“By creating these coloured paper cut-outs, it seems to me that I am happily anticipating things to come…I know that it will only be much later that people will realise to what extent the work I am doing today is in step with the future.” Henri Matisse (1869-1954) [1]
My thoughts on the care.data advisory event Saturday September 6th. “Minority voices, the need for confidentiality and anticipating the future.”
After taking part in the care.data advisory group public workshop 10.30-1pm on Saturday Sept 6th in London, I took advantage of a recent, generous gift; membership of the Tate. I went to ‘Matisse – the cut outs’ art exhibition. Whilst looking around it was hard to switch off the questions from the morning, and it struck me that we still have so many voices not heard in the discussion of benefits, risk and background to the care.data programme. So many ‘cut out’ of any decision making.
Most impressive of the morning, had been the depth and granularity of questions which were asked. I have heard varying aspects of questions at public events, and the subject can differ a little based on the variety of organisations involved. However, increasingly, there are not new questions, rather I hear deeper versions of the questions which have already been asked, over the last eighteen months. Questions which have been asked intensely in the last 6 months pause, since February 2014 [2] and which remain unanswered. Those from the care.data advisory committee and hosting the event, said the same thing based on a previous care.data advisory event also.
What stood out, were a number of minority group voices.
A representative for the group Friends, Families and Travellers (FFT) raised a number of excellent questions, including that of communications and ‘home’ GP practices for the Traveller community. How will they be informed about care.data and know where their ‘home’ practice is and how to contact them? Whose responsibility will that be?
I spoke with a small group a few weeks ago simply about NHS use in general. One said they feared being tracked down through a government system [which was used for anything other than clinical care]. They register with new names if they need to access A&E. That tells you already how much they trust ‘the system’. For the most part, he said, they would avoid NHS care unless they were really desperately in need and beyond the capability of their own traveller community ‘nurse’. The exception was childbirth when this group said they would encourage expectant mums to go into hospital for delivery. They must continue to do so when they need to and must feel safe to do so. Whether in general they may use primary care or not, many travellers are registered at GPs, and unless their names have been inadvertently cleansed recently, they should be contacted before any data extraction as much as anyone else.
Our NHS is constitutionally there for all. That includes groups who may be cut off from mainstream inclusion in society, through their actions, inaction or others’ prejudice. Is the reality in this national programm actively inclusive? Does it demonstrate an exemplary model in practice of what we hear said the NHS aims to promote?
Transgender and other issues
The question was posed on twitter to the event, whether trans issues would be addressed by care.data. The person suggested, that the data to be extracted would “out us as probably being trans people.” As a result, she said “I’d want to see all trans ppl excluded from care.data.”
Someone who addressed ‘her complex gender identity’ through her art, was another artist I respect, Fiore de Henriquez. She was ‘shy of publicity.’ One of her former studios is filled with work based on two faces or symbiotic heads, aside from practice pieces for her more famous commissioned work.For her biography she insisted that nothing be concealed. “Put in everything you can find out about me, darling. I am proud to be hermaphrodite, I think I am very lucky, actually.” However, in her lifetime she acknowledged the need for a private retreat and was shy until old age, despite her flamboyant appearance and behaviour. You can see why the tweet suggested excluding any transgender data or people.
‘Transgender issues’ is an upcoming topic to be addressed at the NHS Citizen even on 18th September as well. How are we making sure these groups and the ‘other’ conditions, are not forgotten by care.data and other initiatives? Minorities included by design will be better catered for, and likely to participate if they are not simply tacked on as an afterthought, in tick-box participation
However, another aspect of risk is to be considered – missing minorities
Any groups who opt themselves out completely, may find that they and their issues are under represented in decision making about them by commissioners and budget planning for example. If authorities or researchers choose to base decisions only on care.data these discrepancies will need taken into account.
Ciarán Devane highlighted this two-sided coin of discrimination for some people. There are conditions which are excluded from care.data scope. For example HIV. It is included in HARS reporting, but not in care.data. Will the conditions which are excluded from data, be discriminated against somehow? Why are they included in one place, not in another, or where data is duplicated in different collections, where is it necessary, where is the benefit? How can you make sure the system is safe and transparent for minorities’ data to be included, and not find their trust undermined by taking part in a system, in which they may have fears about being identified?
Missing voices
These are just two examples of groups from whom there had been little involvement or at least public questions asked, until now. The traveller and transgender community. But there are many, notably BME, and many many others not represented at any public meetings I have been at. If they have been well represented elsewhere, any raw feedback, with issues addressed, is yet to be shared publicly.
Missing voices – youth
A further voice from which we hear little at meetings, because these meetings have been attended as far as I have seen so far, mainly by older people, is the voice of our youth.
They are left out of the care.data discussion in my opinion, but should be directly involved. It is after all, for them that we need to think most how consent should work, as once in, our data is never deleted.
Whilst consent is in law overridden by the Health and Social Care Act, it is still the age old and accepted ethical best practice. If care.data is to be used in research in future, it must design best practices now, fit for their future purposes.
How will our under-18s future lives be affected by choices others make now on their behalf?
Both for them as the future society and as individuals. Decisions which will affect research, public health planning and delivering the NHS service provision as well as decisions which will affect the risk of individual discrimination or harm, or simply that others have knowledge about their health and lifestyle which they did not choose to share themselves.
Some people assume that due to social networks, young people don’t care about privacy. This is just not true. In fact, studies show that younger people are more conscious of the potential harm to their reputation, than we may want to give them credit for.
This Royal Academy of Engineering report, [3]” Privacy and Prejudice – Young People’s views on the Development of Electronic Patient Records” produced in conjunction with Wellcome from 2010, examines in some depth, youth opinions of 14-18 year olds. It tackles questions on medical data use: consent, control and commercialism. The hairy questions are asked about teen access to records, so when does Gillick become applied in practice and who decides?
The summary is a collection of their central questions and its discussion towards the end, which are just as valid for care.data today, as well as for considering in the Patient Online discussion for direct care access. I hope you’ll take time to read it, it’s worth it.
And what about the Children?
Some of our most vulnerable, will have their data and records held at the HSCIC. There are plans for expansion rapidly into social care data management, aligned with the transformation of health and social services. Where’s the discussion of this? Does HSCIC even have the legal capacity to handle children’s social care data?
How will at-risk groups be safer using this system in which their identities are less protected? How will the information gathered be used intelligently in practice to make a difference and bring benefit? What safeguards are in place?
We must ask these questions about data sharing and its protection on behalf of others, because these under represented groups and minorities cannot themselves, if they are not in the room.
Where’s the Benefit?
We should also be asking the question raised at the event, about the benefits compared with the data already shared today. “Where’s the benefit?”, asked another blogger some time ago, raising his concerns for those with disabilities. We should be asking this about new dating sharing vs the many existing research databases and registries we already have, with years of history. Ciarán Devane wisely asked this on the 6th, succinctly asking what attendees had expressed.
“It will be interesting to know if they can demonstrate benefits. Not just: ‘Can we technically do this?’ but: ‘If we see primary care data next to HES data, can we see something we didn’t see before’?”
An attendee at the Healthwatch run care.data event in Oxford last week, asked the same thing. NHS England and IT providers would, one would think, be falling over themselves to demonstrate the cost/benefit, to show why this care.data programme is well managed compared with past failures. There is form on having expensive top down programmes go awry at huge public expense and time and effort. On NpfIT “the NAO also noted that “…it was not demonstrated that the financial value of the benefits exceeds the cost of the Programme.”
Where is the benefits case for care.data, to weigh against the risks? I have yet to see a publicly available business case.
The public donation
Like my museum membership, the donation of our data will be a gift. It deserves to be treated with the respect that each individual should deserve if you were to meet them face-to-face in the park.
As I enjoyed early evening sun leaving the exhibition, the grassy area outside was packed with people. There were families, friends, children, and adults on their own. A woman rested heavily pregnant, her bump against her partner. Children chased wasps and stamped on empty cans. One man came and sold me a copy of the Big Issue, I glimpsed a hearing aid tucked into a young woman’s beehive hair, one amputee, a child with Down Syndrome giggling with a sister. Those glimpses of people gave me images I could label without a second glance. Disabled. Deaf. Downs. There were potentially conditions I could not see in others. Cancer. Crohn’s. Chlamydia. Some were drinking wine, some smoking. A small group possibly high. I know nothing about any of those individuals. I knew no names, no addresses. Yet I could see some familial relationships. Some connections were obvious. It struck me, that they represented part of a care.data population, whom buyers and researchers may perceive as only data. I hope that we remember them as people. People from whom this programme wants to extract knowledge of their lifestyles and lives, and who have rights to express if, and how they want to share that knowledge. How will that process work?
But the care.data programme is “still delivering without a business case”. Despite this, “between two and four clinical commissioning groups will be selected, “in the coming weeks” to begin the pathfinder stage of the care.data programme, ” reports NIB meeting[8]
It reports what was discussed at the meeting.
“The pathfinders will test different communication strategies before moving forward with the data extraction part of the project.”
I for one would be extremely disappointed if pathfinders go ahead in the ‘as is’ mode. It’s not communications which is the underlying issue still. It’s not communications that most people ask about. It’s questions of substance, to which, there appear to be still insufficient information to give sound answers.
Answers would acknowledge the trust in confidentiality owed to the individual men, women, and children whose data this is. The people represented by those in the park. Or by the fifty who gave up their time on a sunny Saturday to come and ask their questions. Many without pay or travel expenses just giving up their time. Bringing their questions in search of some answers.
The pathfinder communications cannot be meaningfully trialled to meet the needs of today and the future design, when the substance of key parts of the message is uncertain. Like scope.
The care.data advisory group and the Health and Social Care Information Centre , based on the open discussion at the workshop both appear to be working, “anticipating things to come…” and to be doing their best to put processes and change in place today, which will be “in step with the future.”
To what extent that is given the right tools, time and support to be successful with all of the public, including our minorities, I don’t know. It will depend largely now on the answers to all the open questions, which need to come from the Patients and Information Directorate at the Commissioning Board, NHS England.
“The NHS should be engaging, empowering and hearing patients and their carers throughout the whole system all the time. The goal is not for patients to be the passive recipients of increased engagement, but rather to achieve a pervasive culture that welcomes authentic patient participation.”
The challenge is: how will the Directorate at NHS England ensure to meet all these technical, governance and security needs, and yet put the most important factors first in the design; confidentiality and the voice of the empowered patient: the voice of Consent?
*****
This post captured my thoughts on the care.data advisory event Saturday September 6th. “Minority voices, the need for confidentiality and anticipating the future.” This was about the people side of things. Part two, focuses on the system part of that.
*****
Immediate information and support for women experiencing domestic violence: National Domestic Violence, Freephone Helpline 0808 2000 247
*****
[1] Interested in a glimpse into the Matisse exhibition which has now closed? Check out this film.
[3] Privacy and Prejudice: http://www.raeng.org.uk/publications/reports/privacy-and-prejudice-views This study was conducted by The Royal Academy of Engineering (the Academy) and Laura Grant Associates and was made possible by a partnership with the YTouring Theatre Company, support from Central YMCA, and funding from the Wellcome Trust and three of the Research Councils (Engineering and Physical and Sciences Research Council; Economic and Social Research Council and Medical Research Council).
When will we find out what concrete improvements have been made? There are open questions on plans for the WHATof care.data Scope and its future change management, the WHOof Data Access and Sharing and its Opt out management, the HOW of Governance & Oversight, Legislation, and the WHY – Communication of the care.data programme as a whole. And WHEN will any of this happen?
What can happen in six months?
Based on Mo Farah‘s average running speed of 21.8km/hour over The Olympic Games 10,000m gold medal winning performance, and on 12 hours a day, he could have covered about 47,000 km in that time. Once around the world, in those 180 days. With some kilometres spare margin, into the bargain.
That’s perhaps unrealistic in 180 days, but last February promises made to the public, to the Health Select Committee and Parliament were given about data sharing as both realistic, and achievable.
So what about the publicly communicated changes to the care.data rollout in the six month time frame?
I’d like to address some of those views and see how they have been acted on. Here’s the best I have been able to put together of promises made, and the questions I still have, six months on.
Scope. What part of our records is included in care.data?
The truth is this should be the simplest question, but seems the hardest to answer. Scope is elusive, and shifting.
A simple description would help us understand what data will be extracted, shared and for what purpose. The public needs an at-a-glance chart to be properly informed, to distinguish between care.data, the Summary Care Record, HES/SUS and how patient data is used, by whom for what purposes. This will help patients distinguish between direct and indirect care uses. What doctors would use in the GP practice, versus researchers in a lab. It will help set expectations for Patient Online. It could help explain data use in Risk Stratification. [see care.data-info by Dr.Neil Bhatia for high level items in scope, or field name detail here p22 onwards] [11]. This lack of clarity was already identified in April 2013, point 3.3, but nothing done.
Are the listening exercises a complete waste of time?
If people aren’t comfortable sharing basic health records, how will suggesting they share anything more sensitive be likely to encourage participation?
[The scope of how our GP part of care.data will be used is also under consideration for expansion to research – more in part two, on that.]
Stephen Dorrell, MP on the 11th March in Parliament summed up nicely, why this move now to shift scope is ludicrous. If we do not have stability of scope, we cannot know to what we are consenting. This is the foundation of our patient trust.
Mr Dorrell: I am not going to comment on whether the free text data should or should not be part of the system, or on whether the safeguards are adequate. However, I agree with the hon. Lady absolutely that the one sure way of undermining public confidence in safeguards is to change those safeguards every five minutes according to whichever witness we are listening to.
If the Patients & Information Directorate at NHS England is serious about transparency, then we should be clear about all our patient data, where it comes from, where it goes to, who accesses it and why.
“Will NHS England prepare an at-a-glance of differences between SCR and care.data, and HES/SUS extractions and users?”
Conclusion on Scope & its Communications:
This scope clarification alone would be I believe, if well done, one of the most effective communications tools for patients to make an informed choice.
1. We need to know what parts of our personal, confidential records, sensitive or otherwise are to be extracted now.
2. How will we be informed if that scope changes in future?
3. What do we do, if we object to any of those items being included?
Before any launch of pilot or otherwise, a proper plan to ensure informed communication and choice, today and looking to future scope changes, must be clear for everyone.
What’s happened since February to the verbal agreements and promises that were made back then?
Whether in Parliament by Dan Poulter and the Secretary of State Mr.Hunt, in Select Committee Hearings, by the Patients & Information Directorate at NHS England and in patient facing hour at the mixed-subject Open Day, promises have been made, but what evidence has the public, that they are real? There has been little public communication since then.
I have read, watched or attended NHS England Board meetings, Health Select committee meetings, and read the press, media releases and social media. I’ve been to a general NHS Open Day, listened in to NHS England online events, the first HSCIC Partridge Review follow up event, and spoken to patients, public and charity groups. Had I not, I would know nothing more than I did in February which was, that something had been put on hold, about which I should have, but hadn’t, received a doordrop leaflet.
Pilot practices ‘pathfinders’ we were told will trial the extraction, in six months, then in autumn, or October 1st according to Mr.Kelsey at the Health Select Committee (extract below).
Scope of Access – Who will get our records and for what?
Where and to whom may our data be transferred?
As part of the what of scope, we also need clarification on the who will be in scope in which countries to access data.
“Can I confirm now, that the data connected to care.data will not be allowed outside the United Kingdom? Let me confirm that before we have further hares running.” Tim Kelsey, said at the Health Select Committee.
Since GP care.data is to be connected with HES data, and data may be linked via the Data Access Request Service (the recently renamed former HSCIC Data Linkage Service DLES) on demand;
Q. How will I know in future that there are no plans to release my data outside the UK and EU, as HES has been in the past?
As far as I have read, geographical scope is not legislated for. I would like to be pointed to this if it is.
Mr. Tim Kelsey, National Director for Patients and Information stated: The pause was announced, precisely to address the issues.
“People are concerned about the purpose to what their data is being put.”
It’s not yet been addressed. Neither for the now, nor the future.
We need to have a robust mechanism in place for all future scope of use changes. If today I agree to have some of my data extracted used for public health research for the public good, I don’t want to find that I’ve had all my personal details including my genomic records [which personally are somewhere in my record already] spliced with Dolly the sheep research, in the hunt for a cure for arthritis five years down the line, and there’s another me living at the Roslin Institute. [I jest to exaggerate the point, not all research definitions are equal]. A yes today, cannot mean a yes for anything and everything.
The opt out term at present only allows a later ‘opt out’ to mean that data is made less identifying ‘pseudonymous’ from that request date, nothing deleted. ‘Opt out’, is not ‘get out’.
The records from before that request date, will remain clear and fully identifying for all time. So if a company requests an historical report, will our identifiable data still be included in it?
What is still wrong to my mind with this mechanism, is that there appears to be the assumption that all data may be matched and de-identified before release. That corresponds to the September 2013 NHS England Directions led by Mr. Kelsey to HSCIC saying there is “ “no need” to take into account individual objection to pseudonymous data sharing “. [2] And the patient leaflet, which was produced before any opt out changes, which stated we could object to ‘identifiable’ data sharing. That ‘identifiable’ doesn’t include all our data.
I’d like to see that clarified. Because Mr.Hunt has promised an opt out in entirety:
25th February in Parliament:
Mr.Hunt: …”we said that if we are going to use anonymised data for the benefit of scientific discovery in the NHS, people should have the right to opt out. We introduced that right and sent a leaflet to every house in the country, and it is important that we have the debate..”
“the reason why we are having the debate is that this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research”
Dr Julian Huppert (Cambridge) (LD): There are of course huge benefits from using properly anonymised data for research, but it is difficult to anonymise the data properly and, given how the scheme has progressed so far, there is a huge risk to public confidence. Will the Secretary of State use the current pause to work with the Information Commissioner to ensure that the data are properly anonymised and that people can have confidence in how their data will be used and how they can opt out?
Hunt: “I will do that, and NHS England was absolutely right to have a pause so that we ensure that we give people such reassurance…”
Status: the public still has no communication about any opt outs on offer or a consistent, effectively communicated method by which to request it.
Our data continues to be released regardless.
What I want to understand on opt out:
1. Can I choose to have my data used for only care, or for bona fide public health research, but not, for example, other types, such as commercial pharma marketing or data intermediaries?
2. Can I restrict the use of all my children’s data, to include all of it, including fully ‘anonymous’ data as the Secretary of State stated? Not only restricting red and amber, but all data sharing?
3. How will patients know that all of their medical data is covered by these options, not only our GP records? (For other data held see > http://www.hscic.gov.uk/datasets)
4. Will NHS staff be given the right to opt out to prevent their personal confidential data or employment data being shared as part of the workforce data set?
5. Does opt out really mean opt out – when will we see the revised definition?
6. How will objection management (storing our opt out decision) be implemented with other data sharing? (SCR, Electronic Prescription Service, OOH access, Proactive care at local level.)
7. How will objection be effectively communicated and measured?
10. What will ensure opt out remains more than just Mr.Hunt’s word, if it has no legislative backing?
The opt out on offer at Christmas was to restrict identifiable data sharing. There was “no need” to take into account individual objection to pseudonymous data sharing said the September 13th NHS England directions. Those NHS England Board directions from September and December 2013 are now possibly out of date, but I’d like to see new ones which replaced them, to reassure me that an opt out that we are offered, works the way I would expect.
Most importantly for me, will the opt out be given more legislative weight, Q.10? Today I have only the Secretary of State’s word that any “objection will be respected.” And as we all know, post holders come and go, a spoken agreement by one person, may not be respected by another.
**********
ACCESS
Many of the concerns around which organisations will have access to our medical records, and which were somewhat dismissed on Newsnight then, have been shown to have been legitimate concerns since:
“Access by police, sold to insurance companies, sold for commercial purposes” Newsnight, February 19th 2014
… all shown to be users of existing medical records held by the HSCIC through the Partridge Review.
Which other concerns over access were raised and have they been addressed?
Dr. Sarah Wollaston MP, then member, now Chair, of the Health Select Committee raised the concerns of many when she asked whether other Government Departments may share care.data. Specifically she asked Mr.Kelsey,
“are you going to have a clear concrete offer to the public at the end of the six-month delay as to how these requests will be handled […] see if their data is going to be accessed by DWP […]?”
“Primary and Secondary Care interventions with DWP over a six year period.”
At the Health Select Committee evidence session, Mr. Kelsey and Mr. Jones did not give a straight yes/no answer to the question.
Personally I believe it would be clearly possible that DWP administering social care or welfare payments will make a case under ‘health and social care’. Unless I see it in legislation that DWP will not have access care.data or other HSCIC held data, I personally will assume that it is going to, and may have already especially given the ‘primary and secondary linking’ pilot listed above.
What about other government departments access to health data?
The Cabinet Office presenter included suggestions UK legislation [9] may change to enable all departments (excluding NHS) to share data, and the ADT recommended that new ‘Data Sharing” legislation should be put forward in the next [Parliamentary] term.
1. Since HSCIC is an ALB and not NHS, are they included in this plan to broaden sharing across government departments?
2. Will the care.data addendum of September 2013 be amended to show the public that those listed then, are no longer considered appropriate users?
3. Will Mr.Kelsey now be able to answer Dr.Wollaston MP’s question regards DWP with a yes / no answer?
Think tanks, intermediaries and for the purposes of actuarial refinement were included in documents at the time, which suggested that DAAG alone in future, would review applications.
The DAAG is still called the DAAG and appears to have gone from 4 to 6 members. The Data Access Advisory Group (DAAG), hosted by the Health and Social Care Information Centre (HSCIC), considers applications for sensitive data made to the HSCIC’s Data Access Request Service.
Three key issues remain unclear to me on recent Data Release governance at DAAG:
1. Free text access and 2. Commercial use 3. Third Party use
The July 2014 DAAG approved free text release of data for CSUs on a conditional cleansed basis, and for Civil Eyes with a caveat letter to say it shouldn’t be used for any ‘additional commercial use.’ It either is or isn’t commercial I think this is fudging the edges of purpose and commercial use, and precisely why the lack of defined scope use undermines trust that data will be used only for proper purposes and in the definition of the Care Act.
Free text is a concern raised on a number of occasions in Parliament and Health Select Committee. On the HSCIC website it says, none will be collected in future for care.data. How is it now approved for release, if it has not already been collected in the past – in HES? So it would appear, free text has already been extracted and is being released. How are we to trust it will not be the case for care.data?
****
In summary:after six months pause, it remains unclear what exactly is in scope, to whom will it be released. We are still not entirely clear who will have access to what data, and why.
In part two I’ll look in brief at what legislative changes, both in the UK and wider EU may influence care.data and wider health data sharing. Plus some status updates on Research seeking approval, Changes to Oversight & Governance and Communications.
“Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”
That commercial use, the concept that you are exploiting the knowledge of our vulnerability or illness, in commercial data mining, is still the largest open question, and largest barrier to public support I foresee. ‘Will the Care Act really help us with that?’ I ask in my next post.
Any pollution in the collective pool, will contaminate the data flow for all.
I believe the HSCIC, NHS England Patients & Information Directorate, the Department of Health need to accept that the continued access to patient data by commercial data intermediaries is going to do that. Either those users, some of whom are young and inexperienced commercial companies, need to be excluded, or to be permitted very stringent uses of data without commercial re-use licenses.
The commercial intermediaries still need to be told, don’t pee in the pool. It spoils it, for everyone else.
I’ll leave you with a thought on that, from Martin Collignon, Industry Analyst at Google.
**********
For part two, follow link >>here>> I share my thoughts on current status of the HOW of Governance & Oversight, Legislation, and the WHY – addressing Communication of the care.data programme as a whole. And WHEN will any of this happen?
Key refs:
[1]. Second delay to care.data rollout announced – The Guardian February 18th 2014: http://www.theguardian.com/society/2014/feb/18/nhs-delays-sharing-medical-records-care-data
[2] NHS England directions to HSCIC September 13th 2013: http://www.england.nhs.uk/wp-content/uploads/2013/09/item_5.pdf
[3] BMA vote for opt In system: http://www.bmj.com/content/348/bmj.g4284
How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.
How have we arrived where we are now, at a Grand Pause in the care.data performance? I looked at the past, reviewed through the Partridge Review meeting in [part one here] the first half of this post from attending the HSCIC ‘Driving Positive Change’ meeting on July 21st. (official minutes are online via HSCIC >> here.)
Looking forward, how do we want our data sharing to be? I believe we must not lose sight of classical values in the rush to be centre stage in the Brave New World of medical technology. [updated link August 3rd]* Our medical datasharing must be above and beyond the best model standards to be acceptable technically, legally and ethically, worldwide. Exercised with discipline, training and precision, care.data should be of the musical equivalent of Chopin.
Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.
Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data. They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.
Can we rise to the Challenge to be a world leader in Data Sharing?
If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.
I looked in two previous posts at the background theory [1] to commercial uses of our data, then, the background to my concerns of commercial use with data intermediaries. [2] This is now part three, my glimpse into commercial use in real-world practice. It’s become rather a saga.
Here’s the short version: “In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. We need to shout a bit louder, that we are not a product for sale. It’s not only that there is an increased risk in a move of our health records from binder to byte and broadening access to them. We take issue with the change of approved purposes from care, to commercial use.”
At the Health Select Committee on July 1st, [3] I believe Sir Manning misses the key issue the public has with care.data and health record sharing, when he gave a response to Q562 to David Tredinnick MP:
‘We made big mistakes over the last 10 years’
“I am saddened by some of the comments that have been made this afternoon about the lack of trust and also by the impugning of our motivation. […]
We made big mistakes over the last 10 years, and we have a once-in-a-generation chance to get it right. I am absolutely clear that we have to engage the public in an open debate about the balance of risks and benefits. There will always be risks with data. There were risks with the Lloyd George envelope; notes were lost, they flew and went all over the place. There will always be risks, but those risks and the benefits are both enhanced by the technology.”
Whilst I applaud Sir Manning’s apology, and his call for open debate, I think he misses here the fundamental point of disagreement the public has with the HSCIC current practice. Selling our health data.
It’s not only that there is an increased risk in a move from binder to byte and broadening their access.We take issue with the change of approved purposes from care, to commercial use.
And these commercial (ab)uses in current form must stop if we are to trust the governance system in future.
Health Records for Commercial sale
HSCIC currently sells our health records for commercial purposes, to intermediaries with commercial re-use licenses, and had no consent nor our permission for this in the past, it continues to do so in the present and appears to have no concern or intention to stop doing so, for the future.
Mr. Kelsey added at the HS Committee,
“We have a very big job to do, and I hope that you will hold us to account in delivering it.”
To which I can only reply, it is you who say it. But who is accountable? The Open Debate which Sir Manning calls for has not been taken up by NHS England. We are told this is a programme of national importance, one which Mr. Kelsey has repeatedly said, including to the Health Select Committee previously, on which the entire future of the NHS depends. Why then, no national discussion, no news since the pause and a focus on updated communications of the current plan. The current plan with flaws in consent collection, scope determination, confusion of purposes.
There are so many ways this could be improved and gotten right, but not by November and without public debate.
How can you insist a programme so vital for the entire future of the NHS yet encourage no public discussion? This seems to be a theme in NHS England recent programmes. [4] The decision to outsource the GP support services was taken in private sessions, not available to the public like the rest of the Board Meetings [5]. Other programmes, pilot and actual plans for implementation go on without public discussion.
There’s been no apology for the data sharing policy developed since 2010 which has encouraged commercial trading and enabled this erosion of security, confidentiality and trust in the data management system of our nation’s health records. No one at the Department of Health has said, we got this policy wrong. No one at NHS England, the same people if under a different label. Poor Sir Manning at the Information Centre who carried out their policy, has been left to say there were ‘big mistakes’ made. But not by him since July 2013.
Trust and care.data off course
That our trust now lies in tatters, is not the fault of the Health Select Committee member to whom Sir Manning says, he is saddened and disappointed. It’s not Joe Public’s fault who had no idea this was going on, until six months ago. Where did these policies and plans since 2010 come from? Where did the use of our data go so astray and why is flagship care.data now so terribly off course? Mr. Cameron outlined it in 2011. What happened in the three years?
Health records for sale
As I wrote in a previous post,
“Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace, this re-use of data is now becoming normalised.”
But should it be normal that our medical records are for sale?
When celebrity Michael Schumacher’s notes are for sale, [6] being offered concretely to the media, we all see that is wrong. Just imagine 70 million copies of Schumi’s record, each with our own name on it, being offered to anyone outside of those who need it for our care. Offered to these commercial for-profit data intermediaries. It’s not a theory – this is what is happening to our records, today. Don’t accept the ‘anonymised’ statements, they’re simply not true. Identifiable data and pseudonymous data has been sold. The register confirms it, and that was only a 10% sample.
“To earn the public’s trust in future, we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”
I think banning data sharing for commercial use and re-use would be a good start.
What is it to be used for and why?
When we think of our health records being used by others, we need to separate the uses of the data, in order to understand different ways it is used, who uses it and why. Data once it is processed becomes knowledge which is used as Business Intelligence. It is common in discussion to conflate use in care with care.data. It’s even in the name. But the uses of care.data are secondary. Not to be used by clinicians caring for us, not replacing hospital notes to give to consultants when we are referred for a hospital stay. Not providing discharge papers. It’s only approved for commissioning and sketchily [imo] approved for risk stratification. [ref p.5 ] [8]
care.data extracted from GP surgeries, is not even approved for research purposes, but to read all the recent debates you’d think research depended on it. Research using GP extracted patient data, is not an approved use of care [dot] data. Research using GP extracted patient data is not an approved use of care [dot] data. Repeat, ad nauseaum.
What is already being done, and what is used legitimately i research such as public health (albeit without our past knowledge or consent), is with our hospital data, HES, SUS, Mental Health data, usually with CAG review, and through 251 approval sometimes through DAAG review at HSCIC – it is available and is on sale to all sorts of other non-care providers. And that is planned to continue.
The records extracted so far, when not used for research appear in recent years increasingly used for comparison, the concept of ‘ranking and spanking’ professionals and providers of healthcare. They are also used in commissioning, payment validation and understanding costs and spending. But beyond that, there are all sorts of others who still come under the umbrella of ‘health purposes’ but don’t directly benefit the NHS or individual patients. What is their demand and what are they being supplied?
In the newly created NHS marketplace, customers at individual level are patients, or at a market level they could be any part of the healthcare buying structure, a GP practice, a Clinical Commissioning Group, a Hospital Trust.
The challenge of any demand and supply chain process, is that you need a market willing to pay at the price you are prepared to sell. And you need to offer what they want to buy. For that, the buyers must see a value in the data they want to obtain. Where is the value for these areas of use: Generic NHS Business Intelligence, Generic Commercial Intelligence and Pharmaceutical intelligence?
Health records as Business Intelligence
Some companies take data and process it before selling it to NHS and other health providers in England. This provides a third party service and skill set which the HSCIC nor the NHS Trust for example, has themselves, such as IMS Health.
So business intelligence used for the benefit of the NHS, makes sense and is necessary to a greater or lesser degree depending on your attitudes to comparison websites, green/red flagging professionals and commissioning. Benchmarking was provided by Tribal until that part of their business was bought out by Capita.
These companies’ experience and market is healthcare. The kind of knowledge they can give to the NHS is highlighted in their case studies.
So for clinical care, and for commissioning at individual organisations, these tools are clearly useful and use individual patient level data. [9]
Al sorts of other places and individuals perform these services. They include a wide range of commercial organisations, small and large.
Health records as Commercial Marketing Intelligence
Commercial buyers however, can include wanting data for identity verification, fraud prevention and background checks. Services such as Experian offer. These may be what the loose definition in the Care Act would say are now banned, but are they? What is to say that a company which offers the use of private health services, healthy eating or pharmaceutical marketing is not providing information to others, for the promotion of health?
“Experian employs more than 12,500 people in 34 countries worldwide, supporting clients in more than 60 countries. Annual sales are $3.1 billion (£1.7bn/ v2.5bn).”
Identity verification can be done, matching data across a biographic footprint, ” in databases, established for 45 million UK citizens and hold in excess of 1 billion records.”
“Experian public sector currently works with 380 plus local authorities, 52 police and investigatory bodies, as well as central government agencies including DVLA, HMRC, DWP and the Cabinet Office.” [10]
There is clearly a lot of data sharing in the public sector, about which we may understand very little. But mostly the buyers of data want to sell something. Companies buy lists of people to use in marketing campaigns, who might be interested in what they’re selling — and companies also want to learn more about their current customers.
This is where I find the level of detail and what is done with our data, more than a little freaky.
Every UK consumer is classified into one of 22 types, aggregated into six groups. The 22 types are linked to six decision-making styles, providing insight into consumers’ motivations when using different media and the processes they go through in deciding about products and services.
I don’t know what segment I am in. But I know that I will have data stored in many of those different data sources they mention. So do they actually know more about my habits and inclination, that I have self-awareness? If their tool has over 850 million input sources which they process, it’s more than likely. 34 million email addresses, 20 million mobile phone numbers, 49.7m names and addresses.
Experian may well have much of this data from the electoral roll (unless like me, you opted out of these uses) but in the HSCIC January-April 2014 register of releases [7] data was given to Experian for use in Mosaic. (see July – 132kb right of page)
“Mosaic is Experian’s powerful cross-channel consumer classification designed to help you understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [12]
That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. In fact, I find it threatening in a similar vein to the visceral reaction that the Facebook experiment generated this week online.
As SF Gate reported,
“Using unsuspecting members as human guinea pigs is repugnant. And when the biggest social network on the planet does it, can its leaders be trusted with their own technology?”
This idea that just because one can and the technology permits it, does not mean that one should. It just feels wrong to find out others may manipulate our thinking and behaviours in such a targeted way. Just as Experian does with consumer data:
“Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…”[12]
Individual households? Understanding my behaviours, gives them information which they use to nudge or influence my decision making. Understanding our behaviour ‘in extraordinary detail’ helps companies market and sell more to customers.
There are other re-uses even for health purposes, which seem less transparent and more about us as general consumers, rather than for our health. For example, the use of HES data is in social marketing targeting:
“In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included OmegaSolver and Harvey Walsh.”
These companies have re-use licenses for data. what that means is better explained here by medconfidential. [14]
How will HSCIC know how data will be used after release and how will it be audited and how often? When it comes to human tissue, the HTA only audits tissue banks in the UK once every three years. That’s a long time in between audits if something has gone horribly wrong in best practice.
Health records as Commercial Pharmaceutical Intelligence
To global pharma it is again not the data itself which is of value, but in the knowledge it reveals. The pharma business intelligence. It can show at an individual level what is being prescribed or show any gaps it reveals, which will allow pharma, to address ‘unmet clinical need.’ The data already compares hospital prescribing and reports make recommendations used by NICE on what drugs to use and recommend. My concern is that to treat the worried well who have cash to spend, will deflect attention from the needs of the sick and poor and that even if only at postcode level, we will be targeted for pharmaceutical marketing.
“The parties will initially look at how anonymised, integrated health data can be used to identify unmet clinical need in patients with diabetes. In the UK, diabetes affects approximately 2.9 million adults overall, with more than 90% of these patients having type 2 diabetes. This makes diabetes one of the most common chronic medical conditions and represents a significant strain on U.K. health services.”
Astra has another Memorandum with IMS Health. So we, whose data it is, have zero transparency and can request no accountability for the use of our data once it has left the HSCIC.
And it matters because when there are data breaches in these companies, we should know whether our data has been involved.
In January 2012 AstraZeneca signed a three year partnership with IMS MOU[16] and stated it builds on AstraZeneca’s existing ‘real-world’ data and research partnership with HealthCore in the US, the health outcomes research subsidiary of WellPoint. Wellpoint which had a massive breach a year ago, July 2013. So how do we know where our data was stored, and if it were involved or not? Here is what pharma use data for, to analyse “unmet clinical need.”
“The partnership with IMS Health will give AstraZeneca access to pre-existing anonymised electronic health records, which include clinical outcome, economic and treatment pattern data. In addition, the companies will jointly develop a customised research and data analysis platform. The information will provide a deeper insight into how medicines that are already on the market are working in real-world settings across Europe, painting a picture of unmet needs …”
We can look at this more than one way. Some feel strongly commercial use should exclude Big Pharma. On the one hand, the State and Government does not own manufacturing of drugs nor medical products. Though we used to do both. Recently, that we did own, has been increasingly sold to commercial buyers or venture capitalists.
The State and pharma work together, often through University research, to create future health solutions, drugs and the drive towards personalised medicine and diagnostic tests. When companies which own our data are sold and bought internationally what happens to our data they own? Boots Alliance bought data from HSCIC, and they are about to be bought by US Walgreens. So many questions.
Those more informed than me will know all about the challenges of pharmaceutical companies, the patent cliff, mergers and diversification. IP, diagnostic tests and generics in the market. Big Pharma and the State are working together in much research to find solutions and discoveries to current and future medical issues.
How far does cooperation stretch and when does it become inappropriate? Is commercial interest supportive of State practice or driving decision making policy? Should commercial companies fund any costs at our NGOs? And do those which buy the most data, get a bigger slice of the influence of what conclusions reports using the data, reach? Whilst there is a public move to #Alltrials I believe we should demand #Allreports in the public interest as well. I would like to have transparency at HSCIC how their reports are funded, when working with partners which are frequently commercial pharma partnerships.
Mr. Hunt recently defended to the Health Select Committee the reasons why a commercially supported pharma lobbying group was used to advise on the NHS Commissioning plan – the Specialised Healthcare Alliance. Supported by 14 pharma companies, these corporate members are contributing £12,000 each towards the costs of the Alliance for 2014.
Are we really seeing transparency on who is driving change in our health service?
The Richness of our records open for Exploitation
The value of Big Data is only extracted by exploiting its richness. And these days, with mobile phones, social media and shopping habits tracked by the minute, the average citizen like me, it seems can’t easily avoid being part of it, whether we want to be or not.
But if we don’t even have the right to control and own our data and we can’t control the knowledge generated from it, how can we control who knows what about us and what they use it for? If we’re unaware of its existence, how can we understand its impact on our life to make free and uninfluenced choices in what we buy, for example? Or understand how we may be segmented and discriminated against. And this is aside from the assumption that the data held is accurate and that as a result, no mistaken judgements are being made about us.
As for our health data, how can we control its use by these massive data managers if we don’t even know who they are at the end of a chain of re-use licenses?
Put Business Intell, Commercial Intell and Pharma together
The vast amounts of data already held and analysed to the nth degree by these data intermediaries, means that making even more data available to them is going to increase the segmentation and risk of identification. They already have data on individuals and is it not enough that they make analysis at household level as shown by Mosaic? Individual health level data seems that they could put a final piece in the puzzle and know exactly who in which house had which ailments, their lifestyle risk factors could be refined and these data brokers would be able to look inside our very bodies.
One which fits data together, we do know from the HSCIC data release register, and press reports in March, is Harvey Walsh. The company tracks individuals pathway data, over time and the website now says:
“Harvey Walsh use non-sensitive and non-identifiable HES data for patient pathway mapping that is used by the healthcare industry with the NHS to improve the quality of healthcare management and service delivery by better understanding how patient cohorts move around the healthcare system.”
[Harvey Walsh’s system] “AXON holds non identifiable and non-sensitive HES (Hospital Episode Statistics) data and other sources of data including GP Practice Prescribing, QOF, Demographic and NHS personnel data sets.”
Data snapshots combine to give a Picture over a Lifetime
So now, not only can these companies understand us in infinite detail, but can do so over our lifetime. We are tracked over time and anaylsed not as a snapshot, but as a living album of snaps, moving across time. They know what we do commercially, in our lifestyle and how it interacts with our health and what may affect our consumer habits and help nudge our decision making. Put them together, and it starts to feel like I’m on The Truman Show.
I’d like to know though, once the data is processed, what happens to the new combined knowledge set, it creates? The original raw data as extracted may not be given to others, but is it the same product and protected, if it now shows up as a small piece, in a bigger jigsaw?
Omega Solver took their product offline this year, after privacy campaigners identified the risk of identifying individuals.
Acxiom as a world data leader example, is a company which provides consumer data and analytics for marketing campaigns and fraud detection. Its databases contain information about 700 million consumers worldwide.
“For more than 40 years, Acxiom has been a leader in harnessing the powerful potential of data.”
It seems others share my concerns, as this article on how data brokers use of our data is creepy, from Julia Angwen showed up in my alert feed this week, and another in ProPublica from last September. As she says,
You can see more on this, in her interview with PBS News:
Our lifetime data is attractive to commercial marketing and all sorts of organisations who wish to understand us and sell to us. The one purpose, possibly the least trusted I have not really touched on. Hospital records have been shared with insurers and used for refining policy. Records have been sold to re-insurers, even since January 2014. And these insurers mine and use data much more deeply than we want to imagine. In fact, as I finish this I see the FT front page tomorrow carries a current story how insurers trawl our Big Data.
HSCIC Data Sharing Agreements will prevent Data Merger?
IMS Health UK & Ireland’s general manager, Michael Sanvoisin shows that exploiting the different data sets ‘out there’ in Big Data, is kind of the whole point. [17]
“The smartest use of data will be the effective combination of all the various sources of open data and patient information services available in the marketplace, augmented by companies’ own internal information and data from other reliable and reputable sources.”
IMS Health is working in partnership with the MHRA – and in particular the clinical practice research datalink (CPRD) – to help the UK increase its capabilities to build cohorts of patients for clinical trials. This has led to the linkage of IMS Health’s Hospital Treatment Insights (HTI), the aggregation of HES and prescribing data, to the CPRD. This powerful linked dataset enables the identification of specific patient cohorts and allows companies to monitor patient flow between primary and secondary care. IMS Ardentia’s Costed Care Pathways (CCP) sequences clinical events together with detailed financial information to give a longitudinal view of a particular patient care pathway.” [17]
When these global companies have in addition, bought data from HSCIC, where is the transparency for patients to know what internal practice at these private companies prevents all data becoming one Big Data set, in identifiable or pseudonymous formats, and sold or shared onwards with others?
The Recent register states explicitly, that IMS will not do this, that the data will not be sold onwardly, but how about theknowledge they create from it?
“ANDromeda is an engagement tool enabling greater market access with a tailored need across all functions within pharmaceutical companies.
And in the UK, are involved in work shaping our health market: “that may involve looking at how primary care organisations operate or focusing even closer on area-level commissioning, such as GP consortiums.”
Where is our Data being Used?
“The effective combination of IMS Health’s proprietary data assets, in addition to the vast swathes of open data being made available, can help inform key strategic decisions for both the NHS and pharma. Moreover, it can drive an increase in joint working towards shared benefits and therefore transform healthcare services in the UK and beyond.”
“in the UK and beyond.” So I ask myself, which countries outside the UK have received our medical records? Remembering that non-US citizens have no privacy rights in the US, if it landed there, we can say good bye to ever getting control of that knowledge back again.
Indeed HES extracts have been given to places in the US, specifically the University of California, the FOI request I got back confirmed. The Partridge Report contained two examples of data which has gone to Kyoto University. Yes, Japan. And remember, if the data is completely aggregated and anonymised it’s not included in these registers, because it is open, green data. So what exactly went to California, Japan and who knows where else. No one knows 100%. The Report only sample tested 10% of all releases.
IMS received 251 access (which is required for confidential data without consent) for identifiable data extracted from hospital pharmacy systems, sent to HSCIC and linked with HES (hospital records). The main customer for these products will be the pharmaceutical industry. (Lines 101-2).
IMS Health is massive, as is the global health data they hold.
On the IMS One intelligent cloud, the company connects more than 10 petabytes of complex healthcare data on diseases, treatments, costs and outcomes to enable our clients to run their operations more efficiently.
Drawing on information from 100,000 suppliers, and on insights from more than 45+ billion healthcare transactions processed annually, IMS Health’s 9,500+ professionals drive results for over 5,000 healthcare clients globally. Customers include pharmaceutical, medical device and consumer health manufacturers and distributors, providers, payers, government agencies, policymakers, researchers and the financial community.
Another user of our data is Optum UK (formerly United Health Group, and if that sounds familiar it was Simon Stevens [18] last employer). I wonder for example, does that mean it is also used by Optum Insight in the US? This presentation by Christopher M. Blanchette, shows different data providers of ‘RWE’ real-world evidence and where their data is sourced.
If international companies have NHS England patient data and re-use licence, is it likely in to have been exported around the world or how can we know in which locations it is used? I want to know how often data is given directly to International companies? How often is data given to companies in the UK, who have foreign centres outside the UK, which would routinely share that data with their central systems and therefore export it? It is a basic right of data management to require fair processing for identifiable data, to know who has it for what purpose.
How do we protect consumers’ concerns?
And as US Commissioner Julie Brill’s report shows, in the States there are concerns how this data is used and they are acting on it. Are we doing the same here?
Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told, the data controller, the Health and Information Centre, does not know. And he can’t ask for what data is held in pseudonymous format – even though the data is pseudonymous with a key to make it linkable with new identifiable data coming in, so to me, that makes little sense. It is by its nature, re-identifiable.
But if HSCIC won’t release it in a Subject Access Request (SAR), we can then only surmise, whether our individual data was contained in bulk data transfers. So from the released data register, we should look at what types of companies are using pseudonymous (so called ‘amber’ data), and assume our own data was indeed included.
Overseas Data Distribution and Protection
care.data, it was said at the Health Select Committee meeting by Mr.Kelsey in March, was only for use in the UK but the HES/SUS data application form includes a field for use overseas. So, does that mean policy for export has changed for all data, or should they have spoken more precisely meaning only that “GP data extracted in care.data” was only to be used in the UK?
Because IMS, again, already has access to primary data from CPRD and secondary care data according to line 10 from HES. And whilst, it states “[Note added 28/3: The data are onwardly released only in aggregate form] I am curious – where does ‘onward’ mean? There is no Ltd. on the company name, no territory or geography indicated in the register. So if data is released to an American firm, should we assume it sits on US servers and is accessed directly by their US staff? Does onward only restrict them from giving the raw, identifiable data they received, to others outside IMS? Is it availble in non-aggregate form inside the whole of the IMS system? I, in the general public, can’t tell from the register and IMS is hardly going to tell me. We should be able to find out. I’ve found it a challenge, and my FOI request to HSCIC [14] to find out what data may have been given to US or Asian organisations, was tougher than my entire lifetime of dental appointments combined. It shouldn’t be difficult. Patients should be able to easily ask, to whom did you give my health data and where, for what?
Do we know enough about the plans to use and commercially re-use our data for commercial ‘health purposes’ as being broadly defined in the Care Act? If not, patients should be asking. GPs don’t have time.
Why does it matter? Because legal jurisdiction of data is still (perhaps outdatedly) physically geographic at least in aspects with which I am familiar. When working on global implementations of confidential employment data, we had to gain legal advice from each territory submitting data, on how we should legally properly manage data from over 50 countries in the world and its access by regional and global teams in the US, Europe or Asia. And on simple terms, we should always handle, process and use data in a way the individual expects and feels common-sensed appropriate to the purpose for which it was submitted. British citizens are not protected by US privacy laws because they apply only to US citizens.
“Existing laws do not sufficiently address data brokers’ handling of sensitive data in marketing or risk mitigation contexts,”
says Julie Brill’s statement. Well they don’t protect us Brits, at all, so I want to know if it’s being used abroad.
Few in England, will expect their data to have been made as freely available at identifiable individual pathway level, as it appears to have been in recent years. Do I at least have the chance to protect my children’s future data privacy, if not my own now?
Surely we can trust Data Protection Laws?
Because of the legal status of data which is deemed “de-identified” or “anonymized”, it is claimed they don’t violate our rights to health information privacy – Data Protection law accords us only the right to fair processing, not to prevent its processing, due to the the Health and Social Care Act 2012 which requires its extraction — but if it’s possible to re-identify longitudinal data sets – and if the whole point of getting these data sets together is to combine them, surely common sense would say, it may be legal, but that doesn’t make it right. There are other DPA expectations which HSCIC also fails to meet. The Minimum data required, for example. Deletion. Accuracy. I am guessing that every single one of the eight Principles have been broken by our data extracted before the HSC Act 2012. Yet, everyone seems to be ignoring this.
When it comes to Data Protection, identifiable data is treated differently from anonymous data. Amber individual level ‘pseudonymous’ data, is not the same as aggregated anonymous statistics and the care.data privacy impact assessment [19] confirms the risk of re-identification, yet the data is being treated as if it is anonymous. I can’t believe people working in the field believe themselves these data groups should be looked on as being equal. In my opinion, it’s not so much a case of wearing rose-tinted spectacles, it’s more like a blindfold on the wise monkeys; hear no evil, see no evil. [20]
I can quite clearly state on behalf of many, we feel that our rights to privacy have been and continue to be violated, no matter what the letter of the law says.
Whilst HSCIC may see only its own data sharing practices in a silo, that’s not how the impact of its sharing works in real life. It’s a join the dots between different data sets from different sources.
Can Good Governance Give us Confidence?
We are told that data-sharing agreements make it illegal for the data to be combined with other data held by the recipient, to make it identifying. But if the Data Controller doesn’t know what data the company already has, and doesn’t even keep track of what data has been given to them already, it must be impossible for individuals within these massive corporations to know the impact of adding their piece of the jigsaw puzzle. Over time, they will not track either, what from their company has already gone into creating the Big Data picture.
We could only rely on release controls and good governance, but for the past ten years reported in HSJ and the Partridge Review, it appears some datasets have been inappropriately shared without audit, which would have spotted the mistake. Governance is simply inadequate. In my opinion, not with malicious intent. Rather, simply, the data sharing strategy has been too fast for its own good practices to keep up. Now, it has to catch up fast.
As awareness increases, so too is the push back on the privacy grab. How do we feel about losing our individual rights, the removal of confidentiality and consent, the right to freedom from cold-calling, and to know who has our data for what reasons. And do we feel the same if we lose those rights in the name of commercial or public interests?
The British public is pushing back on banking failures and resents increasingly to see the minority of individuals benefiting commercially at the expense of the many. We resent the paternal state definition of the ‘Public Good’.
The public interest considered by CAG in reviews of data release applications, must consider protecting both the public interest in research access to confidential patient data and the public interest in a confidential health service. Add to that the public interest of providing a national health service, and its safe to say ‘the public interest’ will be hard to satisfy for all of the people, all of the time and will be subjective.
“that the purpose for which the data will be used should be in the public interest and for the provision of health and care services; [and] that any approved processing must respect and promote the privacy of patients and care service users… ” (Hansard, 10 March 2014, Col.137)
Perhaps even more subjective, is the atmosphere of public interestand how interested the public is, in how how level decisions affect us on the ground. Certainly, Snowden and other data sharing revelations have coloured the muddy backdrop of how our data is gathered and used by others, and increased calls for transparency.
The Department of Health will be furious with the Home Office I expect this weekend, as they triggered a massive outcry over the perceived lack of transparency and scrutiny afforded to MPs and civil society over the Data Retention and Investigatory Powers Bill. Even Radio 2 gave it 20 minutes coverage. [22] (From 01:36.40) This kind of governmental out-of-touchness with the public and the perceived desire to hide something in the rush to the new legislation, is what undermines trust in all areas of the public-state relationship.
It implies a paternal notion, of “we know best, so just trust us little children.” Well, that ain’t gonna fly. Seahaven is not “the way the world should be.”
Patient empowerment to own our Health Records
This flawed process, within and beyond NHS data sharing, has also created a sense of loss and disempowerment. Whilst presentations are all about ‘patient centred’ care, and ‘personalised medicine’ sounds so about the individual patient, it seems safe to say patients have been left out of the digital decision making and sharing how those decisions will affect the public on the ground. This for care.data, should have been central to plans to ensure support and success. There are still unfilled positions supposed to be filled by patient organisations or patients on the tech board.
It seems endemic to new programmes too. Or have patient organisations been widely involved in the genomic plans for the nation and not told us? Unlikely.
The talk thus far, does not match the walk. Knowledgable patient involvement is as desired by some of those leading parts of NHS patient engagement, as a chocolate teapot is useful. One is documented having said on another programme, “this was not a suitable point for patient involvement.” Either you want patients involved or not. Involved means from the beginning. Not as the decoration at the end, a way to tick the engagement box.
The notional idea of patient empowerment in this programme is tokenism, if the most basic principle of care, the only thing I can control in my consultation – my patient confidentiality – is treated with such little respect.
Is the public good really defined and does it outweigh the private good and our long established rights of consent and confidentiality? Does it vary depending on circumstance and if so, who decides?
It certainly doesn’t seem to be us, the patients in healthcare. Nor as citizens in any other field of our personal data.
If you don’t pay for the product, you are the product
In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. Maybe we need to shout a bit louder, that we are not a product. We do not all want the knowledge of our health & lifestyle to be for sale.
We’ve got used to these third party uses through the recent media revelations and the acceptance that current Government seems to be prepared to sell anything the State has in its possession. I wonder how representative that is of what the people would choose to do?
So at the risk of repetition, let’s not forget the basics:
The list of past customers in the Partridge Review of those who received data before April 2013 shows the extent of what was hidden from us for twenty years.
Should we be asking, what may be hidden still?
By stretching the scope of the potential discussion around the ‘industrialisaton’ and use of our health records for secondary purposes, we must not normalise the basics which we at first, found so surprising. We need to get them fixed first. Then, only then, will patients be willing to look at broader future scope. If I can’t trust you to manage my hospital record when I broke an ankle, why would I want to trust you with my genomes in future? It reveals a complete disconnect at NHS England level with the public in care.data thinking.
Come back to reality and listen to patients’ real concerns. We don’t want our data given to third parties, these data brokers and intermediaries or to continue re-use licenses. Even if it’s for ‘the promotion of health’ the purposes in the Care Bill.
And honestly? NHS England and the Department of Health shouldn’t want that acceptable in policy either, because they need to know who has our data, to govern it to make sure it is acceptable. As Sir Nick says in his report, the future data governance must be:
“meticulous, fool-proof and solid as a rock”
One more big mistake in who received our data in the future, and all cards will be off the table. For this to work, you need to properly manage it. And all this at the time where NHS England has now decided to outsource population wide databases, through the Steria outsourcing. Ha. Get that outsourcing security wrong, and for all your future programmes, as Truman would say, “Good morning, and in case I don’t see ya: Good afternoon, good evening, and good night!”
In the words of more Americans for whom I have a respect & love of their self-determined own words, Simon and Garfunkel, ‘Slow down, you move too fast.’
Julie Brill’s Statement made a recommendation in the US:
“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”
We should feel that we consent to this mining of our health, wealth and lifestyles and know what is done with that knowledge. I feel disempowered because in finding out how my health data is used, I’ve discovered a brave new world of how my personal data is used. By commercial business. By Government. By suits and wonks as may be nicknamed. I am not equipped or informed enough to understand it all, but I’m doing my best to find out.
We need to trust in the people who manage these systems, who drive the policy and who advise the two, to work together and make technology work well for the rest of us. It should work well with privacy and security, and functionally.
Patients must speak up and Ask Questions
Patients must start asking more questions about these commercial uses and re-use licenses, because whilst the commercial intermediaries may access data for the purposes permitted in the Care Act, we are not a partner in patient engagement. Our data is being mined in the name of NHS improvement. Our samples being gathered in the name of science.
We are the product for sale. Our name, and everything else about us.
[3] Health Select Committee July 1st, 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/11192.html
[9] IMS Health Ardentia http://www.imshealth.com/deployedfiles/imshealth/Global/Content/Technology/Technology%20Platforms/Ardentia/Ardentia_Royal_Free_PLICS.pdf
[10] Experian Public Sector http://www.experian.co.uk/assets/identity-and-fraud/authenticate-for-public-sector.pdf
[17] IMS Health using NHS patient data http://www.imshealth.com/deployedfiles/ims/Global/Content/Solutions/Healthcare%20Analytics%20and%20Services/Healthcare%20Outcomes/IMS_HTI.pdf
“If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, to give it our support.”
“He that filches from me my good name, robs me of that which not enriches him, and makes me poor indeed.” William Shakespeare, Othello
I read this Shakespeare quote last week, not in the original but in the statement Data Brokers: A Call for Transparency and Accountability by US Commissioner of the Federal Trade Commission Julie Brill, May 27 2014. [1] . Since then I have tried to piece together a lay consumer understanding, of how this commercial data market works and how our health records fit in. Experts in data markets and many others will undoubtedly see how naïve it is. But by sharing my ordinary understanding as a mother who is thinking about the impacts of my shopping habits and upcoming care.data decision will have on my children’s future, perhaps I can highlight how trusting we are, and why those governing our data need to ensure the processes around our data are worthy of that trust.
The Commissioner begins:
“Data brokers gather massive amounts of data, from online and offline sources, and combine them into profiles about each of us. Data brokers examine each piece of information they hold about us – where we live, where we work and how much we earn, our race, our daily activities (both off line and online), our interests, our health conditions and our overall financial status – to create a narrative about our past, present and even our future lives. Perhaps we are described as “Financially Challenged” or instead as “Bible Lifestyle.”
Perhaps we are also placed in a category of “Diabetes Interest” or “Smoker in Household.” Data brokers’ clients use these profiles to send us advertisements we might be interested in, an activity that can benefit both the advertiser and the consumer. But these profiles can also be used to determine whether and on what terms companies should do business with us as individual consumers, and could result in our being treated differently based on characteristics such as our race, income, or sexual orientation. If data broker profiles are based on inaccurate information or inappropriate classifications, or used for inappropriate purposes, the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
In other words, organisations, which we may not know store our personal, sensitive or confidential data, use it to classify, segment and label us. In this environment when third parties it seems know more about us than we may know ourselves, it would seem prudent to want to control and understand what data is held by whom and how they use it. Especially, if in her words, “the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
This is why it matters what is being done at break-neck pace to extract and share our health records in England.
I believe we are not yet sufficiently aware of how our data is used by these intermediaries, and if we were, we’d be horrified. We are complicit consumers in how our data is used with minimal understanding. We’re prepared to unwittingly trade a little privacy with the supermarket, to get our discount vouchers through the post. But we don’t look beyond that to understand what price we are paying and how our commercial interests may be harmed, in much more significant ways than £10 discount or a Legoland entry may compensate. Just like our food, the public are complicit [2] in our own downfall, accepting the marketing spin. We don’t understand credit ratings [3] and risk scores, and even if we do, most consumers don’t know data brokers offer companies scores for other purposes unrelated to credit in an onward chain of reselling. Data can be inaccurate, we are unaware of how to manage or correct it, how we are labelled by it, what opportunities it may restrict as highlighted in the report. We should be better informed.
I’ve recently learned how these, “powerful cross-channel consumer classifications help companies understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [4] demonstrated by Experian.
That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. “Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…” I’ll go more into that later.
It has come to the attention of the general public, only in the last 6 months, that our hospital episode statistics (HES) and data from other secondary care sources, have been on sale in this consumer market. As I said in a previous post [5], a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries stated at that time, there was no legitimate or statutory basis to share at least ONS data [6] in that way for commercial purposes:
“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem…The panel identified this as a significant barrier to developing a vibrant market of information intermediaries.”
The HSCIC at that time saw a “vibrant market of information intermediaries, for commercial purposes” using our personal records as desirable and indeed, as Sir Kingsley Manning’s comments to the Health Select Committee demonstrate, in their DH handed-down policy remit.
In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included OmegaSolver [7] andHarvey Walsh [8].
Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace [9], now becoming normalised.
Through the press earlier this year, and the first data release register [10] we have come to understand in part, who is using it and at least in part, how. Aside from bone fide public health planners and health researchers, and the intermediaries using data for commissioning support tools, recipients include these commercial companies and third-party intermediaries exploiting the data as a commodity. Organisations which may buy raw data and sell it on, or process it and sell that data mined information onwards. Organisations after which, Chair Kingsley Manning told the Health Select Committee, [11] we have no idea whom all the end users may be. He indicated the progress that is needed and that HSCIC is already working on improvements, stating the view that “the process HSCIC inherited was no longer robust. ” Q285
“Kingsley Manning: I realise that, and may I come back to that? That is why, specifically with regard to the sets of data that are covered by data-sharing agreements, I took the view that the process that we inherited was no longer robust. We have therefore been in the process of changing the management and the processes, and we have voluntarily adopted a process of being much more transparent about the process and about the data releases we have made.
Q286Barbara Keeley: But what I was trying to get to was the concern. We are just looking for transparency and honesty here. On all the data that was previously released through these commercial reuse licences where there are end users—the question that the Committee wanted to put to you—you are unable to say what are the uses to which the data release under those licences may be put, what controls are in place and what information is provided—you don’t know. With the whole 13 years of the HES database and however many million records have gone out to one of these providers that then provides on to others—in the United States, this has involved putting up the data on Google cloud, and we are not sure of the security of that—you can’t say. You should admit it now. If you can’t tell us where all that data is and what all its uses are, it seems you can’t. You have already admitted that entirely commercial market uses—
Kingsley Manning: The control is through both the overriding regulations established within the Data Protection Act and the data-sharing agreements that we enter into with people, which specifically allow the reuse of data with safeguards with regard to anonymity.
Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.
Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.
Q288Barbara Keeley: So, just to be clear, audit is not going to be possible for all the uses and all the end users. The data is out there. You have licensed people to use it and other people to buy it, and there is no control over that—it is just out there.
Kingsley Manning: I don’t accept there is no control. There is control established in accordance with law and the regulations as they are today.
Q289Barbara Keeley: But you are not able to say who is using it and for what reason. You are not able to say that. There are end users out there.
Kingsley Manning: No, because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data to advance both the health and social care system in this country and the economy. If, for example, we supply pseudonymised data to a drug company to help it to develop a new drug, we do not know the end users beyond that organisation, but that is perceived as being a task and a function that we have. It is done in such a manner that the data is safe and secure, and is not identifiable back to an individual.
You may wish to change the base upon which we act. We absolutely welcome the suggestion that we should submit these to the confidentiality advisory group. We have identified a number of cases where we think its guidance would be very helpful, including in this area. We would absolutely welcome that, but I am afraid we cannot make up the rules that we act by.”
This is what concerns me, if the purposes and permissions granted for care.data are to be defined by the reason why recipients get data for the “promotion of health ” [12] and that their worthiness to receive data is based on, a wooly, undefined notion of whether it will improve care or promote health. It cannot be transparently judged if many users of data are intermediaries with re-use licences, if even the HSCIC doesn’t know who all the end users are, and does not routinely audit them. Nor can anyone know how identifiable therefore the accumulated data sets may be.
If HSCIC does not track each release, each time, each recipient receives data, how do they know every time a new request is granted, how much of the jigsaw puzzle for any given individual, is left to complete?
If you don’t know who they are, how can you govern them and what they do with our data? How on earth can anyone judge how they will be for purposes in the Care Bill 2014 of:
(a)the provision of health care or adult social care, or
(b)the promotion of health.
How can the data controllers judge whether that release, together with all the data these companies already hold, will not do us ‘significant harm’ in the words of Commissioner Brill, of the Federal Trade Commission? Will it not by its nature of labels discriminate against segments of our society, whom the data owners select, based on information beyond our visibility or control? Is society which is segmented and stratified at risk of every increasing inequality? Disability groups for example, may feel at increased risk of stigma or exclusion. David Gillon [13] addresses this in his post here. How can individuals determine if releasing our data to these companies is in our own, or the public interest [14]?
Impossible if we don’t know who they are, and we don’t know what they already hold. A model which is hardly transparent nor conducive to trust.
Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told this week, that the data controller, the Health and Information Centre, does not know. We can then only surmise, if our individual data was contained in pseudonymous bulk data transfers in which there remains ‘a latent risk’ of identification. So from the released data register, we should look at what types of companies are using pseudonymous data. We are also told that penalties may be imposed, or even ‘one strike and you’re out’ for misuse of data. Until now at least without robust audit procedures, I believe we’d never know. So how could data be better secured?
There is talk of a ‘fume cupboard’ access, [15] or giving customers data only in query format, instead of giving out raw chunks of the database. But the Care Bill certainly didn’t legislate for any changes in those types or indeed any governance procedures. We can only wait and see if talk becomes reality and how we can trust it becomes a secure policy and stays so, after we entrust our data. There is no delete button after all.
The Secretary of State wrote on April 25th [16], asking to ensure current practices are up to the task, but as polite as it is, a letter is no form of governance. On June 12th, HSJ [17] reported that the HSCIC has ordered a significant number of trusts to “promptly” delete a series of datafields, which it claims could put patients at risk of being identified, because some of the information in “secondary uses service” that they had submitted to the agency had been entered in an incorrect way over ten years. The good news in this, is it would appear progress is being made in audit, and these errors are being addressed.
However, it highlights the issue created when you release raw data beyond your control. It will mean that organisations who should not have received data, did. How now is that data to be removed from information into which it has become? It will now no longer be raw numbers, but be in graphs, comparative studies and have been inexorably merged with other data. Unlike Cinderella’s carriage, it’s not an automatic process that the raw materials, the data, returns to its previous state after it has become enhanced, turned into business intelligence. The raw files may be traced, removed and deleted, but the knowledge it has turned into, will be almost impossible to find and delete. The links between the two may have disappeared into thin air. Harder to find, than the owner of the glass slipper. An impossible audit trail.
An audit process on leaving the trusts and upon arrival at HSCIC and on leaving HSCIC – at least a three place checkpoint – is what I would have been familiar with in the past for payroll & personal data. It seems that audit procedures for our health records, have just not kept up with the speed at which the data has been sent out on the open seas, and there has been no audit.
“Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.
Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.”
It’s not to say there are no controls. We are told that data sharing agreements prevent data provided being matched with other data held, which prevents making individuals identifiable. However, as I’ll look at in my next post, I don’t think it even has to get the the person level to be sufficiently identifiable as to be discriminatory. The segmenting of society at group level, at household level, with detailed understanding of our behaviours, is sufficient, aside from the identifiable individual level data these companies hold for identity verification and so on. When companies extract and store raw data, we have no idea where and with whom it lands up. I’ve been completely surprised by what I have learned in the last few weeks how these third parties use our data.
The current controls around and governance of our health data remains unchanged by the Care Bill. Through policy, law and directions the HSCIC has
…”licensed people to use it and other people to buy it, and there is no control over that.” [12]
As Sir Manning said,
…”because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data”
Controls may be in line with policy and the law, but I believe it simply hasn’t kept up with the functional need for a decent governance framework.
Julie Brill’s Statement made a recommendation:
“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”
Accountability in the UK of these data brokers seems quite absent in real terms, unknown to the public at large.
The same core issue identified by Julie Brill in the US, lack of informed consent. If we don’t know you have it, how can we ask to check if it’s correct or who uses it? In an era of borderless electronic data transfers, we should seek to put in place the highest standards as common denominators, and in terms of privacy, there are lessons worth learning from the US actions post Snowden which in the UK, we have not yet begun.
If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, and will stay so in future, to give it our support. Well governed data is more likely to get our trust, therefore our consent and be of better quality for buyers.
We must also not forget to clarify why it is our records are needed in the broad and undefined care.datascope that we still have not seen pinned down. Is the public good really defined for care.data and does it outweigh the private long established rights of consent and confidentiality? Do we trust these commercial company uses to do “no harm” as the US Commissioner of the Federal Trade Commission examined?
…”the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
When we visit a medic we are vulnerable, ill or in need of help. We entrust our knowledge in confidence, and trust it will be used for our care. A whole hotchpotch of other indirect uses, including commercial exploitation is not what we expect. We need to trust the data we give away to local staff, is processed appropriately all the way up the data chain, when it is stored, when it is released and beyond. For now at least, it appears citizens can only control the one point at which we first give our data up. After that, we have faith that those governing our data ensure the processes around its management are worthy of that trust. The governance processes that go beyond the HSCIC control, will directly influence that trust, and our care.data decision to object, or not.
For citizens to see this still precarious commercial hull, and trust that our innermost confidences should be safe within it, is stretching our trust, just a little too far. The knowledge of our health and lifestyle should not be commercially exploited in this uncontrollable marketplace by data brokers without our knowledge and consent. Health data is on the cusp of including more widespread biomedical data. In my children’s lifetime that may be a whole new era of data management to contend with. For now, all this intensive data mining may be much more than we already imagined and we should carefully consider how society will be affected if it includes every aspect of our health and lifestyle data. It may be yet another aspect of individual surveillance more than society can stand.[18]
The care.data storm may not yet be over.
*****
In part three on commercial uses, I’m going to explore, from my lay perspective, on how some of these intermediaries and data processing companies, use data concretely in practice. As Julie Brill says how these intermediaries, “create a narrative about our past, present and even our future lives.”
[2] Food Marketing film by Catsnake with Actress Kate Miles via Upworthy http://www.upworthy.com/no-one-applauds-this-woman-because-theyre-too-creeped-out-at-themselves-to-put-their-hands-together
[7] 17th March Omega Solver in the Guardian, by Randeep Ramesh http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care
[8] 16th March Harvey Walsh in the Sunday Times by Jon Ungoed-Thomas ‘healthcare intelligence company, has paid for a database’ http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece
[14] Public vs Private interest – Dr. M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed
[17] Health Service Journal, June 12th, Nick Renaud-Komiya, http://www.hsj.co.uk/news/trusts-ordered-to-delete-incorrect-data/5071902.article?blocktitle=News&contentID=8805
[18] John Naughton, Observer 8th June, http://www.theguardian.com/technology/2014/jun/08/big-data-mined-real-winners-nsa-gchq-surveillance
As a mother, I want to know that my children’s personal data, when it is collected by any organisation, will be kept safe and used in ways I would expect. I see it as my responsibility safeguarding my children today, to also think of their future.
We should seek to protect the fundamentals in the Universal Declaration of human rights for all:
Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment.
In effect, these basic human rights seek to prevent discrimination and interference.
But it feels as though the world around us in England has gone mad. Risking stigma, discrimination, giving our kids’ personal information quite freely away and with it, their future autonomy.
Here’s five recent case studies and why they fail our young people.
The Department of Education’s National Pupil Database & Personal Demographics Service What About Youth is reportedly using contact details directly from the Personal Demographic Service (PDS) data stored at HSCIC and the schools’ database, the Department of Education’s National Pupil Database, and giving them to IPSOS Mori, the poll research organisation to carry out the What About Youth? study on behalf of the Health and Social Care Information Centre, funded by the Department of Health. To contact our 14-16yr olds directly.
“Your contact details were taken from NHS Registration data, held by the Health and Social Care Information Centre and the Department of Education’s National Pupil Database, which contains details of every pupil in England. The NHS Registration data has been used as it is a reliable source of details such as name, address, date of birth and NHS Number. It does not include any medical data so we don’t know anything about any illnesses or conditions you have had or received treatment for. We have received approval to use your contact details only for this study. We won’t be using them for any other purpose, nor will we share them with anyone else. “
I don’t know that any parent would find that an expected use of their personal contact details to be contacted by the third party directly.
How is the questionnaire coded I wonder, whilst “the answers will not have the child’s name and address on, so no-one who sees them will know whose they are,” the “aim of the study is to make it easier for doctors, nurses and local authorities to help young people.” So it would appear Local Authority is going to be coded at least. And your individual postcode. And child’s age and gender and ethnicity and more.
If the child (14-16yr olds) agrees to being re-contacted, I would want to know as a parent exactly how, when and for what. But parents are encouraged not to influence the child completing the form, so we may never know. The survey asks about all sorts of insecurities, not all of which I believe every 14 year old will have yet considered. Is it right that the State should intrude with these topics into my child’s private time and thoughts? The content deserves scrutiny from parents before the children are involved. At least, not done in school, we get a letter and know about it at home.
But how can the project ethically ask my child to give their consent to share intimate details not only about themselves but about our whole household and potentially agree to future contact, whilst expressly asking me not to be involved in the decision?
I wonder how pupils will feel whose parents suggest they would prefer their child does not complete it?
Surely if the Department of Education’s National Pupil Database is obligatory it should not assume OK to give out personal contact details to anyone? Some families choose to be ex-directory. Does the cross-purposes use of the Personal Demographics Service make that now impossible?
Should our children and parents, who trust that their personal details are used for registering for the basic rights of health and education, not be allowed to trust those contact details are held in confidence, rather than shared with third parties?
What is the government thinking about, as it manages our young people’s data privacy?
The National Citizen Service and Health Data stored at the Health and Information Centre
While I was looking more closely at the DAAG (HSCIC) minutes this week as related to care.data, I looked at the approval for consent advice and request for future data linkage with the National Citizen Service (NCS) project, open to all 16 and 17-year-olds in England. The request checked that the consent was appropriate for future sharing of Mental health and Hospital Records with the Cabinet Office.
While I was at it, I took a look a close look at the NCS sign up process. At the bottom of the online register in small print was the required check box to proceed:
I agree to my personal data being stored, shared and used by the NCS Trust and other organisations to inform me of NCS and graduate opportunities and to support the delivery of NCS and its graduate programme. I agree to the NCS Terms & Conditions and Privacy Policy.
Then you need to click down twice, to the T&C and Privacy Policy.
From the Terms&Conditions we need to take another step:
Information about you : We will never pass any details you provide to us on to anyone other than those specified in our privacy policy.
You also need to go to the separate Privacy Policy. which turns out stating there is virtually nothing private about managing your personal data after you enquire at all – but is in fact a ‘Data Sharing Policy’:
“By submitting the Expression of Interest form you agree to your personal data being stored, shared and used by the NCS Trust (the data controller) and the following organisations: NCS contractors and their sub-contractors, government bodies, strategic partners of NCS, fraud detection organisations, organisations supporting the delivery of NCS or other organisations (including any organisation running or supporting all or part of NCS in the future).”
You must agree or cannot proceed with the application.
Where does the consent to link to a child’s medical Mental Health and Hospital records get asked I wonder? Does it get expressly asked later in the project or on paper because it does not get asked online in the Young Person nor the Adult/Guardian’s sign up. Is this the consent process the DAAG approved? Is it just meant to be included in the blanket “government bodies”? Perhaps the wording is still to be amended?
Sign the child (and your own ‘Guardian’ details) up for NCS and there is no choice but to accept that data sharing agreement. You must accept it to sign up for the programme but there is an open ended who, when and for what in the blanket consent …”supporting all or part of NCS in the future.” The NCS sign-up and consent doesn’t explicitly mention sharing data with named sub-contractors anywhere either.
The charities involved may do great work. But why Serco? Is this the organisation that we would wish to be managing our young people’s personal data? Think I agree with Navca on this one. By signing away rights …”in the future,” we have no idea WHO will own the data later.
Should our children who need this NCS programme most, not be allowed to particpate unless their personal and potentially medical details go to all these unknown future places?
At a time when teen deaths from alcohol consumption often mixed with energy drinks appear regularly in the news, it is highly irresponsible to me as a parent, to know that a commercial company promoted new energy drinks by sending cans to 17,500 selected students in order to create a “social media buzz”. I know from my own experience, university is often the place we are first exposed to a regular bar life. And so does business.
This goes far beyond the scope of what our teens signing up should expect their data to be used for. Who will decide what products and what uses of data will be acceptable in future?
I am fed up of these blanket consent approaches which deny a service unless we also sign away the knowledge of our personal habits and preferences for others to commercially exploit.
This mixing of purposes in which data privacy is to one’s disadvantage, is an abuse of trust. And it is the importance of trust and exploiting mixed purposes, which for me, has been so starkly highlighted in the management of our medical records.
Dental Service – the NHS Business Service Authority
When I signed the form to pay for my recent dental treatment I read the small print. The Dental Admin Assistant shared my surprise to find that the data processing takes place outside the UK, and requires data sharing with processors in ‘India or Sri Lanka.” WHO WILL USE IT WHERE and FOR WHAT PURPOSES? I am required to sign the form to agree to pay for my treatment. It gives permission to share with Dept of Work and Pensions, HM Revenue and Customs, local authorities and CCGS (then PCTs). But why should the one signature to bind them all, mean sending my personal confidential data abroad, outwith EU data laws even?
Is there fair processing on this form, does it indicate properly for what purposes the wide ranging bodies will be given access? Surely they don’t all need it for “fraud prevention and to ensure correctness” about my dental check up?
If the government bodies are all working together and can share data at will under these blanket assumptions, without our explicit consent or knowledge, then a great number of people will be rightly concerned. I am concerned by powers this Memorandum gives NHS Protect and the Border Agency from 2011 and I am a legitimate resident. ” To provide a centre of excellence for NHS anti-crime work by applying a strategic, coordinated and intelligence led approach.” I only went for a scale-and-polish!
This default to wide sharing seems to be increasingly seen as the norm. Surely it should be assumed that the minimum data should be shared with the minimum necessary recipients? Current policies seem to have confused a drive for Open Data with giving away our privacy.
How could it be done differently?
If I sign a form to pay for my dental treatment, surely it should be only that. If you want other permissions, ask in other check boxes. I believe our NHS should be managing our NHS data within our borders, but that is a separate debate.
This blanket consent approach excludes the service unless you are happy to give open ended access to your personal data to Government and its contractors.
Should I not be allowed to have NHS dental treatment, for which I pay on completion, unless my personal details go to all these other places?
Let’s consider an alternative. Enable the ability to say yes to paying for my treatment, without sharing fully identifiable data with other government bodies or sending it abroad.
It is one thing to share truly anonymised data. And quite another to extract identifiable personal details for at minimum ten years or longer. Time limit the consent.
If the 14-16yr old on the What About Youth questionnaire agrees to ‘future contact’ they presumably are agreeing to having identifiable data and contact data kept with their answers, to enable that future contact.
If children agree to the NCS blanket sign up, they are signed up for an unspecified time. These sign ups remove our children’s autonomy later in life, and they can never get it back.
Right now, I wouldn’t let my children’s personal data anywhere near any of these systems if I wanted to retain any future control of it at all. But do I have a choice? My children are in school, and that will mean in the Department of Education’s National Pupil Database. And they will have NHS records. I see some subject access requests ahead.
Given past historical purposes of the ONSET project at the Home Office, Contact Point and DWP I would want to keep my kids’ data free from all of these. Some may ask, why does it matter?
Because this joining up of services is interweaving systems whose aim is on the one hand compassion and care, with those on the other which are punitive and controlling. Their aims are not aligned. And inevitably it is the systems which shout loudest, under any government of the day, whose opinion tips the balance of purpose and decision making. And recent claims of micro managing in Health show, top down control usually wins.
Because I believe the earlier we label our children the harder it is for them to become anything more. Inevitably labels shape expectations. Not only for the individual but those who interact with them. It is only the very best educators and social care staff or police or medics who manage to put those aside and see the individual in each episode of contact. The future intent for care.data is integration of data sharing between medical contact, social care and education, under local authorities, health and wellbeing boards and more. How far would the impact of one wrong label spread in a child’s lifetime, in different places?
Because our children should enter adulthood with as few restrictions placed upon their development and self-determination as possible. Even, I would argue, those children who need the contact with all those organisations. I could argue, all the more so, precisely because they have those extra needs and contact. They may need excellent care and transition between youth and adult services. They need it facilitated first and foremost by qualified individuals who are trusted to do the job they trained for and have a vocational passion to complete. Yes the staff need data, but proportionate to the individual need, for the time period it is needed. We need to protect the extra vulnerable in many extra ways.
And we also need to protect the fundamentals in the Universal Declaration of human rights for all. Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment. In effect, these basic human rights seek to prevent discrimination and interference.
Our young people don’t care about the risks of personal data sharing?
Our young people are more savvy than we give them credit for. In a world of shared selfies and social media, it can be wrongly assumed that they are careless with their own privacy. This Electronic Patient Records work run by the Academy of Engineering in 2010, with support from the Wellcome Trust, came out with a report and seven key questions p.39 which are very pertinent today. The young people identified themselves the risks of prejudice and discrimination. The concerns they raise are no different from concerned adults. Our young people are switched on to the risks of personal data sharing.
When it comes to our children’s data, organisations should be going the extra mile to be transparent. I believe they should carefully consider how the public will perceive anything that looks hidden. Consents should be all up front on the top layer of sign up forms. One consent per sentence. If you want to contact my children, ask me first. And if you offer a public service, would you consider first not piggy-backing a commitment to sharing with other bodies or commercial companies on to the consent package?
Why these blanket consents fail our children
These blanket consents are ubiquitous in modern data sharing, from the obvious supermarket sign ups, to which even David Cameron does not consent, to the totally surprising in education and health. Yet he happily signed us up under a blanket assumed opt in to be ‘willing research patients.’ This mixing of purposes under one blanket consent, in which looking after your data privacy is to one’s disadvantage, or criticised as selfish, is an abuse of trust. And an abuse of our children’s future freedoms. They fail to give proper governance of who will own the data once shared. They fail to give proper information of what it may be used for. And they fail to clearly limit the time period for which the consent is given, and after which data will be destroyed.
Not only trust, but the needs of genuine purposes in the public interest are undermined by mixing all these purposes into one consent. Worse still, assuming yes for all these conflated uses unless you opt out.
If there had been singular purpose, care.data would have been easier to understand and less likely to have failed to win our support.
I for one, am fed up with blanket consent. We can do it differently. We can do better for our children.