care.data programme learns from that which has haunted care.data in the past year, and NHS England now grapples with all the questions and criteria of the IIGOP report, and increases its public transparency, stakeholders can look to the future with a renewed hope. But only if there is change made to the present course of actions.

“Scrooge was at first inclined to be surprised that the Spirit should attach importance to conversations apparently so trivial; feeling assured that they must have some hidden purpose.” [A Christmas Carol]

 What must surely happen now, is to use the IIGOP report as a basis of lessons learned. To see gaps in knowledge, and to build processes and procedures which set up the future. Some of these must be at national level, such as ‘How patients will be informed of future scope change’ so CCGs will need answers from NHS England even if pilots should be ‘co-produced’.
Quite frankly, only muppets would not want to wait and do all this in all the appropriate time needed. The coming General Election is perhaps seen as a key reason to artificially rush it through. But at what cost? Who is the programme for, party politics or the public good?

“What do you think of the show so far?”

Clearly the National Data Guardian and IIGOP, the APPG and others making many wise recommendations, find the approach so far lacking. To carry on as is, will bring predictable doom. But by using the IIGOP report insights, there is the hope that the outcomes of the current path may yet be avoided.

Which version of the care.data future will the NHS England Patients and Information Directorate choose to follow, and invite the CCGs to join them on, writing the next chapter of the care.data story in 2015?

“No space of regret can make amends for one life’s opportunity misused.” [A Christmas Carol, Charles Dickens, 1843]

***

Let’s hope 2015 is a good year, that the wish list of questions finds answers, and let’s hope there are no more care.data surprises.

Thank you for all the kind blog comments and questions I’ve received over the last year. I hope it helps keep patients’ voice heard. For all those or their representatives I have met and spoken with in the last year who have no voice at the table; the homeless, the travellers, the women and children in refuges, those concerned with public stigma, we must continue to challenge so their datasharing is, in the words of others; safe, consensual and transparent.

“I HAVE endeavoured in this Ghostly little book, to raise the Ghost of an Idea, which shall not put my readers out of humour with themselves, with each other, with the season, or with me. May it haunt their houses pleasantly, and no one wish to lay it.
Their faithful Friend and Servant,
C. D.

Now; let’s get back to the present today:

“What’s to-day, my fine fellow?” said Scrooge.

“To-day!” replied the boy. “Why, Christmas Day.”

“Merry Christmas,  and so, as Tiny Tim observed, God bless Us, Every One!”

  [A Christmas Carol, Charles Dickens, 1843]

***

Image from a Muppets Christmas Carol, 1992

References:

[1] The IIGOP report https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[2] EHI ‘Care.data Review Raises Questions‘ http://www.ehi.co.uk/news/ehi/9808/care.data-review-raises-questions

[3] BBC Radio 4, February 4 2014 http://www.bbc.co.uk/programmes/p01rmpdy

[4] Nov 2014, Progress of HSCIC data sharing review by Sir Nick Partridge https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/380042/HSCIC_Report_Summary_of_progress_261114_FINAL.pdf

[5] 7 Oct 2014, CCGs to help deliver care.data pilots http://www.england.nhs.uk/2014/10/07/ccgs-care-data-programme/

[6] What information is being heard at Listening events? https://jenpersson.com/pathfinder/

[7]The APPG Report – Nov 2014 – http://www.patients-association.com/Portals/0/APPG%20Report%20on%20Care%20data.pdf

[8] Report into NHS Data breaches http://www.bigbrotherwatch.org.uk/wp-content/uploads/2014/11/EMBARGO-0001-FRIDAY-14-NOVEMBER-BBW-NHS-Data-Breaches-Report.pdf

[9] on GP indemnity: care.data MPS advice to members http://www.medicalprotection.org/uk/membership-indemnity-updates/care.data

[10] The data linkage service http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf

[11] The Open House June 2014, public questions https://jenpersson.com/care-data-communications-core-concepts-part-two/

[12] Privacy and Personal Data IPSOS Mori poll https://www.ipsos-mori.com/researchpublications/researcharchive/3407/Privacy-and-personal-data.aspx

[13] 2013 Experian keynote address the Nectar Head of Customer Marketing

[14] care.data downfall parody http://paulbernal.wordpress.com/2014/02/25/tim-kelsey-discovers-care-data-is-in-trouble/

[15] medConfidential bulletin https://medconfidential.org/2014/medconfidential-bulletin-19-december-2014/

 

Patient questions on care.data – an open letter

Dear NHS England Patients & Information Directorate,

We’ve been very patient patients in the care.data pause. Please can we have some answers now?

I would like to call for greater transparency and openness about the promises made to the public, project processes & policies and your care.data communication plans.

In 2013, in the Health Service Journal Mr. Kelsey wrote:

“When patients are ignored, they are most at risk; that was the central conclusion of the report by Robert Francis into Stafford hospital.

Don Berwick, in his safety review, said the NHS should be “engaging, empowering and hearing patients and their carers all the time.

“That has been my mission since I started as National Director for Patients and Information: to support health and care services transform transparency and participation.

HSJ, 10th December 2013

It is time to walk-the-talk for care.data under this banner of transparency, participation and open government.

Response to the Listening exercises

The care.data listening phase, introduced by the pause announced on February 18th, has captured a mass of questions, the majority of which still remain unaddressed.

At one of these sessions, [the 1-hr session on June 17th Open House, linking ca. 100 people at each of the locations in Basingstoke, Leicester, London, and York] participants were promised that our feedback would be shared with us later in the summer, and posted online. After the NHS AGM on Sept 18th I was told it would happen ‘soon’. It is still not in the public domain.

At every meeting all the unanswered questions, on post-it notes, in table-group minutes or scribbled flipcharts, were gathered ‘to be answered at a later date’. When will that be?

To date, there has been no published information which addresses the unanswered event questions.

Transparency of Process, Policies and Approach

The care.data Programme Board has held meetings to plan the rollout process, policies and approach. The minutes and materials from which have not been published. I find this astonishing when one considers that the minutes of the care.data advisory group, NIB (new), CAG, GPES advisory or even NHS England Board itself are in the public domain. I believe the care.data Programme Board meeting materials should be too.

It was acknowledged through the Partridge Review of past use of our hospital records that this HES data is not anonymous. The extent of its sale to commercial third-parties and use by police and the Home Office was revealed. This is our medical data we gave to hospitals and in our wider medical use for our care. Why are we the last to hear it’s being accessed by all sorts of people who are not at all involved in our clinical care?

Even for commissioning purposes it is unclear how these datasharing reasons are justified when the Caldicott Review said extracting identifiable data for risk stratification or commissioning could not be assumed under some sort of ‘consent deal’?

“The Review Panel found that commissioners do not need dispensation from confidentiality, human rights and data protection law…” [The Information Governance review, ch7]

The 251 approval just got extended *again* – until 30th April 2015. If you can’t legally extract data without repeat approvals from on high, then maybe it’s time to question why?

The DoH, NHS England Patients and Information Directorate, HSCIC, and indeed many data recipients, all appear to have normalised an approach that for many is still a shock. The state centralised and passed on our medical records to others without our knowledge or permission. For years. With financial exchange. 

Amazingly, it continues to be released in this way today, still without our consent or fair processing or publicised way to opt out.

“To earn the public’s trust in future we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”  said Sir Nick Partridge in his summary review.

Now you ask us to trust in care.data that the GP data, a degree more personal, will be used properly.

Yet you ask us to do this without significant changes in legislation to safeguard tightly defined purposes who can access it and why, how we control what future changes may be made without our knowledge and without a legally guaranteed opt out.

There is no information about what social care dataset is to be included in future, so how can we know what care.data scope even is yet?

Transparency cannot be a convenient watch word which applies with caveats. Quid pro quo, you want our data under an assumed consent process, then guarantee a genuinely informed public.

You can’t tell patients one approach now, then plan to change what will be said after the pilot is complete, knowingly planning a wider scope to include musculoskeletal or social care data and more.  Or knowing you plan to broaden users of data [like research and health intelligence currently under discussion at IAG ] but only communicate a smaller version in the pilot. That is like cheating on a diet. You can’t say and do one thing in public, then have your cake and eat it later when no one is looking. It still counts.

In these processes, policies and approach, I don’t feel my trust can be won back with lack of openness and transparency. I don’t yet see a system which is, ‘meticulous, fool-proof or solid as a rock’.

‘Pathfinder’ pilots

Most recently you have announced that four areas of CCGs will pilot the ‘pathfinder’ stage in the rollout of phase one. But where and when remains a  mystery. Pathfinder communications methods may vary from place to place and trial what works and what fails. One commendable method will be a written letter.

However even given that individual notice intent, we cannot ignore that many remaining questions will be hard to address in a leaflet or letter. They certainly won’t fit into an SMS text.

Why pilot communications at all which will leave the same open questions unanswered you already know, but have not answered?

For example, let’s get a few of the missing processes clarified up front:

  • How will you communicate with Gillick competent children, whose records may contain information about which their parents are not aware?
  • How will you manage this for elderly or vulnerable patients in care homes and with diminished awareness or responsibility?
  • What of  the vulnerable at risk of domestic abuse and coercion?
  • When things change in scope or use, how will we be given the choice to change our opt out decision?

I ask you not to ignore the processes which remain open. They need addressed BEFORE the pilot, unless you want people to opt out on the basis of their uncertainty and confusion.

What you do now, will set the model expectations for future communications. Patient online. Personalised medicine. If NHS health and social care is to become all about the individual, will you address all individuals equally or is reaching some less important than others?

It seems there is time and effort in talking to other professionals about big data, but not to us, whose data it is. Dear Patients & Information Directorate, you need to be talking to us, before to others about how to use us.

In March, this twelve point plan made some sensible suggestions.

Many of them remain unaddressed. You could start there. But in addition it must be clear before getting into communications tools, what is it that the pathfinders are actually piloting?

You can’t pilot communications without clearly defined contents to talk about.

Questions of substance need answers, the ten below to start with.

What determines that patients understand the programme and are genuinely informed, and how will it be measured?

Is it assumed that pilots will proceed to extraction? Or will the fair processing efforts be evaluated first and the effort vs cost be taken into account whether it is worth proceeding at all?

Given the cost involved, and legal data protection requirements, surely the latter? But the pathfinder action plan conflates the two.

Citizen engagement

Let’s see this as an opportunity to get care.data right, for us, the patients. After all, you and the rest of the NHS England Board were keen to tell us at the NHS AGM on September 18th, how valuable citizen engagement is, and to affirm that the NHS belongs to us all.

How valued is our engagement in reality, if it is ignored? How will involvement continue to be promoted in NHS Citizen and other platforms, if it is seen to be ineffective? How might this negatively affect future programmes and our willingness to get involved in clinical research if we don’t trust this basic programme today?

This is too important to get wrong. It confuses people and causes concern. It put trust and confidence in jeopardy. Not just for now, but for other future projects. care.data risks polluting across data borders, even to beyond health:

“The care.data story is a warning for us all. It is far better if the industry can be early on writing standards and protocols to protect privacy now rather than later on down the track,” he said. [David Willets, on 5G]

So please, don’t keep the feedback and this information to internal departments.

We are told it is vital to the future of our NHS. It’s our personal information.  And both belong to us.

During one Health Select Committee hearing, Mr. Kelsey claimed: “If 90 per cent opt out [of care.data], we won’t have an NHS.”

The BMA ARM voted in June for an opt in model.

ICO has ruled that an opt in model by default at practice level with due procedures for patient notification will satisfy both legal requirements and protect GPs in their role as custodians of confidentiality and data controllers. Patient Concern has called for GPs to follow that local choice opt in model.

I want to understand why he feels what the risk is, to the NHS and examine its evidence base. It’s our NHS and if it is going to fail without care.data and the Board let it come to this, then we must ask why. And we can together do something to fix it. There was a list of pre-conditions he stated at those meetings would be needed before any launch, which the public is yet to see met. Answering this question should be part of that.

It can’t afford to fail, but how do we measure at what cost?

I was one of many, including much more importantly the GPES Advisory Group, who flagged the shortcomings of the patient leaflet in October 2013, which failed to be a worthwhile communications process in January. I flagged it with comms teams, my MP, the DoH.

[Sept 2013 GPES Advisory] “The Group also had major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”.

No one listened. No action was taken. It went ahead as planned. It cost public money, and more importantly, public trust.

In the words of Lord Darzi,

“With more adroit handling, this is a row that might have been avoided.”

Now there is still a chance to listen and to act. This programme can’t afford to pilot another mistake. I’m sure you know this, but it would appear that with the CCG announcement, the intent is to proceed to pilot soon.  Ready or not.

If the programme is so vital to the NHS future, then let’s stop and get it right. If it’s not going to get the participation levels needed, then is it worth the cost? What are the risks and benefits of pressing ahead or at what point do we call a halt? Would it be wise to focus first on improving the quality and correct procedures around the data you already have – before increasing the volume of data you think you need? Where is the added intelligence, in adding just more information?

Is there any due diligence, a cost benefit analysis for care.data?

Suggestions

Scrap the ‘soon’ timetable. But tell us how long you need.

The complete raw feedback from all these care.data events should be made public, to ensure all the questions and concerns are debated and answers found BEFORE any pilot.

The care.data programme board minutes papers and all the planning and due diligence should be published and open to scrutiny, as any other project spending public funds should be.

A public plan of how the pathfinders fit into the big picture and timeline of future changes and content would remove the lingering uncertainty of the public and GPs: what is going on and when will I be affected?

The NHS 5 year forward view was quite clear; our purse strings have been pulled tight. The NHS belongs to all of us. And so we should say, care.data  can’t proceed at any and at all costs. It needs to be ‘meticulous, fool-proof and solid as a rock’.

We’ve been patient patients. We should now expect the respect and response, that deserves.

Thank you for your consideration.

Yours sincerely.

 

Addendum: Sample of ten significant questions still outstanding

1. Scope: What is care.data? Scope content is shifting. and requests for scope purposes are changing already, from commissioning only to now include research and health intelligence. How will we patients know what we sign up to today, stays the purposes to which data may be used tomorrow?

2. Scope changes fair processing: We cannot sign up to one thing today, and find it has become something else entirely tomorrow without our knowledge. How will we be notified of any changes in what is to be extracted or change in how what has been extracted is to be used in future – a change notification plan?

3. Purposes clarity: Who will use which parts of our medical data for what? a: Clinical care vs secondary uses:

Given the widespread confusion – demonstrated on radio and in press after the pathfinders’ announcement – between care.data  which is for ‘secondary use’ only, i.e. purposes other than the direct care of the patient – and the Summary Care Record (SCR) for direct care in medical settings, how will uses be made very clear to patients and how it will affect our existing consent settings?

3. Purposes definition: Who will use which parts of our medical data for what?  b) Commercial use  It is claimed the Care Act will rule out “solely commercial”purposes, but how when what remains is a broad definition open to interpretation? Will “the promotion of health” still permit uses such as marketing? Will HSCIC give its own interpretation, it is after all, the fact it operates within the law which prescribes what it should promote and permit.

3. Purposes exclusion: Who will use which parts of our medical data for what?  c) Commercial re-use by third parties: When will the new contracts and agreements be in place? Drafts on the HSCIC website still appear to permit commercial re-use and make no mention of changes or revoking licenses for intermediaries.

4a. Opt out: It is said that patients who opt out will have this choice respected by the Health and Social Care Information Centre (i.e. no data will be extracted from their GP record) according to the Secretary of State for Health  [col 147] – but when will the opt out – currently no more than a spoken promise – be put on a statutory basis? There seem to be no plans whatsoever for this.

Further wider consents: how patients will know what they have opted into or out from is currently almost impossible. We have the Summary Care Record, Proactive care in some local areas, different clinical GP systems, the Electronic Prescription Service and soon to be Patient Online, all using different opt in methods of asking and maintaining data and consent, means patients are unsurprisingly confused.

4b. Opt out: At what point do you determine that levels of participation are worth the investment and of value? If parts of the population are not represented, how will it be taken into account and remain valuable to have some data? What will be statistically significant?

5. Legislation around security: The Care Act 2014 is supposed to bring in new legislation for our data protection. But there are no changes to date as far as I can see – what happened to the much discussed in Parliament, one strike and out. Is any change still planned? If so, how has this been finalised and with what wording, will it be open to Parliamentary scrutiny?  The Government claim to have added legal protection is meaningless until the new Care Act Regulations are put in front of Parliament and agreed.

6. What of the Governance changes discussed?

There was some additional governance and oversight promised, but to date no public communication of changes to the data management groups through the HRA CAG or DAAG and no sight of the patient involvement promised.

The Data Guardian role remains without the legal weight that the importance of its position should command. It has been said this will be granted ‘at the earliest opportunity.’ Many seem to have come and gone.

7. Data security: The planned secure data facility (‘safe setting’) at HSCIC to hold linked GP and hospital data is not yet built for expanded volume of data and users expected according to Ciaran Devane at the 6th September event. When will it be ready for the scale of care.data?

Systems and processes on this scale need security designed, that scales up to match in size with the data and its use.

Will you proceed with a pilot which uses a different facility and procedures from the future plan? Or worse still, with extracting data into a setting you know is less secure than it should be?

8. Future content sharing: Where will NHS patients’ individual-level data go in the longer term? The current documentation says ‘in wave 1’ or phase one, which would indicate a future change is left open, and indicated identifiable ‘red’ data is to be shared in future?  “care.data will provide the longer term visions as well as […] the replacement for SUS.

9.  Current communications:

    • How will GPs and patients in ‘pathfinder’ practices be contacted?
    • Will every patient be written to directly with a consent form?
    • What will patients who opted out earlier this year be told if things have changed since then?
    • How will NHS England contact those who have retired or moved abroad recently or temporarily, still with active GP records?
    • How will foreign pupils’ parents be informed abroad and rights respected?
    • How does opt out work for sealed envelopes?
    • All the minorities with language needs or accessibility needs – how will you cater for foreign language, dialect or disability?
    • The homeless, the nomadic,  children-in-care
    • How can we separate these uses clearly from clinical care in the public’s mind to achieve a genuinely informed opinion?
    • How will genuine mistakes in records be deleted – wrong data on wrong record, especially if we only get Patient Online access second and then spot mistakes?
    • How long will data be retained for so that it is relevant and not excessive – Data Protection principle 3?
    • How will the communications cater for both GP records and HES plus other data collection and sharing?
    • If the plan is to have opt out effective for all secondary uses, communications must cater for new babies to give parents an informed choice from Day One. How and when will this begin?

No wonder you wanted first no opt out, then an assumed consent via opt out junk mail leaflet. This is hard stuff to do well. Harder still, how will you measure effectiveness of what you may have missed?

10. Pathfinder fixes: Since NHS England doesn’t know what will be effective communications tools, what principles will be followed to correct any failures in communications for any particular trial run and how will that be measured?

How will patients be asked if they heard about it and how will any survey, or follow up ensure the right segmentation does not miss measuring the hard to reach groups – precisely those who may have been missed?  i.e. If you only inform 10% of the population, then ask that same 10% if they heard of care.data, you would expect a close to 100% yes. That’s not reflective that the whole population was well informed about the programme.

If it is shown to have been ineffective, at what point do you say Fair Processing failed and you cannot legally proceed to extraction?

> This list doesn’t yet touch on the hundreds of questions generated from public events, on post-its and minutes. But it would be a start.

*******

References for remaining questions:

17th June Open House: Q&A

17th June Open House: Unanswered public Questions

Twelve point plan [March 2014] positive suggestions by Jeremy Taylor, National Voices

6th September care.data meeting in London

image quote: Winnie The Pooh, A.A. Milne

care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part one]

Five months after the most recent delay to the care.data launch, I’ve come to the conclusion that we must seek long-term excellence in its performance, not content ourselves with a second-rate dress rehearsal.

“Sharing our medical records, is like playing Chopin. Done well, it has the potential to demonstrate brilliance. It separates the good, the bad and the ugly, from the world-class players.  But will we get it right, or will we look back at repeat dire performances and can say, we knew all the right notes, but got them all in the wrong order?”

Around 100 interested individuals filled a conference room at the King’s Fund, on Cavendish Square in London last Monday, July 21st, where the Health and Social Care Information Centre (HSCIC) [1] held a meeting to publicly discuss the Partridge Review [2] and HSCIC data sharing policies, practices and stakeholder expectations going forward.  Driving Positive Change.[3]

The vast majority were from organisations which are data users, some names familiar from the care.data press coverage in spring, [Beacon Consulting, Harvey Walsh] plus many university and charity driven researchers.

Sir Kingsley Manning, Sir Nick Partridge and Andy Williams [The  CEO since April 2014] all representing HSCIC, spoke about the outcomes of the PWC audit, which sampled 10% of the releases of identifiable or pseudonymous data sharing agreements for closer review, and what is termed ‘Back Office’ access (by the police, Home Office, court orders) in the eight years as the NHS IC prior to the HSCIC rebrand and changes on April 1st, 2013.

“The standard PwC methodology was adopted for sample testing data releases with the prevailing governance arrangements. Samples were selected for each of the functional areas under review. Of the total number of data releases identified (3,059); approximately a 10% sample was tested in total.” (Report, Data Release Review June 2014)

I believe it is of value to understand how we got here as well as the direction in which the HSCIC is moving. This is what the meeting sought to do, to first look back and then look forward. They are Data Controller and Processor of our health records and personal identifiable data. As care.data pathfinder pilots approach at a pace, set for ‘autumn’, the changes in the current processes and procedures for data handling will not only effect records which are already held, from our hospital care and other health settings‘, but they will have a direct effect on how our medical records extracted from GP practices will be treated, for care [dot] data in the future.

Data Management thus far has failed to meet the standards of world class delivery; in collection, governance and release

After the event, walking back to the train home, I passed the house from which Chopin left, to play his last concert. [4]

It made me think, that sharing our medical records, is like playing Chopin. Done well, it has potential for brilliance. It separates the good, the bad and the ugly, from the world-class players. Even more so, when played as part of suite, where standards are understood and interoperable . Data sharing demands technical precision, experience and discipline. Equally, gone wrong, we can look back at past performances and say, we had world class potential and knew all the right notes, but got them all in the wrong order. Where did we fail? Will we learn, or let it repeat?

The 2.5 hour event, focused more on the attendees’ main interest, how they will be affected by any changes in the release process. Some had last received data before the care.data debacle in February put a temporary halt on releases.

As a result of planned changes, will some current data customers find, that they have already received data for the last time, I wonder?

After the initial review of the critical findings in the Partridge report, the discussion centred on listening to suggestions what may be done in England to prevent future fails. But in fact, I think we should be going further. We should be looking at what we are doing in England to be the world-class player that the Prime Minister said he wants.[5]

We are focused on making the best of a bad job, when we could be looking at how to be brilliant.

To me, the meeting missed a fundamental point. Before they decide the finer points of release, they need to ensure there will be data to collect. There was not one mention of the public’s surprise that our data was collected and had been sold or shared with each of them until last spring. So now that the public in part knows about it, the recipients should also consider we are watching them closely.

Data users are being judged as one, by their group performance

What the data recipients may or may not be conscious of, is that they too each are helping to shape the orchestra and will determine the overall sound that is heard outside.

They may not realise that as data recipients, we citizens, the data providers, will see and hear their actions and respond to them all collectively, in terms of what impact it may have on our opt in/out decision.

I heard on Monday one or two shriller voices from global data intermediaries claiming that others had been receiving data whilst their own requests had been overlooked. As of last Friday, HSCIC said 627 requests were on standby, waiting for review and to know whether or not they would receive data. Currently HSCIC is getting 70 new requests a month. Bearing in mind the attendees were mostly data users, they can be forgiven that they were mostly concerned about data release and use, but they did in part also raise the importance of correct communication, governance and consent of extraction. They realise without future public trust, there is no future data store.

One consultancy however, seemed to want to blame all the other players for their own past mistakes, though there was no talk of any blame in any discussion otherwise. They asked, what about the approvals process for SUS (Secondary Uses Service data), how are those being audited and approved, is it like HES? How about HSCIC getting their act together on opt out, putting power back in the hands of patients, they asked. What about the National Cancer Registries, ONS (Office of National Statistics), all the data which is not HES, will there be one entrance point to access all these data stores for all requests? And as for insurance concerns by patients, the same said, people were foolish to be concerned. Why, “if they don’t get our health data then all the premiums will go up.”

My my, it did feel a little like a Diva having a tantrum at the rest of the performers for messing up her part. And she would darn well pull the rest of them into the pit with her if she was going to get cancelled. In true diva style, I’m sure that company didn’t even realise it.

But all those data recipients are in the same show now – if one of them screws up badly, the critics will slam them all. And with it, their providers of data, we patients, will not share our data. Consent and confidentiality are golden tickets and will not be given up lightly. If  all the data-using players perform well, abide by the expected standards, and treat both critics, audience and each other with proper etiquette, then they will get their pay, and get to stay in the show. But it won’t be a one time deal. They will need to learn continuously, do whatever the show conductor asks, and listen and learn from the critics as they perform in future, not slacking off or getting complacent.

Whilst the meeting discussed past failings in the NHS IC, I hope the organisations will consider what has truly shocked the public is some of the uses to which data has been put. How the recipients used it. They need to examine their own practices as much as HSCICs.

The majority of the attendees were playing from the same score, asking future questions which I will address in detail in part two.

The vast majority asked, how will the data lab work? And other Research users asked many similar and related questions. [This from medConfidential [6] whilst on the similar environment for accredited safe havens, goes some way to explaining the principle of a health research remote data lab (HRRDL).]

Governance questions were raised. Penalties were an oft recurring theme and local patient representative group and charity representatives, asked how the new DAAG lay person appointments process would work and be transparent.

Other questions on past data use, were concerned with the volume of Back Office data uses. The volume of police tracing for example. How person tracing by the border agency, particularly with reference to HIV and migrant health, which may reveal data to border agencies which would not normally be shared by the patients’ doctors. “If people are going to have confidence in HSCIC, this was a matter of policy which needed looking at in detail. ” The HSCIC panel noted that they also understood there were serious concerns on the quantity of intra-government departments sharing, the HMRC, Home and Cabinet Offices getting mentions.  “There was debate to be had”, he said.

And  what do you think of the show so far? [7]

They’re collectively recovering from unexpected and catastrophic criticism at the start of the year. It is still having a critical effect on many organisations because they don’t have access to the data exactly as they used to, with a backlog built up after a temporary stop on the flow which was restarted after a couple of months. HSCIC has reviewed themselves, in part, and any smart attendees on Monday will know how each of their organisations have fared. The audit has found some of their weaknesses and sought to address them. There is a huge number of changes, definitions and open considerations under discussion and not yet ready to introduce. They realise there is a great amount of work still to be done, to bring the theory into practice, test it out, edit and get to a point where they are truly ready for a new public performance.

But none of the truly dodgy sounding instruments have been kicked out yet. I would suggest there are simply organisations which are not themselves of the same standards of ethics and physical best practices which deserve to manage our data. They will bring down the whole, and need rejected – the commercial re-use licenses of commercial intermediaries. And the playing habits of the data intermediaries need some careful attention, drawing the line between their clinical support work and their purely commercial purposes. The pace may have slowed down, but data is still flowing out, and there was no recognition that this may be without data protection permission or best practice, if individuals aren’t aware of their data being used in this way. The panel conducted a well organised and orderly discussion, but there were by far more open questions, than answers ready to be given.

What we do now, sets the future stage of all data sharing, in the UK and beyond – to be brilliant, will take time to get right

How HSCIC puts into action and implements the safeguards, processes and their verbal plans to manage data in the short and medium term, will determine much for the future of data governance in England, and the wider world. Not only in terms of the storage and release of data – its technical capability and process governance, but in the approach to data extraction, fair processing, consent, communication and ongoing management.

This is all too important to rush, and I hope that the feedback and suggestions captured on the day will be incorporated into the production. To do so well, will need time and there is no point in some half-ready dress rehearsal when so much is yet to be done.

The next Big Thing – care.data

When it came to care.data, Andy Williams said it had been a serious failing to not recognise that patients view their GP records quite, totally differently, from the records held at a hospital. Sharing their HES data.

“And it is their data, at the end of the day,” he recognised.

So to conclude looking back, I believe where data sharing has reached, is leaps and bounds ahead of where it was six months ago. The Partridge Review and its recommendations recognises there are problems and makes 9 recommendations. There is lots more the workshop suggested for consideration. If HSCIC wants to achieve brilliance, it needs to practise before going out on a public stage again. The excellence of Chopin’s music does not happen by chance, or through passion alone. To achieve brilliance we cannot follow some romantic notion of ‘it will all be alright on the night’. Hard edged, technical experience knows world-class delivery demands more.

So rolling out care.data as a pathfinder model in autumn before so much good preparation can possibly be done, is in my opinion, utterly pointless. In fact, it would be damaging. It will be like pushing  a grade 5 school boy who’s not ready into the limelight, and just wishing him luck, while you wait whistling in the wings. But what will those in charge say?

Will our health data sharing be a virtuoso performance [8]? Or will we end up with a second rate show, where we will look back and say, we had all the right notes, but played them all in the wrong order [9]?

{Update August 6th, official meeting notes courtesy of HSCIC}

I look forward to the future and address this more, as we did in the second part of the meeting, in my post Part Two. [10]

*****

[1] The Health and Social Care Information Centre – HSCIC

[2] The Partridge Review – links to blog post and all report files

[3] HSCIC Driving Positive Change http://www.hscic.gov.uk/article/4824/Driving-positive-change

[4] Chopin’s Last concert in London http://www.chopin-society.org.uk/articles/chopin-last-concert.htm

[5] What are we doing in England to be the world-class player that the Prime Minister said he wants? https://www.gov.uk/government/news/record-800-million-for-groundbreaking-research-to-benefit-patients

[6] A Health Research Remote Data Lab (HRRDL) concept for the ASH consultation – https://medconfidential.org/2014/hrrdls-for-commissioning/

[7] “What do you think of the show so far?” A classic Waldorf and Statler line from the Muppet Show. https://www.youtube.com/watch?v=jJNxj1FdKuo&list=PL1BCB0B838EBE07C6&index=12

[8] Chopin Rubenstein Piano Concerto no.2 with Andre Previn https://www.youtube.com/watch?v=T_GecdMywPw&index=1&list=RDT_GecdMywPw

[9] Classic comedy Morecambe & Wise, with Andre Previn – all the right notes, but not necessarily in the right order https://www.youtube.com/watch?v=-zHBN45fbo8

[10] Blog post part two: care.data is like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two – future]

**** In case care.data is news for you, here is a simple guide via Wired  and a website from GP and Caldicott Guardian Dr. Bhatia > the official NHS England page is here   ****

####

Fun facts: From The Telegraph, 2010: Prince of The Romantics by Adam Zamoyski

“That November farewell, given in aid of a Polish charity, came at the end of a difficult six-month British sojourn, which had included concerts in Manchester (one of the largest audiences he ever faced), Glasgow and Edinburgh, where the non-religious Chopin had unwillingly endured Bible readings by a pious patroness anxious to convert him to the Church of Scotland. Finally back in London, the composer-pianist spent three weeks preparing for what turned out to be his final recital by sitting wrapped in his coat in front of the fire at St James’s Place, attended by London’s leading homeopath and the Royal Physician, a specialist in tuberculosis. A week after the concert, he was on his way home to Parisian exile and death the following year.”

Born Zelazowa Wola, Poland of a French emigrant father and Polish mother, he left Poland aged 20, never to return. Well known and by some controversially for his long romantic liaison with novelist George Sand (Aurore Dudevant) after they separated his health failed and in 1848 he paid a long visit to Britain where he gave his last public performance at the Guildhall. He died in Paris.

care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two]

How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.

How have we arrived where we are now, at a Grand Pause in the care.data performance? I looked at the past, reviewed through the Partridge Review meeting in [part one here] the first half of this post from attending the HSCIC ‘Driving Positive Change’ meeting on July 21st. (official minutes are online via HSCIC >>  here.)

Looking forward, how do we want our data sharing to be? I believe we must not lose sight of classical values in the rush to be centre stage in the Brave New World of medical technology. [updated link  August 3rd]* Our medical datasharing must be above and beyond the best model standards to be acceptable technically, legally and ethically, worldwide. Exercised with discipline, training and precision, care.data should be of the musical equivalent of Chopin.

Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.

reputation
Pharma Times – July/Aug 2014 http://www.pharmatimes.com/DigitalOnlineArea/digitaleditionlogin.aspx

Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data.  They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.

Can we rise to the Challenge to be a world leader in Data Sharing?

If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.

How can we expect China [1] with whom the British Government recently agreed £14 billion in trade deals, [2] India, the country to which our GP support services are potentially poised to be outsourced through Steria [3] or any other organi Continue reading care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two]

Flagship care.data – [3] Commercial use in Practice

I looked in two previous posts at the background theory [1] to commercial uses of our data, then, the background to my concerns of commercial use with data intermediaries. [2] This is now part three,  my glimpse into commercial use in real-world practice. It’s become rather a saga.

Here’s the short version: “In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. We need to shout a bit louder, that we are not a product for sale. It’s not only that there is an increased risk in a move of our health records from binder to byte and broadening access to them. We take issue with the change of approved purposes from care, to commercial use.”

At the Health Select Committee on July 1st, [3] I believe  Sir Manning misses the key issue the public has with care.data and health record sharing, when he gave a response to Q562 to David Tredinnick MP:

‘We made big mistakes over the last 10 years’

“I am saddened by some of the comments that have been made this afternoon about the lack of trust and also by the impugning of our motivation. […]

We made big mistakes over the last 10 years, and we have a once-in-a-generation chance to get it right. I am absolutely clear that we have to engage the public in an open debate about the balance of risks and benefits. There will always be risks with data. There were risks with the Lloyd George envelope; notes were lost, they flew and went all over the place. There will always be risks, but those risks and the benefits are both enhanced by the technology.”

Whilst I applaud Sir Manning’s apology, and his call for open debate, I think he misses here the fundamental point of disagreement the public has with the HSCIC current practice. Selling our health data.

It’s not only that there is an increased risk in a move from binder to byte and broadening their access. We take issue with the change of approved purposes from care, to commercial use.

And these commercial (ab)uses in current form must stop if we are to trust the governance system in future.

Health Records for Commercial sale

HSCIC currently sells our health records for commercial purposes, to intermediaries with commercial re-use licenses, and had no consent nor our permission for this in the past, it continues to do so in the present and appears to have no concern or intention to stop doing so, for the future.

Mr. Kelsey added at the HS Committee,

“We have a very big job to do, and I hope that you will hold us to account in delivering it.”

To which I can only reply, it is you who say it. But who is accountable?  The Open Debate which Sir Manning calls for has not been taken up by NHS England. We are told this is a programme of national importance, one which Mr. Kelsey has repeatedly said, including to the Health Select Committee previously, on which the entire future of the NHS depends. Why then, no national discussion, no news since the pause and a focus on updated communications of the current plan.  The current plan with flaws in consent collection, scope determination, confusion of purposes.

There are so many ways this could be improved and gotten right, but not by November and without public debate.

How can you insist a programme so vital for the entire future of the NHS yet encourage no public discussion?   This seems to be a theme in NHS England recent programmes. [4] The decision to outsource the GP support services was taken in private sessions, not available to the public like the rest of the Board Meetings [5]. Other programmes, pilot and actual plans for implementation go on without public discussion.

There’s been no apology for the data sharing policy developed since 2010 which has encouraged commercial trading and enabled this erosion of security, confidentiality and trust in the data management system of our nation’s health records. No one at the Department of Health has said, we got this policy wrong. No one at NHS England, the same people if under a different label. Poor Sir Manning at the Information Centre who carried out their policy, has been left to say there were ‘big mistakes’ made. But not by him since July 2013.

Trust and care.data off course

That our trust now lies in tatters, is not the fault of the Health Select Committee member to whom Sir Manning says,  he is saddened and disappointed. It’s not Joe Public’s fault who had no idea this was going on, until six months ago.  Where did these policies and plans since 2010 come from? Where did the use of our data go so astray and why is flagship care.data now so terribly off course? Mr. Cameron outlined it in 2011. What happened in the three years?

Health records for sale

As I wrote in a previous post,

“Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace, this re-use of data is now becoming normalised.”

But should it be normal that our medical records are for sale?

When celebrity Michael Schumacher’s notes are for sale, [6] being offered concretely to the media, we all see that is wrong. Just imagine 70 million copies of Schumi’s record, each with our own name on it, being offered to anyone outside of those who need it for our care. Offered to these commercial  for-profit data intermediaries. It’s not a theory – this is what is happening to our records, today. Don’t accept the ‘anonymised’ statements, they’re simply not true. Identifiable data and pseudonymous data has been sold. The register confirms it, and that was only a 10% sample.

“To earn the public’s trust in future, we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”

said Sir Nick Partridge in his summary review.[7]

I think banning data sharing for commercial use and re-use would be a good start.

What is it to be used for and why?

When we think of our health records being used by others,  we need to separate the uses of the data, in order to understand different ways it is used, who uses it and why. Data once it is processed becomes knowledge which is used as Business Intelligence. It is common in discussion to conflate use in care with care.data. It’s even in the name. But the uses of care.data are secondary. Not to be used by clinicians caring for us, not replacing hospital notes to give to consultants when we are referred for a hospital stay. Not providing discharge papers. It’s only approved for commissioning and sketchily [imo] approved for risk stratification.  [ref p.5 ] [8]

care.data extracted from GP surgeries, is not even approved for research purposes, but to read all the recent debates you’d think research depended on it. Research using GP extracted patient data, is not an approved use of care [dot] data. Research using GP extracted patient data is not an approved use of care [dot] data. Repeat, ad nauseaum.

What is already being done, and what is used legitimately i research such as public health (albeit without our past knowledge or consent), is with our hospital data, HES, SUS, Mental Health data, usually with CAG review, and through 251 approval sometimes through DAAG review at HSCIC – it is available and is on sale to all sorts of other non-care providers. And that is planned to continue.

The records extracted so far, when not used for research appear in recent years increasingly used for comparison, the concept of ‘ranking and spanking’ professionals and providers of healthcare.  They are also used in commissioning, payment validation and understanding costs and spending. But beyond that, there are all sorts of others who still come under the umbrella of ‘health purposes’ but don’t directly benefit the NHS or individual patients. What is their demand and what are they being supplied?

In the newly created NHS marketplace, customers at individual level are patients, or at a market level they could be any part of the healthcare buying structure, a GP practice, a Clinical Commissioning Group, a Hospital Trust.

The challenge of any demand and supply chain process, is that you need a market willing to pay at the price you are prepared to sell. And you need to offer what they want to buy. For that, the buyers must see a value in the data they want to obtain. Where is the value for these areas of use: Generic NHS Business Intelligence, Generic Commercial Intelligence and Pharmaceutical intelligence?

Health records as Business Intelligence

Some companies take data and process it before selling it to NHS and other health providers in England. This provides a third party service and skill set which the HSCIC nor the NHS Trust for example, has themselves, such as IMS Health.

So business intelligence used for the benefit of the NHS, makes sense and is necessary to a greater or lesser degree depending on your attitudes to comparison websites, green/red flagging professionals and commissioning. Benchmarking was provided by Tribal until that part of their business was bought out by Capita.

These companies’ experience and market is healthcare. The kind of knowledge they can give to the NHS is highlighted in their case studies.

So for clinical care, and for commissioning at individual organisations, these tools are clearly useful and use individual patient level data. [9]

Al sorts of other places and individuals perform these services. They include a wide range of commercial organisations, small and large.

Health records as Commercial Marketing Intelligence

Commercial buyers however, can include wanting data for identity verification, fraud prevention and background checks. Services such as Experian offer. These may be what the loose definition in the Care Act would say are now banned, but are they? What is to say that a company which offers the use of private health services, healthy eating or pharmaceutical marketing is not providing information to others, for the promotion of health?

“Experian employs more than 12,500 people in 34 countries worldwide, supporting clients in more than 60 countries. Annual sales are $3.1 billion (£1.7bn/ v2.5bn).”

Identity verification can be done, matching data across a biographic footprint, ” in databases, established for 45 million UK citizens and hold in excess of 1 billion records.”

“Experian public sector currently works with 380 plus local authorities, 52 police and investigatory bodies, as well as central government agencies including DVLA, HMRC, DWP and the Cabinet Office.” [10]

There is clearly a lot of data sharing in the public sector, about which we may understand very little. But mostly the buyers of data want to sell something. Companies buy lists of people to use in marketing campaigns, who might be interested in what they’re selling — and companies also want to learn more about their current customers.

This is where I find the level of detail and what is done with our data, more than a little freaky.

Every UK consumer is classified into one of 22 types, aggregated into six groups. The 22 types are linked to six decision-making styles, providing insight into consumers’ motivations when using different media and the processes they go through in deciding about products and services.

“TrueTouch is built using over 700 individual data variables. These are chosen for their ability to illustrate an individual’s range of behaviours in relation to media consumption, including use of different channels, responsiveness and exposure to media. These are distilled into two core data sources: Quantitative data Experian’s UK Consumer Dynamics database compiles information on all UK individuals, their demographics and lifestyles, attitudes and responsiveness to media. It includes known data on demographics and lifestyles from publicly reported sources such as the ‘edited’ electoral roll, company directors, shareholders and council tax, as well as Experian’s proprietary lifestyle information taken from its programme of consumer survey.” [11]

I don’t know what segment I am in.  But I know that I will have data stored in many of those different data sources they mention. So do they actually know more about my habits and inclination, that I have self-awareness? If their tool has over 850 million input sources which they process, it’s more than likely. 34 million email addresses, 20 million mobile phone numbers, 49.7m names and addresses.

Experian may well have much of this data from the electoral roll (unless like me, you opted out of these uses) but in the HSCIC  January-April 2014 register of releases [7] data was given to Experian for use in Mosaic. (see July – 132kb right of page)

“Mosaic is Experian’s powerful cross-channel consumer classification designed to help you understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [12]

That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. In fact, I find it threatening in a similar vein to the visceral reaction that the Facebook experiment generated this week online.

As SF Gate reported,

“Using unsuspecting members as human guinea pigs is repugnant. And when the biggest social network on the planet does it, can its leaders be trusted with their own technology?”

This idea that just because one can and the technology permits it, does not mean that one should. It just feels wrong to find out others  may manipulate our thinking and behaviours in such a targeted way. Just as Experian does with consumer data:

Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…”[12]

Individual households? Understanding my behaviours, gives them information which they use to nudge or influence my decision making. Understanding our behaviour ‘in extraordinary detail’ helps companies market and sell more to customers.

There are other re-uses even for health purposes, which seem less transparent and more about us as general consumers, rather than for our health. For example, the use of HES data is in social marketing targeting:

“In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included  OmegaSolver and Harvey Walsh.”

These companies have re-use licenses for data. what that means is better explained here by medconfidential. [14]

How will HSCIC know how data will be used after release and how will it be audited and how often? When it comes to human tissue, the HTA only audits tissue banks in the UK once every three years. That’s a long time in between audits if something has gone horribly wrong in best practice.

Health records as Commercial Pharmaceutical Intelligence

To global pharma it is again not the data itself which is of value, but in the knowledge it reveals. The pharma business intelligence. It can show at an individual level what is being prescribed or show  any gaps it reveals, which will allow pharma, to address ‘unmet clinical need.’  The data already compares hospital prescribing and reports make recommendations used by NICE on what drugs to use and recommend. My concern is that to treat the worried well who have cash to spend, will deflect attention from the needs of the sick and poor and that even if only at postcode level, we will be targeted for pharmaceutical marketing.

“The parties will initially look at how anonymised, integrated health data can be used to identify unmet clinical need in patients with diabetes. In the UK, diabetes affects approximately 2.9 million adults overall, with more than 90% of these patients having type 2 diabetes. This makes diabetes one of the most common chronic medical conditions and represents a significant strain on U.K. health services.”

(HSCIC Astra Zeneca MOU December 2012) [15]

Astra has another Memorandum with IMS Health. So we, whose data it is, have zero transparency and can request no accountability for the use of our data once it has left the HSCIC.

And it matters because when there are data breaches in these companies, we should know whether our data has been involved.

In January 2012  AstraZeneca signed a three year partnership with IMS MOU [16] and stated it builds on AstraZeneca’s existing ‘real-world’ data and research partnership with HealthCore in the US, the health outcomes research subsidiary of WellPoint.  Wellpoint which had a massive breach a year ago, July 2013. So how do we know where our data was stored, and if it were involved or not? Here is what pharma use data for, to analyse “unmet clinical need.”

“The partnership with IMS Health will give AstraZeneca access to pre-existing anonymised electronic health records, which include clinical outcome, economic and treatment pattern data. In addition, the companies will jointly develop a customised research and data analysis platform. The information will provide a deeper insight into how medicines that are already on the market are working in real-world settings across Europe, painting a picture of unmet needs …”

We can look at this more than one way. Some feel strongly commercial use should exclude Big Pharma. On the one hand, the State and Government does not own manufacturing of drugs nor medical products. Though we used to do both.  Recently, that we did own, has been increasingly sold to commercial buyers or venture capitalists.

The State and pharma work together, often through University research, to create future health solutions, drugs and the drive towards personalised medicine and diagnostic tests. When companies which own our data are sold and bought internationally what happens to our data they own? Boots Alliance bought data from HSCIC, and they are about to be bought by US Walgreens. So many questions.

Those more informed than me will know all about the challenges of pharmaceutical companies, the patent cliff, mergers and diversification. IP, diagnostic tests and generics in the market. Big Pharma and the State are working together in much research to find solutions and discoveries to current and future medical issues.
How far does cooperation stretch and when does it become inappropriate? Is commercial interest supportive of State practice or driving decision making policy? Should commercial companies fund any costs at our NGOs? And do those which buy the most data, get a bigger slice of the influence of what conclusions reports using the data, reach? Whilst there is a public move to #Alltrials I believe we should demand #Allreports in the public interest as well. I would like to have transparency at HSCIC how their reports are funded,  when working with partners which are frequently commercial pharma partnerships.

Mr. Hunt recently defended to the Health Select Committee the reasons why a commercially supported pharma lobbying group was used to advise on the NHS Commissioning plan – the Specialised Healthcare Alliance. Supported by 14 pharma companies, these corporate members are contributing £12,000 each towards the costs of the Alliance for 2014.

Are we really seeing transparency on who is driving change in our health service?

The Richness of our records open for Exploitation

The value of Big Data is only extracted by exploiting its richness. And these days, with mobile phones, social media and shopping habits tracked by the minute, the average citizen like me, it seems can’t easily avoid being part of it, whether we want to be or not.

But if we don’t even have the right to control and own our data and we can’t control the knowledge generated from it, how can we control who knows what about us and what they use it for? If we’re unaware of its existence, how can we understand its impact on our life to make free and uninfluenced choices in what we buy, for example? Or understand how we may be segmented and discriminated against. And this is aside from the assumption that the data held is accurate and that as a result, no mistaken judgements are being made about us.

As for our health data, how can we control its use by these massive data managers if we don’t even know who they are at the end of a chain of re-use licenses?

Put Business Intell, Commercial Intell and Pharma together

The vast amounts of data already held and analysed to the nth degree by these data intermediaries, means that making even more data available to them is going to increase the segmentation and risk of identification. They already have data on individuals and is it not enough that they make analysis at household level as shown by Mosaic? Individual health level data seems that they could put a final piece in the puzzle and know exactly who in which house had which ailments, their lifestyle risk factors could be refined and these data brokers would be able to look inside our very bodies.

One which fits data together, we do know from the HSCIC data release register, and press reports in March, is Harvey Walsh. The company tracks individuals pathway data, over time and the website now says:

“Harvey Walsh use non-sensitive and non-identifiable HES data for patient pathway mapping that is used by the healthcare industry with the NHS to improve the quality of healthcare management and service delivery by better understanding how patient cohorts move around the healthcare system.”
[Harvey Walsh’s system] “AXON holds non identifiable and non-sensitive HES (Hospital Episode Statistics) data and other sources of data including GP Practice Prescribing, QOF, Demographic and NHS personnel data sets.”

Data snapshots combine to give a Picture over a Lifetime

So now, not only can these companies understand us in infinite detail, but can do so over our lifetime. We are tracked over time and anaylsed not as a snapshot, but as a living album of snaps, moving across time. They know what we do commercially, in our lifestyle and how it interacts with our health and what may affect our consumer habits and help nudge our decision making. Put them together, and it starts to feel like I’m on The Truman Show.

I’d like to know though, once the data is processed, what happens to the new combined knowledge set, it creates? The original raw data as extracted may not be given to others, but is it the same product and protected, if it now shows up as a small piece, in a bigger jigsaw?

Omega Solver took their product offline this year, after privacy campaigners identified the risk of identifying individuals.
Acxiom as a world data leader example, is a company which provides consumer data and analytics for marketing campaigns and fraud detection. Its databases contain information about 700 million consumers worldwide.

“For more than 40 years, Acxiom has been a leader in harnessing the powerful potential of data.”

It seems others share my concerns, as this article on how data brokers use of our data is creepy, from Julia Angwen showed up in my alert feed this week, and another in ProPublica from last September. As she says,

“Commercial data has become a honeypot that government likes to dip its hand into.”

You can see more on this, in her interview with PBS News:

Our lifetime data is attractive to commercial marketing and all sorts of organisations who wish to understand us and sell to us. The one purpose, possibly the least trusted I have not really touched on. Hospital records have been shared with insurers and used for refining policy. Records have been sold to re-insurers, even since January 2014. And these insurers mine and use data much more deeply than we want to imagine. In fact, as I finish this I see the FT front page tomorrow carries a current story how insurers trawl our Big Data.

FT Insurers trawl Big Data
FT Insurers trawl Big Data

 

 

 

 

 

 

HSCIC Data Sharing Agreements will prevent Data Merger?

IMS Health UK & Ireland’s general manager, Michael Sanvoisin shows that exploiting the different data sets ‘out there’ in Big Data, is kind of the whole point. [17]

“The smartest use of data will be the effective combination of all the various sources of open data and patient information services available in the marketplace, augmented by companies’ own internal information and data from other reliable and reputable sources.”

IMS Health is working in partnership with the MHRA – and in particular the clinical practice research datalink (CPRD) – to help the UK increase its capabilities to build cohorts of patients for clinical trials. This has led to the linkage of IMS Health’s Hospital Treatment Insights (HTI), the aggregation of HES and prescribing data, to the CPRD. This powerful linked dataset enables the identification of specific patient cohorts and allows companies to monitor patient flow between primary and secondary care.

IMS Ardentia’s Costed Care Pathways (CCP) sequences clinical events together with detailed financial information to give a longitudinal view of a particular patient care pathway.” [17]

When these global companies have in addition, bought data from HSCIC, where is the transparency for patients to know what internal practice at these private companies prevents all data becoming one Big Data set,  in identifiable or pseudonymous formats, and sold or shared onwards with others?

The Recent register states explicitly, that IMS will not do this, that the data will not be sold onwardly, but how about the knowledge they create from it?

IMS Health works in partnership with pharma for example:

“ANDromeda is an engagement tool enabling greater market access with a tailored need across all functions within pharmaceutical companies.

And in the UK,  are involved in work shaping our health market: “that may involve looking at how primary care organisations operate or focusing even closer on area-level commissioning, such as GP consortiums.”

Where is our Data being Used?

“The effective combination of IMS Health’s proprietary data assets, in addition to the vast swathes of open data being made available, can help inform key strategic decisions for both the NHS and pharma. Moreover, it can drive an increase in joint working towards shared benefits and therefore transform healthcare services in the UK and beyond.”

“in the UK and beyond.” So I ask myself, which countries outside the UK have received our medical records? Remembering that non-US citizens have no privacy rights in the US, if it landed there, we can say good bye to ever getting control of that knowledge back again.

Indeed HES extracts have been given to places in the US, specifically the University of California, the FOI request I got back confirmed. The Partridge Report contained two examples of data which has gone to Kyoto University. Yes, Japan. And remember, if the data is completely aggregated and anonymised it’s not included in these registers, because it is open, green data. So what exactly went to California, Japan and who knows where else. No one knows 100%. The Report only sample tested 10% of all releases.

IMS received 251 access (which is required for confidential data without consent) for identifiable data extracted from hospital pharmacy systems, sent to HSCIC and linked with HES (hospital records). The main customer for these products will be the pharmaceutical industry. (Lines 101-2).

IMS Health is massive, as is the global health data they hold.
On the IMS One intelligent cloud, the company connects more than 10 petabytes of complex healthcare data on diseases, treatments, costs and outcomes to enable our clients to run their operations more efficiently.

Drawing on information from 100,000 suppliers, and on insights from more than 45+ billion healthcare transactions processed annually, IMS Health’s 9,500+ professionals drive results for over 5,000 healthcare clients globally. Customers include pharmaceutical, medical device and consumer health manufacturers and distributors, providers, payers, government agencies, policymakers, researchers and the financial community.

Another user of our data is Optum UK (formerly United Health Group, and if that sounds familiar it was Simon Stevens [18] last employer). I wonder for example, does that mean it is also used by Optum Insight in the US? This presentation by Christopher M. Blanchette,  shows different data providers of ‘RWE’ real-world evidence and where their data is sourced.

If international companies have NHS England patient data and re-use licence, is it likely in to have been exported around the world or how can we know in which locations it is used? I want to know how often data is given directly to International companies? How often is data given to companies in the UK, who have foreign centres outside the UK, which would routinely share that data with their central systems and therefore export it? It is a basic right of data management to require fair processing for identifiable data, to know who has it for what purpose.

How do we protect consumers’ concerns?

And as US Commissioner Julie Brill’s report shows, in the States there are concerns how this data is used and they are acting on it. Are we doing the same here?

Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told, the data controller, the Health and Information Centre, does not know. And he can’t ask for what data is held in pseudonymous format – even though the data is pseudonymous with a key to make it linkable with new identifiable data coming in, so to me, that makes little sense. It is by its nature, re-identifiable.

But if HSCIC won’t release it in a Subject Access Request (SAR), we can then only surmise, whether our individual data was contained in bulk data transfers. So from the released data register, we should look at what types of companies are using pseudonymous (so called ‘amber’ data), and assume our own data was indeed included.

Overseas Data Distribution and Protection

care.data, it was said at the Health Select Committee meeting by Mr.Kelsey in March, was only for use in the UK but the HES/SUS data application form includes a field for use overseas. So, does that mean policy for export has changed for all data, or should they have spoken more precisely meaning only that “GP data extracted in care.data” was only to be used in the UK?

Because IMS, again, already has access to primary data from CPRD and secondary care data according to line 10 from HES. And whilst, it states “[Note added 28/3: The data are onwardly released only in aggregate form] I am curious – where does ‘onward’ mean? There is no Ltd. on the company name, no territory or geography indicated in the register. So if data is released to an American firm, should we assume it sits on US servers and is accessed directly by their US staff? Does onward only restrict them from giving the raw, identifiable data they received, to others outside IMS? Is it availble in non-aggregate form inside the whole of the IMS system? I, in the general public, can’t tell from the register and IMS is hardly going to tell me. We should be able to find out. I’ve found it a challenge, and my FOI request to HSCIC [14] to find out what data may have been given to US or Asian organisations, was tougher than my entire lifetime of dental appointments combined.  It shouldn’t be difficult. Patients should be able to easily ask, to whom did you give my health data and where, for what?

Do we know enough about the plans to use and commercially re-use our data for commercial ‘health purposes’ as being broadly defined in the Care Act? If not, patients should be asking. GPs don’t have time.

Why does it matter? Because legal jurisdiction of data is still (perhaps outdatedly) physically geographic at least in aspects with which I am familiar. When working on global implementations of confidential employment data, we had to gain legal advice from each territory submitting data, on how we should legally properly manage data from over 50 countries in the world and its access by regional and global teams in the US, Europe or Asia.  And on simple terms, we should always handle, process and use data in a way the individual expects and feels common-sensed appropriate to the purpose for which it was submitted. British citizens are not protected by US privacy laws because they apply only to US citizens.

“Existing laws do not sufficiently address data brokers’ handling of sensitive data in marketing or risk mitigation contexts,”

says Julie Brill’s statement. Well they don’t protect us Brits, at all, so I want to know if it’s being used abroad.

Few in England, will expect their data to have been made as freely available at identifiable individual pathway level, as it appears to have been in recent years. Do I at least have the chance to protect my children’s future data privacy, if not my own now?

Surely we can trust Data Protection Laws?

Because of the legal status of data which is deemed “de-identified” or “anonymized”, it is claimed they don’t violate our rights to health information privacy – Data Protection law accords us only the right to fair processing, not to prevent its processing, due to the the Health and Social Care Act 2012 which requires its extraction — but if it’s possible to re-identify longitudinal data sets – and if the whole point of getting these data sets together is to combine them, surely common sense would say, it may be legal, but that doesn’t make it right. There are other DPA expectations which HSCIC also fails to meet. The Minimum data required, for example. Deletion. Accuracy. I am guessing that every single one of the eight Principles have been broken by our data extracted before the HSC Act 2012. Yet, everyone seems to be ignoring this.

When it comes to Data Protection, identifiable data is treated differently from anonymous data. Amber individual level ‘pseudonymous’ data, is not the same as aggregated anonymous statistics and the care.data privacy impact assessment [19] confirms the risk of re-identification, yet the data is being treated as if it is anonymous. I can’t believe people working in the field believe themselves these data groups should be looked on as being equal. In my opinion, it’s not so much a case of wearing rose-tinted spectacles, it’s more like a blindfold on the wise monkeys; hear no evil, see no evil. [20]

I can quite clearly state on behalf of many, we feel that our rights to privacy have been and continue to be violated, no matter what the letter of the law says.

Whilst HSCIC may see only its own data sharing practices in a silo, that’s not how the impact of its sharing works in real life. It’s a join the dots between different data sets from different sources.

Can Good Governance Give us Confidence?

We are told that data-sharing agreements make it illegal for the data to be combined with other data held by the recipient, to make it identifying. But if the Data Controller doesn’t know what data the company already has, and doesn’t even keep track of what data has been given to them already, it must be impossible for individuals within these massive corporations to know the impact of adding their piece of the jigsaw puzzle. Over time, they will not track either, what from their company has already gone into creating the Big Data picture.

We could only rely on release controls and good governance, but for the past ten years reported in HSJ and the Partridge Review, it appears some datasets have been inappropriately shared without audit, which would have spotted the mistake.  Governance is simply inadequate. In my opinion, not with malicious intent. Rather, simply, the data sharing strategy has been too fast for its own good practices to keep up. Now, it has to catch up fast.

As awareness increases, so too is the push back on the privacy grab. How do we feel about losing our individual rights, the removal of confidentiality and consent, the right to freedom from cold-calling, and to know who has our data for what reasons. And do we feel the same if we lose those rights in the name of commercial or public interests?

The British public is pushing back on banking failures and resents increasingly to see the minority of individuals benefiting commercially at the expense of the many. We resent the paternal state definition of the ‘Public Good’. 

Private vs Public Good?

Business benefit vs the wider public good is in some ways an intangible and unquantifiable, but a debate which needs revisited on an ongoing basis says Dr. Mark Tayor when it comes to health records’ data privacy. [21]

The public interest considered by CAG in reviews of data release applications, must consider protecting both the public interest in research access to confidential patient data and the public interest in a confidential health service. Add to that the public interest of providing a national health service, and its safe to say ‘the public interest’ will be hard to satisfy for all of the people, all of the time and will be subjective.

“that the purpose for which the data will be used should be in the public interest and for the provision of health and care services; [and] that any approved processing must respect and promote the privacy of patients and care service users… ” (Hansard, 10 March 2014, Col.137)

Perhaps even more subjective, is the atmosphere of public interest and how interested the public is, in how how level decisions affect us on the ground. Certainly, Snowden and other data sharing revelations have coloured the muddy backdrop of how our data is gathered and used by others, and increased calls for transparency.

The Department of Health will be furious with the Home Office I expect this weekend, as they triggered a massive outcry over the perceived lack of transparency and scrutiny afforded to MPs and civil society over the Data Retention and Investigatory Powers Bill.  Even Radio 2 gave it 20 minutes coverage.  [22] (From 01:36.40) This kind of governmental out-of-touchness with the public and the perceived desire to hide something in the rush to the new legislation, is what undermines trust in all areas of the public-state relationship.

It implies a paternal notion, of “we know best, so just trust us little children.” Well, that ain’t gonna fly.  Seahaven is not “the way the world should be.”

Patient empowerment to own our Health Records

This flawed process, within and beyond NHS data sharing, has also created a sense of loss and disempowerment. Whilst presentations are all about ‘patient centred’ care, and ‘personalised medicine’ sounds so about the individual patient, it seems safe to say patients have been left out of the digital decision making and sharing how those decisions will affect the public on the ground. This for care.data, should have been central to plans to ensure support and success. There are still unfilled positions supposed to be filled by patient organisations or patients on the tech board.

It seems endemic to new programmes too. Or have patient organisations been widely involved in the genomic plans for the nation and not told us? Unlikely.

The talk thus far, does not match the walk. Knowledgable patient involvement is as desired by some of those leading parts of NHS patient engagement, as a chocolate teapot is useful. One is documented having said on another programme, “this was not a suitable point for patient involvement.”  Either you want patients involved or not. Involved means from the beginning. Not as the decoration at the end, a way to tick the engagement box.

The notional idea of patient empowerment in this programme is tokenism, if the most basic principle of care, the only thing I can control in my consultation – my patient confidentiality – is treated with such little respect.

Is the public good really defined and does it outweigh the private good and our long established rights of consent and confidentiality? Does it vary depending on circumstance and if so, who decides?
It certainly doesn’t seem to be us, the patients in healthcare. Nor as citizens in any other field of our personal data.

If you don’t pay for the product, you are the product

In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. Maybe we need to shout a bit louder, that we are not a product. We do not all want the knowledge of our health & lifestyle to be for sale.

We’ve got used to these third party uses through the recent media revelations and the acceptance that current Government seems to be prepared to sell anything the State has in its possession. I wonder how representative that is of what the people would choose to do?

So at the risk of repetition, let’s not forget the basics:

1. Our health records are for sale without our consent.
2. These companies are some who have bought data in the last year.
3. At these prices.

The list of past customers in the Partridge Review of those who received data before April 2013 shows the extent of what was hidden from us for twenty years.

Should we be asking, what may be hidden still?

By stretching the scope of the potential discussion around the ‘industrialisaton’ and use of our health records for secondary purposes, we must not normalise the basics which we at first, found so surprising. We need to get them fixed first. Then, only then, will patients be willing to look at broader future scope. If I can’t trust you to manage my hospital record when I broke an ankle, why would I want to trust you with my genomes in future? It reveals a complete disconnect at NHS England level with the public in care.data thinking.

Come back to reality and listen to patients’ real concerns. We don’t want our data given to third parties, these data brokers and intermediaries or to continue re-use licenses. Even if it’s for ‘the promotion of health’ the purposes in the Care Bill.

And honestly? NHS England and the Department of Health  shouldn’t want that acceptable in policy either, because they need to know who has our data, to govern it to make sure it is acceptable. As Sir Nick says in his report, the future data governance must be:

“meticulous, fool-proof and solid as a rock”

One more big mistake in who received our data in the future, and all cards will be off the table.  For this to work, you need to properly manage it. And all this at the time where NHS England has now decided to outsource population wide databases, through the Steria outsourcing. Ha. Get that outsourcing security wrong, and for all your future programmes, as Truman would say, “Good morning, and in case I don’t see ya: Good afternoon, good evening, and good night!”

In the words of more Americans for whom I have a respect & love of their self-determined own words,  Simon and Garfunkel, ‘Slow down, you move too fast.’

Julie Brill’s Statement made a recommendation in the US:

“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”

We should feel that we consent to this mining of our health, wealth and lifestyles and know what is done with that knowledge. I feel disempowered because in finding out how my health data is used, I’ve discovered a brave new world of how my personal data is used. By commercial business. By Government.  By suits and wonks as may be nicknamed.  I am not equipped or informed enough to understand it all, but I’m doing my best to find out.

We need to trust in the people who manage these systems, who drive the policy and who advise the two, to work together and make technology work well for the rest of us. It should work well with privacy and security, and functionally.

Patients must speak up and Ask Questions

Patients must start asking more questions about these commercial uses and re-use licenses, because whilst the commercial intermediaries may access data for the purposes permitted in the Care Act, we are not a partner in patient engagement. Our data is being mined in the name of NHS improvement. Our samples being gathered in the name of science.

We are the product for sale. Our name, and everything else about us.

*****

image source: Time cover 2011

[1] Previous posts: Commercial uses of care.data and

[2] care.data use with intermediaries  

[3] Health Select Committee July 1st, 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/11192.html

[4] NHS England Board meetings – to outsource support

[5] Decision to outsource Primary Care support services

[6] Schumacher’s health records stolen  http://www.mirror.co.uk/news/world-news/michael-schumachers-medical-files-probe-3823793

[7] The Partridge Review Summary

[8] Risk Stratification guidance issued to CCGs

[9] IMS Health Ardentia http://www.imshealth.com/deployedfiles/imshealth/Global/Content/Technology/Technology%20Platforms/Ardentia/Ardentia_Royal_Free_PLICS.pdf

[10] Experian Public Sector http://www.experian.co.uk/assets/identity-and-fraud/authenticate-for-public-sector.pdf

[11] Experian’s Truetouch http://www.experian.co.uk/business-strategies/truetouch.html

[12] Experian -MOSAIC http://www.experian.co.uk/marketing-services/knowledge/case-studies/mosaic-case-studies.html

[13] HSCIC Data Register of Releases

[14] Medconfidential on commercial re-use licenses and Omega Solver https://medconfidential.org/2014/commercial-re-use-licences-for-hes-disappearing-webpages/

[15] Astrazeneca MOU with HSCIC – http://www.astrazeneca.com/Research/news/Article/121204-astrazeneca-to-collaborate-with-the-hscic

[16] Astrazeneca MOU with IMS http://www.astrazeneca.com/Media/Press-releases/Article/20120111–astrazeneca-and-ims-health

[17] IMS Health using NHS patient data  http://www.imshealth.com/deployedfiles/ims/Global/Content/Solutions/Healthcare%20Analytics%20and%20Services/Healthcare%20Outcomes/IMS_HTI.pdf

[18] HSCIC FOI Request on data sharing with the US & Asia

[19] The Eight Data Protection Principles  via ICO

[20] care.data privacy impact assessment http://www.england.nhs.uk/wp-content/uploads/2014/01/pia-care-data.pdf

[21] Previous post: The Partridge Review

[22] Public vs Private Good – “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed 1 http://script-ed.org/?p=1377

[23] Data Retention and Investigatory Powers Bill.  Radio 2.

****

See Wired: for an overview of care.data in general http://www.wired.co.uk/news/archive/2014-02/07/a-simple-guide-to-care-data and what good things should be taken from it when flagship care.data goes down http://www.wired.co.uk/news/archive/2014-03/06/care-data