Tag Archives: datasharing

Reputational risk. Is NHS England playing a game of public confidence?

“By when will NHS England commit to respect the 700,000 objections  [1] to secondary data sharing already logged* but not enacted?” [gathered from objections to secondary uses in the care.data rollout, Feb 2014*]

Until then, can organisations continue to use health data held by HSCIC for secondary purposes, ethically and legally, or are they placing themselves at reputational risk?

If HSCIC continues to share, what harm may it do to public confidence in data sharing in the NHS?

I should have asked this explicitly of the National Information Board (NIB) June 17th board meeting [2], that rode in for the last 3 hours of the two day Digital Health and Care Congress at the King’s Fund.

But I chose to mention it only in passing, since I assumed it is already being worked on and a public communication will follow very soon. I had lots of other constructive things I wanted to hear in the time planned for ‘public discussion’.

Since then it’s been niggling at me that I should have asked more directly, as it dawned on me watching the meeting recording and more importantly when reading the NIB papers [3], it’s not otherwise mentioned. And there was no group discussion anyway.

Mark Davies. Director at UK Department of Health talked in fairly jargon-free language about transparency. [01:00] I could have asked him when we will see more of it in practice?

Importantly, he said on building and sustaining public trust, “if we do not secure public trust in the way that we collect store and use their personal confidential data, then pretty much everything we do today will not be a success.”

So why does the talk of securing trust seem at odds with the reality?

Evidence of Public Voice on Opt Out

Is the lack of action based on uncertainty over what to do?

Mark Davies also said “we have only a sense” and we don’t have “a really solid evidence base” of what the public want. He said, “people feel slightly uncomfortable about data being used for commercial gain.” Which he felt was “awkward” as commercial companies included pharma working for public good.

If he has not done so already, though I am sure he will have, he could read the NHS England own care.data listening feedback. People were strongly against commercial exploitation of data. Many were livid about its use. [see other care.data events] Not ‘slightly uncomfortable.’  And they were able to make a clear distinction between uses by commercial companies they felt in the public interest, such as bona fide pharma research and the differences with consumer market research, even if by the same company.  Risk stratification and commissioning does not need, and should not have according to the Caldicott Review [8], fully identifiable individual level data sharing.

Uses are actually not so hard to differentiate. In fact, it’s exactly what people want. To have the choice to have their data used only for direct care  or to choose to permit sharing between different users, permitting say, bona fide research.  Or at minimum, possible to exclude commercially exploitative uses and reuse. To enable this would enable more data sharing with confidence.

I’d also suggest there is a significant evidence base gathered in the data trust deficit work from the Royal Statistical Society, a poll on privacy for the Joseph Rowntree Foundation, and work done for the ADRN/ESRC. I’m sure he and the NIB are aware of these projects, and Mark Davies said himself more is currently being done with the Nuffield Trust.

Work with almost 3,000 young for the Royal Academy of Engineering people confirmed what those interested in privacy know, but is the opposite of what is often said about young people and privacy – they care and want control:

youngpeople_privacy

NHS England has itself further said it has held ‘over 180’ listening events in 2014 and feedback was consistent with public letters to papers, radio phone-ins and news reports in spring 2014.

Don’t give raw data out, exclude access to commercial companies not working in the public interest, exclude non-bona fide research use and re-use licenses, define the future purposes, improve legal protection including the opt out and provide transparency to trust.

How much more evidence does anyone need to have of public understanding and feeling, or is it simply that NHS England and the DH don’t like the answers given? Listening does not equal heard.

Here’s some of NHS England’s own slides – [4] points included a common demand from the public to give the opt out legal status:

legal

 

Opt out needs legal status

Paul Bate talked about missing pieces of understanding on secondary uses, for [56:00] [3] “Commissioners, researchers, all the different regulators.” He gave an update, which assumed secondary use of data as the norm.

But he missed out any mention of the perceived cost of loss of confidentiality, and loss of confidence since the failure to respect the 9nu4 objections made in the 2014 aborted care.data rollout. That’s not even mentioning that so many did not even recall getting a leaflet, so those 700,00K came from the most informed.

When the public sees their opt out is not respected they lose trust in the whole system of data sharing. Whether for direct care, for use by an NHS organisation, or by any one of the many organisations vying to manage their digital health interaction and interventions. If someone has been told data will not be shared with third parties and it is, why would they trust any other governance will be honoured?

By looking back on the leadership pre- care.data flawed thinking ‘no one who uses a public service should be allowed to opt out of sharing their records, nor can people rely on their record being anonymised’ and its resulting disastrous attempt to rollout without communication and then a second at fair processing, lessons learned should inform future projects. That includes care.data mark 2. This < is simply daft.

You can object and your data will not be extracted and you can make no contribution to society, Mr. Kelsey answered a critic on twitter in 2014 and revealed that his thinking really hasn’t changed very much, even if he has been forced to make concessions. I should have said at #kfdigital15, ignoring what the public wants is not your call to make.

What legal changes will be made that back up the verbal guarantees given since February? If none are forthcoming, then were the statements made to Parliament untrue? 

“people should be able to opt out from having their anonymised data used for the purposes of scientific research.” [Hunt, 2014]

We are yet to see this legal change and to date, the only publicly stated choice is only for identifiable data, not all data for secondary purposes including anonymous, as offered by the Minister in February 2014, and David Cameron in 2010.

If Mark Davies is being honest about how important he feels trust is to data sharing, implementing the objection should be a) prioritised and b) given legal footing.optout_ppt

 

Risks and benefits : need for a new social contract on Data

Simon Denegri recently wrote [5] he believes there are “probably five years to sort out a new social contract on data in the UK.”

I’d suggest less, if high profile data based projects or breaches irreparably damage public trust first, whether in the NHS or consumer world. The public will choose to share increasingly less.

But the public cannot afford to lose the social benefits that those projects may bring to the people who need them.

Big projects, such as care.data, cannot afford for everyone’s sake to continue to repeatedly set off and crash.

Smaller projects, those planned and in progress by each organisation and attendee at the King’s Fund event, cannot afford for those national mistakes to damage the trust the public may otherwise hold in the projects at local level.

I heard care.data mentioned five different times over the two-day event  in different projects as having harmed the project through trust or delays. We even heard examples of companies in Scotland going bust due to rollouts with slowed data access and austerity.

Individuals cannot afford for their reputation to be harmed through association, or by using data in ways the public finds unreasonable and get splashed across the front page of the Telegraph.

Clarity is needed for everyone using data well whether for direct care with implied consent, or secondary uses without it, and it is in the public interest to safeguard access to that data.

A new social contract on data would be good all round.

Reputational Risk

The June 6th story of the 700,000 unrespected opt outs has been and gone. But the issue has not.

Can organisations continue to use that data ethically and legally knowing it is explicitly without consent?

“When will those objections be implemented?” should be a question that organisations across the country are asking – if reputational risk is a factor in any datasharing decision making – in addition to the fundamental ethical principle: can we continue to use the data from an individual from whom we know consent was not freely given and was actively withheld?

What of projects that use HES or hospital secondary care sites’ submitted data and rely on the HSCIC POM mechanisms? How do those audits or other projects take HES secondary objections into account?

Sir Nick Partridge said in the April 2014 HSCIC HES/SUS audit there should be ‘no surprises’ in future.

That future is now. What has NHS England done since to improve?

“Consumer confidence appears to be fragile and there are concerns that future changes in how data may be collected and used (such as more passive collection via the Internet of Things) could test how far consumers are willing to continue to provide data.” [CMA Consumer report] [6]

The problem exists across both state and consumer data sharing. It is not a matter of if, but when, these surprises are revealed to the public with unpredictable degrees of surprise and revulsion, resulting in more objection to sharing for any purposes at all.

The solutions exist: meaningful transparency, excluding commercial purposes which appear exploitative, consensual choices, and no surprises. Shape communications processes by building-in future change to today’s programmes to future proof trust.

Future-proofing does not mean making a purpose and use of data so vague as to be all encompassing – exactly what the public has said at care.data listening events they do not want and will not find sufficient to trust nor I would argue, would it meet legally adequate fair processing – it must build and budget for mechanisms into every plan today, to inform patients of the future changes to use or users of data already gathered, and offer them a new choice to object or consent. And they should have a way to know who used what.

The GP who asked the first of the only three questions that were possible in 10 minutes Q&A from the room, had taken away the same as I had: the year 2020 is far too late as a public engagement goal. There must be much stronger emphasis on it now. And it is actually very simple. Do what the public has already asked for.

The overriding lesson must be, the person behind the data must come first. If they object to data being used, that must be respected.

It starts with fixing the opt outs. That must happen. And now.

Public confidence is not a game [7]. Reputational risk is not something organisations should be forced to gamble with to continue their use of data and potential benefits of data sharing.

If NHS England, the NIB or Department of Health know how and when it will be fixed they should say so. If they don’t, they better have a darn good reason why and tell us that too.

‘No surprises’, said Nick Partridge.

The question decision makers must address for data management is, do they continue to be part of the problem or offer part of the solution?

******

References:

[1]The Telegraph, June 6th 2015 http://www.telegraph.co.uk/news/health/news/11655777/Nearly-1million-patients-could-be-having-confidential-data-shared-against-their-wishes.html

[2]  June 17th NIB meeting http://www.dh-national-information-board.public-i.tv/core/portal/webcast_interactive/180408

[3] NIB papers / workstream documentation https://www.gov.uk/government/publications/plans-to-improve-digital-services-for-the-health-and-care-sector

[4] care.data listening feedback http://www.england.nhs.uk/wp-content/uploads/2015/01/care-data-presentation.pdf

[5] Simon Denegri’s blog http://simondenegri.com/2015/06/18/is-public-involvement-in-uk-health-research-a-danger-to-itself/

[6] CMA findings on commercial use of consumer data https://www.gov.uk/government/news/cma-publishes-findings-on-the-commercial-use-of-consumer-data

[7] Data trust deficit New research finds data trust deficit with lessons for policymakers: http://www.statslife.org.uk/news/1672-new-rss-research-finds-data-trust-deficit-with-lessons-for-policymakers

[8] Caldicott review: information governance in the health and care system

Off the record – a case study in NHS patient data access

Patient online medical records’ access in England was promised by April 2015.

HSCIC_statsJust last month headlines abounded “GPs ensure 97% of patients can access summary record online“. Speeches carried the same statistics.  So what did that actually mean? The HSCIC figures released in May 2015 showed that while around 57 million patients can potentially access something of their care record only 2.5 million or 4.5% of patients had actively signed up for the service.

In that gap lies a gulf of a difference. You cannot access the patient record unless you have signed up for it, so to give the impression that 97% of patients can access a summary record online is untrue.  Only 4.5% can, and have done so. While yes, this states patients must request access, the impression is somewhat misrepresentative.

Here’s my look at what that involved and once signed up, what ‘access your medical records’ actually may mean in practice.

The process to getting access

First I wrote a note to the practice manager about a month ago, and received a phone call a few days later to pop in any time. A week later, I called to check before I would ‘pop in’ and found that the practice manager was not in every day, and it would actually have to be when she was.

I offered to call back and arrange a suitable date and time. Next call, we usefully agreed the potential date I could go in, but I’d have to wait to be sure that the paper records had first been retrieved from the external store (since another practice closed down ours had become more busy than ever and run out of space.) I was asked whether I had already received permission from the practice manager and to confirm that I knew there would be a £10 charge.

So, one letter, four phone calls and ten pounds in hard cash later, I signed a disclosure form this morning to say I was me and I had asked to see my records, and sat in a corner of the lovely practice manager’s office with a small thinly stuffed Lloyd George envelope, and a few photocopied or printed-out A4 pages  (so I didn’t get to actually look at my own on-screen record the GP uses) and a receipt.

What did my paper records look like?

My oldest notes on paper went back as far as 1998 and were for the most part handwritten. Having lived abroad since there was then a ten year gap until my new registration and notes moved onto paper prints of electronic notes.

These included referral for secondary care, correspondence between consultants and my GP and/or to and from me.

The practice manager was very supportive and tolerant of me taking up a corner of her office for half an hour. Clutching a page with my new log-in for the EMIS web for patient records access, I put the papers back, said my thank yous and set off home.

Next step: online

I logged on at home to the patient access system. Having first had it in 2009 when I registered, I hadn’t used the system since as it had very limited functionality, and I had had good health. Now I took the opportunity to try it again.

By asking the GP practice reception, I had been assigned a PIN, given the Practice ID, an Access ID and confirmation of my NHS number all needed entry in Step 1:

emis1

 

Step 2: After these on screen 2, I was asked for my name, DOB, and to create a password.

emis2

 

Step 3: the system generated a long number user ID which I noted down.

Step 4: I looked for the data sharing and privacy policy. Didn’t spot with whom data entered would be shared or for what purposes and any retention or restrictions of purposes. I’d like to see that added.

emis3
Success:

Logged on using my new long user ID and password, I could see an overview page with personal contact details, which were all accurate.  Sections for current meds, allergies, appointments, medical record, personal health record and repeats prescriptions. There was space for overview of height, BMI and basic lifestyle (alcohol and smoking) there too.

emis4c

 

A note from 2010 read: “refused consent to upload national. sharing. electronic record.” Appropriately some may perhaps think, this was recorded in the “problems” section, which was otherwise empty.

Drilling down to view the medication record,  the only data held was the single most recent top line prescription without any history.

emis4b

 

And the only other section to view was allergies, similarly and correctly empty:

emis5

The only error I noted was a line to say I was due an MMR immunization in June 2015. [I will follow up to check whether one of my children should be due for it, rather than me.]

What else was possible?

Order repeat prescription: If your practice offers this service there is a link called Make a request in the Repeat Prescriptions section of the home page after you have signed in. This was possible. Our practice already does it direct with the pharmacy.

Book an appointment: with your own GP from dates in a drop down.

Apple Health app integration: The most interesting part of the online access was this part that suggested it could upload a patient’s Apple health app data, and with active patient consent, that would be shared with the GP.

emis6

 

It claims: “You can consent to the following health data types being shared to Patient Access and added to your Personal Health Record (PHR):”

  • Height
  • Weight
  • BMI
  • Blood Glucose
  • Blood Pressure (Diastolic & Systolic)
  • Distance (walked per day)
  • Forced expired volume
  • Forced Vital capacity
  • Heart Rate
  • Oxygen Saturation
  • Peak Expiratory Flow
  • Respiratory rate
  • Steps (taken per day)

“This new feature is only available to users of IOS8 who are using the Apple Health app and the Patient Access app.”

 

With the important caveat for some: IOS 8.1 has removed the ability to manually enter Blood Glucose data via the Health app. Health will continue to support Blood Glucose measurements added via 3rd party apps such as MySugr and iHealth.

Patient Access will still be able to collect any data entered and we recommend entering Blood Glucose data via one of those free apps until Apple reinstate the capability within Health.

What was not possible:

To update contact details: The practice configures which details you are allowed to change. It may be their policy to restrict access to change some details only in person at the practice.

Viewing my primary care record: other than a current medication there was nothing of my current records in the online record. Things like test results were not in my online record at all, only on paper. Pulse noted sensible concerns about this area in 2013.

Make a correction: clearly the MMR jab note is wrong, but I’ll need to ask for help to remove it.

“Currently the Patient Access app only supports the addition of new information; however, we envisage quickly extending this functionality to delete information via the Patient Access service.” How this will ensure accuracy and avoid self editing I am unsure.

Questions: Who can access this data?

While the system stated that “the information is stored securely in our accredited data centre that deals solely with clinical data. ” there is no indication of where, who manages it and who may access it and why.

In 2014 it was announced that pharmacies would begin to have access to the summary care record.

“A total of 100 pharmacies across Somerset, Northampton, North Derbyshire, Sheffield and West Yorkshire will be able to view a patient’s summary care record (SCR), which contains information such as a patient’s current medications and allergies.”

Yet clearly in the Summary Care Record consent process in 2010 from my record, pharmacists were not mentioned.

Does the patient online access also use the Summary Care Record or not? If so, did I by asking for online access, just create a SCR without asking for one? Or is it a different subset of data? If they are different, which is the definitive record?

Overall:

From stories we read it could appear that there are broad discrepancies between what is possible in one area of the country from another, and between one practice and another.

Clearly to give the impression that 97% of patients can access summary records online is untrue to date if only 4.5% actually can get onto an electronic system, and see any part of their records, on demand today.

How much value is added to patients and practitioners in that 4.5% may vary enormously depending upon what functionality they have chosen to enable at different locations.

For me as a rare user of the practice, there is no obvious benefit right now. I can book appointments during the day by telephone and meds are ordered through the chemist. It contained no other information.

I don’t know what evidence base came from patients to decide that Patient Online should be a priority.

How many really want and need real time, online access to their records? Would patients not far rather the priority in these times of austerity, the cash and time and IT expertise be focused on IT in direct care and visible by their medics? So that when they visit hospital their records would be available to different departments within the hospital?

I know which I would rather have.

What would be good to see?

I’d like to get much clearer distinction between the data purposes we have of what data we share for direct and indirect purposes, and on what legal basis.

Not least because it needs to be understandable within the context of data protection legislation. There is often confusion in discussions of what consent can be implied for direct care and where to draw its limit.

The consultation launched in June 2014 is still to be published since it ended in August 2014, and it too blurred the lines between direct care and secondary purposes.  (https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data).

Secondly, if patients start to generate potentially huge quantities of data in the Apple link and upload it to GP electronic records, we need to get this approach correct from the start. Will that data be onwardly shared by GPs through care.data for example?

But first, let’s start with tighter use of language on communications. Not only for the sake of increased accuracy, but so that as a result expectations are properly set for policy makers, practitioners and patients making future decisions.

There are many impressive visions and great ideas how data are to be used for the benefit of individuals and the public good.

We need an established,  easy to understand, legal and ethical framework about our datasharing in the NHS to build on to turn benefits into an achievable reality.

The Economic Value of Data vs the Public Good? [3] The value of public voice.

Demonstrable value of public research to the public good, while abstract, is a concept quite clearly understood.

Demonstrating the economic value of data for private consumer companies like major supermarkets is even easier to understand.

What is less obvious is the harm that the commercial misuse of data can do to the public’s perception of all research for the public good.[6]

The personal cost of consumer data exploitation, whether through the loss of, or through paid-for privacy, must be limited to reduce the perceived personal cost of the public good.

By reducing the personal cost, we increase the value of the perceived public benefit of sharing and overall public good.

The public good may mean many things: benefits from public health research like understanding how disease travels, or good financial planning, derived from knowing what needs communities have and what services to provide.

By reducing the private cost to individuals of the loss of control and privacy of our data, citizens will be more willing to share.

It will create more opportunity for data to be used in the public interest, for both economic and social gain.

As I outlined in the previous linked blog posts, consent [part 1] and privacy [part 2] would be wise investments for its growth.

So how are consumer businesses and the state taking this into account?

Where is the dialogue we need to keep expectations and practices aligned in a changing environment and legal framework?

Personalisation: the economic value of data for companies

Any projects under discussion or in progress without adequate public consultation and real involvement, that ignore public voice,  risk their own success and with it the public good they should create.

The same is true for commercial projects.  For example, back to Tesco.

Whether the clubcard data management and processing [8] is directly or indirectly connected to Tesco, its customer data are important to the supermarket chain and are valuable.

Former Tesco executive, spoke about that value in a 2013 interview:

“These are slow-growing industries,” Leahy said. “The difference was in the use of data, in the way Tesco learned about its customers. And from that, everything flowed.”[9]

By knowing who, how and when citizens shop, it allows them to target the sales offering to make people buy more or differently. The so-called ‘nudge’ moving citizens in the direction the company wants.

He explained how, through the Clubcard loyalty program, the supermarket was able to transition from mass marketing to personalized marketing and that it works in other areas too:

“You can already see in some areas where customers are content to be priced as customers: risk pricing with insurance and so on.

“It makes a lot of sense in health pricing, but there will be certain social policy restriction in terms of fair access and so on.”

NHS patient data and commercial supermarket data may be coming closer in their use than we might think.

Not only closer in their similar desire to move towards personalisation [10] but for similar reasons, in the desire to use all the data to know all about people as health consumers and from that, to plan and purchase, best and cheapest…”in reducing overall cost.”

It is worth thinking about in an economy driven by ideological austerity, how reducing overall cost will be applied, by cutting services or reducing to whom services are offered.

What ‘nudge’ may be applied through NHS policies, to move citizens in the direction the drivers in government or civil service want to see?

What will push those who can afford it, into private care and out of those who the state has to spend money on, if they are prepared to spend their own, for example.

What is the data that citizens provide through schemes like care.data designed to achieve?

“Demonstrating The Actual Economic Value of Data”

Tim Kelsey, speaking at Strata in 2013 [11] talked about: “Demonstrating The Actual Economic Value of Data”. Our NHS data are valuable in both economic and social terms.

[From 12:17] “It will help put the UK on the map in terms of genomic research. The PM has already committed to the UK developing 100K gene sequences very rapidly. But those sequences on their own will have very limited value without the reference data that lies out there in the real world of the NHS, the data we’ll start making available form next June […]. The name of the programme by the way is care dot data.”

The long since delayed care.data programme plans to provide medical records for secondary use, as reference data for the 100K genomics programme. The programme has the intent to “create a lasting legacy for patients, the NHS and the UK economy.”

With consent.

When the CEO of Illumina talks about winning a US $20bn market [12] perhaps it also sounds economically appealing for the UK plc and the austerity-lean NHS. Illumina is the company which won the contract for the Genomics England project sequencing of course.

“The notion here is that it’s really a precursor to understand the health economics of why sequencing helps improve healthcare, both in quality of outcome, and in reducing overall cost. Presuming we meet the objectives of this three-year study–and it’s truly a pilot–then the program will expand substantially and sequence many more people in the U.K.” [Jay Flatley, CEO]

The idea of it being a precursor leaves me asking, to what?
“Will expand substantially” to whom?

As more and more becomes possible in science, there will be an ever greater need for understanding between how and why we should advance medicine, and how to protect human dignity. Because it becomes possible may not always mean it should be done.

Article 21 of the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the application of biology and medicine, also says:  “The human body and its parts shall not, as such, give rise to financial gain.”

How close is profit making from DNA sequencing getting to that line?

These are questions that raise ethical questions and questions of social and economic value. The social legitimacy of these programmes will depend on trust. Trust based on no surprises.

Commercial market research or real research for the public good?

Meanwhile all consenting patients can in theory now choose to access their own record [GP online].  Mr Kelsey expressed hopes in 2013 that developers would use that to help patients:

“to mash it up with other data sources to get their local retailers to tell them about their purchasing habits [16:05] so they can mash it up with their health data.”

This despite the 67% of the public concerned around health data use by commercial companies.

So what were the commercially sensitive projects discussed by NHS England and Tesco throughout 2014? It would be interesting to know whether loyalty cards and mashing up our data was part of it – or did they discuss market segmentation, personalisation and health pricing? Will we hear the ‘Transparency Tsar‘ tell NHS citizens their engagement is valued, but in reality find the public is not involved?

To do so would risk another care.data style fiasco in other fields.

Who might any plans offer most value to – the customer, the company or the country plc? Will the Goliaths focus on short term profit or fair processing and future benefits?

In the long run, ignoring public voice won’t help the UK plc or the public interest.

A balanced and sustainable research future will not centre on a consumer pay-for-privacy basis, or commercial alliances, but on a robust ethical framework for the public good.

A public good which takes profit into account for private companies and the state, but not at the expense of public feeling and ethical good practice.

A public good which we can understand in terms of social, direct and indirect economic value.

While we strive for the economic and public good in scientific and medical advances we must also champion human dignity and values.

This dialogue needs to be continued.

“The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data. We need to use data but we need to use it in ways that people have reason to accept. Use ‘in the public interest’ must respect individual privacy. The current law of data protection, with its opposed concepts of ‘privacy’ and ‘public interest’, does not do enough to recognise the dependencies or promote the synergies between these concepts.”

[M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed 1]

The public voice from care.data listening and beyond, could positively help shape the developing consensual model if given genuine adequate opportunity to do so in much needed dialogue.

As they say, every little helps.

****

Part one: The Economic Value of Data vs the Public Good? [1] Concerns and the cost of Consent

Part two: The Economic Value of Data vs the Public Good? [2] Pay-for-privacy and Defining Purposes.

Part three: The Economic Value of Data vs the Public Good? [3] The value of public voice.

****

[1] care.data listening event questions: https://jenpersson.com/pathfinder/

[2] Private Eye – on Tesco / NHS England commercial meetings https://twitter.com/medConfidential/status/593819474807148546

[3] HSCIC audit and programme for change www.hscic.gov.uk/article/4780/HSCIC-learns-lessons-of-the-past-with-immediate-programme-for-change

[4] EU data protection discussion http://www.digitalhealth.net/news/EHI/9934/eu-ministers-back-data-privacy-changes

[5] Joint statement on EU Data Protection proposals http://www.wellcome.ac.uk/stellent/groups/corporatesite/@policy_communications/documents/web_document/WTP055584.pdf

[6] Ipsos MORI research with the Royal Statistical Society into the Trust deficit with lessons for policy makers https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx

[7] AdExchanger Janaury 2015 http://adexchanger.com/data-driven-thinking/the-newest-asset-class-data/

[8] Tesco clubcard data sale https://jenpersson.com/public_data_in_private_hands/  / Computing 14.01.2015 – article by Sooraj Shah: http://www.computing.co.uk/ctg/feature/2390197/what-does-tescos-sale-of-dunnhumby-mean-for-its-data-strategy

[9] Direct Marketing 2013 http://www.dmnews.com/tesco-every-little-bit-of-customer-data-helps/article/317823/

[10] Personalisation in health data plans http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-002-Adult-Social-Care-Informatics.pdf

[11] Tim Kelsey Keynote speech at Strata November 2013 https://www.youtube.com/watch?v=s8HCbXsC4z8

[12] Forbes: Illumina CEO on the US$20bn DNA market http://www.forbes.com/sites/luketimmerman/2015/04/29/qa-with-jay-flatley-ceo-of-illumina-the-genomics-company-pursuing-a-20b-market/

Wearables: patients will ‘essentially manage their data as they wish’. What will this mean for diagnostics, treatment and research and why should we care? [#NHSWDP 3]

 

Consent to data sharing appears to be a new choice firmly available on the NHS England patient menu if patient ownership of our own records, is clearly acknowledged as ‘the operating principle legally’.

Simon Stevens, had just said in his keynote speech:

“..smartphones; […] the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond ” Simon Stevens, March 18 2015.

Tim Kelsey, Director Patients and Information, NHS England, then talked about consent in the Q&A:

“We now acknowledge the patient’s ownership of the record […] essentially, it’s always been implied, it’s still not absolutely explicit but it is the operating principle now legally for the NHS.

“So, let’s get back to consent and what it means for clinical professionals, because we are going to move to a place where people will make those decisions as they currently do with wearable devices, and other kinds of mobile, and we need to get to a point where people can plug their wearable device into their medical record, and essentially manage their data as they wish.

“It is essentially, their data.”

How this principle has been applied in the past, is being now, and how it may change matters, as it will affect many other areas.

Our personal health data is the business intelligence of the health industry’s future.

Some parts of that industry will say we don’t share enough data. Or don’t use it in the right way.  For wearables designed as medical devices, it will be vital to do so.

But before some launch into polemics on the rights and wrongs of blanket ‘data sharing’ we should be careful what types of data we mean, and for what purposes it is extracted.It matters when discussing consent and sharing.

We should be clear to separate consent to data sharing for direct treatment from consent for secondary purposes other than care (although Mr Kelsey hinted at a conflation of the two in a later comment). The promised opt-out from sharing for secondary uses is pending legal change. At least that’s what we’ve been told.

Given that patient data from hospital and range of NHS health settings today, are used for secondary purposes without consent – despite the political acknowledgement that patients have an opt out – this sounded a bold new statement, and contrasted with his past stance.

Primary care data extraction for secondary uses, in the care.data programme, was not intended to be consensual. Will it become so?

Its plan so far has an assumed opt-in model, despite professional calls from some, such as at the the BMA ARM to move to an opt-in model, and the acknowledged risk of harm that it will do to patient trust.

The NHS England Privacy Assessment said: ‘The extraction of personal confidential data from providers without consent carries the risk that patients may lose trust in the confidential nature of the health service.’

A year into the launch, Jan 2014, a national communications plan should have solved the need for fair processing, but another year on, March 2015, there is postcode lottery, pilot approach.

If in principle, datasharing is to be decided by consensual active choice,  as it “is the operating principle now legally for the NHS” then why not now, for care.data, and for all?

When will the promised choice be enacted to withhold data from secondary uses and sharing with third parties beyond the HSCIC?

“we are going to move to a place where people will make those decisions as they currently do with wearable devices” [Widening digital participation, at the King’s Fund March 2015]

So when will we see this ‘move’ and what will it mean?

Why plan to continue to extract more data under the ‘old’ assumption principle, if ownership of data is now with the individual?

And who is to make the move first – NHS patients or NHS patriarchy – if patients use wearables before the NHS is geared up to them?

Looking back or forward thinking?

Last year’s programme has become outdated not only in principle, but digital best practice if top down dictatorship is out, and the individual is now to “manage their data as they wish.”

What might happen in the next two years, in the scope of the Five Year Forward Plan or indeed by 2020?

This shift in data creation, sharing and acknowledged ownership may mean epic change for expectations and access.

It will mean that people’s choice around data sharing; from patients and healthy controls, need considered early on in research & projects. Engagement, communication and involvement will be all about trust.

For the ‘worried well’, wearables could ‘provide digital “nudges” that will empower us to live healthier and better lives‘ or perhaps not.

What understanding have we yet, of the big picture of what this may mean and where apps fit into the wider digital NHS application and beyond?

Patients right to choose

The rights to information and decision making responsibility is shifting towards the patient in other applied areas of care.

But what data will patients truly choose to apply and what to share, manipulate or delete? Who will use wearables and who will not, and how will that affect the access to and delivery of care?

What data will citizens choose to share in future and how will it affect the decision making by their clinician, the NHS as an organisation, research, public health, the state, and the individual?

Selective deletion could change a clinical history and clinician’s view.

Selective accuracy in terms of false measurements [think diabetes], or in medication, could kill people quickly.

How are apps to be regulated? Will only NHS ‘approved’ apps be licensed for use in the NHS and made available to choose from and what happens to patients’ data who use a non-approved app?

How will any of their data be accessed and applied in primary care?

Knowledge is used to make choices and inform decisions. Individuals make choices about their own lives, clinicians make decisions for and with their patients in their service provision, organisations make choices about their business model which may include where to profit.

Our personal health data is the business intelligence of the health industry’s future.

Who holds the balance of power in that future delivery model for healthcare in England, is going to be an ongoing debate of epic proportions but it will likely change in drips rather than a flood.

It has already begun. Lobbyists and companies who want access to data are apparently asking for significant changes to be made in the access to micro data held at the ONS. EU laws are changing.

The players who hold data, will hold knowledge, will hold power.

If the NHS were a monopoly board game, data intermediaries would be some of the wealthiest sites, but the value they create from publicly funded NHS data, should belong in the community chest.

If consent is to be with the individual for all purposes other than direct care, then all data sharing bodies and users had best set their expectations accordingly. Patients will need to make wise decisions, for themselves and in the public interest.

Projects for research and sharing must design trust and security into plans from the start or risk failure through lack of participants.

It’s enormously exciting.  I suspect some apps will be rather well hyped and deflate quickly if not effective. Others might be truly useful. Others may kill us.

As twitter might say, what a time to be alive.

Digital opportunities for engaging citizens as far as apps and data sharing goes, is not only not about how the NHS will engage citizens, but how citizens will engage with what NHS offering.

Consent it seems will one day be king.
Will there or won’t there be a wearables revolution?
Will we be offered or choose digital ‘wellness tools’ or medically approved apps? Will we trust them for diagnostics and treatment? Or will few become more than a fad for the worried well?
Control for the individual over their own data and choice to make their own decisions of what to store, share or deny may rule in practice, as well as theory.
That practice will need to differentiate between purposes for direct clinical care and secondary uses as it does today, and be supported and protected in legislation, protecting patient trust.
“We are going to move to a place where people will make those decisions as they currently do with wearable devices, and other kinds of mobile, and we need to get to a point where people can plug their wearable device into their medical record, and essentially manage their data as they wish.”
However as ‘choice’ was the buzzword for NHS care in recent years – conflated with increasing the use of private providers – will consent be abused to mean a shift of responsibility from the state to the individual, with caveats for how it could affect care?
With that shift in responsibility for decision making, as with personalized budgets, will we also see a shift in responsibility for payment choices from state to citizen?
Will our lifestyle choices in one area exclude choice in another?
Could app data of unhealthy purchases from the supermarket or refusal to share our health data, one day be seen as refusal of care and a reason to decline it? Mr Kelsey hinted at this last question in the meeting.
Add a population stratified by risk groups into the mix, and we have lots of legitimate questions to ask on the future vision of the NHS.
He went on to say:
“we have got some very significant challenges to explore in our minds, and we need to do, quite urgently from a legal and ethical perspective, around the advent of machine learning, and …artificial intelligence capable of handling data at a scale which we don’t currently do […] .
“I happen to be the person responsible in the NHS for the 100K genomes programme[…]. We are on the edge of a new kind of medicine, where we can also look at the interaction of all your molecules, as they bounce around your DNA. […]
“The point is, the principle is, it’s the patient’s data and they must make decisions about who uses it and what they mash it up with.”
How well that is managed will determine who citizens will choose to engage and share data with, inside and outside our future NHS.
Simon Stevens earlier at the event, had acknowledged a fundamental power shift he sees as necessary:
“This has got to be central about what the redesign of care looks like, with a fundamental power shift actually, in the way in which services are produced and co-produced.”

That could affect everyone in the NHS, with or without a wearables revolution.

These are challenges the public is not yet discussing and we’re already late to the party.

We’re all invited. What will you be wearing?

********
[Previous: part one here #NHSWDP 1  – From the event “Digital Participation and Health Literacy: Opportunities for engaging citizens” held at the King’s Fund, London, March 18, 2015]

[Previous: part two #NHSWDP 2: Smartphones: the single most important health treatment & diagnostic tool at our disposal]

********

Apple ResearchKit: http://techcrunch.com/2015/03/09/apple-introduces-researchkit-turning-iphones-into-medical-diagnostic-devices/#lZOCiR:UwOp
Digital nudges – the Tyranny of the Should by Maneesha Juneja http://maneeshjuneja.com/blog/2015/3/2/the-tyranny-of-the-should

You may use these HTML tags and attributes: <blockquote cite="">

smartphones: the single most important health treatment & diagnostic tool at our disposal [#NHSWDP 2]

After Simon Stevens big statement on smartphones at the #NHSWDP event, I’d asked what sort of assessment had the NHS done on how wearables’ data would affect research.

#digitalinclusion is clearly less about a narrow focus on apps than applied skills and online access.

But I came away wondering how apps will work in practice, affect research and our care in the NHS in the UK, and much more.

What about their practical applications and management?

NHS England announced a raft of regulated apps for mental health this week, though it’s not the first approved.  

This one doesn’t appear to have worked too well.

The question needs an answer before many more are launched: how will these be catalogued, indexed and stored ? Will it be just a simple webpage? I’m sure we can do better to make this page user friendly and intuitive.

This British NHS military mental health app is on iTunes. Will iTunes carry a complete NHS approved library and if so, where are the others?

We don’t have a robust regulation model for digital technology, it was said at a recent WHF event, and while medical apps are sold as wellness or fitness or just for fun, patients could be at risk.

In fact, I’m convinced that while medical apps are being used by consumers as medical devices, for example as tests, or tools which make recommendations, and they are not thoroughly regulated, we *are* at risk.

If Simon Stevens sees smartphones as: “going to be the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond,” then we’d best demand the tools that work on them, work safely. [speech in full]

And if his statement on their importance is true, then when will our care providers be geared up to accepting extracts of data held on a personal device into the local health record at a provider – how will interoperability, testing and security work?

And who’s paying for them? those on the library right now, have price tags. The public should be getting lots of answers to lots of questions.

“Over the coming decade”  has already started.

What about Research?: I know the Apple ResearchKit had a big reaction, and I’m sure there’s plenty of work already done on expectations of how data sharing in wearables affect research participation. (I just haven’t read it yet, but am interested to do so,  feel free to point any my way).

I was interested in the last line in this article: “ResearchKit is a valiant effort by Apple, and if its a hit with scientists, it could make mass medical research easier than ever.”

How do we define ‘easier’? Has Apple hit on a mainstream research app? How is ‘mass medical research’ in public health for example, done today and how may it change?

Will more people be able to participate in remote trials?

Will more people choose to share their well-being data and share ‘control’ phenotype data more in depth than in the past?

Are some groups under- or not-at-all represented?

How will we separate control of datasharing for direct care and for other secondary uses like research?

Quality: Will all data be good data or do we risk research projects drowning in a data tsunami of quantity not quality? Or will apps be able to target very specific trial data better than before?

How: One size will not fit all. How will data stored in wearables affect research in the UK? Will those effects differ between the UK and the US, and will app designs need different approaches due to the NHS long history and take into account single standards and be open? How will research take historical data into account if apps are all ‘now’? How will research based on that data be peer reviewed?

Where: And as we seek to close the digital divide here at home, what gulf may be opening up in the research done in public health, the hard to reach, and even between ‘the west’ and ‘developing’ countries?

In the UK will the digital postcode lottery affect care? Even with a wish for wifi in every part of the NHS estate, the digital differences are vast. Take a look at Salford – whose digital plans are worlds apart from my own Trust which has barely got rid of Lloyd George folders on trolleys.

Who: Or will in fact the divide not be by geography, but by accessibility based on wealth?  While NHS England talks about digital exclusion, you would hope they would be doing all they can to reduce it. However, the mental health apps announced just this week each have a price tag if ‘not available’ to you on the NHS.

Why: on what basis will decisions be made on who gets them prescribed and who pays for the,  where apps are to be made available for which area of diagnosis or treatment, or at all if the instructions are “to find out if it’s available in your area email xxx or call 020 xxx. Or you could ask your GP or healthcare professional.”

The highest intensity users of the NHS provision, are unlikely to be the greatest users of growing digital trends.

Rather the “worried well” would seem the ideal group who will be encouraged to stay away from professionals, self-care with self-paid support from high street pharmacies. How much could or will this measurably benefit the NHS, the individual and make lives better? As increasingly the population is risk stratified and grouped into manageable portions, will some be denied care based on data?

Or will the app providers be encouraged to promote their own products, make profits, benefit the UK plc regardless of actual cost and measurable benefits to patients?

In 2013, IMS Health reported that more than 43,000 health-related apps were available for download from the Apple iTunes app store. Of those, the IMS Institute found that only 16,275 apps are directly related to patient health and treatment, and there was much to be done to move health apps from novelty to mainstream.

Reactionary or Realistic – and where’s the Risks Assessment before NHS England launches even more approved apps?

At the same time as being exciting,  with this tempting smörgåsbord of shiny new apps comes a set of new risks which cannot responsibly be ignored. In patient safety, cyber security, and on what and who will be left out.

Given that basic data cannot in some places be shared between GP and hospital due for direct care to local lack of tech and the goal is another five years away, how real is the hype of the enormous impact of wearables going to be for the majority or at scale?

On digital participation projects: “Some of the work that has already been done by the Tinder Foundation, you take some of the examples here, with the Sikh community in  Leicester around diabetes, and parenting in other parts of the country, you can see that this is an agenda which can potentially get real quite quickly and can have quite a big impact.”
(Simon Stevens)

These statements, while each on different aspects of digital inclusion, by Simon Stevens on smartphones, and scale, and on consent by Tim Kelsey, are fundamentally bound together.

What will wearables mean for diagnostics, treatment and research in the NHS? For those who have and those who have not?

How will sharing data be managed for direct care and for other purposes?

What control will the patriarchy of the NHS reasonably expect to have over patients choice of app by any provider? Do most patients know at all, what effect their choice may have for their NHS care?

How will funding be divided into digital and non-digital, and be fair?

How will we maintain the principles and practice of a ‘free at the point of access’ digital service available to all in the NHS?

Will there really be a wearables revolution? Or has the NHS leadership just jumped on a bandwagon as yet without any direction?

****

[Next: part three  – on consent – #NHSWDP 3: Wearables: patients will ‘essentially manage their data as they wish’. What will this mean for diagnostics, treatment and research and why should we care?] 

[Previous: part one – #NHSWDP 1: Thoughts on Digital Participation and Health Literacy: Opportunities for engaging citizens in the NHS – including Simon Stevens full keynote speech]

Thoughts on Digital Participation and Health Literacy: Opportunities for engaging citizens in the NHS [#NHSWDP 1]

“..smartphones […] the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond “

That’s what Simon Stevens said at a meeting on “digital participation and health literacy: opportunities for engaging citizens” in the National Health Service this week, at the King’s Fund in London.

It seemed a passing comment, but its enormity from the Chief Executive of the commissioning body for the NHS, made me catch my breath.

Other than inspiration from the brilliance of Helen Milner, Chief Executive of the Tinder Foundation – the only speaker who touched on the importance of language around digital participation – what did I take away from the meeting?

The full text of Simon Steven’s speech is below at the end of this post, but he didn’t elaborate further on this comment.

Where to start?

The first thing I took away to think about, was the impact of the statement. 

“the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond “

So I thought about that more in a separate post, part two.

The second, was on consent.

This tied into the statement by Tim Kelsey, Director of Patients and Information at NHS England. It seems that the era when consent will be king is fast approaching, and I thought about this more in part three.

The third key learning I had of the day, which almost everyone I met voiced to me was, that the “best bit of these events is the learnings outside the sessions, from each other. From other people you meet.”

That included Roger who we met via video. And GP Dr Ollie Hart. All the tweeps I’ve now met in real life, and as Roz said, didn’t disappoint. People with experience and expertise in their fields. All motivated to make things better and make things work, around digital, for people.

Really important when thinking about ‘digital’ it doesn’t necessarily mean remote or reduce the people-time involved.

Change happens through people. Not necessarily seen as ‘clients’ or ‘consumers’ or even ‘customers’. How human interaction is supported by or may be replaced by digital contact fascinates me.

My fourth learning? was about how to think about data collection and use in a personalised digital world.

Something which will be useful in my new lay role on the ADRN approvals panel (which I’m delighted to take on and pretty excited about).

Data collection is undergoing a slow but long term sea change, in content, access, expectations, security & use.

Where, for who, and from whom data is collected varies enormously. It’s going to vary even more in future if some will have free access to apps, to wifi, and others be digitally excluded.

For now, the overall effect is perhaps only ripples on the surface (like interruptions to long-term research projects due to HSCIC data stops after care.data outcry) but research direction, and currents of thought may shift fundamentally if how we collect data changes radically for even small pockets of society, or the ‘worried well’.

My fifth learning, was less a learning and more the triggering of lots of questions on wearables about which I want to learn more.

#digitalinclusion is clearly less about a narrow focus on apps than applied skills and online access.

But I came away wondering how apps will affect research and the NHS in the UK, and much more.

[Next: part two #NHSWDP 2: Smartphones: the single most important health treatment & diagnostic tool at our disposal – on wearables]

[And: part three #NHSWDP 3: Wearables & Consent: patients will ‘essentially manage their data as they wish’. What will this mean for diagnostics, treatment and research and why should we care?]

*****

Full text of the speech given by Simon Stevens, Keynote speaker:

“The reality is we all can see that we’ve got to change […] as part of that we have got to have more integrated services, between primary and specialist services, between physical and mental health services, and between health and social care services.

“And the guiding principle of that integration has got to be care that is personal, and coordinated around individuals, with leadership of communities and patient groups.

“There is no way that can happen without a strong, technological underpinning using the information revolution which is sweeping just about every other part of the economy.

“We are not unusual in this country in having a health sector which has been a little slower, in some respects, than many other parts of national life to take full advantage of that.

“We are not unusual, because that is the experience of health services in every industrialised country.

“We obviously have a huge opportunity, and have a comparative advantage in the way that the NHS is organised, to put that right.

“We know that 8 out of 10 adults are now online, we know that two thirds of people in this country have got smartphones which is going to be the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond.

“But we know we have got 6.4m people who are not.

“And so when you of course then get serious about who are those six and a half million people, many of them are our highest users of services with the greatest needs.

“So this is not an optional extra. This has got to be central about what the redesign of care looks like, with a fundamental power shift actually, in the way in which services are produced and co-produced.

“This agenda goes to the heart of what we’ve got to get right, not just on inequalities but around co-production of services and the welcome steps that have been taken by the organisations involved, I think that the point is obviously we have now got to scale this in a much more fundamental fashion, but when you look at the impact of what has already been achieved, and some of the work that has already been done by the Tinder Foundation, you take some of the examples here, with the Sikh community in  Leicester around diabetes, and parenting in other parts of the country, you can see that this is an agenda which can potentially get real quite quickly and can have quite a big impact.

“The early evaluation anyway indicates that about half of people involved say they are leading healthier lives on the back of it, 48% in healthy eating, a third do more physical activity, 72% say they have saved money or time.

“Given that we are often talking about resource poor, time poor communities, that is hugely impactful as well.

“So my role here today, I think is simply to underline the weight that we place on this, as NHS England nationally, to thank all of you for the engagement that you have been having with us, and to learn from the discussion we are about to have as what you see where you see key priorities and what you need from us.”

[March 18, 2015 at the event “Digital Participation and Health Literacy: Opportunities for engaging citizens” held at the King’s Fund, London]

 

The future of care.data in recent discussions

Questions were raised at two health events this week, on the status of the care.data programme.

The most recent NHS England announcement about the care.data rollout progress, was made in October 2014.

What’s the current status of Public Information?

The IIGOP review in December 2014 [1], set 27 criteria for the programme to address.

The public has not yet seen a response, but according to the GPES minutes one was made at the end of January.

Will it be released in the public domain?

An updated privacy impact assessment “was approved by the care.data programme board and will be published in February 2015.” It has not yet been made public.

Limited and redacted programme board materials were released and the public awaits to see if a business case or more will be released in the public interest.

Risks and issues have been redacted or not released at all, such as the risk register.

There is no business case in place, confirmed page 6 of the October 2014 board minutes – I find that astonishing.

It is hard to know if more material will be made public as recommended in their own transparency agenda.

What is the current state of open questions?

Professionals and public are still interested in the current plan, and discussions this week at the Roy Lilley chat with Dr. Sarah Wollaston MP, again raised some open questions.

1. What happened to penalties for misuse and ‘one strike and out’ ?

Promised  in Parliament by Dr. Dan Poulter,  Parliamentary Under Secretary of State at the Department of Health, a year ago – questions on penalties are still being asked and  without a clear public answer of all that has changed since then and what remains to be done:

care.data penalties are unclear

Poulter on care.data penalties

[Hansard, March 25 2014 ] [2]

Some changes are being worked on [written evidence to HSC]*[7] planned for autumn 2015 – but does it clarify what has happened concretely to date and how it will protect patients in the pathfinder?

“The department is working to table these regulations in Parliament in 2015, to come into force in the autumn.”

Did this happen? Are the penalties proportionate for big multi-nationals, or will other safeguards be introduced, such as making misuse a criminal offence, as suggested?

2. What about promises made on opt out?

One year on the public still has no fair processing of personal data released by existing health providers. It was extracted in the past twenty-five years, the use of which by third parties was not public knowledge. (Data from hospital visits (HES), mental health, maternity data etc).

The opt out of all data sharing from secondary care such as A&E, stored at the HSCIC, was promised by Jeremy Hunt, Secretary of State for Health, a year ago, on February 25th 2014.

It has still not come into effect and been communicated:

Jeremy Hunt on care.data opt out

[Hansard February 25 2014, col 148] [3]

Jeremy Hunt MP

 

In fact the latest news reported in the media was that opt out ‘type 2’ was not working, as expected. [4]

Many in the public have not been informed at all that they can request opt out, as the last public communication attempt failed to reach all households, yet their data continues to be released.

3. What about clarifying the purposes of the Programme?

The public remains unclear about the purpose of the whole programme and data sharing, noted at the Roy Lilley event:

A business case, and a risk benefit analysis would improve this.

Flimsy assurances based on how data may be used in the initial extraction will not be enough to assure the public how their data will be used in future and by whom, not just the next six months or so.

Once released, data is not deleted, so a digital health footprint is not just released for care.data, it is given up for life. How much patients trust the anonymous, pseudonymous, and what is ‘de-identified’ data depends on the individual, but in a world where state-held data matching form multiple sources is becoming the norm, many in the public are skeptical.[5]

The controls over future use and assurances that are ‘rock solid’, will only be trustworthy if what was promised, happens.

To date, that is not the case or has not been communicated.

What actions have been taken recently?

Instead of protecting the body, which in my opinion has over the last two years achieved external scrutiny of care.data and ensuring promises made were kept, the independent assurance committee, the IAG, is to be scrapped.

The data extraction and data release functions are to be separated.

This could give the impression that data is no longer to be extracted only when needed for a specific purpose, but lends weight to the impression that all data is to be “sucked up” and purposes defined later. If care.data is purposed to replace SUS, it would not be a surprise.

It would however contravene fair processing data protection which requires the purposes of use to be generally clear before extraction.  Should use change, it must be fair. [For example, to have had consent for data sharing for direct care, but then use the data for secondary uses by third parties,  is such a significant change, one can question whether that falls under ‘fair’ looking at ICOs examples.]

So, what now, I asked Dr. Poulter after the Guardian healthcare debate on Tuesday evening this week on giving opt out legal weight?
(I would have asked during the main session, but there was not enough time for all questions).

care.data opt out open question

 

He was not able to give any concrete commitment to the opt out for HES data, or care.data, and simply did not give any answer at all.

What will happen next? Will the pathfinders be going live before the election in May? I asked.

Without any precise commitment, he said that everything was now dependent on Dame Fiona’s IIGOP response to the proposals [made by NHS England].

cd_metw2 Dan Poulter MP

 

What has happened to Transparency?

The public has not been given access to see what the NHS England response to the IIGOP/ Caldicott December review was.

The public has no visibility of what the risks are, as seen by the programme board.

The public is still unclear on what the expected benefits are, to measure those risks against.

And without a business case, the public does not know how much it is costing.

Without these, the public cannot see how the care.data board and DH is effectively planning, measuring progress, and spending public money, or how they will be accountable for its outcomes.

The sad thing about this, is that transparency and “intelligent grown up debate” as Sir Manning called for last year, would move this programme positively ahead.

Instead it seems secretive, which is not building trust.  The deficit of that trust is widely recognised and still needs solidly rebuilt.

Little seems to have been done since last year to make it so.

“Hetan Shah, executive director of the Royal Statistical Society said, ‘Our research shows a “data trust deficit”. In this data-rich world, companies and government have to earn citizens’ trust in how they manage and use data – and those that get it wrong will pay the price.” [Royal Statistical Society, 22 July 2014][6]

Shame.

Care.data is after all, meant to be for the public good.

care.data purposes are unclear
It would be in the public interest to get answers to these questions from recent events.

 

refs:

1. IIGOP care.data report December 2014 https://www.gov.uk/government/publications/iigop-report-on-caredata

2. Hansard March 25th 2014: http://www.publications.parliament.uk/pa/cm201314/cmhansrd/cm140325/halltext/140325h0002.htm

3. Hansard February 25th 2014: http://www.publications.parliament.uk/pa/cm201314/cmhansrd/cm140225/debtext/140225-0001.htm

4. NHS England statement on Type 2 opt out http://www.england.nhs.uk/2015/01/23/data-opt-out/

5. Ipsos MORI June 2014 survey: https://www.ipsos-mori.com/researchpublications/researcharchive/3407/Privacy-and-personal-data.aspx

6. Royal Statistical Society on the ‘trust deficit’ http://www.statslife.org.uk/news/1672-new-rss-research-finds-data-trust-deficit-with-lessons-for-policymakers

7. *additional note made, Sun 15th incl. reference HSC Letter from HSCIC

care.data – one of our business cases is missing

“The government takes the view that transparency is vital to healthy public services. It has created a new Statistics Commission to improve the quality of information collected (and to end arguments about “fiddling” figures).” [Tim Kelsey, New Statesman, 2001] [1]

In a time of continuing cuts to budgets across the public sector the members of the public have every right and good sense to question, how is public money spent and what is its justification.[#NHS2billion]

For the flagship data extraction care.data programme, it is therefore all the more surprising, that for the short and long term there is [2]:

a) no public proof of how much the programme is costing,
b) little around measurable tangible and intangible benefits,
c) or how the risks have been evaluated.

The Woolly Mammoth in the Room

The care.data programme has been running under its ‘toxic’ [3] brand in a similar form now, for two years.

When asked directly on costs at the Health Select Committee last month, the answer was, at best, woolly.

“Q655   Rosie Cooper: While I appreciate that, can you give us any rough figures? What would a CCG be contributing to this?

Tim Kelsey: I cannot answer that question, but we will very rapidly come back to you with the CCGs’ own estimates of the costs of the programme and how much of that cost is being met by the programme.” [Hansard January 2015][4]

The department appears very unwilling to make public and transparent its plans, risks and costs. I’ve been asking for them since October 2014, in a freedom of information request. [5]

They are still not open. Very much longer will look decidedly shady.

A few limited and heavily redacted parts were released [2] in poor quality .pdf files in Jan 2015, and don’t meet my request as there’s nothing from April-October 2014, and many missing files:

Transparent?

As I followed the minutes and materials released over the last 18 months this was a monstrous gap [7], so I have asked for it before.[8]

I had imagined there was reticence in making it public.
I had imagined, the numbers may be vague.
I hadn’t imagined it just didn’t exist at all.

For the programme whose watchword is transparency, this is more than a little surprising.  A plan had to be drafted to drive transparency, after the FOI was received [which I believe fails section 22 refusal criteria, as the decision to publish was made after the FOI]

– here’s the plan [9] – where are the outcomes?nessie

Is the claim that without care.data the NHS will fail, [10] no more than a myth?

 

Why does the business case and cost/risk analysis matter? What is the future of our data ownership?

 

Because history has a habit of repeating itself and there is a terrible track record in NHS IT which the public cannot afford [22] to allow to repeat, ever again.

The mentality that these unaccountable monster programmes are allowed to grow unchecked, must die out.

Of the NPfIT, Mr Bacon MP said: “This saga is one of the worst and most expensive contracting fiascos in the history of the public sector.”

Last autumn, a new case history [23] examined its rollout, including why local IT systems fail to deliver patient joined up digital records.

Yet, even today, as we hear that IT is critical to the digital delivery of NHS care and we must all be able to access our own health records, we read that tech funds are being cut.

Where is common sense and cohesion of their business planning?

These Big Data programmes do not stand alone, but interact with all sorts of other programmes, policies, and ideas on what will be done and what is possible in future for long term data purposes.

The public is not privvy to that to be able to scrutinise , criticise and positively contribute to plans. That seems short-sighted.

And what of previous data-based ventures? Take as a case study the Dr. Foster IC Joint Venture [NAO, February 2007] [24]

“The Information Centre spent £2.5 million on legal and consultancy advice in developing the joint venture, and setting up the Information Centre. The Information Centre contends that £855,000 of the money paid to KPMG was associated with costs for setting up the Information Centre which included business planning.

However, they could not provide an explicit breakdown of these costs […] We therefore calculate that the total cost to the taxpayer of a 50 per cent share is between £15.4 million and £16.3 million.”

“The Information Centre paid £12 million in cash for a 50 per cent share of the joint venture (see Figure 2 overleaf).

The UK plc made a sizeable investment here. The UK state invested UK taxes in this firm – so what’s the current business case for using data? How transparent are our current state assets and risks?

Being a shareholder in one half, it is fair to ask who are we now sharing the investment risk with or was this part sold soon after?[25] Was that investment a long-term one, or always meant to be so short term and are there any implications for the future of HSCIC?

In 2011 this report [26] another investment group, Bamboo holdings [related to other investor companies], wanted but did not succeed in selling its Dr. Foster stock at an acceptable price, said the portfolio introduction due in their words, to ‘poor performance’.  [Annual investor review from 2013 [p.5]

So what risks does the market see as a whole which are not made available to the public which affect how data is used and shared?

What of the other parts of Dr. Foster Research and so on, we, the state, went on to buy or sell later? It appears complex.

Is the commercial benefit to be made for private companies, seen as part of the big picture benefit to the UK plc or where does state investment and expectation for economic growth fit in?

What assessment has been made of the app market in the NHS and how patient data is expected in future to be held by the individual, released by personal choice to providers through phones?

Is a state infrastructure being built which in the surprisingly short term, may see few healthy people who store their data in it or will we see bias to exclude those with the money and technology to opt out who prefer to keep their health data in a handheld device?

What is the government plan for the future of the HSCIC and our data it manages? The provider Northgate was just bought by European private equity firm Cinven, which now manages a huge swathe of UK’s data [32] and HSCIC brought others in-house. [33]

“Its software and services are used by over 400 UK local authorities, all UK police forces, social housing providers in the UK and internationally, and NHS hospitals. Its IT projects support the sharing of information for criminal intelligence and investigations across UK police forces and the management of health screening records in the UK and in Ireland.”

All the easier to manage – or to manage to sell off?

Is the business plan future-proofed to survive the new age of health data management?

One of the problems with business cases for programmes which drag on and get swamped down in delays, is they become obsolete.

The one year mark has now passed in the announced care.data pause, announced on February 18th 2014.

The letter from Mr.Kelsey on April 14th 2014, said they would use the six months to listen and act on the view of patients, public, GPs and stakeholders.

Many of the open questions remain without any reply at all, never mind public answers to solutions to open issues.

The spine proposal by medConfidential [30] is one of the best and clearest proposals I have found with practical solutions to the failed opt out 9Nu4 for example.

Will these be addressed, or will NHS England answer the Data Guardian report and 27 questions [31] from December?

Is care.data arthritic or going quietly extinct? The last public information made available, is that it is rolling on in the background towards the pathfinders.

“By when will NHS England commit to respect the 700,000 objections to secondary data sharing already logged but not enacted?” [updated ref June 6th 2015]

How is the business plan kept up to date as the market moves on?

Is Big Data in the NHS too big to survive or has the programme learned to adapt and changed?

As Peter Mills asked a year ago, “Is the Government going to take this, as a live issue, into the next general election? Or will it (like the National Programme for IT) continue piecemeal, albeit without the toxic ‘care.data’ banner? “

The care.data programme board transparency agenda in Nov 2014 : “The care.data programme has yet to routinely publish agendas, minutes, highlight reports and finalised papers which arise from the care.data Programme Board.

“This may lead to external stakeholders and members of the public having a lack of confidence in the transparency of the programme.”

We all recognise the problem, but where’s the solution?

Where’s the cost, benefit and risk analysis?

Dear NHS England. One of your business cases is missing.
Why has the public not seen it?
Why are you making it hard to hunt down?
Why has transparency been gagged?

Like Dippy, the care.data business case belongs in the public domain, not hidden in a back room.

Like the NHS, the care.data full risk & planning files belong to us all.

Or is the truth that, like Nessie, despite wild claims, they may not actually exist?

***

more detail:

[1] New Statesman article, Tim Kelsey, 2001

[2]http://www.england.nhs.uk/ourwork/tsd/care-data/prog-board/ care.data programme board webpage

[3] http://www.infosecurity-magazine.com/news/nhs-caredata-pr-fiasco-continues/

[4] http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/17740.html

[5] https://www.whatdotheyknow.com/request/caredata_programme_board_minutes?nocache=incoming-621173#incoming-621173

[6] http://www.england.nhs.uk/wp-content/uploads/2015/02/cd-prog-brd-highlt-rep-15-12-14.pdf

[7] http://www.telegraph.co.uk/news/science/science-news/11377168/Natural-History-Museums-star-Dippy-the-dinosaur-to-retire.html

[8] https://jenpersson.com/care-data-postings-summary/

[9] http://www.england.nhs.uk/wp-content/uploads/2015/02/propsl-transpncy-pub-cd-papers.pdf

[10] http://www.computerweekly.com/news/2240215074/NHS-England-admits-failure-to-explain-benefits-of-caredata

[11] http://nuffieldbioethics.org/blog/2014/care-data-whats-in-a-dot-and-whats/

[12] http://www.theinformationdaily.com/2014/03/26/business-scents-boom-in-personal-information-economy

[13] http://www.hscic.gov.uk/article/3887/HSCIC-publishes-strategy-for-2013-2015

[14] https://jenpersson.com/flagship-care-data-2-commercial-practice/

[15] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[16] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[17] http://www.legislation.gov.uk/ukpga/2014/23/pdfs/ukpga_20140023_en.pdf

[18] https://jenpersson.com/hear-evil-evil-speak-evil/

[19] https://www.whatdotheyknow.com/request/nhs_patient_data_sharing_with_us

[20] http://www.hscic.gov.uk/hesdatadictionary

[21] http://www.bbc.co.uk/news/uk-politics-24130684

[22]  http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[23] http://www.cl.cam.ac.uk/~rja14/Papers/npfit-mpp-2014-case-history.pdf

[24] http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[25] http://www.healthpolicyinsight.com/?q=node/688

[26]http://www.albion-ventures.co.uk/ourfunds/pdf%20bamboo/Bamboo%20IOM%20signed%20interims%2030611.pdf

[27] http://www.v3.co.uk/v3-uk/news/2370877/nhs-needs-patients-digital-data-to-survive-warns-health-chief

[28 ]http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[29 ] http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[30] https://medconfidential.org/wp-content/uploads/2015/01/2015-01-29-A-short-proposal.pdf

[31] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[32] http://www.privateequitywire.co.uk/2014/12/23/215235/cinven-acquire-northgate-public-services

[33] http://www.ehi.co.uk/news/EHI/9886/hscic-starts-sus-and-care-id-transfer

 

care.data related December news you may have missed in the holiday

January looks like it’s going to be a busy NHS news month and December set out a very information rich programme.

Do you need a catch up from the holidays time? I know I could do with going back to September really, I blinked and missed the last quarter. But lots of news came in at the end of year, in typical holiday time, which is relevant to care.data, health data sharing and its backdrop:

[1] December 18th:  The Independent Information Governance Oversight Panel report raises questions about the preparation for a pilot stage of the care.data programme.

A very thorough and  most significant report. I considered this is more detail here.

[2] December 22nd: The Primary Care Support (PCS) Services procurement. Launched in November 2014 interested suppliers were asked to respond to a Pre-Qualification Questionnaire (PQQ).

“Members of our Stakeholder Group, staff from the PCS Service and experts in the procurement team have been evaluating the responses received from the PQQ. We have now produced a short list of suppliers to invite to the next stage of the procurement. We will be announcing the shortlisted suppliers in January 2015.”

How will this affect primary care records’ management and is that unknown being factored into current decision making?

[3] December 28th The Guardian reported the delayed Rose Report would be out in January and say the NHS is hampered by poor management structure.

[4] December 30th Poulter announces DWP prescription check “The government is planning to give High Street pharmacists access to Department of Work and Pensions IT systems to check whether patients in England are entitled to free prescriptions.”

This raises a raft of questions on data protection with implications for patient confidentiality, expected purposes, informed consent and data linkage.

[5] December: a New HSCIC Code of Confidentiality

A longer read and leaves not everyone content it addresses all the needed questions. Opt outs and technical solutions on anonymisation remain two areas of undefined detail relevant for care.data.

[6] January 2nd: IIGOP annual report How health and social care organisations are implementing recommendations about sharing information.

This is a key publication on data sharing as a whole [not only care.data] – snuck in on one of the quietest days of the year perhaps? Some points of particular mention are those which set expectations for legislation change:

“During a debate in the House of Lords in May 2014, in the face of criticism of the care.data programme, the Government said it was sympathetic to calls for IIGOP to be placed on a statutory footing.”

One can only expect then it is a question of when, not if, the IIGOP role will become enshrined in law. Before the next major data sharing step for care.data, the planned pathfinders perhaps?

The second piece of law needing defined and actioned goes back almost a year to February 2014 and Mr. Hunt’s promise of a statutory opt out, which would seem fundamental to any next step step and pilots.

On opt out IIGOP said:

“It is the view of IIGOP that progress at a nationwide level in achieving appropriate sharing of information for direct care will not be satisfactory until core building blocks are in place, including agreement on terminology, clarity on consent and consistency of arrangements for objection and “opt out.”

That opt out refers to all medical data sharing, not only that for care.data, which comes in for criticism but notes some positive side effects:

“The unintended consequence of care.data was a positive cycle of change.”

Most positively, the report notes the changed attitude to public awareness and expectations around personal data management:

“Over the past year, the subject of information governance has moved from the backwaters of organisational management into the mainstream of public discussion. Debate about when it is right to share people’s care data is no longer restricted to policymakers, technical experts and medical ethicists.”

[7] January 5th: The Health and Social Care Information Centre will launch a secure data lab for viewing sensitive patient data in March, allowing it to support the pathfinder stage of NHS England’s controversial care.data programme.

What about opt out – technical feasibility and the Ministers promises to put it into legislation, still not done yet?

[8] Public health commissioning in the NHS 2015 to 2016 plan

Everything connected to everything in the market matters in the bigger picture. See [2], [4] and consider commercial data uses.

[9] Predictions from professionals for 2015 via EHI Insider: A clear direction for NHS IT was set in 2014; but could be disrupted by the general election due on 7 May, according to experts asked for their predictions for healthcare IT in 2015.

So, this quarter is getting off to an information-rich start with the December releases of reports and news having laid an interesting foundation for the coming quarter. And election purdah at the end of March…

[10] My own care.data wish list – no more surprises please  – what will care.data plans hold for 2015?

 

****

References:

[1] IIGOP care.data report https://www.gov.uk/government/publications/iigop-report-on-caredata

[2] Primary Care support services outsourcing / transformation http://www.england.nhs.uk/commissioning/wp-content/uploads/sites/12/2014/12/Final_Stakeholder_Update_December_2014-.pdf

[3] The Rose Report http://www.theguardian.com/society/2014/dec/28/nhs-management-system-complex-rose-report

[4] www.ehi.co.uk/news/EHI/9813/poulter-announces-dwp-prescription-check

[5] HSCIC code of confidentiality http://systems.hscic.gov.uk/infogov/codes/cop/code.pdf

[6] IIGOP Annual Report: https://www.gov.uk/government/publications/iigop-annual-report-2014

[7] HSCIC secure data lab news: http://www.ehi.co.uk/news/primary-care/9815/hscic-data-lab-to-launch-in-march

[8] Commissioning plans: https://www.gov.uk/government/publications/public-health-commissioning-in-the-nhs-2015-to-2016

[9] 2015 Predictions: http://www.ehi.co.uk/news/primary-care/9800/coming-up-in-2015

[10] My own wish list fior care.data in 2015:  https://jenpersson.com/care-data-2015-list/

Oh, and my New Year’s Resolution, I’m cutting my posts in half. Nothing over 1000 words.

A care.data Christmas carol

“Marley was dead: to begin with. There is no doubt whatever about that.” [A Christmas Carol, Charles Dickens, 1843]

“Is care.data dead?” I was asked after our children’s nativity today, “what happened to that GP record sharing project?”  The local priest, you may think of all people, wondered what had become of the news stories we had discussed at Easter.

Not dead, I assured him, though it was suggested recently that the Caldicott led Independent Information Governance Oversight Panel (IIGOP) report [1], would be the final nail in the coffin of the past approach [2], and would spell doom ahead in any care.data future were the programme not to follow its recommendations.

I told him the story of the care.data year.

So, are you sitting comfortably? For Christmas is a time of storytelling. At its heart, the story of a birth, which has been handed down through generations.

But here, I borrow from the most famous of all English Christmas stories, a Christmas Carol, by Charles Dickens from 1843. Let us begin.

“Come in!” exclaimed the Ghost. “Come in! and know me better, man!”

The ghost of care.data past rattled its chains and brought no joy in 2014, haunting the current programme with news of past data sharing practices.  At the start of the year, much was made of the 25 years of past use of our health records with third parties about which the public had never been told nor asked for permission, we were told there had never been breaches [3], and there was surprise expressed by NHS England leadership at why care.data, the plan to extract GP records now in addition, should have struck such a nerve in the public. Then they actually ran an audit that told the full story.

Various reports have since tried to vanquish those ghosts which have haunted the rollout of care.data in the past year. Sir Nick Partridge in May led the Review of Data Releases by the NHS IC which looked back at health data sharing of the existing HSCIC held data, and in November, he examined the progress up to the present.[4]  The extent of third party releases including actuarial firms, organisations in the US and China, and commercial re-use was a complete surprise to the public and, his report appeared to suggest to many like him in management as well.

The IIGOP Report published last week on the care.data Programme Board looks to the future. It sets out a thorough set of specific recommendations, questions and tests to meet before it could be reasonable to proceed to a data extraction in the care.data pilot.

The first independent report on care.data, prepared and released under the oversight of the new Data Guardian, Dame Fiona Caldicott, it also captures many sensible and practical questions raised by patients at events all year.

In some ways, whilst sad to see what so many have said was needed has only come to be addressed by an independent body rather than NHS England, recognising the current weaknesses can only be seen as positive to bring about changes. It may have a hope of restoring public and professional trust.

What next steps will come from this for a care.data relaunch by NHS England, and when in future, remain to be seen. [Updates may be here, or here or sometimes here].

Perhaps if the current course of actions is averted, we may not ‘see a vacant seat’ if it all falls apart in 2015 after all.

The CCGs have been given a huge responsibility which is not of their making, if NHS England continues to pilot under CCG-steered rollouts.[5]

One would hope that given the right amount of time needed to manage this change process, and  with the right supporting skills and tools for the practicalities, the care.data programme will take a changed form in the year ahead. It may yet be saved.

But it does seem often that timing is of the essence, and we move from one artificial deadline to the next. The public and GPs wait without the security and confidence of a realistic schedule.  Waiting we wonder if we will reach the next chime due, or the next ghost to haunt the programme will arrive and cause new fright.

It’s no cure all, but it appears the IIGOP has given the programme the gift of one last wonderful opportunity to get this right. It’s requirements are sizeable and will take time to execute sensibly. The report illuminates a future path for progress and shows what must be altered today, to avoid the future it predicts otherwise.

The outcome of care.data rests in the hands of the DH and NHS England. Dependent on the public and professions seeing change.

As Scrooge learns:

“But if the courses be departed from, the ends will change.” [A Christmas Carol, Charles Dickens, 1843]

Ignore the wisdom of the ghosts at your peril. For a changed future outcome,  the actions of the present must change first.

So, humour me awhile, and let’s consider some of the bigger themes in the care.data Christmas carol that CCGs may wish to consider as it deals with preparing for pathfinder pilots…

Chapter 1. “This boy is Ignorance. This girl is Want. Beware them both, and all of their degree, but most of all beware this boy, for on his brow I see that written which is Doom, unless the writing be erased…” [A Christmas Carol, Charles Dickens, 1843]”

What information is getting through from listening events? [6]

There should be no excuse for poverty in the world today, and whilst in my bigger picture wish list, to deal with want would come first, in my care.data Christmas carol list, it is ignorance which cannot be tolerated.

There is no excuse for ignorance, for lack of information, or wondering what questions needed answers to date at the care.data programme board of NHS England.

“How do we explain care.data vs SCR”, “Can you tell me exactly who will access my data?”, “If future purposes change and I want the opportunity to withdraw & opt out, how will I get told?”

The IIGOP report states clearly the current gaps in knowledge and what must be done to fill them, for various parties.

Together with two other major reports this year on health data sharing and care.data: Partridge, and the November 2014 APPG report [7], professional bodies have provided plenty of information and asked plenty of questions which no one now can ignore.

Misplaced statements that there have been no breaches do nothing for public confidence, when later reports show that is ignorant or inaccurate. Big Brother Watch published its report into NHS Data Breaches in November. It found that data security is an ongoing problem, and that over the last four years patient confidentiality had been breached at least 7,255 times.[8]

Facts and answers now need to address the IIGOP report in depth, and meet patients’ past questions, to lay to rest some of the issues which have haunted the programme in the press; unexpected commercial uses, and re-use of data through commercial data licenses, for example.

Adequate time must be given to the CCGs, GPs and patients to be fully informed of the programme and the choice(s) on offer. This is not an IT rollout, but a series of process changes, which need human understanding and acceptance. “What’s in it for me?” versus “What risks may harm me?” need thinking time to be fairly presented and the patient choice collected.

To avoid potential doom whether it be significant opt out or failure to meet fair processing leaving GPs at risk [9], to adequately communicate through effective education, will take effort.

Chapter 2. “Every one of them wore chains like Marley’s Ghost; some few (they might be guilty governments) were linked together; none were free.” [A Christmas Carol, Charles Dickens, 1843]

Understand the links of who, why and what, of data sharing: 

The decision making, the process steps, how patients are told of changes in the programme today and will be in future, how the public perceives their data is exploited, are all linked together by very simply: who stores and uses the data, and for what purposes.

For the programme, it would be wise to understand the importance of the interaction of these parts of the process. Linked appropriately together, and working well, trust will keep the system together.  It fails, and no matter how good the technology is, without trust, the system will fail to deliver its expectations. If too many may opt out, or opt out disproportionately in certain population segments it would harm data quality.

When at the HSCIC data sharing discussion in July it was clear some data recipients were yet to grasp this interdependency, and the effect their attitudes to data use have on each other.

If one [class of] data recipient in future receives or uses data inappropriately, it will harm public faith in all users.

For patients, to have true transparency I believe care.data should be explaining exactly how the data linkage system [10] works, and all the other silos of data it already holds. The personal demographics service, stores a whole set of personal data of which the public maybe unaware, and yet may find used to link data collected from all sorts of parts of health and social care. If NHS data sharing is to be explained, do it all. To avoid doing this, will merely store up a future risk of yet more surprises for patients and damage trust further.

Chapter 3: “I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you. [A Christmas Carol, Charles Dickens, 1843]

Commercial use of data will be detrimental to public confidence.

By looking ahead to see what the ghost of care.data future might bring, the forecast doom of the present course, may yet be avoided.

As patients told NHS England at the Open House event [11], we’re fed up with commercial data mining, and the same was reflected by a representative group of citizens in various polls this year.[12]

How is the non-NHS data world changing? What of the upcoming EU data legislation?  How does commercial data industry itself perceive legislation in the UK?

In the 2013 Experian keynote address the Nectar Head of Customer Marketing noted, “legislation has not kept up to speed with where we are going’ [16:57] [13]

Perhaps it is opportune to reflect on one of the oldest Biblical themes at Christmas, choose which master you serve.

Back at NHS England and the IC, discussions in April 2013 seek to ‘create a vibrant market of data intermediaries , for example.

Which purposes should this serve? The health of the nation, or the wealth of the nation? Can one justly serve both equally?

“You fear the world too much,” she answered, gently. “All your other hopes have merged into the hope of being beyond the chance of its sordid reproach. I have seen your nobler aspirations fall off one by one, until the master-passion, Gain, engrosses you.” [A Christmas Carol, Charles Dickens, 1843]

It would appear to patients that by  mixing commercial purposes in with legitimate health, and health research purposes,  the data commissioning system has created its own downfall.[14]

The purposes whilst amended in the Care Act 2014, are so broad as to leave too much commercial use open under ‘purposes of health’. How would that rule out pharmaceutical marketing for example?

For many patients, use outside their own healthcare and its provision and planning is a real hot chestnut.

If patients are in disagreement over commercial uses for example, they have no choice but to opt out of research uses as well. This multi-option choice, or the removal of commercial use needs addressed.

If research wants more data, we would do well to define and restrict commercial use in legislation, much more specifically.

Chapter 4 : “You wish to be anonymous?” [a Christmas Carol, 1843]

There has been much disagreement and misunderstanding of how data will be used, anonymous or what non-identifiable really means.

Media reporting at the start of the year frequently focused on the collection of care.data as ‘anonymous data.’  Bah, humbug! that is factually incorrect.

CCGs need to make sure that their own staff understanding is correct, as well as passing on information if they are to be intermediaries on behalf of NHS England. At CCG meetings I attended, many staff confused care.data with direct care/SCR.

The default position if patients do nothing is the sharing of date of birth, full postcode, gender and ethnicity, and the NHS number is a unique identifier. Plus all the other codes and conditions.

It is still unclear how the data which has already been extracted without consent or fair processing, can be controlled by patients who may not wish to share identifiable data from their hospital visits, mental or community health.

bbc_notdentifiable

If patients can’t control data already held at HSCIC, why will they want to share more additional data, from primary care?

Learning from looking back on 2014

My own looking back on my care.data journey in 2014 is here.

medConfidential has a rather good summary of the year here. [15]

“Spirit,” said Scrooge submissively, “conduct me where you will. I went forth last night on compulsion, and I learnt a lesson which is working now. To-night, if you have aught to teach me, let me profit by it.” [A Christmas Carol, Charles Dickens, 1843]

From past lessons learned in 2014, one would hope the future rollout will profit from them and take the time, and use the tools it needs, to get to a brighter future.

Looking ahead: news for 2015 came at the end of the year.

Sir Partridge in the Telegraph, November 27 he said:

“We must make sure there are no surprises for the public about how their information is being used, that they have a choice in this and that we are honest about the balance of risk. Every single one of us has a part to play in making sure we get this right…

“The HSCIC is still improving its practices. It is also endeavouring to increase its transparency.”

The November 2014 APPG report said, what everyone appears to agree on:

“the public had been inadequately consulted in the early stages of the Care.data programme and that it was therefore correct to halt the programme to allow further public consultation.” [APPG report]

It goes on to say, “Organisations providing health or social care services must succeed in both respects [examining the Public Interest] if they are not to fail the people that they exist to serve,” and with that in mind a Public Benefits Plan should be drawn up, to support public transparency.

Public transparency would be improved by publishing the public’s questions from multiple listening events at which attendees were promised answers and follow up. The conversations did not always ask easy questions, but all the more reason to address them publicly for all; it will make the programme better.

So, if the care.data programme learns from that which has haunted care.data in the past year, and NHS England now grapples with all the questions and criteria of the IIGOP report, and increases its public transparency, stakeholders can look to the future with a renewed hope. But only if there is change made to the present course of actions.

“Scrooge was at first inclined to be surprised that the Spirit should attach importance to conversations apparently so trivial; feeling assured that they must have some hidden purpose.” [A Christmas Carol]

 What must surely happen now, is to use the IIGOP report as a basis of lessons learned. To see gaps in knowledge, and to build processes and procedures which set up the future. Some of these must be at national level, such as ‘How patients will be informed of future scope change’ so CCGs will need answers from NHS England even if pilots should be ‘co-produced’.
Quite frankly, only muppets would not want to wait and do all this in all the appropriate time needed. The coming General Election is perhaps seen as a key reason to artificially rush it through. But at what cost? Who is the programme for, party politics or the public good?

“What do you think of the show so far?”

Clearly the National Data Guardian and IIGOP, the APPG and others making many wise recommendations, find the approach so far lacking. To carry on as is, will bring predictable doom. But by using the IIGOP report insights, there is the hope that the outcomes of the current path may yet be avoided.

Which version of the care.data future will the NHS England Patients and Information Directorate choose to follow, and invite the CCGs to join them on, writing the next chapter of the care.data story in 2015?

“No space of regret can make amends for one life’s opportunity misused.” [A Christmas Carol, Charles Dickens, 1843]

***

Let’s hope 2015 is a good year, that the wish list of questions finds answers, and let’s hope there are no more care.data surprises.

Thank you for all the kind blog comments and questions I’ve received over the last year. I hope it helps keep patients’ voice heard. For all those or their representatives I have met and spoken with in the last year who have no voice at the table; the homeless, the travellers, the women and children in refuges, those concerned with public stigma, we must continue to challenge so their datasharing is, in the words of others; safe, consensual and transparent.

“I HAVE endeavoured in this Ghostly little book, to raise the Ghost of an Idea, which shall not put my readers out of humour with themselves, with each other, with the season, or with me. May it haunt their houses pleasantly, and no one wish to lay it.
Their faithful Friend and Servant,
C. D.

Now; let’s get back to the present today:

“What’s to-day, my fine fellow?” said Scrooge.

“To-day!” replied the boy. “Why, Christmas Day.”

“Merry Christmas,  and so, as Tiny Tim observed, God bless Us, Every One!”

  [A Christmas Carol, Charles Dickens, 1843]

***

Image from a Muppets Christmas Carol, 1992

References:

[1] The IIGOP report https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[2] EHI ‘Care.data Review Raises Questions‘ http://www.ehi.co.uk/news/ehi/9808/care.data-review-raises-questions

[3] BBC Radio 4, February 4 2014 http://www.bbc.co.uk/programmes/p01rmpdy

[4] Nov 2014, Progress of HSCIC data sharing review by Sir Nick Partridge https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/380042/HSCIC_Report_Summary_of_progress_261114_FINAL.pdf

[5] 7 Oct 2014, CCGs to help deliver care.data pilots http://www.england.nhs.uk/2014/10/07/ccgs-care-data-programme/

[6] What information is being heard at Listening events? https://jenpersson.com/pathfinder/

[7]The APPG Report – Nov 2014 – http://www.patients-association.com/Portals/0/APPG%20Report%20on%20Care%20data.pdf

[8] Report into NHS Data breaches http://www.bigbrotherwatch.org.uk/wp-content/uploads/2014/11/EMBARGO-0001-FRIDAY-14-NOVEMBER-BBW-NHS-Data-Breaches-Report.pdf

[9] on GP indemnity: care.data MPS advice to members http://www.medicalprotection.org/uk/membership-indemnity-updates/care.data

[10] The data linkage service http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf

[11] The Open House June 2014, public questions https://jenpersson.com/care-data-communications-core-concepts-part-two/

[12] Privacy and Personal Data IPSOS Mori poll https://www.ipsos-mori.com/researchpublications/researcharchive/3407/Privacy-and-personal-data.aspx

[13] 2013 Experian keynote address the Nectar Head of Customer Marketing

[14] care.data downfall parody http://paulbernal.wordpress.com/2014/02/25/tim-kelsey-discovers-care-data-is-in-trouble/

[15] medConfidential bulletin https://medconfidential.org/2014/medconfidential-bulletin-19-december-2014/