Has human value become not just politically acceptable, but politically valuable?
Paul Bernal in his blog addressed the subject which has been on my mind, ‘Valuing the Human’ and explored the idea, ‘Many people seem to think that there isn’t any value in the human, just in certain kinds of human.’
Indeed, in recent months there appears to be the creation of a virtual commodity, making this concept of human value “not just politically acceptable, but politically valuable.” The concept of the commodity of human value, was starkly highlighted by Lord Freud’s recent comments, on human worth. How much a disabled person should earn was the focus of the remarks, but conflated the price of labour and human value.
European Rights undermined
Given the party policy announcements and the response by others in government or lack of it, it is therefore unsurprising that those familiar with human rights feel they will be undermined in the event that the policy proposals should ever take effect. As the nation gears up into full electioneering mode for May 2015, we have heard much after party speeches, about rights and responsibilities in our dealings with European partners, on what Europe contributes to, or takes away from our sovereignty in terms of UK law. There has been some inevitable back-slapping and generalisation in some quarters that everything ‘Europe’ is bad.
Whether or not our state remains politically within the EU may be up for debate, but our tectonic plates are not for turning. So I find it frustrating when politicians speak of or we hear of in the media, ‘pulling out of Europe’ or similar.
This conflation of language is careless, but I fear it is also dangerous in a time when the right wing fringe is taking mainstream votes and politicians in by-elections. Both here in the UK and in other European countries this year, far right groups have taken significant votes.
Poor language on what is ‘Europe’ colours our common understanding of what ‘Europe’ means, the nuances of the roles organisational bodies have, for example the differences between the European Court of Human Rights and the European Court of Justice, and their purposes are lost entirely.
The values imposed in the debate are therefore misaligned with the organisations’ duties, and all things ‘European’ and organisations are tarred with the same ‘interfering’ brush and devalued.
Human Rights were not at their heart created by ‘Europe’ nor are they only some sort of treaty to be opted out from, [whilst many are enshrined in treaties and Acts which were, and are] but their values risk being conflated with the structures which support them.
“A withdrawal from the convention could jeopardise Britain’s membership of the EU, which is separate to the Council of Europe whose members are drawn from across the continent and include Russia and Ukraine. Membership of the Council of Europe is a requirement for EU member states.” [Guardian, October 3rd – in a clearly defined article]
The participation in the infrastructure of ‘Brussels’ however, is convenient to conflate with values; a loss of sovereignty, loss of autonomy, frivoulous legislation. Opting out of a convention should not mean changing our values. However it does seem the party attitude now on show, is seeking to withdraw from the convention. This would mean withdrawing the protections the structure offers. Would it mean withdrawing rights offered to all citizens equally as well?
Ethical values undermined
Although it varies culturally and with few exceptions, I think we do have in England a collective sense of what is fair, and how we wish to treat each others as human beings. Increasingly however, it feels as though through loose or abuse of language in political debate we may be giving ground on our ethics. We are being forced to bring the commodity of human value to the podium, and declare on which side we stand in party politics. In a time of austerity, there is a broad range of ideas how.
Welfare has become branded ‘benefits’. Migrant workers, ‘foreigners’ over here for ‘benefit tourism’. The disabled labeled ‘fit for work’ regardless of medical fact. It appears, increasingly in the UK, some citizens are being measured by their economic material value to contribute or take away from ‘the system’.
I’ve been struck by the contrast coming from 12 years abroad, to find England a place where the emphasis is on living to work, not working to live. If we’re not careful, we see our personal output in work as a measure of our value. Are humans to be measured only in terms of our output, by our productivity, by our ‘doing’ or by our intrinsic value as an individual life? Or simply by our ‘being’? If indeed we go along with the concept, that we are here to serve some sort of productive goal in society on an economic basis, our measurement of value of our ‘doing’, is measured on a material basis.
“We hear political speeches talking about ‘decent, hardworking people’ – which implies that there are some people who are not as valuable.”
I strongly agree with this in Paul’s blog. And as he does, disagree with its value statement.
Minority Rights undermined
There are minorities and segments of society whose voice is being either ignored, or actively quietened. Those on the outer edge of the umbrella ‘society’ offers us, in our collective living, are perhaps least easily afforded its protections. Travelers, those deemed to lack capacity, whether ill, old or young, single parents, or ‘foreign’ workers, to take just some examples.
I was told this week that the UK has achieved a first. It was said, we are the first ‘first-world’ country under review by the CPRD for human rights abuse of the disabled. Which cannot be confirmed nor denied by the UN but a recent video indicated.
This is appalling in 21st century Britain.
Recently on Radio 4 news I heard of thousands of ESA claimantsassigned to work, although their medical records clearly state they are long term unfit.
The group at risk highlighted on October 15th in the Lords, in debate on electoral records’ changes [col 206] is women in refuges, women who feel at risk. As yet I still see nothing to assure me that measures have been taken to look after this group, here or for care.data.{*}
These are just simplified sample groups others have flagged at risk. I feel these groups’ basic rights are being ignored, because they can be for these minorities. Are they viewed as of less value than the majority of ‘decent, hardworking people’ perhaps, as having less economic worth to the state?
Politicians may say that any change will continue to offer assurances:
“We promote the values of individual human dignity, equal treatment and fairness as the foundations of a democratic society.”
But I simply don’t see it done fairly for all.
I see society being quite deliberately segmented into different population groups, weak and strong. Some groups need more looking after than others, and I am attentive when I hear of groups portrayed as burdens to society, the rest who are economically ‘productive’.
This stance features often in the media discussion and in political debate, on health and social care. DWP workfare, JSA, ‘bedroom tax’ to name but a few.
How undermining Rights undermines access
So, as the NHS England five year forward plan was announced recently, I wonder how the plan for the NHS and the visions for the coming 5 year parliamentary terms will soon align?
There is a lot of talking about plans, but more important is what happens as a result not of what we say, but of what we do, or don’t do. Not only for future, but what is already, today.
Politically, socially and economically we do not exist in silos. So too, our human rights which overlap in these areas, should be considered together.
Recent years has seen a steady reduction of rights to access for the most vulnerable in society. Access to a lawyer or judicial review has been made more difficult through charging for it. The Ministry of Justice is currently pushing for, but losing it seems their quest in the Lords, for changes to the judicial review law.
If you are a working-age council or housing association tenant, the council limits your housing benefit claim if it decides you have ‘spare’ bedrooms. Changes have hit the disabled and their families hardest. These segments of the population are being denied or given reduced access to health, social and legal support.
Ethical Values need Championed
Whilst it appears the state increasingly measures everything in economic value, I believe the public must not lose sight of our ethical values, and continue to challenge and champion their importance.
How we manage our ethics today is shaping our children. What do we want their future to be like? It will also be our old age. Will we by then be measured by our success in achievement, by what we ‘do’, by what we financially achieved in life, by our health, or by who we each are? Or more intrinsically, values judged even, based on our DNA?
Old age brings its own challenges of care and health, and we are an aging population. Changes today are sometimes packaged as shaping our healthcare fit for the 21st century.
I’d suggest that current changes in medical research and the drivers behind parts of the NHS 5YP vision will shape society well beyond that.
We have a universal human right to healthcare for all
We have a free-at-the-point-of-provision National Health Service in England, how will the plan maintain that and at the same time,
We expect science and technology in medicine to drive forward improvements in life quality, care and treatments.
What restrictions do we place on value and how are moral and material values to play out together? Are they compatible or in competition?
Because there is another human right we should remember in healthcare, that of striving to benefit from scientific improvement.
This is an area in which the rights of the vulnerable and the responsibilities to uphold them must be clearer than clear.
In research if Rights are undermined, it may impact Responsibilities for research
I would like to understand how the boundary is set of science and technology and who sets them on what value basis in ethics committees and more. How does it control or support the decision making processes which runs in the background of NHS England which has shaped this coming 5 year policy?
It appears there are many decisions on rare disease, on commissioning, for example, which despite their terms of reference, see limited or no public minutes, which hinders a transparency of their decision making.
The PSSAG has nothing at all. Yet they advise on strategy and hugely significant parts of the NHS budget.
Already we see fundamental changes of approach which appear to have economic rather than ethical reasons behind them. This in stem-cell banking, is a significant shift for the state away from the absolute belief in the non-commercialisation of human tissue, and yet little public debate has been encouraged.
There is a concerted effort from research bodies, and from those responsible for our phenotype data {*}, to undermine the coming-in-2015, stronger, European data protection and regulation, with attempt to amend EU legislation in line with [less stringent] UK policy. Policy which is questioned by data experts on the use of pseudonymisation for example.
How will striving to benefit from scientific improvement overlap with material values of ‘economic function’ is clear when we hear often that UK Life Sciences are the jewel in the crown of the UK economy? Less spoken of, is how this function overlaps with our moral values.
“We’ve got to change the way we innovate, the way that we collaborate, and the way that we open up the NHS.” [David Cameron, 2011]
“By creating these coloured paper cut-outs, it seems to me that I am happily anticipating things to come…I know that it will only be much later that people will realise to what extent the work I am doing today is in step with the future.” Henri Matisse (1869-1954) [1]
My thoughts on the care.data advisory event Saturday September 6th. “Minority voices, the need for confidentiality and anticipating the future.”
Matisse when he could no longer paint, took to cutting shapes from coloured paper and pinning them to the walls of his home. To start with, he found the process deeply unsatisfying. He felt it wasn’t right. Initially, he was often unsure what he would make from a sheet. He pinned cutouts to his walls. But tacking things on as an afterthought, rearranging them superficially was never as successful as getting it right from the start. As he became more proficient, he would cut a form out in one piece, from start to finish. He could visualise the finished piece before he started. His later work is very impressive, much more so in real life than on screen or poster. His cut outs took on life and movement, fronds would hang in the air, multiple pieces which matched up were grouped into large scale collections of pieces on his walls. They became no longer just 2D shapes but 3D and complete pictures. They would tell a joined-up story, just as our flat 2D pieces of individual data will tell others the story of our colourful 3D lives once they are matched and grouped together in longitudinal patient tracking from cradle to grave.
Data Confidentiality is not a luxury
From the care.data advisory meeting on September 6th, I picked out the minority voices I think we need to address better.
In addition to the minority groups, there are also cases in which privacy, for both children and adults, is more important to an individual than many of us consider in the usual discussion. For those at risk in domestic violence the ability to keep private information confidential is vital. In the cases when this fails the consequences can be terrible. My local news told this week of just such a woman and child whose privacy were compromised.
“It is understood that the girl’s mother had moved away to escape domestic violence and that her ex-partner had discovered her new address.” (Guardian, Sept 12th)
This story has saddened me greatly. This could have been one of my children or their classmates.
These are known issues when considering data protection, and for example are addressed in the RCGP Online Roadmap (see Box 9, p20).
“Mitigation against coercion may not have a clear solution. Domestic violence and cyberstalking by the abuser are particularly prevalent issues.”
Systems and processes can design in good privacy, or poor privacy, but the human role is a key part of the process, as human error can be the weakest link in the security chain.
Yet as regards care.data, I’ve yet to hear much mention of preventative steps in place, except an opt out. We don’t know how many people at local commissioning levels will access how much of our data and how often. This may go to show why I still have so many questions how the opt out will work in practice, [5] and why it matters. It’s not a luxury, it can be vital to an individual. How much of a difference in safety, is achieved using identifiable vs pseudonymised data, compared with real individual risk or fear?
“The British Crime Survey (BCS) findings of stalking prevalence (highest estimate: 22% lifetime, 7% in the past year) give a 5.5% lifetime risk of interference with online medical records by a partner, and a 1.75% annual risk.”
This Online Access is for direct care use. There is a greater visible benefit for the individual to access their own data than in care.data, for secondary uses. But I’m starting to wonder, if in fact care.data is just one great big pot of data and the uses will be finalised later?Is this why scope is so hard to pin down?
The slides of who will use care.data included ‘the patient’ at this 6th September meeting. How, and why? I want to have the following explained to me, because I think it’s fundamental to opt out. This is detailed, I warn you now, but I think really important:
How does the system use the Opt out?
If you imagine different users looking at the same item of data in any one record, let’s say prescribing history, then it’s the security role and how the opt out codes work which will determine who gets to see what.
I assume here, there are not multiple copies of “my medications” in my record. The whole point of giant databases is real-time, synched data, so “my medications” will not be stored in one place in the Summary Care Record (SCR) and copied again in ‘care.data’ and a third time in my ‘Electronic Prescription Service (EPS). There will be one place in which “my medications” is recorded.
The label under which a user can see that data for me, is their security role, but to me largely irrelevant. Except for opt out.
I have questions: If I opt out of the SCR programme at my GP, but opt in at my pharmacy to the EPS, what have I opted in to? Who has permission to view “my medications” in my core record now? Have I created in effect an SCR, without realising it?
[I realise these are detailed questions, but ones we need to ask if we are to understand and inform our decision, especially if we have responsibility for the care of others.]
If I want to permit the use of my record for direct care (SCR) but not secondary uses (care.data) how do the two opt outs work together, and what about my other hospital information?
Do we understand what we have and have not given permission for and to whom?
If there’s only one record, but multiple layers of user access who get to see it, how will those be built, and where is the overlap?
We should ask these questions on behalf of others, because these under represented groups and minorities cannot if they are not in the room.
Individuals and minorities in our community may feel strongly about maintaining privacy, for reasons of discrimination, or of being ‘found out’ through a system which can trace them. For reasons of fear. Others can’t always see the reasons for it, but that doesn’t take away from the value it has for the person who wants it or their need for that human right to be respected. How much is it worth?
It seems the more we value keeping data private, the more the cash value it has for others. In 2013, the FT created a nifty calculator and in an interview with Dave Morgan, reckoned our individual data is worth less than $1. General details such as age, gender and location are in the many decimal place range of fractions of a cent. The more interesting your life events, the more you can add to your data’s total value. Take pregnancy as an example. Or if you add genomic data it goes up in market value again.
Whilst this data may on a spreadsheet be no more than a dollar amount, in real life it may have immeasurably greater value to us on which you cannot put a price tag. It may be part of our life we do not wish others to see into. We may have personal or medical data, or recorded experiences we simply do not want to share with anyone but our GP. We might want a layered option like this suggestion by medConfidential to allow some uses but not others. [6]
In this debate it is rare that we mention the PDS (Personal Demographic Service), which holds the name and core contact details of every person with and NHS number past and present, almost 80 million. This is what can compromise privacy, when the patient can be looked up by any A&E, everyone with Summary Care Record access on N3 with technical ability to do so. It is a weak link. The security system relies on human validations, effectively in audit ‘does this seem OK to have looked up?’ These things happen and can go unchecked for a long period without being traced.
Systems and processes on this scale need security designed, that scales up to match in size.
Can data be included but not cut out privacy?
Will the richness of GP record / care.data datasharing afford these individuals the level of privacy they want? If properly anonymised, it would go some way to permitting groups to feel they could stay opted in, and the data quality and completeness would be better. But the way it is now, they may feel the risks created by removing their privacy are too great. The care.data breadth and data quality will suffer as a consequence.
The requirement of care.data to share identifiable information we may not want to, and that it is an assumed right of others to do so, with an assumed exploitation for the benefit of UK plc, especially if an opt-out system proceeds, feels to many, an invasion of the individual’s privacy and right to confidentiality. It can have real personal consequences for the individual.
The right to be open, honest and trusting without fear of repercussion matters. It matters to a traveller or to someone fleeing domestic violence with fears of being traced. It matters to someone of transgender, and others who want to live without stigma. It matters to our young people.
My favourite exhibition piece at Tate Britain is still Barbara Hepworth’s [3] Pelagos from 1946. It is artistically well reviewed but even if you know little of art, it is simply a beautiful thing to see. (You’re not allowed to touch, even though it really should be, and it makes you want to.) Carved from a single piece of wood, designed with movement, shape, colour and shadow. It contains a section of strings, a symbol of interconnectivity. (Barbara Hepworth: Pelagos[4]). Seen as a precious and valuable collection, the Hepworth room has its own guard and solid walls. As much as I would have liked to take pictures, photography was not permitted and natural light was too low. Visitors must respect that.
So too, I see the system design needs of good tech. Set in and produced in a changing landscape. Designed with the view in mind of how it will look completed, and fully designed before the build began, but with flexibility built in. Planned interconnectivity. Precise and professional. Accurate. And the ability to see the whole from the start. Once finished, it is kept securely, with physical as well as system-designed security features.
All these are attributes which care.data failed to present from its conception but appear to be in progress of development through the Health and Social Care Information Centre. Plans are in progress [6] following the Partridge Review, and were released on September 3rd, with forward looking dates. For example, a first wave of audits is scheduled for completion 1/09 for four organisations. HSCIC will ‘pursue a technical solution to allow data access, w/out need to release data out to external orgs. Due 30/11.’ These steps are playing catch up, with what should have been good governance practices and procedures in the past. It need not be this way for GP care.data if we know that design is right, from the start.
This wave of care.data is only one step along a broad and long data sharing path
To be the best of its kind, care.data must create confidence by design, build-in the solutions to all these questions which have been and continue to be asked. We should be able to see today the plans for what care.data is intended to be when finished, and design the best practices into the structure from the start. Scope is still a large part of that open question. Scope content, future plans, and how the future project will manage its change processes.
As with Matisse, we must ask the designers, planners and comms/intelligence and PR teams, please think ahead ”anticipating things to come”. Then we can be confident that we’ve something fit for the time we’re in, and all of our kids’ futures. Whether they’ll be travellers, trans, have disabilities, be in care or not. For our majority and all our minorities. We need to build a system that serves all of the society we want to see. Not only the ‘easy-to-reach’ parts.
”Anticipating things to come” can mean anticipating problems early, so that costly mistakes can be avoided.
Anticipating the future
One must keep looking to design not for the ‘now’ but for tomorrow. Management of future change, scope and communication is vital to get right.
This is as much a change process as a technical implementation project. In fact, it is perhaps more about the transformation, as it is called at NHS England, than the technology.The NHS landscape is changing – who will deliver our healthcare. And the how is changing too, as telecare and ever more apps are rolled out. Nothing is constant, but change. How do we ensure everyone involved in top-down IT projects understands how the system supports, but does not drive change? Change is about process and people. The system is a tool to enable people. The system is not the goal.
We need to work today to be ahead of the next step for the future. We must ensure that processes and technology, the way we do things and the tools that enable what we do, are designing the very best practices into the whole, from the very beginning. From the ground up. Taking into account fair processing of Data Protection Law, EU law – the upcoming changes in EU data protection law – and best practice. Don’t rush to bend a future law in current design or take a short cut in security for the sake of speed. Those best practices need not cut out the good ethics of consent and confidentiality. They can co-exist with world class research and data management. They just need included by design, not tacked on, and superficially rearranged afterwards.
So here’s my set of challenge scenarios for NHS England to answer.
1. The integration of health and social care marches on at a pace, and the systems and its users are to follow suit. How is NHS England ensuring the building of a system and processes which are ‘anticipating by design’ these new models of data management for this type of care delivery, not staying stuck on the model of top-down mass surveillance database, planned for the last decade?
2. How will NHS England audit that a system check does not replace qualified staff decisions, with algorithms and flags for example, on a social care record? Risk averse, I fear that the system will encourage staff to be less likely to make a decision that goes against the system recommendation, ‘for child removal’, for example. Even though their judgement based on human experience, may suggest a different outcome. What are the system-built-in assumed outcomes – if you view the new social care promotional videos at least it’s pretty consistent. The most depressing stereo typed scenarios I’ve seen anywhere I think. How will this increase in data and sharing, work?
“What makes more data by volume, equal more intelligence by default?”
Just like GP call centre OOH today, sends too many people calling the 111 service to A&E now, I wonder if a highly systemised social care system risks sending too many children from A&E into social care? Children who should not be there but who meet the criteria set by insensitive algorithms or the converse risk that don’t, and get missed by over reliance on a system, missing what an experienced professional can spot.
3. How will the users of the system use their system data, and how has it been tested and likely outcomes measured against current data? i.e. will more or fewer children taken into care be seen as a measure of success? How will any system sharing be audited in governance and with what oversight in future?
Children’s social care is not a system that is doing well as it is today, by many accounts, you only need glance at the news most days, but integration will change how is it delivers service for the needs of our young people. It is an example we can apply in many other cases.
What plan is in place to manage these changes of process and system use? Where is public transparency?
care.data has to build in consent, security and transparency from the start, because it’s a long journey ahead, as data is to be added incrementally over time. As our NHS and social care organisational models are changing, how are we ensuring confidentiality and quality built-in-by-design to our new health and social care data sharing processes?
What is set up now, must be set up fit for the future.
Tacking things on afterwards, means lowering your chance of success.
Matisse knew, “”Anticipating things to come” can mean being positively in step with the future by the time it was needed. By anticipating problems early, costly mistakes can be avoided.”
*****
Immediate information and support for women experiencing domestic violence: National Domestic Violence, Freephone Helpline 0808 2000 247
*****
[1] Interested in a glimpse into the Matisse exhibition which has now closed? Check out this film.
[3] Privacy and Prejudice: http://www.raeng.org.uk/publications/reports/privacy-and-prejudice-views This study was conducted by The Royal Academy of Engineering (the Academy) and Laura Grant Associates and was made possible by a partnership with the YTouring Theatre Company, support from Central YMCA, and funding from the Wellcome Trust and three of the Research Councils (Engineering and Physical and Sciences Research Council; Economic and Social Research Council and Medical Research Council).
“By creating these coloured paper cut-outs, it seems to me that I am happily anticipating things to come…I know that it will only be much later that people will realise to what extent the work I am doing today is in step with the future.” Henri Matisse (1869-1954) [1]
My thoughts on the care.data advisory event Saturday September 6th. “Minority voices, the need for confidentiality and anticipating the future.”
After taking part in the care.data advisory group public workshop 10.30-1pm on Saturday Sept 6th in London, I took advantage of a recent, generous gift; membership of the Tate. I went to ‘Matisse – the cut outs’ art exhibition. Whilst looking around it was hard to switch off the questions from the morning, and it struck me that we still have so many voices not heard in the discussion of benefits, risk and background to the care.data programme. So many ‘cut out’ of any decision making.
Most impressive of the morning, had been the depth and granularity of questions which were asked. I have heard varying aspects of questions at public events, and the subject can differ a little based on the variety of organisations involved. However, increasingly, there are not new questions, rather I hear deeper versions of the questions which have already been asked, over the last eighteen months. Questions which have been asked intensely in the last 6 months pause, since February 2014 [2] and which remain unanswered. Those from the care.data advisory committee and hosting the event, said the same thing based on a previous care.data advisory event also.
What stood out, were a number of minority group voices.
A representative for the group Friends, Families and Travellers (FFT) raised a number of excellent questions, including that of communications and ‘home’ GP practices for the Traveller community. How will they be informed about care.data and know where their ‘home’ practice is and how to contact them? Whose responsibility will that be?
I spoke with a small group a few weeks ago simply about NHS use in general. One said they feared being tracked down through a government system [which was used for anything other than clinical care]. They register with new names if they need to access A&E. That tells you already how much they trust ‘the system’. For the most part, he said, they would avoid NHS care unless they were really desperately in need and beyond the capability of their own traveller community ‘nurse’. The exception was childbirth when this group said they would encourage expectant mums to go into hospital for delivery. They must continue to do so when they need to and must feel safe to do so. Whether in general they may use primary care or not, many travellers are registered at GPs, and unless their names have been inadvertently cleansed recently, they should be contacted before any data extraction as much as anyone else.
Our NHS is constitutionally there for all. That includes groups who may be cut off from mainstream inclusion in society, through their actions, inaction or others’ prejudice. Is the reality in this national programm actively inclusive? Does it demonstrate an exemplary model in practice of what we hear said the NHS aims to promote?
Transgender and other issues
The question was posed on twitter to the event, whether trans issues would be addressed by care.data. The person suggested, that the data to be extracted would “out us as probably being trans people.” As a result, she said “I’d want to see all trans ppl excluded from care.data.”
Someone who addressed ‘her complex gender identity’ through her art, was another artist I respect, Fiore de Henriquez. She was ‘shy of publicity.’ One of her former studios is filled with work based on two faces or symbiotic heads, aside from practice pieces for her more famous commissioned work.For her biography she insisted that nothing be concealed. “Put in everything you can find out about me, darling. I am proud to be hermaphrodite, I think I am very lucky, actually.” However, in her lifetime she acknowledged the need for a private retreat and was shy until old age, despite her flamboyant appearance and behaviour. You can see why the tweet suggested excluding any transgender data or people.
‘Transgender issues’ is an upcoming topic to be addressed at the NHS Citizen even on 18th September as well. How are we making sure these groups and the ‘other’ conditions, are not forgotten by care.data and other initiatives? Minorities included by design will be better catered for, and likely to participate if they are not simply tacked on as an afterthought, in tick-box participation
However, another aspect of risk is to be considered – missing minorities
Any groups who opt themselves out completely, may find that they and their issues are under represented in decision making about them by commissioners and budget planning for example. If authorities or researchers choose to base decisions only on care.data these discrepancies will need taken into account.
Ciarán Devane highlighted this two-sided coin of discrimination for some people. There are conditions which are excluded from care.data scope. For example HIV. It is included in HARS reporting, but not in care.data. Will the conditions which are excluded from data, be discriminated against somehow? Why are they included in one place, not in another, or where data is duplicated in different collections, where is it necessary, where is the benefit? How can you make sure the system is safe and transparent for minorities’ data to be included, and not find their trust undermined by taking part in a system, in which they may have fears about being identified?
Missing voices
These are just two examples of groups from whom there had been little involvement or at least public questions asked, until now. The traveller and transgender community. But there are many, notably BME, and many many others not represented at any public meetings I have been at. If they have been well represented elsewhere, any raw feedback, with issues addressed, is yet to be shared publicly.
Missing voices – youth
A further voice from which we hear little at meetings, because these meetings have been attended as far as I have seen so far, mainly by older people, is the voice of our youth.
They are left out of the care.data discussion in my opinion, but should be directly involved. It is after all, for them that we need to think most how consent should work, as once in, our data is never deleted.
Whilst consent is in law overridden by the Health and Social Care Act, it is still the age old and accepted ethical best practice. If care.data is to be used in research in future, it must design best practices now, fit for their future purposes.
How will our under-18s future lives be affected by choices others make now on their behalf?
Both for them as the future society and as individuals. Decisions which will affect research, public health planning and delivering the NHS service provision as well as decisions which will affect the risk of individual discrimination or harm, or simply that others have knowledge about their health and lifestyle which they did not choose to share themselves.
Some people assume that due to social networks, young people don’t care about privacy. This is just not true. In fact, studies show that younger people are more conscious of the potential harm to their reputation, than we may want to give them credit for.
This Royal Academy of Engineering report, [3]” Privacy and Prejudice – Young People’s views on the Development of Electronic Patient Records” produced in conjunction with Wellcome from 2010, examines in some depth, youth opinions of 14-18 year olds. It tackles questions on medical data use: consent, control and commercialism. The hairy questions are asked about teen access to records, so when does Gillick become applied in practice and who decides?
The summary is a collection of their central questions and its discussion towards the end, which are just as valid for care.data today, as well as for considering in the Patient Online discussion for direct care access. I hope you’ll take time to read it, it’s worth it.
And what about the Children?
Some of our most vulnerable, will have their data and records held at the HSCIC. There are plans for expansion rapidly into social care data management, aligned with the transformation of health and social services. Where’s the discussion of this? Does HSCIC even have the legal capacity to handle children’s social care data?
How will at-risk groups be safer using this system in which their identities are less protected? How will the information gathered be used intelligently in practice to make a difference and bring benefit? What safeguards are in place?
We must ask these questions about data sharing and its protection on behalf of others, because these under represented groups and minorities cannot themselves, if they are not in the room.
Where’s the Benefit?
We should also be asking the question raised at the event, about the benefits compared with the data already shared today. “Where’s the benefit?”, asked another blogger some time ago, raising his concerns for those with disabilities. We should be asking this about new dating sharing vs the many existing research databases and registries we already have, with years of history. Ciarán Devane wisely asked this on the 6th, succinctly asking what attendees had expressed.
“It will be interesting to know if they can demonstrate benefits. Not just: ‘Can we technically do this?’ but: ‘If we see primary care data next to HES data, can we see something we didn’t see before’?”
An attendee at the Healthwatch run care.data event in Oxford last week, asked the same thing. NHS England and IT providers would, one would think, be falling over themselves to demonstrate the cost/benefit, to show why this care.data programme is well managed compared with past failures. There is form on having expensive top down programmes go awry at huge public expense and time and effort. On NpfIT “the NAO also noted that “…it was not demonstrated that the financial value of the benefits exceeds the cost of the Programme.”
Where is the benefits case for care.data, to weigh against the risks? I have yet to see a publicly available business case.
The public donation
Like my museum membership, the donation of our data will be a gift. It deserves to be treated with the respect that each individual should deserve if you were to meet them face-to-face in the park.
As I enjoyed early evening sun leaving the exhibition, the grassy area outside was packed with people. There were families, friends, children, and adults on their own. A woman rested heavily pregnant, her bump against her partner. Children chased wasps and stamped on empty cans. One man came and sold me a copy of the Big Issue, I glimpsed a hearing aid tucked into a young woman’s beehive hair, one amputee, a child with Down Syndrome giggling with a sister. Those glimpses of people gave me images I could label without a second glance. Disabled. Deaf. Downs. There were potentially conditions I could not see in others. Cancer. Crohn’s. Chlamydia. Some were drinking wine, some smoking. A small group possibly high. I know nothing about any of those individuals. I knew no names, no addresses. Yet I could see some familial relationships. Some connections were obvious. It struck me, that they represented part of a care.data population, whom buyers and researchers may perceive as only data. I hope that we remember them as people. People from whom this programme wants to extract knowledge of their lifestyles and lives, and who have rights to express if, and how they want to share that knowledge. How will that process work?
But the care.data programme is “still delivering without a business case”. Despite this, “between two and four clinical commissioning groups will be selected, “in the coming weeks” to begin the pathfinder stage of the care.data programme, ” reports NIB meeting[8]
It reports what was discussed at the meeting.
“The pathfinders will test different communication strategies before moving forward with the data extraction part of the project.”
I for one would be extremely disappointed if pathfinders go ahead in the ‘as is’ mode. It’s not communications which is the underlying issue still. It’s not communications that most people ask about. It’s questions of substance, to which, there appear to be still insufficient information to give sound answers.
Answers would acknowledge the trust in confidentiality owed to the individual men, women, and children whose data this is. The people represented by those in the park. Or by the fifty who gave up their time on a sunny Saturday to come and ask their questions. Many without pay or travel expenses just giving up their time. Bringing their questions in search of some answers.
The pathfinder communications cannot be meaningfully trialled to meet the needs of today and the future design, when the substance of key parts of the message is uncertain. Like scope.
The care.data advisory group and the Health and Social Care Information Centre , based on the open discussion at the workshop both appear to be working, “anticipating things to come…” and to be doing their best to put processes and change in place today, which will be “in step with the future.”
To what extent that is given the right tools, time and support to be successful with all of the public, including our minorities, I don’t know. It will depend largely now on the answers to all the open questions, which need to come from the Patients and Information Directorate at the Commissioning Board, NHS England.
“The NHS should be engaging, empowering and hearing patients and their carers throughout the whole system all the time. The goal is not for patients to be the passive recipients of increased engagement, but rather to achieve a pervasive culture that welcomes authentic patient participation.”
The challenge is: how will the Directorate at NHS England ensure to meet all these technical, governance and security needs, and yet put the most important factors first in the design; confidentiality and the voice of the empowered patient: the voice of Consent?
*****
This post captured my thoughts on the care.data advisory event Saturday September 6th. “Minority voices, the need for confidentiality and anticipating the future.” This was about the people side of things. Part two, focuses on the system part of that.
*****
Immediate information and support for women experiencing domestic violence: National Domestic Violence, Freephone Helpline 0808 2000 247
*****
[1] Interested in a glimpse into the Matisse exhibition which has now closed? Check out this film.
[3] Privacy and Prejudice: http://www.raeng.org.uk/publications/reports/privacy-and-prejudice-views This study was conducted by The Royal Academy of Engineering (the Academy) and Laura Grant Associates and was made possible by a partnership with the YTouring Theatre Company, support from Central YMCA, and funding from the Wellcome Trust and three of the Research Councils (Engineering and Physical and Sciences Research Council; Economic and Social Research Council and Medical Research Council).
When will we find out what concrete improvements have been made? There are open questions on plans for the WHATof care.data Scope and its future change management, the WHOof Data Access and Sharing and its Opt out management, the HOW of Governance & Oversight, Legislation, and the WHY – Communication of the care.data programme as a whole. And WHEN will any of this happen?
What can happen in six months?
Based on Mo Farah‘s average running speed of 21.8km/hour over The Olympic Games 10,000m gold medal winning performance, and on 12 hours a day, he could have covered about 47,000 km in that time. Once around the world, in those 180 days. With some kilometres spare margin, into the bargain.
That’s perhaps unrealistic in 180 days, but last February promises made to the public, to the Health Select Committee and Parliament were given about data sharing as both realistic, and achievable.
So what about the publicly communicated changes to the care.data rollout in the six month time frame?
I’d like to address some of those views and see how they have been acted on. Here’s the best I have been able to put together of promises made, and the questions I still have, six months on.
Scope. What part of our records is included in care.data?
The truth is this should be the simplest question, but seems the hardest to answer. Scope is elusive, and shifting.
A simple description would help us understand what data will be extracted, shared and for what purpose. The public needs an at-a-glance chart to be properly informed, to distinguish between care.data, the Summary Care Record, HES/SUS and how patient data is used, by whom for what purposes. This will help patients distinguish between direct and indirect care uses. What doctors would use in the GP practice, versus researchers in a lab. It will help set expectations for Patient Online. It could help explain data use in Risk Stratification. [see care.data-info by Dr.Neil Bhatia for high level items in scope, or field name detail here p22 onwards] [11]. This lack of clarity was already identified in April 2013, point 3.3, but nothing done.
Are the listening exercises a complete waste of time?
If people aren’t comfortable sharing basic health records, how will suggesting they share anything more sensitive be likely to encourage participation?
[The scope of how our GP part of care.data will be used is also under consideration for expansion to research – more in part two, on that.]
Stephen Dorrell, MP on the 11th March in Parliament summed up nicely, why this move now to shift scope is ludicrous. If we do not have stability of scope, we cannot know to what we are consenting. This is the foundation of our patient trust.
Mr Dorrell: I am not going to comment on whether the free text data should or should not be part of the system, or on whether the safeguards are adequate. However, I agree with the hon. Lady absolutely that the one sure way of undermining public confidence in safeguards is to change those safeguards every five minutes according to whichever witness we are listening to.
If the Patients & Information Directorate at NHS England is serious about transparency, then we should be clear about all our patient data, where it comes from, where it goes to, who accesses it and why.
“Will NHS England prepare an at-a-glance of differences between SCR and care.data, and HES/SUS extractions and users?”
Conclusion on Scope & its Communications:
This scope clarification alone would be I believe, if well done, one of the most effective communications tools for patients to make an informed choice.
1. We need to know what parts of our personal, confidential records, sensitive or otherwise are to be extracted now.
2. How will we be informed if that scope changes in future?
3. What do we do, if we object to any of those items being included?
Before any launch of pilot or otherwise, a proper plan to ensure informed communication and choice, today and looking to future scope changes, must be clear for everyone.
What’s happened since February to the verbal agreements and promises that were made back then?
Whether in Parliament by Dan Poulter and the Secretary of State Mr.Hunt, in Select Committee Hearings, by the Patients & Information Directorate at NHS England and in patient facing hour at the mixed-subject Open Day, promises have been made, but what evidence has the public, that they are real? There has been little public communication since then.
I have read, watched or attended NHS England Board meetings, Health Select committee meetings, and read the press, media releases and social media. I’ve been to a general NHS Open Day, listened in to NHS England online events, the first HSCIC Partridge Review follow up event, and spoken to patients, public and charity groups. Had I not, I would know nothing more than I did in February which was, that something had been put on hold, about which I should have, but hadn’t, received a doordrop leaflet.
Pilot practices ‘pathfinders’ we were told will trial the extraction, in six months, then in autumn, or October 1st according to Mr.Kelsey at the Health Select Committee (extract below).
Scope of Access – Who will get our records and for what?
Where and to whom may our data be transferred?
As part of the what of scope, we also need clarification on the who will be in scope in which countries to access data.
“Can I confirm now, that the data connected to care.data will not be allowed outside the United Kingdom? Let me confirm that before we have further hares running.” Tim Kelsey, said at the Health Select Committee.
Since GP care.data is to be connected with HES data, and data may be linked via the Data Access Request Service (the recently renamed former HSCIC Data Linkage Service DLES) on demand;
Q. How will I know in future that there are no plans to release my data outside the UK and EU, as HES has been in the past?
As far as I have read, geographical scope is not legislated for. I would like to be pointed to this if it is.
Mr. Tim Kelsey, National Director for Patients and Information stated: The pause was announced, precisely to address the issues.
“People are concerned about the purpose to what their data is being put.”
It’s not yet been addressed. Neither for the now, nor the future.
We need to have a robust mechanism in place for all future scope of use changes. If today I agree to have some of my data extracted used for public health research for the public good, I don’t want to find that I’ve had all my personal details including my genomic records [which personally are somewhere in my record already] spliced with Dolly the sheep research, in the hunt for a cure for arthritis five years down the line, and there’s another me living at the Roslin Institute. [I jest to exaggerate the point, not all research definitions are equal]. A yes today, cannot mean a yes for anything and everything.
The opt out term at present only allows a later ‘opt out’ to mean that data is made less identifying ‘pseudonymous’ from that request date, nothing deleted. ‘Opt out’, is not ‘get out’.
The records from before that request date, will remain clear and fully identifying for all time. So if a company requests an historical report, will our identifiable data still be included in it?
What is still wrong to my mind with this mechanism, is that there appears to be the assumption that all data may be matched and de-identified before release. That corresponds to the September 2013 NHS England Directions led by Mr. Kelsey to HSCIC saying there is “ “no need” to take into account individual objection to pseudonymous data sharing “. [2] And the patient leaflet, which was produced before any opt out changes, which stated we could object to ‘identifiable’ data sharing. That ‘identifiable’ doesn’t include all our data.
I’d like to see that clarified. Because Mr.Hunt has promised an opt out in entirety:
25th February in Parliament:
Mr.Hunt: …”we said that if we are going to use anonymised data for the benefit of scientific discovery in the NHS, people should have the right to opt out. We introduced that right and sent a leaflet to every house in the country, and it is important that we have the debate..”
“the reason why we are having the debate is that this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research”
Dr Julian Huppert (Cambridge) (LD): There are of course huge benefits from using properly anonymised data for research, but it is difficult to anonymise the data properly and, given how the scheme has progressed so far, there is a huge risk to public confidence. Will the Secretary of State use the current pause to work with the Information Commissioner to ensure that the data are properly anonymised and that people can have confidence in how their data will be used and how they can opt out?
Hunt: “I will do that, and NHS England was absolutely right to have a pause so that we ensure that we give people such reassurance…”
Status: the public still has no communication about any opt outs on offer or a consistent, effectively communicated method by which to request it.
Our data continues to be released regardless.
What I want to understand on opt out:
1. Can I choose to have my data used for only care, or for bona fide public health research, but not, for example, other types, such as commercial pharma marketing or data intermediaries?
2. Can I restrict the use of all my children’s data, to include all of it, including fully ‘anonymous’ data as the Secretary of State stated? Not only restricting red and amber, but all data sharing?
3. How will patients know that all of their medical data is covered by these options, not only our GP records? (For other data held see > http://www.hscic.gov.uk/datasets)
4. Will NHS staff be given the right to opt out to prevent their personal confidential data or employment data being shared as part of the workforce data set?
5. Does opt out really mean opt out – when will we see the revised definition?
6. How will objection management (storing our opt out decision) be implemented with other data sharing? (SCR, Electronic Prescription Service, OOH access, Proactive care at local level.)
7. How will objection be effectively communicated and measured?
10. What will ensure opt out remains more than just Mr.Hunt’s word, if it has no legislative backing?
The opt out on offer at Christmas was to restrict identifiable data sharing. There was “no need” to take into account individual objection to pseudonymous data sharing said the September 13th NHS England directions. Those NHS England Board directions from September and December 2013 are now possibly out of date, but I’d like to see new ones which replaced them, to reassure me that an opt out that we are offered, works the way I would expect.
Most importantly for me, will the opt out be given more legislative weight, Q.10? Today I have only the Secretary of State’s word that any “objection will be respected.” And as we all know, post holders come and go, a spoken agreement by one person, may not be respected by another.
**********
ACCESS
Many of the concerns around which organisations will have access to our medical records, and which were somewhat dismissed on Newsnight then, have been shown to have been legitimate concerns since:
“Access by police, sold to insurance companies, sold for commercial purposes” Newsnight, February 19th 2014
… all shown to be users of existing medical records held by the HSCIC through the Partridge Review.
Which other concerns over access were raised and have they been addressed?
Dr. Sarah Wollaston MP, then member, now Chair, of the Health Select Committee raised the concerns of many when she asked whether other Government Departments may share care.data. Specifically she asked Mr.Kelsey,
“are you going to have a clear concrete offer to the public at the end of the six-month delay as to how these requests will be handled […] see if their data is going to be accessed by DWP […]?”
“Primary and Secondary Care interventions with DWP over a six year period.”
At the Health Select Committee evidence session, Mr. Kelsey and Mr. Jones did not give a straight yes/no answer to the question.
Personally I believe it would be clearly possible that DWP administering social care or welfare payments will make a case under ‘health and social care’. Unless I see it in legislation that DWP will not have access care.data or other HSCIC held data, I personally will assume that it is going to, and may have already especially given the ‘primary and secondary linking’ pilot listed above.
What about other government departments access to health data?
The Cabinet Office presenter included suggestions UK legislation [9] may change to enable all departments (excluding NHS) to share data, and the ADT recommended that new ‘Data Sharing” legislation should be put forward in the next [Parliamentary] term.
1. Since HSCIC is an ALB and not NHS, are they included in this plan to broaden sharing across government departments?
2. Will the care.data addendum of September 2013 be amended to show the public that those listed then, are no longer considered appropriate users?
3. Will Mr.Kelsey now be able to answer Dr.Wollaston MP’s question regards DWP with a yes / no answer?
Think tanks, intermediaries and for the purposes of actuarial refinement were included in documents at the time, which suggested that DAAG alone in future, would review applications.
The DAAG is still called the DAAG and appears to have gone from 4 to 6 members. The Data Access Advisory Group (DAAG), hosted by the Health and Social Care Information Centre (HSCIC), considers applications for sensitive data made to the HSCIC’s Data Access Request Service.
Three key issues remain unclear to me on recent Data Release governance at DAAG:
1. Free text access and 2. Commercial use 3. Third Party use
The July 2014 DAAG approved free text release of data for CSUs on a conditional cleansed basis, and for Civil Eyes with a caveat letter to say it shouldn’t be used for any ‘additional commercial use.’ It either is or isn’t commercial I think this is fudging the edges of purpose and commercial use, and precisely why the lack of defined scope use undermines trust that data will be used only for proper purposes and in the definition of the Care Act.
Free text is a concern raised on a number of occasions in Parliament and Health Select Committee. On the HSCIC website it says, none will be collected in future for care.data. How is it now approved for release, if it has not already been collected in the past – in HES? So it would appear, free text has already been extracted and is being released. How are we to trust it will not be the case for care.data?
****
In summary:after six months pause, it remains unclear what exactly is in scope, to whom will it be released. We are still not entirely clear who will have access to what data, and why.
In part two I’ll look in brief at what legislative changes, both in the UK and wider EU may influence care.data and wider health data sharing. Plus some status updates on Research seeking approval, Changes to Oversight & Governance and Communications.
“Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”
That commercial use, the concept that you are exploiting the knowledge of our vulnerability or illness, in commercial data mining, is still the largest open question, and largest barrier to public support I foresee. ‘Will the Care Act really help us with that?’ I ask in my next post.
Any pollution in the collective pool, will contaminate the data flow for all.
I believe the HSCIC, NHS England Patients & Information Directorate, the Department of Health need to accept that the continued access to patient data by commercial data intermediaries is going to do that. Either those users, some of whom are young and inexperienced commercial companies, need to be excluded, or to be permitted very stringent uses of data without commercial re-use licenses.
The commercial intermediaries still need to be told, don’t pee in the pool. It spoils it, for everyone else.
I’ll leave you with a thought on that, from Martin Collignon, Industry Analyst at Google.
**********
For part two, follow link >>here>> I share my thoughts on current status of the HOW of Governance & Oversight, Legislation, and the WHY – addressing Communication of the care.data programme as a whole. And WHEN will any of this happen?
Key refs:
[1]. Second delay to care.data rollout announced – The Guardian February 18th 2014: http://www.theguardian.com/society/2014/feb/18/nhs-delays-sharing-medical-records-care-data
[2] NHS England directions to HSCIC September 13th 2013: http://www.england.nhs.uk/wp-content/uploads/2013/09/item_5.pdf
[3] BMA vote for opt In system: http://www.bmj.com/content/348/bmj.g4284
The investment to date may seem vast if, like me, you are unfamiliar with the amounts of money that are spent in research [in 2011 an £800M announcement, last summer £90M in Oxford as just two examples], and Friday revealed yet more money, a new £300M research package. It is complex how it all adds up, and from mixed sourcing. But the stated aim of the investment is relatively simple: the whole genomes of 75,000 people [40K patients and 35K healthy relatives] are to be mapped by 2017.
Where the boundary lies between participation for clinical care and for research is less clear in the media presentation. If indeed participants’ results will be fed back into their NHS care pathway, then both aims seem to be the intent of the current wave of participants.
“The ultimate aim is to make genomic testing a routine part of clinical practice – but only if patients and clinicians want it.” [Genomics England, how we work]
The infrastructure of equipment is enormous to have these sequences running 24/7 as was indicated in media TV coverage. I’m no maths whizz, but it appears to me they’re building Titantic at Genomics England and the numbers of actual people planned to take part (75K) would fit on the lifeboats. So with what, from whom, are they expecting to fill the sequencing labs after 2017? At Genomics England events it has been stated that the infrastructure will then be embedded in the NHS. How is unclear, if commercial funding has been used to establish it. But at its most basic, there will be no point building the infrastructure and finding no volunteers want to take part. You don’t build the ship and sail without passengers. What happens, if the English don’t volunteer in the desired numbers?
What research has been done to demonstrate the need or want for this new WGS project going forwards at scale, compared with a) present direct care or b) existing research facilities?
I cannot help but think of the line in the film, Field of Dreams. If you build it they will come. So who will come to be tested? Who will come to exploit the research uses for public good? Who will come in vast numbers in our aging population to exploit the resulting knowledge for their personal benefit vs companies who seek commercial profit? How will the commercial and charity investors, make it worth their while? Is the cost/benefit to society worth it?
All the various investors in addition to the taxpayer; Wellcome Trust, the MRC, Illumina, and others, will want to guarantee they are not left with an empty shell. There is huge existing and promised investment. Wellcome for example, has already “invested more than £1 billion in genomic research and has agreed to spend £27 million on a world class sequencing hub at its Genome Campus near Cambridge. This will house Genomics England’s operations alongside those of the internationally respected Sanger Institute.”
Whilst the commercial exploitation by third parties is explicit, there may also be another possibility to consider: would the Government want:
a) some cost participation by the participants? and
b) will want to sell the incidental findings’ results to the participants?
“Regier et al. 345 have estimated the willingness-to-pay (WTP) for a diagnostic test to find the genetic cause of idiopathic developmental disability from families with an affected child. They used a discrete choice experiment to obtain WTP values and found that these families were willing to pay CDN$1118 (95% CI CDN$498-1788) for the expected benefit of twice as many diagnoses using aCGH and a reduction in waiting time of 1 week when compared to conventional cytogenetic analysis.”
“Moreover, it is advisable to minimise incidental findings where possible; health care professionals should not have an obligation to feedback findings that do not relate to the clinical question, except in cases where they are unavoidably discovered and have high predictive value. It follows that the NHS does not have an obligation to provide patients with their raw genome sequence data for further analysis outside of the NHS. We make no judgement here about whether the individual should be able to purchase and analyse their genome sequence independently; however, if this course of action is pursued, the NHS should provide follow-up advice and care only when additional findings are considered to be of significant clinical relevance in that individual…” [13]
How much is that cost, per person to be mapped? What is the expected return on the investment?
What are the questions which are not being asked of this huge state investment, particularly at a time when we are told he NHS is in such financial dire straits?
Are we measuring the costs and benefits?
Patient and medical staff support is fundamental to the programme, not an optional extra. It should not be forgotten that the NHS is a National Service owned by all of us. We should know how it runs. We should know what is spends. Ultimately, it is we who pay for it.
So let’s see on paper, what are the actual costs vs benefits? Where is the overall and long term cost benefit business case covering the multi-year investment, both of tangible and intangible benefits? In my personal research, I’m yet to find one. There is however, some discussion in this document:
“The problem for NGS is that very little ‘real’ information is available on the actual costs for NGS from the NHS perspective and the NHS Department of Health Reference Costs Database and PSSRU, where standard NHS costings are listed, are generally not helpful.” [13 – PHG, 2011]
Where are the questions being asked if this is really what we should be doing for the public good and for the future of the NHS?
Research under good ethics and bona fide transparent purposes is a public asset. This rollout, has potential to become a liability.
To me, yet again it seems, politics has the potential to wreck serious research aims and the public good.
Perhaps more importantly, the unrestrained media hype carries the very real risk of creating unfounded hope for an immediate diagnosis or treatment, for vulnerable individuals and families who in reality will see no personal benefit. This is not to undermine what may be possible in future. It is simply a plea to rein in hype to reality.
Politicians and civil servants in NHS England appear to use both research and the notion of the broad ‘public good’, broadly in speeches to appear to be doing ‘the right thing to do’, but without measurable substance. Without a clear cost-benefit analysis, I admit, I am skeptical. I would like to see more information in the public domain.
I question whether the propositions of the initiative have been grasped by Parliament and society as a whole, although I understand this is not a ‘new’ subject as such. This execution however, does appear at least, massive in its practical implications, not least for GPs if it is to become so mainstream, as quickly as plans predict. It raises a huge number of ethical questions. Not least of which will be around incidental findings, as the Radio 4 interview raised.
The first I have is consideration of pre-natal testing plans:
“Aside from WGS of individuals, other applications using NGS could potentially be more successful in the DTC market. For example, the use of NGS for non-invasive prenatal testing would doubtless be very popular if it became available DTC prior to being offered by the NHS, particularly for relatively common conditions such as Down syndrome…” [
and then the whole question of consent, particularly from children:
“…it may be almost impossible to mitigate the risk that individuals may have their genome sequenced without their consent. Some genome scan companies (e.g. 23andMe) have argued that the risks of covert testing are reduced by their sample collection method, which requires 2ml of saliva; in addition, individuals are asked to sign to confirm that the sample belongs to them (or that they have gained consent from the individual to whom it belongs). However, neither of these methods will have any effect on the possibility of sequencing DNA from children, which is a particularly contentious issue within DTC genomics.” [13]
“two issues have emerged as being particularly pressing: first is the paradox that individuals cannot be asked to consent to the discovery of risks the importance of which is impossible to assess. Thus from a legal perspective, there is no ‘meeting of minds’ and contractually the contract between researcher and participant might be void. It is also unclear whether informed consent is sufficient to deal with the feedback of incidental findings which are not pertinent to the initial research or clinical question but that may have either clinical or personal significance…” [PHG page 94]
“What we don’t want to say is those 10 years you have between 70 and 80, although clearly you are not going to be working, are not going to be valuable to somebody.
Clearly they are. You might be doing all sorts of very useful things for your family or local society. That’s what we are worried about and that’s the problem with the Department of Health’s calculation.
There are lots of people who adopt the fair-innings approach; ‘you’ve had 70 years of life you’ve got to accept that society is going to bias its investments in younger people.”
[14 – see Channel 4] Yet our population is ageing and we need to find a balance of where roles, rules and expectations meet. And question, how do we measure human value, should we, and on what basis are we making cost-based care decisions?
Clinical environment changes make engagement and understanding harder to achieve
All this, is sitting on shifting, fundamental questions on how decision making and accountability will be set, in a world of ever fragmenting NHS structure:
“More problematic will be the use of specific genomic technologies such as NGS in patient pathways for inherited disorders that are delivered outside the clinical genetics services (such as services for FH, haemophilia and sickle cell disease) and NGS that is used for non-inherited disease conditions. These will be commissioned by GP consortia within established care pathways. Such commissioning of companion diagnostics would, in theory be evaluated first by NICE. However, it is not clear what capacity NICE will have across a broad range of uses. In practice it seems likely that GP consortia may make a variety of different decisions influenced by local experts and pressure, funding and different priorities. Particular questions for NGS will include: How will commissioners be provided with the necessary evidence for decision-making and can this be developed and coordinated at a national level? How will commissioners prioritise particularly when it may be necessary to invest early in order to achieve savings later? What (if any) influence may commissioners be able to exert over the configuration of test providers (for example the rationalisation of laboratories or the use of private testing companies)? [13]
Today (August 8th) the public row between Roche and the Government through NICE became apparant on cancer treatment. And again I found myself asking, what are we not funding, whilst we spend on genomics? If you did not you hear Sir Andrew Dillon & the discussion, you can listen again on BBC Radio 2 iPlayer here. [It’s in the middle of the programme, and begins at 01:09.06.]
Questions, in search of an answer
Where has the population indicated that this is the direction of travel we wish our National Health Service to take? What preparation has been made for the significant changes in society it will bring? When was Parliament asked before this next step in policy and huge public spend were signed off and where is the periodic check against progress and public sign off, of the next step? Who is preparing the people and processes for this explosive change, announced with sparklers, at arms length and a long taper? Are the challenges being shared honestly between policy, politicians and scientists, being shared with patients and public: as discussed at the stakeholder meeting at St.Barts London, 3rd October 2013 (a key panel presentation: 45 minute video with slides)? When will that be shared with the public and NHS staff in full? Why does NHS England feel this is so fundamental to the future of the NHS? Must we abandon a scuppered and sinking NHS for personalised medicine on personal budgets and expectations of increased use of private health insurance?
Is genomics really the lifeboat to which the NHS is inextricably bound?
Not everyone may have understood it that way, but if not, I’d like to know what was meant.
I would like to understand what is meant when Genomics England spokespeople say the future holds:
“Increasingly to select most appropriate treatment strategy. In the longer term, potential shift to prevention based on risk-based information.”
or
“Review the role of sequencing in antenatal and adult screening.”
I would welcome the opportunity to fully understand what was suggested at that Board meeting as a result of our shared risk pool, and readers should view it and make up their own mind. Even better, a frank public and/or press board meeting with Q&A could be rewarding.
The ethical questions that are thrown up by this seem yet to have little public media attention.
Not least, incidental findings: if by sequencing someone’s DNA, you establish there is something for their health that they ought to be doing soon, will you go to that patient and say look, you should be doing this…. these are incidental findings, and may be quite unexpected and separate from the original illness under investigation in say, a family member, and may also only suggest risk indicators, not clear facts.
If this is expected to be mainstream by 2018, what training plans are in place as indicated needed as a “requirement for professionals across the NHS to be trained in genetics and its implications”? [presentation by Mark Bale, DoH, July 2014]
When will we get answers to these questions, and more?
Because there is so much people like me don’t know, but should, if this is our future NHS under such fundamental change as is hyped.
Because even the most esteemed in our land can get things wrong. One of them at the St.Bart’s events quotes on of my favourite myths attributed wrongly to Goethe. It cannot be attributed to him, that he said, ” “Whatever you can do or dream you can, begin it. Boldness has genius, power and magic in it.” You see, we just hear something which sounds plausible, from someone who seems to know what they are talking about. It isn’t always right.
Because patients of rare disease in search of clinical care answers should be entitled to have expectations set appropriately, and participants in research know to what they, and possibly family members indirectly, are committed.
Because if the NHS belongs to all of us, we should be able to ask questions and expect answers about its planning, how we choose to spend its budget and how it will look in future.
These are all questions we should be asking as society
Fundamentally, in what kind of society will my children grow up?
With the questions of pre-natal intervention, how will we shape our attitudes towards our disabled and those who are sick, or vulnerable or elderly? Are we moving towards the research vision Mr.Hunt, Cameron and Freeman appear to share, only for good, or are we indeed to look further head to a Gattacan vision of perfection?
How may this look in a society where ‘some cornflakes get to the top‘ and genetic advantage seen as a natural right over those without that ability? In a state where genetics could be considered as part of education planning? [16]
For those with lifelong conditions, how may genetic screening affect their life insurance when the Moratorium expires* in 2017 (*any shift in date TBC pending discussion) ? How will it affect their health care, if the NHS England Board sees a potential effect on equity of access? How will it affect those of us who choose not to have screening – will we be penalised for that?
And whilst risk factors may include genomic factors, lifestyle factors some argue are even more important, but these change over time. How would those, who may have had past genetic screening be affected in future requirements?
After the August 1st announcement, [11] The Wellcome Trust‘s reporting was much more balanced and sensible than the political championing had been. It grasps the challenges ahead:
“Genomics England has ambitious plans to sequence 100,000 genomes from 75,000 people, some of whom will also have cancer cells sequenced. The sheer scale of the plans is pretty daunting. The genetic information arising from this project will be immense and a huge challenge for computational analysis as well as clinical interpretation. It will also raise a number of issues regarding privacy of patient data. Ensuring that these genetic data can be used maximally for patient benefit whilst protecting the rights of the individual participant must be at the heart of this project.
At the beginning of the Human Genome Project, scientists and funders like the Wellcome Trust knew they were on a journey that would be fraught with difficulties and challenges, but the long-term vision was clear. And so it is with the plans for Genomics England, it will most certainly not be easy…”
Managing change
Reality is that yet again, Change Management and Communications have been relegated to the bottom of the boarding priorities list.
This is not only a research technology or health programme. Bigger than all of that is the change it may bring. Not only in NHS practice, should the everyday vision of black boxes in GP surgeries become reality, but for the whole of society. For the shape of society, in age and diversity. Indeed if we are to be world leaders, we have potential to start to sling the world on a dangerous orbit if the edges of scope are ill defined. Discussing only with interested parties, those who have specific personal or business interests in genomic research and data sharing, whilst at Board meetings not clearly discussing the potential effects of risk stratification and personalisation on a free at the point of delivery health service is in my opinion, not transparent, and requires more public discussion.
After all, there are patients who are desperate for answers, who are part of the NHS and need our fair treatment and equity of access for rare disease. There is the majority who may not have those needs but knows someone who does. And we all fund and support the structure and staff in our world class service, we know and love. We want this to work well.
Future research participation depends on current experience and expectations. It is the latter I fear are being currently mishandled in public and the media.
Less than a month ago, at the NHS England Board Meeting on July 3rd, Lord Adebowale very sensibly asked, “how do we lead people from where we are, and how we take the public with us? We need to be a world leader in engaging all the public”
Engagement is not rocket science. But don’t forget the ethics.
If this project is meant to be, according to MP George Freeman [George 2], akin to Kennedy launching the Space Race, then, by Fenyman [12], why can they not get their public involvement at big launches sorted out?
Is it because there are such large gaps and unknowns that questioning will not stand up to scrutiny? Is it because suggesting a programme will end the NHS as we know it, would be fatal for any politician or party who supports that programme in the coming year? Or do the leading organisations possibly paternalistically believe the public is too dim or uninterested or simply working to make ends meet to care [perhaps part of the 42% of the population who expected to struggle as a result of universal welfare changes, one in three main claimants (34 per cent) said in 2012 they ‘run out of money before the end of the week/month always or most of the time’] ? But why bother will the big press splash, if it should not make waves?
“Let us make recommendations to ensure that NASA officials deal in a world of reality in understanding technological weaknesses and imperfections well enough to be actively trying to eliminate them. They must live in reality in comparing the costs and utility of the Shuttle to other methods of entering space. And they must be realistic in making contracts, in estimating costs, and the difficulty of the projects.
Only realistic flight schedules should be proposed, schedules that have a reasonable chance of being met.
If in this way the government would not support them, then so be it. NASA owes it to the citizens from whom it asks support to be frank, honest, and informative, so that these citizens can make the wisest decisions for the use of their limited resources. For a successful technology, reality must take precedence over public relations… [June 6th 1986. Six months after the disaster, the Report to the Presidential Commission (Appendix F)]
The key is not the landing, it’s understanding why we launched in the first place.
Space may not be the most significant final frontier out there in the coming months that we should be looking at up close. Both in health and science. Our focus in England must surely be to examine these plans with a microscope, and ask what frontiers have we reached in genomics, health data sharing and ethics in the NHS?
[10] November 2013 ISCG – political pressure on genomics schedule http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-001-ISCG-Meeting-Minutes-and-Actions-26-November-2013-v1.1.pdf
[16] Education committee, December 4th 2013 including Prof. Plomin From 11.09:30 education and social planning http://www.parliamentlive.tv/Main/Player.aspx?meetingId=14379
*****
For avoidance of confusion [especially for foreign readership and considering one position is so new], there are two different Ministers mentioned here, both called George:
“The UK is set to become the world leader in ground-breaking genetic research into cancer and rare diseases, which will transform how diseases are diagnosed and treated, thanks to a package of investment worth more than £300 million.” [DH press release, August 1 2014. [2] ]
“…with their medical details “opened up” to private healthcare firms, says David Cameron.”
This was the next step in the programme, hailed as an historic moment, a giant leap forward for genomics.
The photo call for the symbolic signing included Jay Flatley President, Chief Executive Officer and a member of the Board of Directors of Illumina, Inc, Sir John Chisholm Executive Chair of Genomics England & Chair of Nesta, together with Dame Sally Davies Chief Medical Officer and Mr. George Freeman [George 2] MP for mid-Norfolk, and the newly appointed Life Sciences Minister.
Fewer than twelve months before an election the Government has decided to commit commercially to a US based company, in a programme which Mr.Cameron himself said, has had controversy. That c-word is one the Conservatives will want to avoid in the coming election campaign.
This Channel 4 [4] film from almost 2 years ago, (December 2012) raises many questions as valid today as then. At that time, in contrast with today’s approach, the programme suggests that consent for research and data use would be assumed for all.
The inestimable Jon Snow asked then, why is the Business Department announcing this [the launch of the pilot programme, when focused then first in rare cancers]? The public may understand that commercial pharma, charities and the State work hand-in-glove (as Mr.Cameron’s 2011 vision stated), but as Jon Snow asks, not yet understand how this commercial venture will benefit the NHS long term as well as individual patients and the public as a whole? Is it concrete on benefits to patients vs benefits to UK plc?
So what was the key press message which came over?
The coverage of the week since August 1st, expounded the belief that through Genomics England Ltd we will do away with chemotherapy in the future. I believe this should be the source of a raging debate, but it passed by with little more than a few waves.
The original review given last summer to Genomics England including listing the rare diseases which may affect the 6% of the population, suggests one consideration, targeting those with very high likelihood of familial links and therefore success.[6] or Patients selected with a high probability of a single gene disorder. There are obviously great challenges in turnaround time for the genetic processing to be useful in clinical decision making. Considering whether or not it is timely or accurate enough to be of clinical benefit in acute cancer care clinical decision making will be vital. It is also what is being promised to patients who sign up, a faster, more efficient, improved offering on what is available already in the NHS genetic services today.
The interested population and profession would do well to get an independent medical update on the status of this, to understand it better if this is now established and its reliability, so what participants sign up for, is what they get on the tin:
“Results are provided for patients in a timely fashion (e.g. within 8 weeks) and with sufficient clinical accuracy (not yet established for WGS) [whole genome sequencing].” [page 3 of 8]
And what was the press result and public reaction to the news?
As one example, look at lunchtime on Friday August 1st, Radio 2 callers to the Jeremy Vine show. They included two undergoing chemo who felt they had to call in, to tell others, chemo is not always as bad as it sounds and make sure you don’t give up on it, refuse treatment or wait for this new genetic solution.
The impression was given, there is a new wonder solution within grasp on the horizon. This seemed to me rather reckless and unfairly manipulative on the ill and vulnerable to give them a blanket hope, that their cancer treatment may become so much better, soon. These are real people’s lives, not guinea pigs with which one can feel free to trial hypothesis and hype. If anyone now refuses chemo as a result of the Friday fantasy projections, their health may have been directly impacted. I would like to have heard a DH or Genomics England press manager speaking, not allowing such public free rein, to ensure it was factually accurate. But I’m guessing that Genomics England as an ALB is not really ready for press yet [their public engagement and education programme isn’t ready yet they confirmed when asked in July in an FOI], and the DH perhaps at arms length, thinks, it’s not their responsibility and outside their remit. Stuck in the middle, we have the commissioning body, NHS England.
How might this involve all of us, our NHS and cross into care.data?
In most recent memory, NHS England tried and so far failed in February 2014, to engage the public and clinicians in the extraction of our GP stored health records, in the care.data initiative. Care.data languishes in some sort of unknown black hole at the moment, with little public engagement and pilots promised ‘for autumn’. Both programmes are run under the auspices of Mr. Kelsey at NHS England Patients and Information Department, and arms length from the Department of Health. Last summer, Tim Kelsey and Sir Bruce Keogh presented a paper to the Board on Genomics and its interaction with NHS patient records. [7]
Given that the Genomics paper indicated that care.data and NHS held patient records were of paramount importance to NHS England I would like to have seen more transparency over this, including informed public and parliamentary debate:
“Issues of data ownership and transparency are of paramount importance to NHS England as set out in the Mandate and given the hugely positive developments in Care.Data. Geraint Lewis is leading this work, and has begun work to consider how the sequencing data might be held, connected to patient records and subsequently be exploited. It will also look at the connections between this work and the establishment of care data in the NHS. The NHS England data and informatics team will retain oversight of the informatics and data work and discussions continue on how it can best inform and support the implementation of business plan of Genomics England Limited.”
There has been almost no public statement from NHS England on genomics and our data management in the same discussion, until now. George Freeman MP [2] said on BBC Radio 4 (Starting from 2:46.30 in interview with Sarah Montague:
“It’s absolutely not the care.data initiative discussed earlier in the year. This is 100K patients, all volunteering and all providing their consent. It’s completely anonymised data in the data set, the only person who would be able to come back to the patient and make a link with the genomics and the diagnosis, is their doctor. We’re creating a database so that NHS researchers and industry researchers, can look at the broad patterns. 90% of patients with that variation, get that disease, this drug works in 50% of patients…It’s completely anonymised, there is no basis on which you could make the link. The only person who can make the link is the NHS clinician.”
Whilst this is NOT the same initiative, it intends to use some of the same data for those people who actively consent to participate in the 100K Genome Project.
The data will be extracted from care.data [which ‘assumes consent’ or requires active opt OUT, depending how you view it] to include longitudinal, phenotype data across a person’s lifetime. I spoke to the Genomics England media team last autumn, 2013, which confirmed this intent at that time.
The trouble is for Mr. Freeman [2] and these statements, that the public knows ‘anonymous’ in care.data turned out to not be anonymous at all. ICO and HSCIC [8] are still working this out. [HSCIC has just published its first review of pseudonymisation review 9] It was discovered that far from being released only to clinicians and researchers, our hospital data has been shared with all sort of unexpected third parties, without consent. [see the Partridge Review]. This surprised and shocked many, to public outcry and the resultant loss of trust [15] in the programme has yet to be rebuilt. So some listeners may well and understandably have had concerns that their data may be used for purposes to which they have not agreed.
Some say that genetic data by its very nature, despite stripping data identifiers, cannot be non-identifying, or stay that way:[16]
“It only takes one male,” said Yaniv Erlich, a Whitehead fellow, who led the research team. “With one male, we can find even distant relatives.” [Jan 2013]
“If they choose to share that’s a very admirable thing because by sharing freely, progress for everyone is accelerated, and if someone is not comfortable we should respect that too and find ways for them to still participate in research,” he said.
What are the next steps – or should we expect, one giant leap?
As regards care.data from all, it is I believe reasonable, that we should we ask: how we should expect our care.data to be used, and trust for what restricted purposes it will be extracted and stored for the future? What mechanisms will separate consent for care.data commissioning from this kind of research? How will citizens trust this data sharing now as the Department for Patients and transformation care.data proposals seem still open ended in scope in particular for social care [17], and alongside other ever widening government data sharing? [18] How will the public know where the future boundaries of care.data scope creep lie?
If anything has been learned from care.data to date it must be this: We should continue to ask for more public involvement in policy and planning, not just the post-event PR if the state wishes to ensure success and prevent surprises. What happens next for this data programme, and for our national programme of genomics, 100K?
[10] November 2013 ISCG – political pressure on genomics schedule http://www.england.nhs.uk/iscg/wp-content/uploads/sites/4/2014/01/ISCG-Paper-Ref-ISCG-009-001-ISCG-Meeting-Minutes-and-Actions-26-November-2013-v1.1.pdf
[16] The Whitehead Institute for Biomedical Research in Cambridge, Mass in the WSJ, Jan 2013: “”It only takes one male,” said Yaniv Erlich, a Whitehead fellow, who led the research team. “With one male, we can find even distant relatives.”
For avoidance of confusion [especially for foreign readership and considering one position is so new], there are two different Ministers mentioned here, both called George:
How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.
How have we arrived where we are now, at a Grand Pause in the care.data performance? I looked at the past, reviewed through the Partridge Review meeting in [part one here] the first half of this post from attending the HSCIC ‘Driving Positive Change’ meeting on July 21st. (official minutes are online via HSCIC >> here.)
Looking forward, how do we want our data sharing to be? I believe we must not lose sight of classical values in the rush to be centre stage in the Brave New World of medical technology. [updated link August 3rd]* Our medical datasharing must be above and beyond the best model standards to be acceptable technically, legally and ethically, worldwide. Exercised with discipline, training and precision, care.data should be of the musical equivalent of Chopin.
Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.
Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data. They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.
Can we rise to the Challenge to be a world leader in Data Sharing?
If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.
I looked in two previous posts at the background theory [1] to commercial uses of our data, then, the background to my concerns of commercial use with data intermediaries. [2] This is now part three, my glimpse into commercial use in real-world practice. It’s become rather a saga.
Here’s the short version: “In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. We need to shout a bit louder, that we are not a product for sale. It’s not only that there is an increased risk in a move of our health records from binder to byte and broadening access to them. We take issue with the change of approved purposes from care, to commercial use.”
At the Health Select Committee on July 1st, [3] I believe Sir Manning misses the key issue the public has with care.data and health record sharing, when he gave a response to Q562 to David Tredinnick MP:
‘We made big mistakes over the last 10 years’
“I am saddened by some of the comments that have been made this afternoon about the lack of trust and also by the impugning of our motivation. […]
We made big mistakes over the last 10 years, and we have a once-in-a-generation chance to get it right. I am absolutely clear that we have to engage the public in an open debate about the balance of risks and benefits. There will always be risks with data. There were risks with the Lloyd George envelope; notes were lost, they flew and went all over the place. There will always be risks, but those risks and the benefits are both enhanced by the technology.”
Whilst I applaud Sir Manning’s apology, and his call for open debate, I think he misses here the fundamental point of disagreement the public has with the HSCIC current practice. Selling our health data.
It’s not only that there is an increased risk in a move from binder to byte and broadening their access.We take issue with the change of approved purposes from care, to commercial use.
And these commercial (ab)uses in current form must stop if we are to trust the governance system in future.
Health Records for Commercial sale
HSCIC currently sells our health records for commercial purposes, to intermediaries with commercial re-use licenses, and had no consent nor our permission for this in the past, it continues to do so in the present and appears to have no concern or intention to stop doing so, for the future.
Mr. Kelsey added at the HS Committee,
“We have a very big job to do, and I hope that you will hold us to account in delivering it.”
To which I can only reply, it is you who say it. But who is accountable? The Open Debate which Sir Manning calls for has not been taken up by NHS England. We are told this is a programme of national importance, one which Mr. Kelsey has repeatedly said, including to the Health Select Committee previously, on which the entire future of the NHS depends. Why then, no national discussion, no news since the pause and a focus on updated communications of the current plan. The current plan with flaws in consent collection, scope determination, confusion of purposes.
There are so many ways this could be improved and gotten right, but not by November and without public debate.
How can you insist a programme so vital for the entire future of the NHS yet encourage no public discussion? This seems to be a theme in NHS England recent programmes. [4] The decision to outsource the GP support services was taken in private sessions, not available to the public like the rest of the Board Meetings [5]. Other programmes, pilot and actual plans for implementation go on without public discussion.
There’s been no apology for the data sharing policy developed since 2010 which has encouraged commercial trading and enabled this erosion of security, confidentiality and trust in the data management system of our nation’s health records. No one at the Department of Health has said, we got this policy wrong. No one at NHS England, the same people if under a different label. Poor Sir Manning at the Information Centre who carried out their policy, has been left to say there were ‘big mistakes’ made. But not by him since July 2013.
Trust and care.data off course
That our trust now lies in tatters, is not the fault of the Health Select Committee member to whom Sir Manning says, he is saddened and disappointed. It’s not Joe Public’s fault who had no idea this was going on, until six months ago. Where did these policies and plans since 2010 come from? Where did the use of our data go so astray and why is flagship care.data now so terribly off course? Mr. Cameron outlined it in 2011. What happened in the three years?
Health records for sale
As I wrote in a previous post,
“Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace, this re-use of data is now becoming normalised.”
But should it be normal that our medical records are for sale?
When celebrity Michael Schumacher’s notes are for sale, [6] being offered concretely to the media, we all see that is wrong. Just imagine 70 million copies of Schumi’s record, each with our own name on it, being offered to anyone outside of those who need it for our care. Offered to these commercial for-profit data intermediaries. It’s not a theory – this is what is happening to our records, today. Don’t accept the ‘anonymised’ statements, they’re simply not true. Identifiable data and pseudonymous data has been sold. The register confirms it, and that was only a 10% sample.
“To earn the public’s trust in future, we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”
I think banning data sharing for commercial use and re-use would be a good start.
What is it to be used for and why?
When we think of our health records being used by others, we need to separate the uses of the data, in order to understand different ways it is used, who uses it and why. Data once it is processed becomes knowledge which is used as Business Intelligence. It is common in discussion to conflate use in care with care.data. It’s even in the name. But the uses of care.data are secondary. Not to be used by clinicians caring for us, not replacing hospital notes to give to consultants when we are referred for a hospital stay. Not providing discharge papers. It’s only approved for commissioning and sketchily [imo] approved for risk stratification. [ref p.5 ] [8]
care.data extracted from GP surgeries, is not even approved for research purposes, but to read all the recent debates you’d think research depended on it. Research using GP extracted patient data, is not an approved use of care [dot] data. Research using GP extracted patient data is not an approved use of care [dot] data. Repeat, ad nauseaum.
What is already being done, and what is used legitimately i research such as public health (albeit without our past knowledge or consent), is with our hospital data, HES, SUS, Mental Health data, usually with CAG review, and through 251 approval sometimes through DAAG review at HSCIC – it is available and is on sale to all sorts of other non-care providers. And that is planned to continue.
The records extracted so far, when not used for research appear in recent years increasingly used for comparison, the concept of ‘ranking and spanking’ professionals and providers of healthcare. They are also used in commissioning, payment validation and understanding costs and spending. But beyond that, there are all sorts of others who still come under the umbrella of ‘health purposes’ but don’t directly benefit the NHS or individual patients. What is their demand and what are they being supplied?
In the newly created NHS marketplace, customers at individual level are patients, or at a market level they could be any part of the healthcare buying structure, a GP practice, a Clinical Commissioning Group, a Hospital Trust.
The challenge of any demand and supply chain process, is that you need a market willing to pay at the price you are prepared to sell. And you need to offer what they want to buy. For that, the buyers must see a value in the data they want to obtain. Where is the value for these areas of use: Generic NHS Business Intelligence, Generic Commercial Intelligence and Pharmaceutical intelligence?
Health records as Business Intelligence
Some companies take data and process it before selling it to NHS and other health providers in England. This provides a third party service and skill set which the HSCIC nor the NHS Trust for example, has themselves, such as IMS Health.
So business intelligence used for the benefit of the NHS, makes sense and is necessary to a greater or lesser degree depending on your attitudes to comparison websites, green/red flagging professionals and commissioning. Benchmarking was provided by Tribal until that part of their business was bought out by Capita.
These companies’ experience and market is healthcare. The kind of knowledge they can give to the NHS is highlighted in their case studies.
So for clinical care, and for commissioning at individual organisations, these tools are clearly useful and use individual patient level data. [9]
Al sorts of other places and individuals perform these services. They include a wide range of commercial organisations, small and large.
Health records as Commercial Marketing Intelligence
Commercial buyers however, can include wanting data for identity verification, fraud prevention and background checks. Services such as Experian offer. These may be what the loose definition in the Care Act would say are now banned, but are they? What is to say that a company which offers the use of private health services, healthy eating or pharmaceutical marketing is not providing information to others, for the promotion of health?
“Experian employs more than 12,500 people in 34 countries worldwide, supporting clients in more than 60 countries. Annual sales are $3.1 billion (£1.7bn/ v2.5bn).”
Identity verification can be done, matching data across a biographic footprint, ” in databases, established for 45 million UK citizens and hold in excess of 1 billion records.”
“Experian public sector currently works with 380 plus local authorities, 52 police and investigatory bodies, as well as central government agencies including DVLA, HMRC, DWP and the Cabinet Office.” [10]
There is clearly a lot of data sharing in the public sector, about which we may understand very little. But mostly the buyers of data want to sell something. Companies buy lists of people to use in marketing campaigns, who might be interested in what they’re selling — and companies also want to learn more about their current customers.
This is where I find the level of detail and what is done with our data, more than a little freaky.
Every UK consumer is classified into one of 22 types, aggregated into six groups. The 22 types are linked to six decision-making styles, providing insight into consumers’ motivations when using different media and the processes they go through in deciding about products and services.
I don’t know what segment I am in. But I know that I will have data stored in many of those different data sources they mention. So do they actually know more about my habits and inclination, that I have self-awareness? If their tool has over 850 million input sources which they process, it’s more than likely. 34 million email addresses, 20 million mobile phone numbers, 49.7m names and addresses.
Experian may well have much of this data from the electoral roll (unless like me, you opted out of these uses) but in the HSCIC January-April 2014 register of releases [7] data was given to Experian for use in Mosaic. (see July – 132kb right of page)
“Mosaic is Experian’s powerful cross-channel consumer classification designed to help you understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [12]
That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. In fact, I find it threatening in a similar vein to the visceral reaction that the Facebook experiment generated this week online.
As SF Gate reported,
“Using unsuspecting members as human guinea pigs is repugnant. And when the biggest social network on the planet does it, can its leaders be trusted with their own technology?”
This idea that just because one can and the technology permits it, does not mean that one should. It just feels wrong to find out others may manipulate our thinking and behaviours in such a targeted way. Just as Experian does with consumer data:
“Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…”[12]
Individual households? Understanding my behaviours, gives them information which they use to nudge or influence my decision making. Understanding our behaviour ‘in extraordinary detail’ helps companies market and sell more to customers.
There are other re-uses even for health purposes, which seem less transparent and more about us as general consumers, rather than for our health. For example, the use of HES data is in social marketing targeting:
“In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included OmegaSolver and Harvey Walsh.”
These companies have re-use licenses for data. what that means is better explained here by medconfidential. [14]
How will HSCIC know how data will be used after release and how will it be audited and how often? When it comes to human tissue, the HTA only audits tissue banks in the UK once every three years. That’s a long time in between audits if something has gone horribly wrong in best practice.
Health records as Commercial Pharmaceutical Intelligence
To global pharma it is again not the data itself which is of value, but in the knowledge it reveals. The pharma business intelligence. It can show at an individual level what is being prescribed or show any gaps it reveals, which will allow pharma, to address ‘unmet clinical need.’ The data already compares hospital prescribing and reports make recommendations used by NICE on what drugs to use and recommend. My concern is that to treat the worried well who have cash to spend, will deflect attention from the needs of the sick and poor and that even if only at postcode level, we will be targeted for pharmaceutical marketing.
“The parties will initially look at how anonymised, integrated health data can be used to identify unmet clinical need in patients with diabetes. In the UK, diabetes affects approximately 2.9 million adults overall, with more than 90% of these patients having type 2 diabetes. This makes diabetes one of the most common chronic medical conditions and represents a significant strain on U.K. health services.”
Astra has another Memorandum with IMS Health. So we, whose data it is, have zero transparency and can request no accountability for the use of our data once it has left the HSCIC.
And it matters because when there are data breaches in these companies, we should know whether our data has been involved.
In January 2012 AstraZeneca signed a three year partnership with IMS MOU[16] and stated it builds on AstraZeneca’s existing ‘real-world’ data and research partnership with HealthCore in the US, the health outcomes research subsidiary of WellPoint. Wellpoint which had a massive breach a year ago, July 2013. So how do we know where our data was stored, and if it were involved or not? Here is what pharma use data for, to analyse “unmet clinical need.”
“The partnership with IMS Health will give AstraZeneca access to pre-existing anonymised electronic health records, which include clinical outcome, economic and treatment pattern data. In addition, the companies will jointly develop a customised research and data analysis platform. The information will provide a deeper insight into how medicines that are already on the market are working in real-world settings across Europe, painting a picture of unmet needs …”
We can look at this more than one way. Some feel strongly commercial use should exclude Big Pharma. On the one hand, the State and Government does not own manufacturing of drugs nor medical products. Though we used to do both. Recently, that we did own, has been increasingly sold to commercial buyers or venture capitalists.
The State and pharma work together, often through University research, to create future health solutions, drugs and the drive towards personalised medicine and diagnostic tests. When companies which own our data are sold and bought internationally what happens to our data they own? Boots Alliance bought data from HSCIC, and they are about to be bought by US Walgreens. So many questions.
Those more informed than me will know all about the challenges of pharmaceutical companies, the patent cliff, mergers and diversification. IP, diagnostic tests and generics in the market. Big Pharma and the State are working together in much research to find solutions and discoveries to current and future medical issues.
How far does cooperation stretch and when does it become inappropriate? Is commercial interest supportive of State practice or driving decision making policy? Should commercial companies fund any costs at our NGOs? And do those which buy the most data, get a bigger slice of the influence of what conclusions reports using the data, reach? Whilst there is a public move to #Alltrials I believe we should demand #Allreports in the public interest as well. I would like to have transparency at HSCIC how their reports are funded, when working with partners which are frequently commercial pharma partnerships.
Mr. Hunt recently defended to the Health Select Committee the reasons why a commercially supported pharma lobbying group was used to advise on the NHS Commissioning plan – the Specialised Healthcare Alliance. Supported by 14 pharma companies, these corporate members are contributing £12,000 each towards the costs of the Alliance for 2014.
Are we really seeing transparency on who is driving change in our health service?
The Richness of our records open for Exploitation
The value of Big Data is only extracted by exploiting its richness. And these days, with mobile phones, social media and shopping habits tracked by the minute, the average citizen like me, it seems can’t easily avoid being part of it, whether we want to be or not.
But if we don’t even have the right to control and own our data and we can’t control the knowledge generated from it, how can we control who knows what about us and what they use it for? If we’re unaware of its existence, how can we understand its impact on our life to make free and uninfluenced choices in what we buy, for example? Or understand how we may be segmented and discriminated against. And this is aside from the assumption that the data held is accurate and that as a result, no mistaken judgements are being made about us.
As for our health data, how can we control its use by these massive data managers if we don’t even know who they are at the end of a chain of re-use licenses?
Put Business Intell, Commercial Intell and Pharma together
The vast amounts of data already held and analysed to the nth degree by these data intermediaries, means that making even more data available to them is going to increase the segmentation and risk of identification. They already have data on individuals and is it not enough that they make analysis at household level as shown by Mosaic? Individual health level data seems that they could put a final piece in the puzzle and know exactly who in which house had which ailments, their lifestyle risk factors could be refined and these data brokers would be able to look inside our very bodies.
One which fits data together, we do know from the HSCIC data release register, and press reports in March, is Harvey Walsh. The company tracks individuals pathway data, over time and the website now says:
“Harvey Walsh use non-sensitive and non-identifiable HES data for patient pathway mapping that is used by the healthcare industry with the NHS to improve the quality of healthcare management and service delivery by better understanding how patient cohorts move around the healthcare system.”
[Harvey Walsh’s system] “AXON holds non identifiable and non-sensitive HES (Hospital Episode Statistics) data and other sources of data including GP Practice Prescribing, QOF, Demographic and NHS personnel data sets.”
Data snapshots combine to give a Picture over a Lifetime
So now, not only can these companies understand us in infinite detail, but can do so over our lifetime. We are tracked over time and anaylsed not as a snapshot, but as a living album of snaps, moving across time. They know what we do commercially, in our lifestyle and how it interacts with our health and what may affect our consumer habits and help nudge our decision making. Put them together, and it starts to feel like I’m on The Truman Show.
I’d like to know though, once the data is processed, what happens to the new combined knowledge set, it creates? The original raw data as extracted may not be given to others, but is it the same product and protected, if it now shows up as a small piece, in a bigger jigsaw?
Omega Solver took their product offline this year, after privacy campaigners identified the risk of identifying individuals.
Acxiom as a world data leader example, is a company which provides consumer data and analytics for marketing campaigns and fraud detection. Its databases contain information about 700 million consumers worldwide.
“For more than 40 years, Acxiom has been a leader in harnessing the powerful potential of data.”
It seems others share my concerns, as this article on how data brokers use of our data is creepy, from Julia Angwen showed up in my alert feed this week, and another in ProPublica from last September. As she says,
You can see more on this, in her interview with PBS News:
Our lifetime data is attractive to commercial marketing and all sorts of organisations who wish to understand us and sell to us. The one purpose, possibly the least trusted I have not really touched on. Hospital records have been shared with insurers and used for refining policy. Records have been sold to re-insurers, even since January 2014. And these insurers mine and use data much more deeply than we want to imagine. In fact, as I finish this I see the FT front page tomorrow carries a current story how insurers trawl our Big Data.
HSCIC Data Sharing Agreements will prevent Data Merger?
IMS Health UK & Ireland’s general manager, Michael Sanvoisin shows that exploiting the different data sets ‘out there’ in Big Data, is kind of the whole point. [17]
“The smartest use of data will be the effective combination of all the various sources of open data and patient information services available in the marketplace, augmented by companies’ own internal information and data from other reliable and reputable sources.”
IMS Health is working in partnership with the MHRA – and in particular the clinical practice research datalink (CPRD) – to help the UK increase its capabilities to build cohorts of patients for clinical trials. This has led to the linkage of IMS Health’s Hospital Treatment Insights (HTI), the aggregation of HES and prescribing data, to the CPRD. This powerful linked dataset enables the identification of specific patient cohorts and allows companies to monitor patient flow between primary and secondary care. IMS Ardentia’s Costed Care Pathways (CCP) sequences clinical events together with detailed financial information to give a longitudinal view of a particular patient care pathway.” [17]
When these global companies have in addition, bought data from HSCIC, where is the transparency for patients to know what internal practice at these private companies prevents all data becoming one Big Data set, in identifiable or pseudonymous formats, and sold or shared onwards with others?
The Recent register states explicitly, that IMS will not do this, that the data will not be sold onwardly, but how about theknowledge they create from it?
“ANDromeda is an engagement tool enabling greater market access with a tailored need across all functions within pharmaceutical companies.
And in the UK, are involved in work shaping our health market: “that may involve looking at how primary care organisations operate or focusing even closer on area-level commissioning, such as GP consortiums.”
Where is our Data being Used?
“The effective combination of IMS Health’s proprietary data assets, in addition to the vast swathes of open data being made available, can help inform key strategic decisions for both the NHS and pharma. Moreover, it can drive an increase in joint working towards shared benefits and therefore transform healthcare services in the UK and beyond.”
“in the UK and beyond.” So I ask myself, which countries outside the UK have received our medical records? Remembering that non-US citizens have no privacy rights in the US, if it landed there, we can say good bye to ever getting control of that knowledge back again.
Indeed HES extracts have been given to places in the US, specifically the University of California, the FOI request I got back confirmed. The Partridge Report contained two examples of data which has gone to Kyoto University. Yes, Japan. And remember, if the data is completely aggregated and anonymised it’s not included in these registers, because it is open, green data. So what exactly went to California, Japan and who knows where else. No one knows 100%. The Report only sample tested 10% of all releases.
IMS received 251 access (which is required for confidential data without consent) for identifiable data extracted from hospital pharmacy systems, sent to HSCIC and linked with HES (hospital records). The main customer for these products will be the pharmaceutical industry. (Lines 101-2).
IMS Health is massive, as is the global health data they hold.
On the IMS One intelligent cloud, the company connects more than 10 petabytes of complex healthcare data on diseases, treatments, costs and outcomes to enable our clients to run their operations more efficiently.
Drawing on information from 100,000 suppliers, and on insights from more than 45+ billion healthcare transactions processed annually, IMS Health’s 9,500+ professionals drive results for over 5,000 healthcare clients globally. Customers include pharmaceutical, medical device and consumer health manufacturers and distributors, providers, payers, government agencies, policymakers, researchers and the financial community.
Another user of our data is Optum UK (formerly United Health Group, and if that sounds familiar it was Simon Stevens [18] last employer). I wonder for example, does that mean it is also used by Optum Insight in the US? This presentation by Christopher M. Blanchette, shows different data providers of ‘RWE’ real-world evidence and where their data is sourced.
If international companies have NHS England patient data and re-use licence, is it likely in to have been exported around the world or how can we know in which locations it is used? I want to know how often data is given directly to International companies? How often is data given to companies in the UK, who have foreign centres outside the UK, which would routinely share that data with their central systems and therefore export it? It is a basic right of data management to require fair processing for identifiable data, to know who has it for what purpose.
How do we protect consumers’ concerns?
And as US Commissioner Julie Brill’s report shows, in the States there are concerns how this data is used and they are acting on it. Are we doing the same here?
Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told, the data controller, the Health and Information Centre, does not know. And he can’t ask for what data is held in pseudonymous format – even though the data is pseudonymous with a key to make it linkable with new identifiable data coming in, so to me, that makes little sense. It is by its nature, re-identifiable.
But if HSCIC won’t release it in a Subject Access Request (SAR), we can then only surmise, whether our individual data was contained in bulk data transfers. So from the released data register, we should look at what types of companies are using pseudonymous (so called ‘amber’ data), and assume our own data was indeed included.
Overseas Data Distribution and Protection
care.data, it was said at the Health Select Committee meeting by Mr.Kelsey in March, was only for use in the UK but the HES/SUS data application form includes a field for use overseas. So, does that mean policy for export has changed for all data, or should they have spoken more precisely meaning only that “GP data extracted in care.data” was only to be used in the UK?
Because IMS, again, already has access to primary data from CPRD and secondary care data according to line 10 from HES. And whilst, it states “[Note added 28/3: The data are onwardly released only in aggregate form] I am curious – where does ‘onward’ mean? There is no Ltd. on the company name, no territory or geography indicated in the register. So if data is released to an American firm, should we assume it sits on US servers and is accessed directly by their US staff? Does onward only restrict them from giving the raw, identifiable data they received, to others outside IMS? Is it availble in non-aggregate form inside the whole of the IMS system? I, in the general public, can’t tell from the register and IMS is hardly going to tell me. We should be able to find out. I’ve found it a challenge, and my FOI request to HSCIC [14] to find out what data may have been given to US or Asian organisations, was tougher than my entire lifetime of dental appointments combined. It shouldn’t be difficult. Patients should be able to easily ask, to whom did you give my health data and where, for what?
Do we know enough about the plans to use and commercially re-use our data for commercial ‘health purposes’ as being broadly defined in the Care Act? If not, patients should be asking. GPs don’t have time.
Why does it matter? Because legal jurisdiction of data is still (perhaps outdatedly) physically geographic at least in aspects with which I am familiar. When working on global implementations of confidential employment data, we had to gain legal advice from each territory submitting data, on how we should legally properly manage data from over 50 countries in the world and its access by regional and global teams in the US, Europe or Asia. And on simple terms, we should always handle, process and use data in a way the individual expects and feels common-sensed appropriate to the purpose for which it was submitted. British citizens are not protected by US privacy laws because they apply only to US citizens.
“Existing laws do not sufficiently address data brokers’ handling of sensitive data in marketing or risk mitigation contexts,”
says Julie Brill’s statement. Well they don’t protect us Brits, at all, so I want to know if it’s being used abroad.
Few in England, will expect their data to have been made as freely available at identifiable individual pathway level, as it appears to have been in recent years. Do I at least have the chance to protect my children’s future data privacy, if not my own now?
Surely we can trust Data Protection Laws?
Because of the legal status of data which is deemed “de-identified” or “anonymized”, it is claimed they don’t violate our rights to health information privacy – Data Protection law accords us only the right to fair processing, not to prevent its processing, due to the the Health and Social Care Act 2012 which requires its extraction — but if it’s possible to re-identify longitudinal data sets – and if the whole point of getting these data sets together is to combine them, surely common sense would say, it may be legal, but that doesn’t make it right. There are other DPA expectations which HSCIC also fails to meet. The Minimum data required, for example. Deletion. Accuracy. I am guessing that every single one of the eight Principles have been broken by our data extracted before the HSC Act 2012. Yet, everyone seems to be ignoring this.
When it comes to Data Protection, identifiable data is treated differently from anonymous data. Amber individual level ‘pseudonymous’ data, is not the same as aggregated anonymous statistics and the care.data privacy impact assessment [19] confirms the risk of re-identification, yet the data is being treated as if it is anonymous. I can’t believe people working in the field believe themselves these data groups should be looked on as being equal. In my opinion, it’s not so much a case of wearing rose-tinted spectacles, it’s more like a blindfold on the wise monkeys; hear no evil, see no evil. [20]
I can quite clearly state on behalf of many, we feel that our rights to privacy have been and continue to be violated, no matter what the letter of the law says.
Whilst HSCIC may see only its own data sharing practices in a silo, that’s not how the impact of its sharing works in real life. It’s a join the dots between different data sets from different sources.
Can Good Governance Give us Confidence?
We are told that data-sharing agreements make it illegal for the data to be combined with other data held by the recipient, to make it identifying. But if the Data Controller doesn’t know what data the company already has, and doesn’t even keep track of what data has been given to them already, it must be impossible for individuals within these massive corporations to know the impact of adding their piece of the jigsaw puzzle. Over time, they will not track either, what from their company has already gone into creating the Big Data picture.
We could only rely on release controls and good governance, but for the past ten years reported in HSJ and the Partridge Review, it appears some datasets have been inappropriately shared without audit, which would have spotted the mistake. Governance is simply inadequate. In my opinion, not with malicious intent. Rather, simply, the data sharing strategy has been too fast for its own good practices to keep up. Now, it has to catch up fast.
As awareness increases, so too is the push back on the privacy grab. How do we feel about losing our individual rights, the removal of confidentiality and consent, the right to freedom from cold-calling, and to know who has our data for what reasons. And do we feel the same if we lose those rights in the name of commercial or public interests?
The British public is pushing back on banking failures and resents increasingly to see the minority of individuals benefiting commercially at the expense of the many. We resent the paternal state definition of the ‘Public Good’.
The public interest considered by CAG in reviews of data release applications, must consider protecting both the public interest in research access to confidential patient data and the public interest in a confidential health service. Add to that the public interest of providing a national health service, and its safe to say ‘the public interest’ will be hard to satisfy for all of the people, all of the time and will be subjective.
“that the purpose for which the data will be used should be in the public interest and for the provision of health and care services; [and] that any approved processing must respect and promote the privacy of patients and care service users… ” (Hansard, 10 March 2014, Col.137)
Perhaps even more subjective, is the atmosphere of public interestand how interested the public is, in how how level decisions affect us on the ground. Certainly, Snowden and other data sharing revelations have coloured the muddy backdrop of how our data is gathered and used by others, and increased calls for transparency.
The Department of Health will be furious with the Home Office I expect this weekend, as they triggered a massive outcry over the perceived lack of transparency and scrutiny afforded to MPs and civil society over the Data Retention and Investigatory Powers Bill. Even Radio 2 gave it 20 minutes coverage. [22] (From 01:36.40) This kind of governmental out-of-touchness with the public and the perceived desire to hide something in the rush to the new legislation, is what undermines trust in all areas of the public-state relationship.
It implies a paternal notion, of “we know best, so just trust us little children.” Well, that ain’t gonna fly. Seahaven is not “the way the world should be.”
Patient empowerment to own our Health Records
This flawed process, within and beyond NHS data sharing, has also created a sense of loss and disempowerment. Whilst presentations are all about ‘patient centred’ care, and ‘personalised medicine’ sounds so about the individual patient, it seems safe to say patients have been left out of the digital decision making and sharing how those decisions will affect the public on the ground. This for care.data, should have been central to plans to ensure support and success. There are still unfilled positions supposed to be filled by patient organisations or patients on the tech board.
It seems endemic to new programmes too. Or have patient organisations been widely involved in the genomic plans for the nation and not told us? Unlikely.
The talk thus far, does not match the walk. Knowledgable patient involvement is as desired by some of those leading parts of NHS patient engagement, as a chocolate teapot is useful. One is documented having said on another programme, “this was not a suitable point for patient involvement.” Either you want patients involved or not. Involved means from the beginning. Not as the decoration at the end, a way to tick the engagement box.
The notional idea of patient empowerment in this programme is tokenism, if the most basic principle of care, the only thing I can control in my consultation – my patient confidentiality – is treated with such little respect.
Is the public good really defined and does it outweigh the private good and our long established rights of consent and confidentiality? Does it vary depending on circumstance and if so, who decides?
It certainly doesn’t seem to be us, the patients in healthcare. Nor as citizens in any other field of our personal data.
If you don’t pay for the product, you are the product
In general commercial uses of data, I am increasingly learning that if you don’t pay for the product, you are the product. Maybe we need to shout a bit louder, that we are not a product. We do not all want the knowledge of our health & lifestyle to be for sale.
We’ve got used to these third party uses through the recent media revelations and the acceptance that current Government seems to be prepared to sell anything the State has in its possession. I wonder how representative that is of what the people would choose to do?
So at the risk of repetition, let’s not forget the basics:
The list of past customers in the Partridge Review of those who received data before April 2013 shows the extent of what was hidden from us for twenty years.
Should we be asking, what may be hidden still?
By stretching the scope of the potential discussion around the ‘industrialisaton’ and use of our health records for secondary purposes, we must not normalise the basics which we at first, found so surprising. We need to get them fixed first. Then, only then, will patients be willing to look at broader future scope. If I can’t trust you to manage my hospital record when I broke an ankle, why would I want to trust you with my genomes in future? It reveals a complete disconnect at NHS England level with the public in care.data thinking.
Come back to reality and listen to patients’ real concerns. We don’t want our data given to third parties, these data brokers and intermediaries or to continue re-use licenses. Even if it’s for ‘the promotion of health’ the purposes in the Care Bill.
And honestly? NHS England and the Department of Health shouldn’t want that acceptable in policy either, because they need to know who has our data, to govern it to make sure it is acceptable. As Sir Nick says in his report, the future data governance must be:
“meticulous, fool-proof and solid as a rock”
One more big mistake in who received our data in the future, and all cards will be off the table. For this to work, you need to properly manage it. And all this at the time where NHS England has now decided to outsource population wide databases, through the Steria outsourcing. Ha. Get that outsourcing security wrong, and for all your future programmes, as Truman would say, “Good morning, and in case I don’t see ya: Good afternoon, good evening, and good night!”
In the words of more Americans for whom I have a respect & love of their self-determined own words, Simon and Garfunkel, ‘Slow down, you move too fast.’
Julie Brill’s Statement made a recommendation in the US:
“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”
We should feel that we consent to this mining of our health, wealth and lifestyles and know what is done with that knowledge. I feel disempowered because in finding out how my health data is used, I’ve discovered a brave new world of how my personal data is used. By commercial business. By Government. By suits and wonks as may be nicknamed. I am not equipped or informed enough to understand it all, but I’m doing my best to find out.
We need to trust in the people who manage these systems, who drive the policy and who advise the two, to work together and make technology work well for the rest of us. It should work well with privacy and security, and functionally.
Patients must speak up and Ask Questions
Patients must start asking more questions about these commercial uses and re-use licenses, because whilst the commercial intermediaries may access data for the purposes permitted in the Care Act, we are not a partner in patient engagement. Our data is being mined in the name of NHS improvement. Our samples being gathered in the name of science.
We are the product for sale. Our name, and everything else about us.
[3] Health Select Committee July 1st, 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/11192.html
[9] IMS Health Ardentia http://www.imshealth.com/deployedfiles/imshealth/Global/Content/Technology/Technology%20Platforms/Ardentia/Ardentia_Royal_Free_PLICS.pdf
[10] Experian Public Sector http://www.experian.co.uk/assets/identity-and-fraud/authenticate-for-public-sector.pdf
[17] IMS Health using NHS patient data http://www.imshealth.com/deployedfiles/ims/Global/Content/Solutions/Healthcare%20Analytics%20and%20Services/Healthcare%20Outcomes/IMS_HTI.pdf
“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is doublespeak talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”
Today at the Health Select Committee Mr. Tim Kelsey, on behalf of NHS England, said that care.data pilots will be in October/ November and in the meantime they are listening to the “constructive challenge to NHS England how to build trust in the [care.data] programme.”
Here’s my real experience of that listening, why it may not help and what still needs done. (And in under 4 months if in time to be of any use for the pathfinder pilots, which are only of use to the whole if done properly. )
[Part one] care.data communications and core concepts – Ten takeaways from the Open House event.
The NHS England led Open House Day [1] on June 17th was a listening opportunity according to the draft agenda for:
“patients and the public to influence the work of NHS England at national and regional level.”
Here are some of the things I learned:
1. Public Awareness
Mr.Kelsey asked the room (he was in London, other locations took part by live link) how many have:
a) heard of care (dot) data and
b) how many think they understand what it is is?
We couldn’t see his room, but he said ‘about half’ understood it. Our room’s show of hands was similar.
My reaction: One would expect everyone attending to have heard of it, the event after all was billed as in part about care.data. The level of understanding should be higher than the average in the public, since many (in Basingstoke at least) were NHS England or more involved than the average citizen.
Feedback overall was consistent with the latest MORI Ipsos poll [2] commissioned by the Joseph Rowntree Reform Trust in which the minority know it well and over 50% say they have never heard of it. That’ s a long way to go to reach people, inform them adequately to meet legal Data Protection minimums and let them enact their patient choice.
2. Communications Message & Scope
A consistent, frequent communications message is that ” there are FAQs and materials, we have the answers, we just need to communicate them better.”
My response: communication is failing because the core scope of what care.data is, is fluid. Without something concrete and limited, it cannot be explained neatly. As one NHS England communications member of staff said to me this week, ‘we haven’t got an elevator pitch.’ So it’s not about the materials or the methods, it’s the substance that is flawed. When you’re talking about extracting, storing, sharing and selling some of our most intimate information, a vague notion of pooled experience is not good enough to trust. People want to know exactly what information, is being shared for what purpose, with whom, where. And how long will they keep it for? NHS England simply do not have the answers to that, so, that elevator pitch? It’s never going to get off the ground in a meaningful way. And anything less than the answers to those questions, doesn’t meet the Fair Processing requirement of Data Protection Law.
Today at the Health Select Committee Mr.Kelsey was asked, will patients be able to trace in future where their data went? There was a rare and stunning silence. And after a benefits statement, there was still no answer given to the question. [update: Hansard now available, Q525/526]
Scope cannot be fluid and changing – the use of our personal information that we sign up to today, must stay what we agreed to tomorrow.
Data Protection requires that the minimum data is extracted so this ever increasing scope creep, but only *one* chance at opt out are at odds with each other. What plans are in place to meet Data Protection fair processing EVERY time new things should be added and more data could be extracted? It’s a legal necessity. An ongoing change communications process MUST be in place.
3. Timing
Mr. Kelsey said, on rollout timing that NHS England would take it ‘as slowly as we need to.’
My response: This reiterates the ‘no artificial deadlines’ but appears to be doublethink in contrast with the statement confirming ‘autumn 2014’ extraction for Pathfinder (pilot) 100-500 practices. How will the pathfinder (pilot) locations be ready to test a communications process which as yet does not exist? How will it pilot a consent process for young people, the vulnerable, those with complex health system needs, the at risk, those outside ‘the system’ with GP records? A process which by its nature must be applied to any opt in or opt out choice, if others make a decision on their behalf yet from the meetings’ discussion, whose informed consent appears not even begun to be considered? Or how will solutions to past Data protection Law failings be found from thin air, when data has been breached in the past, continues to be shared in the present and there is no solution to resolving those failings for the future?
4. Language simplification
There is a tendency to oversimplify the language of the Care Act, into ‘care.data will not be used for any purpose other than ‘health benefit’ – whereas benefit is not mentioned in the wording:
My response: Is to question why this is? Does benefit sound better than promotion perhaps? Again, words should be used accurately.
5. Users simplification of the Care.Act wording
The actual wording is ‘the promotion of health’.
NHS England are similarly very keen to point out explicitly that care.data cannot possibly be used for insurance or marketing purposes, such as junk mail.
My response: Yet again, the wording of the Care Act does not state this explicitly. In fact, it leaves pharmaceutical marketing for example, quite open, ‘for the promotion of health’. And there is no legal barrier in the Care Act per se, for firms which receive data for one purpose, such as BUPA the hospital provider in London, using it for another, such as BUPA as refining premiums. BUPA Health Dialog received individual level patient data in the past. How do those patients know what it was then used for or shared with? Perhaps Data Sharing Agreements can specify this, but the Care Act, does not.
Claims to rule out “solely commercial” can’t be backed up by the wording of the Act. Will “the promotion of health” still permit uses such as marketing by pharmacies or ‘healthy eating’ campaigns from big food chains? There is no obvious definition – and leaves wide interpretation open.
When Sir Manning spoke at the Health Select Committee he (rightly) said HSCIC can only restrict and determine what they do ‘within the law’. The law needs to be tight if the purposes are to be tight. Loose law, loose uses.
6. Use by Data Intermediaries to continue
care.data will continue to be on offer to third party Data Intermediaries it was confirmed in the panel Q&A.
My response: some third party intermediaries in part perform outsourced data services for the NHS. But do they also use the data within their own business to inform their business intelligence markets? They sell knowledge gleaned from raw data onwards, or have commercial re-use licenses for raw data over which we in the public have no visibility or transparency. We cannot see within these businesses how they build their own ‘Chinese walls’, self-imposed restrictions to ensure security between different parts of the same umbrella organisation. Allowing third parties to re-sell data means control over its use, owners and management is lost forever. Not secure, transparent or trustworthy. I explore their uses with commercial brokers more here in a previous post. [3] Considering I was told that my personal confidential data will not be shared with third parties, in a letter signed by the Secretary of State for Health, I am most unhappy about this. I will find it hard to trust new statements of best intent, without legislation to govern them.
7. Data Lab – restricting user access
Mr. Kelsey indicated that going forward the default access to our health data will be on the premises of HSCIC, the so called “Fume cupboard” or “Data Lab.” However he noted, this would not be for all, but be the ‘default’.
”The default will be access it on the premises of the IC. That won’t be universal for all organisations….”
My questions: Whilst a big improvement from giving away chunks of raw data via CD or to remote users, these processes need documented and publicly communicated for us to trust they will work. When will it be built and operational? How will we know who all the end users are if the same rules do not apply to all? How will those exceptions be granted? Documented? Audited? Will raw data extraction still be permitted? It’s the exceptions which cause issues and in future, the processes and how they are seen to be governed must be whiter than white. For those with direct access, users of the HDIS or HES, will a transparent list of users be published? At least for now, they do not show up on extraction audits so the public cannot see what those users access or why. So, a good step, but can’t stand alone.
Until this secure data lab is physically built, any data extracted cannot go into it. That won’t happen by October/November I should think. So will NHS England be prepared to extract data anyway, into a setting they *know* is LESS secure and a NOT yet a safe setting?
8. Governance
We were informed, an Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, has agreed to advise the care.data Programme Board to evaluate the first phase pathfinder (pilot) stage.
My feedback: I find this interesting not least because the Information Governance Review [4] under her direction in March 2013 decided that commissioning purposes were insufficient reason to extract identifiable data. Personal confidential data should only be disclosed with consent or under statute and “while the public interest can also provide a legal basis for disclosure it should not be relied upon for routine data flows. [footnote, p.63]”
What value is Independent Governance if it has no legislative teeth and can only advise? At the Health Select Committee today, he said she would be able to offer a view, and a number of parties will be able to express views & be ‘in agreement’. But I wonder who owns the ultimate final go/ no-go decision whether the pilot should progress to full roll-out?
9. Anonymous Sounds Safer
Feedback on the handout: The care.data notes need not only to be accurate but transparently truthful.
In my opinion, words are again misused words to indicate that data is anonymous. 1706204_datauses Whilst the intention of the merged CES output (GP records combined with HES files) may be that some users will see only pseudonymous data, the extracted and stored data is identifiable unless opted out. Name is held in the Personal Demographics Service. [5] This is one of the key communications messages I have taken up with HSCIC, NHS England, raised to the DH through my MP. To reassure the public by saying name is not stored, is deliberately deceptive unless it states simultaneously that it may already be held in the PDS and/or linked on demand.[6]
The Partridge Review [7] has dispensed with the notion that data is anonymous once and for all. Now it must be managed accordingly as identifiable data within Data Protection law and communications must stop misusing the anonymous concept to reassure the public.
“It’s a beautiful thing, the destruction of words.” ( George Orwell, 1984)
10. My own experience of engagement
The most interesting part of the day for me personally however, were the discussions which were unstructured and when we were free to talk amongst ourselves. Unfortunately, that was very little. The structure (at least in Basingstoke and appeared similar on screens elsewhere) was based around tables of about 10 which included at least two NHS England staff at each.
At the end of the morning session, before lunch, as the other participants had left the table, a Communications person and I got into conversation on the differences between care.data, the Summary care Record (SCR) and where Patient Online was to fit in our understanding of which data was used for which purpose.
We discussed that since care.data is only monthly retrospective extracts, not for real-time record access, it would not be a suitable basis for Patient Online access – care.data is for secondary uses. So, we moved onto the challenges of SCR access at local level and how it will be possible to offer everyone Patient online when so many have opted out of the Summary Care Record. We began to talk stats of SCR availability and actual use in hospitals.[8]
Sadly, the table facilitator appeared to decide at that point, that our discussion needed guidance and rushed to fetch a senior member of staff from Strategic systems. And rather than engaging me in what had been a very positive, pleasant two-way conversation, with the Comms person asking me questions and our exchange of views, the Strategic Head took over the conversation with her NHSE team member, effectively restricting further discussion, even with her body positioning and language. Being informed is OK, as long as its the ‘right’ information?
I don’t think that’s what patient engagement is about. The subject needs real, hard discussion, not just managed exchange using pre-designed template cards of topics that we are told we ‘should’ discuss. Perhaps ignorance is strength, but in my opinion, keeping Communications staff informed only ‘on message’ and not of the wider facts and concerns is shortsighted and does them, and patients, a disservice, but then again:
“If you want to keep a secret, you must also hide it from yourself.” (George Orwell, 1984)
Within the other programmes of Patient Online and Patient Participation, care.data was a one hour session. It included the blue plasticine people short animation, a speech by Mr.Kelsey, a 15 minute table discussion on one pre-given theme from a range of four, reading aloud the summary of that discussion from each table within the room, one question per venue raised outside the room to the panel via video link in London, and their answers. Our discussion topics were brief, controlled and relatively superficial. It could have been a productive day’s workshop on only that.
The Open House took place simultaneously in four venues across England, Basingstoke, Leicester, York and London, connected through a live videolink at a number of points throughout the day. The recording in part, can be viewed here.
I attended the Basingstoke event, particularly keen to learn about national programmes such as care.data and hear about any updated plans for its rollout, to learn about patient online, and to meet the NHS England team in the South as well as other interested people like me. I hoped for some real public discussion and to hear others get their questions aired, shared and on the table for resolution.
I met one other ‘only’ patient and whilst I was kindly told by a further active PPG organiser, that I should never refer to myself as ‘only’ a patient, but you know what I mean. I’ve applied as a lay rep on our local CCG for an opening next year, until then, I’m learning as much as I can from others. Other attendees I met were those already more closely involved with NHS England in some way already. As NHS England staff, facilitators, representatives from Clinical Commissioning Groups, Patient Leaders and PPG leaders.
The Partridge Review came out on Tuesday 17th and everyone should read it. But not just the summary. Both the full version and [1] summary are here.
So what is positive about these massive revelations? At long last it appears that the hands have come off the ears and the real issues are being listened to.
My summary: “NHS England cannot now put a hand over its eyes & hope care.data issues are only about communications.”
I feel somewhat relieved that the issues many have been concerned about for the last ten months, have now been officially recognised.
Amongst them, it has confirmed the utter lack of clear, publicly transparent and some quite basic, governance procedures.
It’s no surprise then, that our medical records, on at least two occasions in this sample 10% review of the releases, have gone to undocumented destinations. (Let’s ignore the fact of the other 90%!? of which we have no visibility yet).
At least eight insurers or re-insurers were in this 10% sample, so how many times did such companies get it, in the other 90% which has not been reviewed and we haven’t heard about?
How will ‘promotion of health’ purposes exclude them in future? In my opinion, it won’t.
Why would an insurance company be excluded if it requests data in order to provide health care coverage?
This is the wording of the Act, not ‘for the benefits of the NHS’ or any other more ‘friendly’ patient facing framing.
At the NHS Open Day on Tuesday, the same day as the release, a panel spokesperson stated that commercial information intermediaries [2] will continue to be approved recipients. Gah – why this is such a bad idea, I wrote about here. [3]
The Partridge review said there had been no complaints. [4] MedConfidential pointed out an example of those of which they know. Kingsley Manning told the Health Select Committee [5] on 8th April, there had been seventeen opt outs of Hospital Episode Statistics, ever. Fourteen in 2013 and three prior to 2013.
“Q377Chair: There is not an opt-out rate for care.data yet, presumably.
Kingsley Manning: No, not on that, but in terms of the number of people who have acted to opt out, it is 3 opt-outs up until April 2013 and a further 14 opt outs since 1 April 2013.”
Would I be wrong to suspect each was accompanied by a complaint? You don’t usually opt out of something you are happy with.
The reason for these low numbers of both complaints and opt out in the wider public? WE DID NOT KNOW. The public didn’t know we had anything to be unhappy about. Many still do not.
As soon as I fully understood the commercial selling of my family’s patient records, this below is the query for advice / complaint I made in January to ICO, before the launch was postponed.
I wanted some guidance from an outside body, because I was being told the law permitted this extraction, so what good would a further complaint to HSCIC do? I had already written to my MP and had a response from the Secretary of State / Department of Health (which tried to tell me patient identifiable data was not shared with third parties), as well as feedback to my concerns raised by email with HSCIC, all of which only tried to reassure me. I had no one to otherwise raise concerns with. The ICO advisor I spoke to told me at that time, that they had had many similar complaints.
I’ll be blunt and say now, especially since the Open Day [more on that later, especially on the content of care.data FAQs we received], I think it’s fair to say I am far better informed about care.data than most in the public. When Mr. Kelsey asked for a show of hands, how many had heard of care.data, all put their hands up. Bearing in mind the rooms were full of highly involved people, NHS England staff, CCG and PPG leaders, and few ‘ordinary patients’ like me, and the agenda contained a section on care.data, it’s unsurprising we had heard of it. When Mr.Kelsey asked, “how many of you understand what it is?” the response was around 50%. I’d dispute also, that all of those 50% truly do.
Some of the comms material we were given is factually incorrect, for example, around research. Currently, GP held data planned for care.data extraction and its merger with HES, into Care Episode Statistics (CES), is approved for commissioning purposes but not for research by the GPES group. It’s not approved for research purposes, so its no good telling us how good it is to have it for the benefit of research. What has already been released for research, and continues to be so, is what was already extracted in the past, with or without consent, and informing patients.
Records will not be deleted which raises all sorts of historical reporting concerns if mistakes are identified in retrosepct.
I have spoken with several NHSE Communications people who genuinely asked me, or left me asking the question for them in my own mind, “If I don’t understand it, then how is the public expected to?”
The concerns I had now almost five months ago, seem vindicated by the report. The actions taken since, the loose wording of the Care Act 2014, and little evidence of intention to make any change which is binding i.e. the opt out is only granted at the whim of the Secretary of State, it’s not statutory and that there is no independent governance to be put in place , have done nothing to bolster my confidence these gaps have been filled.
Simon Denegri,Chair of INVOLVE – the UK’s national advisory group on public involvement – and NIHR National Director for Public Participation and Engagement in Research, wrote a response on his blog [6]. I agree with the spirit of his post, and positivity, [he also writes excellent haiku] but where I disagree I outline below. There is room for positive hope for care.data, but first, let’s properly address the past.
“I am sure that many better informed people than I will pore over the detail. Others will use it to strengthen their case that we should put a stop to any manner of data sharing.”
Perhaps most key, I disagree with his fears the report could be used by ‘others.’ I don’t know anyone who wants to see a stop to ‘any manner’ of data sharing, including me. It’s the *how* and *why* and *with whom* that still needs work. Some of us may not want it without active consent, but that is part of the how, not if. It’s not *any* manner that I object to, it’s *this* manner specifically.
I have read the Review in detail and whilst there is much positive in attitude in the Review, the reality of what difference this will make with any real bite, is hard to find.
For example, “The HSCIC will plan a new ‘data laboratory’ service which will protect the public’s information by allowing access to it in a safe environment with HSCIC managed networks and facilities.” But this is with caveats, as it’s the “default,” Tim Kelsey said on Tuesday to the NHSE Open House. It does not mean *all* and if global third party intermediaries and business intelligence companies are still to receive data, then I can’t imagine the global likes of IMS Health, or Experian, or Harvey Walsh will send someone along to Leeds every time they want to extract data. Who will be given special permissions and how will they be decided and recorded, how will it be documented what data they access, if they get a free pass?
Unknown others have direct access to the HES system now through HDIS. Public Health should rightly use our health data, but a transparent list of all approved organisations here too, would be a positive step.
Simon’s post continues,
“As you would expect from a previous Chair of INVOLVE, Nick Partridge, has secured fundamental changes in the governance of HSCIC and data releases going forward. These include patients and the public sitting on the main committees reviewing data releases, open publication of data releases and a programme of ‘active communication’ with the public”.
Patients and public on the DAAG committee. If they are informed about data governance law and good practices, yes, if it’s just ‘representative’, not so useful. But DAAG is HSCIC staffed, and HSCIC has a legal and policy remit from the Department of Health and in its roadmap to distribute data, and will create ‘a vibrant market of data intermediaries’, as it would be wrong to exclude private companies simply on ideological grounds. So the concept of ‘independent’ is flawed. Where are the teeth needed to reject an application, if it’s in the interest of the reviewing body, to accept it?
“It’s my view that the Partridge review, its recommendations, and the swift response from the Health and Social Care Information Centre (HSCIC), offers us the opportunity of a fresh start with the public on this issue.” [S.D.]
This could be used as an opportunity to brush the past aside and say time for a fresh start, but it can only be so if there is confidence of change.
NHS England cannot now put a hand over its eyes and hope the issues go away or that it’s only about communications.
The past needs fisking, issue by issue, to avoid they happen again. And the real risks need addressed, not glossed over. Why?
Because let’s assume the public all thinks it’s fine, and none of us opt out. Then through these still flawed process holes, a huge data leak. The public loses trust all over again, and the opportunity for the care.data benefits is lost forever.
Get it right now, and you build a trustworthy and seaworthy future, for the future public good.
There are other more detailed questions I would raise, [I previously worked in functional database design amongst other things] and I will believe these recommendations will have an effect, if and when I see the words become actions. The Review by PwC and Sir Nick Partridge is a positive listening and speaking exercise, but the plans must become reality with actions, some under legislation, in my view.
And perhaps the simplest, unspoken point seems to being deliberately ignored as if just not seen, unmentioned, except by data protection gurus [7]. There is legal obligation to provide information to citizens before their data is released, in a transparent way, to whom and for what purpose. What happened to Fair Processing? [8] Past and present?
Sir Kingsley Manning, Chair of HSCIC, asked in the Guardian on 22nd January [9] that we have ‘intelligent, grown up debate’ about data sharing. Well my hand is certainly off my mouth. I wrote a feature in my local paper and I’m still speaking to anyone I can to promote fact-based informed decision making. But wider Public Debate is still sorely lacking [BBC Question Time anyone?] Through it, I’d like to encourage wider knowledge of the why, who and what of secondary purposes of data sharing and to ensure we can get it done transparently and safely.
Why?
To ensure we, as patients, continue to trust telling our GPs and hospital consultants all the information that we need to, and have no fear it will be held against us by an insurer or others.
We need to trust we will not be penalised whether through disclosure, by stigma and exclusion from policy or care; or whether by opting out, we could be penalised for not participating and not get ‘advantages’ offered to others, just like store loyalty cards.
We may think the insurance debate is irrelevant, if like me, we are not ‘self-payers’ or don’t use a private insurer. With a £30bn gap in planned budget and needed spend over the next five years, someone is still going to be paying for our healthcare.
If it’s not the State, then who? The risk more of us will pay for our own care in future is real. If not for us, for our kids, and their privacy will be a whole different ball game if genomics gets involved.
Meanwhile, we are told for care.data identifiable personal data is crucial for patient safety tracking. In my opinion, patient safety will be harmed if confidence in confidentiality fails. The relationship between clinician and patient will be harmed. And no number of Dr. Foster Intelligence reports by tracking quality or safety, will be able to fix those failures which it has helped create.
Perhaps most tellingly, NHS England is still to make a statement on the Review. There is no news yet here.
It still seems to me the NHS England leadership and its data sharing policy carried out through IC past and present, wants to continue without grown up debate under the PR motto ‘it’s all going jolly well’, and to act with the attitude of a teenager, who with a shrug of the shoulders will tell you:
‘It’s easier to ask for forgiveness than permission.’
***********
January 25th, 2014 – my ICO complaint / guidance request
{abbreviated only to show issues I feel still need addressed}
Dear ICO
I would like to ask for your urgent advice.
I am a mother of X children under 12. […] Our confidential patient data is being extracted via care.data to the HSCIC. Until my recent research to understand what this was all about, I did not know that HSCIC stored all our patient confidential health data from all sorts of health providers: Hospitals, Mental Health, National Child Measurement Programme, [10] Immunisations and Health visitors.
I have not knowingly given my permission for our data to be stored or transmitted to or from HSCIC in any format in the past. If by signing a consent form for treatment I also signed consent for sharing with this central body, it was without my knowledge and therefore without informed consent.
I have significant concerns over its use, now that I understand how widely our patient data may be used and now even shared abroad. [11] […]
There is no public information on :
1. How long our data will be stored for – data retention and data deletion and cross border governance
2. There is no opportunity for health record deletion of anything which was simply a mistake i.e.: recorded on the wrong record, or a misinformed opinion on lifestyle entered by the GP, not fact
3. How will future governancebe assured that it will not be slackened to allow less strict pseudonymisation, and identifiable releases; for example to US firms who establish themselves in the NHS England healthcare market?
I do not believe that the legal rights created through the Health and Social Care Act are sufficient justification to overrule the Common Law of Confidentiality, and the Data Protection Act 1998. [And the data shared before 2012 was not covered by the Act which did not exist and was not retrospective.] Even if the dissent codes are applied, patient data has been or will be extracted to the HSCIC (without my permission) and it will contain identifiable items such as clinician name, practice and CCG locations, and referral dates which may be used as identifiers to connect with HES data stored at HSCIC – since HSCIC also holds data in the Personal Demographics Service [PDS], [12] I believe they may also link the data [13] then to my personal demographic identifiers. Just an undefined or internal governance procedure to suggest that they would not, when it is technically possible, is not sufficient oversight. […]
I do not consent for the use of our [hospital HES or other] data in health research – because it has not been explained to me, what that term means and the implications of this assumed consent.
I cannot know what the other future uses will be for our health information stored today. I do not feel that I can apply any fair processing to their health records due to the lack of publicly available information and scope of the full uses of their data today and in future. […]
[5] Health Select Committee 8th April 2014 http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/8416.html
[6] Simon Denegri’s blog response to the Partridge Review http://simondenegri.com/2014/06/17/partridge-reviews-elegant-demolition-of-past-practice-on-personal-data-offers-opportunity-for-fresh-start-with-the-public/
[7] Information Rights and Wrongs – Jon Baines’ blog http://informationrightsandwrongs.com/2014/06/18/the-partridge-review-reveals-apparently-huge-data-protection-breaches/
[11] Data use in the USA Memorandum between DH, HSCIC and the US Dept of Health and Human Services to include exploring secondary stores http://www.healthit.gov/sites/default/files/hhsnhs_mou_final_jan_21.pdf
[13] Data Linkage Service at HSCIC to manage the requests for data which is stored in different silos and brought together on request http://www.hscic.gov.uk/dles
Image courtesy of an interesting post on the history of the featured monkeys: http://frontiersofzoology.blogspot.co.uk/2013/04/why-are-three-wise-monkeys-usually-apes.html