Category Archives: scope

care.data, change management, commercial, engagement, human rights, scope, Tech, transparency

A data sharing fairytale (3): transformation and impact

Part three: It is vital that the data sharing consultation is not seen in a silo, or even a set of silos each particular to its own stakeholder. To do it justice and ensure the questions that should be asked are answered, we must look instead at the whole story and the background setting. And we must ask each stakeholder, what does your happy ending look like?

Parts one and two to follow address public engagement and ethics, this focuses on current national data practice, tailored public services, and local impact of the change and transformation that will result.

What is your happy ending?

This data sharing consultation is gradually revealing to me how disjoined government appears in practice and strategy. Our digital future, a society that is more inclusive and more just, supported by better uses of technology and data in ‘dot everyone’ will not happen if they cannot first join the dots across all of Cabinet thinking and good practice, and align policies that are out of step with each other.

Last Thursday night’s “Government as a Platform Future” panel discussion (#GaaPFuture) took me back to memories of my old job, working in business implementations of process and cutting edge systems. Our finest hour was showing leadership why success would depend on neither. Success was down to local change management and communications, because change is about people, not the tech.

People in this data sharing consultation, means the public, means the staff of local government public bodies, as well as the people working at national stakeholders of the UKSA (statistics strand), ADRN (de-identified research strand), Home Office (GRO strand), DWP (Fraud and Debt strands), and DECC (energy) and staff at the national driver, the Cabinet Office.

I’ve attended two of the 2016 datasharing meetings,  and am most interested from three points of view  – because I am directly involved in the de-identified data strand,  campaign for privacy, and believe in public engagement.

Engagement with civil society, after almost 2 years of involvement on three projects, and an almost ten month pause in between, the projects had suddenly become six in 2016, so the most sensitive strands of the datasharing legislation have been the least openly discussed.

At the end of the first 2016 meeting, I asked one question.

How will local change management be handled and the consultation tailored to local organisations’ understanding and expectations of its outcome?

Why? Because a top down data extraction programme from all public services opens up the extraction of personal data as business intelligence to national level, of all local services interactions with citizens’ data.  Or at least, those parts they have collected or may collect in future.

That means a change in how the process works today. Global business intelligence/data extractions are designed to make processes more efficient, through reductions in current delivery, yet concrete public benefits for citizens are hard to see that would be different from today, so why make this change in practice?

What it might mean for example, would be to enable collection of all citizens’ debt information into one place, and that would allow the service to centralise chasing debt and enforce its collection, outsourced to a single national commercial provider.

So what does the future look like from the top? What is the happy ending for each strand, that will be achieved should this legislation be passed?  What will success for each set of plans look like?

What will we stop doing, what will we start doing differently and how will services concretely change from today, the current state, to the future?

Most importantly to understand its implications for citizens and staff, we should ask how will this transformation be managed well to see the benefits we are told it will deliver?

Can we avoid being left holding a pumpkin, after the glitter of ‘use more shiny tech’ and government love affair with the promises of Big Data wear off?

Look into the local future

Those with the vision of the future on a panel at the GDS meeting this week, the new local government model enabled by GaaP, also identified, there are implications for potential loss of local jobs, and “turkeys won’t vote for Christmas”. So who is packaging this change to make it successfully deliverable?

If we can’t be told easily in consultation, then it is not a clear enough policy to deliver. If there is a clear end-state, then we should ask what the applied implications in practice are going to be?

It is vital that the data sharing consultation is not seen in a silo, or even a set of silos each particular to its own stakeholder, about copying datasets to share them more widely, but that we look instead at the whole story and the background setting.

The Tailored Reviews: public bodies guidance suggests massive reform of local government, looking for additional savings, looking to cut back office functions and commercial plans. It asks “What workforce reductions have already been agreed for the body? Is there potential to go further? Are these linked to digital savings referenced earlier?”

Options include ‘abolish, move out of central government, commercial model, bring in-house, merge with another body.’

So where is the local government public bodies engagement with change management plans in the datasharing consultation as a change process? Does it not exist?

I asked at the end of the first datasharing meeting in January and everyone looked a bit blank. A question ‘to take away’ turned into nothing.

Yet to make this work, the buy-in of local public bodies is vital. So why skirt round this issue in local government, if there are plans to address it properly?

If there are none, then with all the data in the world, public services delivery will not be improved, because the issues are friction not of interference by consent, or privacy issues, but working practices.

If the idea is to avoid this ‘friction’ by removing it, then where is the change management plan for public services and our public staff?

Trust depends on transparency

John Pullinger, our National Statistician, this week also said on datasharing we need a social charter on data to develop trust.

Trust can only be built between public and state if the organisations, and all the people in them, are trustworthy.

To implement process change successfully, the people involved in these affected organisations, the staff, must trust that change will mean positive improvement and risks explained.

For the public, what defined levels of data access, privacy protection, and scope limitation that this new consultation will permit in practice, are clearly going to be vital to define if the public will trust its purposes.

The consultation does not do this, and there is no draft code of conduct yet, and no one is willing to define ‘research’ or ‘public interest’.

Public interest models or ‘charter’ for collection and use of research data in health, concluded that ofr ethical purposes, time also mattered. Benefits must be specific, measurable, attainable, relevant and time-bound. So let’s talk about the intended end state that is to be achieved from these changes, and identify how its benefits are to meet those objectives – change without an intended end state will almost never be successful, if you don’t know start knowing what it looks like.

For public trust, that means scope boundaries. Sharing now, with today’s laws and ethics is only fully meaningful if we trust that today’s governance, ethics and safeguards will be changeable in future to the benefit of the citizen, not ever greater powers to the state at the expense of the individual. Where is scope defined?

There is very little information about where limits would be on what data could not be shared, or when it would not be possible to do so without explicit consent. Permissive powers put the onus onto the data controller to share, and given ‘a new law says you should share’ would become the mantra, it is likely to mean less individual accountability. Where are those lines to be drawn to support the staff and public, the data user and the data subject?

So to summarise, so far I have six key questions:

  • What does your happy ending look like for each data strand?
  • How will bad practices which conflict with the current consultation proposals be stopped?
  • How will the ongoing balance of use of data for government purposes, privacy and information rights be decided and by whom?
  • In what context will the ethical principles be shaped today?
  • How will the transformation from the current to that future end state be supported, paid for and delivered?
  • Who will oversee new policies and ensure good data science practices, protection and ethics are applied in practice?

This datasharing consultation is not entirely for something new, but expansion of what is done already. And in some places is done very badly.

How will the old stories and new be reconciled?

Wearing my privacy and public engagement hats, here’s an idea.

Perhaps before the central State starts collecting more, sharing more, and using more of our personal data for ‘tailored public services’ and more, the government should ask for a data amnesty?

It’s time to draw a line under bad practice.  Clear out the ethics drawers of bad historical practice, and start again, with a fresh chapter. Because current practices are not future-proofed and covering them up in the language of ‘better data ethics’ will fail.

The consultation assures us that: “These proposals are not about selling public or personal data, collecting new data from citizens or weakening the Data Protection Act 1998.”

However it does already sell out personal data from at least BIS. How will these contradictory positions across all Departments be resolved?

The left hand gives out de-identified data in safe settings for public benefit research while the right hands out over 10 million records to the Telegraph and The Times without parental or schools’ consent. Only in la-la land are these both considered ethical.

Will somebody at the data sharing meeting please ask, “when will this stop?” It is wrong. These are our individual children’s identifiable personal data. Stop giving them away to press and charities and commercial users without informed consent. It’s ludicrous. Yet it is real.

Policy makers should provide an assurance there are plans for this to change as part of this consultation.

Without it, the consultation line about commercial use, is at best disingenuous, at worst a bare cheeked lie.

“These powers will also ensure we can improve the safe handling of citizen data by bringing consistency and improved safeguards to the way it is handled.”

Will it? Show me how and I might believe it.

Privacy, it was said at the RSS event, is the biggest concern in this consultation:

“includes proposals to expand the use of appropriate and ethical data science techniques to help tailor interventions to the public”

“also to start fixing government’s data infrastructure to better support public services.”

The techniques need outlined what they mean, and practices fixed now, because many stand on shaky legal ground. These privacy issues have come about over cumulative governments of different parties in the last ten years, so the problems are non-partisan, but need practical fixes.

Today, less than transparent international agreements push ‘very far-reaching chapters on the liberalisation of data trading’ while according to the European Court of Justice these practices lack a solid legal basis.

Today our government already gives our children’s personal data to commercial third parties and sells our higher education data without informed consent, while the DfE and BIS both know they fail processing and its potential consequences: the European Court reaffirmed in 2015 “persons whose personal data are subject to transfer and processing between two public administrative bodies must be informed in advance” in Judgment in Case C-201/14.

In a time that actively cultivates universal public fear,  it is time for individuals to be brave and ask the awkward questions because you either solve them up front, or hit the problems later. The child who stood up and said The Emperor has on no clothes, was right.

What’s missing?

The consultation conversation will only be genuine, once the policy makers acknowledge and address solutions regards:

  1. those data practices that are currently unethical and must change
  2. how the tailored public services datasharing legislation will shape the delivery of government services’ infrastructure and staff, as well as the service to the individual in the public.

If we start by understanding what the happy ending looks like, we are much more likely to arrive there, and how to measure success.

The datasharing consultation engagement, the ethics of data science, and impact on data infrastructures as part of ‘government as a platform’ need seen as a whole joined up story if we are each to consider what success for us as stakeholders, looks like.

We need to call out current data failings and things that are missing, to get them fixed.

Without a strong, consistent ethical framework you risk 3 things:

  1. data misuse and loss of public trust
  2. data non-use because your staff don’t trust they’re doing it right
  3. data is becoming a toxic asset

The upcoming meetings should address this and ask practically:

  1. How the codes of conduct, and ethics, are to be shaped, and by whom, if outwith the consultation?
  2. What is planned to manage and pay for the future changes in our data infrastructures;  ie the models of local government delivery?
  3. What is the happy ending that each data strand wants to achieve through this and how will the success criteria be measured?

Public benefit is supposed to be at the heart of this change. For UK statistics, for academic public benefit research, they are clear.

For some of the other strands, local public benefits that outweigh the privacy risks and do not jeopardise public trust seem like magical unicorns dancing in the land far, far away of centralised government; hard to imagine, and even harder to capture.

*****

Part one: A data sharing fairytale: Engagement
Part two: A data sharing fairytale: Ethics
Part three: A data sharing fairytale: Impact (this post)

Tailored public bodies review: Feb 2016

img credit: Hermann Vogel illustration ‘Cinderella’

#caredata, care.data, choice, genomics, NHS England, research, scope

Wearables: patients will ‘essentially manage their data as they wish’. What will this mean for diagnostics, treatment and research and why should we care? [#NHSWDP 3]

 

Consent to data sharing appears to be a new choice firmly available on the NHS England patient menu if patient ownership of our own records, is clearly acknowledged as ‘the operating principle legally’.

Simon Stevens, had just said in his keynote speech:

“..smartphones; […] the single most important health treatment and diagnostic tool at our disposal over the coming decade and beyond ” Simon Stevens, March 18 2015.

Tim Kelsey, Director Patients and Information, NHS England, then talked about consent in the Q&A:

“We now acknowledge the patient’s ownership of the record […] essentially, it’s always been implied, it’s still not absolutely explicit but it is the operating principle now legally for the NHS.

“So, let’s get back to consent and what it means for clinical professionals, because we are going to move to a place where people will make those decisions as they currently do with wearable devices, and other kinds of mobile, and we need to get to a point where people can plug their wearable device into their medical record, and essentially manage their data as they wish.

“It is essentially, their data.”

How this principle has been applied in the past, is being now, and how it may change matters, as it will affect many other areas.

Our personal health data is the business intelligence of the health industry’s future.

Some parts of that industry will say we don’t share enough data. Or don’t use it in the right way.  For wearables designed as medical devices, it will be vital to do so.

But before some launch into polemics on the rights and wrongs of blanket ‘data sharing’ we should be careful what types of data we mean, and for what purposes it is extracted.It matters when discussing consent and sharing.

We should be clear to separate consent to data sharing for direct treatment from consent for secondary purposes other than care (although Mr Kelsey hinted at a conflation of the two in a later comment). The promised opt-out from sharing for secondary uses is pending legal change. At least that’s what we’ve been told.

Given that patient data from hospital and range of NHS health settings today, are used for secondary purposes without consent – despite the political acknowledgement that patients have an opt out – this sounded a bold new statement, and contrasted with his past stance.

Primary care data extraction for secondary uses, in the care.data programme, was not intended to be consensual. Will it become so?

Its plan so far has an assumed opt-in model, despite professional calls from some, such as at the the BMA ARM to move to an opt-in model, and the acknowledged risk of harm that it will do to patient trust.

The NHS England Privacy Assessment said: ‘The extraction of personal confidential data from providers without consent carries the risk that patients may lose trust in the confidential nature of the health service.’

A year into the launch, Jan 2014, a national communications plan should have solved the need for fair processing, but another year on, March 2015, there is postcode lottery, pilot approach.

If in principle, datasharing is to be decided by consensual active choice,  as it “is the operating principle now legally for the NHS” then why not now, for care.data, and for all?

When will the promised choice be enacted to withhold data from secondary uses and sharing with third parties beyond the HSCIC?

“we are going to move to a place where people will make those decisions as they currently do with wearable devices” [Widening digital participation, at the King’s Fund March 2015]

So when will we see this ‘move’ and what will it mean?

Why plan to continue to extract more data under the ‘old’ assumption principle, if ownership of data is now with the individual?

And who is to make the move first – NHS patients or NHS patriarchy – if patients use wearables before the NHS is geared up to them?

Looking back or forward thinking?

Last year’s programme has become outdated not only in principle, but digital best practice if top down dictatorship is out, and the individual is now to “manage their data as they wish.”

What might happen in the next two years, in the scope of the Five Year Forward Plan or indeed by 2020?

This shift in data creation, sharing and acknowledged ownership may mean epic change for expectations and access.

It will mean that people’s choice around data sharing; from patients and healthy controls, need considered early on in research & projects. Engagement, communication and involvement will be all about trust.

For the ‘worried well’, wearables could ‘provide digital “nudges” that will empower us to live healthier and better lives‘ or perhaps not.

What understanding have we yet, of the big picture of what this may mean and where apps fit into the wider digital NHS application and beyond?

Patients right to choose

The rights to information and decision making responsibility is shifting towards the patient in other applied areas of care.

But what data will patients truly choose to apply and what to share, manipulate or delete? Who will use wearables and who will not, and how will that affect the access to and delivery of care?

What data will citizens choose to share in future and how will it affect the decision making by their clinician, the NHS as an organisation, research, public health, the state, and the individual?

Selective deletion could change a clinical history and clinician’s view.

Selective accuracy in terms of false measurements [think diabetes], or in medication, could kill people quickly.

How are apps to be regulated? Will only NHS ‘approved’ apps be licensed for use in the NHS and made available to choose from and what happens to patients’ data who use a non-approved app?

How will any of their data be accessed and applied in primary care?

Knowledge is used to make choices and inform decisions. Individuals make choices about their own lives, clinicians make decisions for and with their patients in their service provision, organisations make choices about their business model which may include where to profit.

Our personal health data is the business intelligence of the health industry’s future.

Who holds the balance of power in that future delivery model for healthcare in England, is going to be an ongoing debate of epic proportions but it will likely change in drips rather than a flood.

It has already begun. Lobbyists and companies who want access to data are apparently asking for significant changes to be made in the access to micro data held at the ONS. EU laws are changing.

The players who hold data, will hold knowledge, will hold power.

If the NHS were a monopoly board game, data intermediaries would be some of the wealthiest sites, but the value they create from publicly funded NHS data, should belong in the community chest.

If consent is to be with the individual for all purposes other than direct care, then all data sharing bodies and users had best set their expectations accordingly. Patients will need to make wise decisions, for themselves and in the public interest.

Projects for research and sharing must design trust and security into plans from the start or risk failure through lack of participants.

It’s enormously exciting.  I suspect some apps will be rather well hyped and deflate quickly if not effective. Others might be truly useful. Others may kill us.

As twitter might say, what a time to be alive.

Digital opportunities for engaging citizens as far as apps and data sharing goes, is not only not about how the NHS will engage citizens, but how citizens will engage with what NHS offering.

Consent it seems will one day be king.
Will there or won’t there be a wearables revolution?
Will we be offered or choose digital ‘wellness tools’ or medically approved apps? Will we trust them for diagnostics and treatment? Or will few become more than a fad for the worried well?
Control for the individual over their own data and choice to make their own decisions of what to store, share or deny may rule in practice, as well as theory.
That practice will need to differentiate between purposes for direct clinical care and secondary uses as it does today, and be supported and protected in legislation, protecting patient trust.
“We are going to move to a place where people will make those decisions as they currently do with wearable devices, and other kinds of mobile, and we need to get to a point where people can plug their wearable device into their medical record, and essentially manage their data as they wish.”
However as ‘choice’ was the buzzword for NHS care in recent years – conflated with increasing the use of private providers – will consent be abused to mean a shift of responsibility from the state to the individual, with caveats for how it could affect care?
With that shift in responsibility for decision making, as with personalized budgets, will we also see a shift in responsibility for payment choices from state to citizen?
Will our lifestyle choices in one area exclude choice in another?
Could app data of unhealthy purchases from the supermarket or refusal to share our health data, one day be seen as refusal of care and a reason to decline it? Mr Kelsey hinted at this last question in the meeting.
Add a population stratified by risk groups into the mix, and we have lots of legitimate questions to ask on the future vision of the NHS.
He went on to say:
“we have got some very significant challenges to explore in our minds, and we need to do, quite urgently from a legal and ethical perspective, around the advent of machine learning, and …artificial intelligence capable of handling data at a scale which we don’t currently do […] .
“I happen to be the person responsible in the NHS for the 100K genomes programme[…]. We are on the edge of a new kind of medicine, where we can also look at the interaction of all your molecules, as they bounce around your DNA. […]
“The point is, the principle is, it’s the patient’s data and they must make decisions about who uses it and what they mash it up with.”
How well that is managed will determine who citizens will choose to engage and share data with, inside and outside our future NHS.
Simon Stevens earlier at the event, had acknowledged a fundamental power shift he sees as necessary:
“This has got to be central about what the redesign of care looks like, with a fundamental power shift actually, in the way in which services are produced and co-produced.”

That could affect everyone in the NHS, with or without a wearables revolution.

These are challenges the public is not yet discussing and we’re already late to the party.

We’re all invited. What will you be wearing?

********
[Previous: part one here #NHSWDP 1  – From the event “Digital Participation and Health Literacy: Opportunities for engaging citizens” held at the King’s Fund, London, March 18, 2015]

[Previous: part two #NHSWDP 2: Smartphones: the single most important health treatment & diagnostic tool at our disposal]

********

Apple ResearchKit: http://techcrunch.com/2015/03/09/apple-introduces-researchkit-turning-iphones-into-medical-diagnostic-devices/#lZOCiR:UwOp
Digital nudges – the Tyranny of the Should by Maneesha Juneja http://maneeshjuneja.com/blog/2015/3/2/the-tyranny-of-the-should

You may use these HTML tags and attributes: <blockquote cite="">

#caredata, care.data, HES, NHS England, scope

care.data – one of our business cases is missing

“The government takes the view that transparency is vital to healthy public services. It has created a new Statistics Commission to improve the quality of information collected (and to end arguments about “fiddling” figures).” [Tim Kelsey, New Statesman, 2001] [1]

In a time of continuing cuts to budgets across the public sector the members of the public have every right and good sense to question, how is public money spent and what is its justification.[#NHS2billion]

For the flagship data extraction care.data programme, it is therefore all the more surprising, that for the short and long term there is [2]:

a) no public proof of how much the programme is costing,
b) little around measurable tangible and intangible benefits,
c) or how the risks have been evaluated.

The Woolly Mammoth in the Room

The care.data programme has been running under its ‘toxic’ [3] brand in a similar form now, for two years.

When asked directly on costs at the Health Select Committee last month, the answer was, at best, woolly.

“Q655   Rosie Cooper: While I appreciate that, can you give us any rough figures? What would a CCG be contributing to this?

Tim Kelsey: I cannot answer that question, but we will very rapidly come back to you with the CCGs’ own estimates of the costs of the programme and how much of that cost is being met by the programme.” [Hansard January 2015][4]

The department appears very unwilling to make public and transparent its plans, risks and costs. I’ve been asking for them since October 2014, in a freedom of information request. [5]

They are still not open. Very much longer will look decidedly shady.

A few limited and heavily redacted parts were released [2] in poor quality .pdf files in Jan 2015, and don’t meet my request as there’s nothing from April-October 2014, and many missing files:

Transparent?

As I followed the minutes and materials released over the last 18 months this was a monstrous gap [7], so I have asked for it before.[8]

I had imagined there was reticence in making it public.
I had imagined, the numbers may be vague.
I hadn’t imagined it just didn’t exist at all.

For the programme whose watchword is transparency, this is more than a little surprising.  A plan had to be drafted to drive transparency, after the FOI was received [which I believe fails section 22 refusal criteria, as the decision to publish was made after the FOI]

– here’s the plan [9] – where are the outcomes?nessie

Is the claim that without care.data the NHS will fail, [10] no more than a myth?

 

Why does the business case and cost/risk analysis matter? What is the future of our data ownership?

 

Because history has a habit of repeating itself and there is a terrible track record in NHS IT which the public cannot afford [22] to allow to repeat, ever again.

The mentality that these unaccountable monster programmes are allowed to grow unchecked, must die out.

Of the NPfIT, Mr Bacon MP said: “This saga is one of the worst and most expensive contracting fiascos in the history of the public sector.”

Last autumn, a new case history [23] examined its rollout, including why local IT systems fail to deliver patient joined up digital records.

Yet, even today, as we hear that IT is critical to the digital delivery of NHS care and we must all be able to access our own health records, we read that tech funds are being cut.

Where is common sense and cohesion of their business planning?

These Big Data programmes do not stand alone, but interact with all sorts of other programmes, policies, and ideas on what will be done and what is possible in future for long term data purposes.

The public is not privvy to that to be able to scrutinise , criticise and positively contribute to plans. That seems short-sighted.

And what of previous data-based ventures? Take as a case study the Dr. Foster IC Joint Venture [NAO, February 2007] [24]

“The Information Centre spent £2.5 million on legal and consultancy advice in developing the joint venture, and setting up the Information Centre. The Information Centre contends that £855,000 of the money paid to KPMG was associated with costs for setting up the Information Centre which included business planning.

However, they could not provide an explicit breakdown of these costs […] We therefore calculate that the total cost to the taxpayer of a 50 per cent share is between £15.4 million and £16.3 million.”

“The Information Centre paid £12 million in cash for a 50 per cent share of the joint venture (see Figure 2 overleaf).

The UK plc made a sizeable investment here. The UK state invested UK taxes in this firm – so what’s the current business case for using data? How transparent are our current state assets and risks?

Being a shareholder in one half, it is fair to ask who are we now sharing the investment risk with or was this part sold soon after?[25] Was that investment a long-term one, or always meant to be so short term and are there any implications for the future of HSCIC?

In 2011 this report [26] another investment group, Bamboo holdings [related to other investor companies], wanted but did not succeed in selling its Dr. Foster stock at an acceptable price, said the portfolio introduction due in their words, to ‘poor performance’.  [Annual investor review from 2013 [p.5]

So what risks does the market see as a whole which are not made available to the public which affect how data is used and shared?

What of the other parts of Dr. Foster Research and so on, we, the state, went on to buy or sell later? It appears complex.

Is the commercial benefit to be made for private companies, seen as part of the big picture benefit to the UK plc or where does state investment and expectation for economic growth fit in?

What assessment has been made of the app market in the NHS and how patient data is expected in future to be held by the individual, released by personal choice to providers through phones?

Is a state infrastructure being built which in the surprisingly short term, may see few healthy people who store their data in it or will we see bias to exclude those with the money and technology to opt out who prefer to keep their health data in a handheld device?

What is the government plan for the future of the HSCIC and our data it manages? The provider Northgate was just bought by European private equity firm Cinven, which now manages a huge swathe of UK’s data [32] and HSCIC brought others in-house. [33]

“Its software and services are used by over 400 UK local authorities, all UK police forces, social housing providers in the UK and internationally, and NHS hospitals. Its IT projects support the sharing of information for criminal intelligence and investigations across UK police forces and the management of health screening records in the UK and in Ireland.”

All the easier to manage – or to manage to sell off?

Is the business plan future-proofed to survive the new age of health data management?

One of the problems with business cases for programmes which drag on and get swamped down in delays, is they become obsolete.

The one year mark has now passed in the announced care.data pause, announced on February 18th 2014.

The letter from Mr.Kelsey on April 14th 2014, said they would use the six months to listen and act on the view of patients, public, GPs and stakeholders.

Many of the open questions remain without any reply at all, never mind public answers to solutions to open issues.

The spine proposal by medConfidential [30] is one of the best and clearest proposals I have found with practical solutions to the failed opt out 9Nu4 for example.

Will these be addressed, or will NHS England answer the Data Guardian report and 27 questions [31] from December?

Is care.data arthritic or going quietly extinct? The last public information made available, is that it is rolling on in the background towards the pathfinders.

“By when will NHS England commit to respect the 700,000 objections to secondary data sharing already logged but not enacted?” [updated ref June 6th 2015]

How is the business plan kept up to date as the market moves on?

Is Big Data in the NHS too big to survive or has the programme learned to adapt and changed?

As Peter Mills asked a year ago, “Is the Government going to take this, as a live issue, into the next general election? Or will it (like the National Programme for IT) continue piecemeal, albeit without the toxic ‘care.data’ banner? “

The care.data programme board transparency agenda in Nov 2014 : “The care.data programme has yet to routinely publish agendas, minutes, highlight reports and finalised papers which arise from the care.data Programme Board.

“This may lead to external stakeholders and members of the public having a lack of confidence in the transparency of the programme.”

We all recognise the problem, but where’s the solution?

Where’s the cost, benefit and risk analysis?

Dear NHS England. One of your business cases is missing.
Why has the public not seen it?
Why are you making it hard to hunt down?
Why has transparency been gagged?

Like Dippy, the care.data business case belongs in the public domain, not hidden in a back room.

Like the NHS, the care.data full risk & planning files belong to us all.

Or is the truth that, like Nessie, despite wild claims, they may not actually exist?

***

more detail:

[1] New Statesman article, Tim Kelsey, 2001

[2]http://www.england.nhs.uk/ourwork/tsd/care-data/prog-board/ care.data programme board webpage

[3] http://www.infosecurity-magazine.com/news/nhs-caredata-pr-fiasco-continues/

[4] http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/17740.html

[5] https://www.whatdotheyknow.com/request/caredata_programme_board_minutes?nocache=incoming-621173#incoming-621173

[6] http://www.england.nhs.uk/wp-content/uploads/2015/02/cd-prog-brd-highlt-rep-15-12-14.pdf

[7] http://www.telegraph.co.uk/news/science/science-news/11377168/Natural-History-Museums-star-Dippy-the-dinosaur-to-retire.html

[8] https://jenpersson.com/care-data-postings-summary/

[9] http://www.england.nhs.uk/wp-content/uploads/2015/02/propsl-transpncy-pub-cd-papers.pdf

[10] http://www.computerweekly.com/news/2240215074/NHS-England-admits-failure-to-explain-benefits-of-caredata

[11] http://nuffieldbioethics.org/blog/2014/care-data-whats-in-a-dot-and-whats/

[12] http://www.theinformationdaily.com/2014/03/26/business-scents-boom-in-personal-information-economy

[13] http://www.hscic.gov.uk/article/3887/HSCIC-publishes-strategy-for-2013-2015

[14] https://jenpersson.com/flagship-care-data-2-commercial-practice/

[15] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[16] http://www.publications.parliament.uk/pa/ld201415/ldhansrd/text/141015-0001.htm

[17] http://www.legislation.gov.uk/ukpga/2014/23/pdfs/ukpga_20140023_en.pdf

[18] https://jenpersson.com/hear-evil-evil-speak-evil/

[19] https://www.whatdotheyknow.com/request/nhs_patient_data_sharing_with_us

[20] http://www.hscic.gov.uk/hesdatadictionary

[21] http://www.bbc.co.uk/news/uk-politics-24130684

[22]  http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[23] http://www.cl.cam.ac.uk/~rja14/Papers/npfit-mpp-2014-case-history.pdf

[24] http://www.nao.org.uk/wp-content/uploads/2007/02/0607151.pdf

[25] http://www.healthpolicyinsight.com/?q=node/688

[26]http://www.albion-ventures.co.uk/ourfunds/pdf%20bamboo/Bamboo%20IOM%20signed%20interims%2030611.pdf

[27] http://www.v3.co.uk/v3-uk/news/2370877/nhs-needs-patients-digital-data-to-survive-warns-health-chief

[28 ]http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[29 ] http://uk.emc.com/campaign/global/NHS-Healthcare-Report-2014/index.htm

[30] https://medconfidential.org/wp-content/uploads/2015/01/2015-01-29-A-short-proposal.pdf

[31] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

[32] http://www.privateequitywire.co.uk/2014/12/23/215235/cinven-acquire-northgate-public-services

[33] http://www.ehi.co.uk/news/EHI/9886/hscic-starts-sus-and-care-id-transfer

 

#caredata, care.data, communications, empowerment, engagement, HSCIC, leadership, NHS, research, scope

The care.data engagement – is it going to jilt citizens after all? A six month summary in twenty-five posts.

[Note update Sept 19th: after the NHS England AGM in the evening of Sept 18th – after this care.data engagement post published 18hrs earlier – I managed to ask Mr.Kelsey, National Director for Patients and Information, in person what was happening with all the engagement feedback and asked why it had not been made publicly available.

He said that the events’ feedback will be published before the pathfinder rollout begins, so that all questions and concerns can be responded to and that they will be taken into account before the pathfinders launch.

When might that be, I asked? ‘Soon’.

Good news? I look forward to seeing that happen. My open questions on commercial uses and more, and those of many others I have heard, have been captured in previous posts, in particular the most recent at the end of this post. – end of update.]

Medical data has huge power to do good, but it presents risks too. When leaked, it cannot be unleaked. When lost, public trust cannot be easily regained. That’s what broken-hearted Ben Goldacre wrote about care.data on February 28th of this year, ten days after the the pause was announced on February 18th [The Guardian] .

Fears and opinions, facts and analysis, with lots and lots of open questions. That’s what I’ve written up in the following posts related to care.data since then, including my own point-of-view and feedback from other citizens, events and discussions. All my care.data posts are listed here below, in one post, to give an overview of the whole story, and any progress in the six months ‘listening’ and ‘engagement’.

So what of that engagement? If there really have been all these events and listening, why has there been not one jot of public feedback published? This is from September 2014, I find it terrifyingly empty of anything but discussing change in communications of the status quo programme.

I was at that workshop, hosted by Mencap on communicating

with vulnerable and excluded groups the article mentions. It was carefully managed, with little open room discussion to share opinions cross groups (as the Senior Policy Adviser at Signature pointed out.) Whilst we got the NHS England compilation of the group feedback afterwards, it was not published. Maybe I should do that and ask how each concern will be addressed? I didn’t want to stand on the NHS England national comms. toes, assuming it would be, but you know, what? If the raw feedback says from all these meetings, these are our concerns and we want these changes, and none are forthcoming, then the public should justifiably question the whole engagement process.

It’s public money, and the public’s data. How both are used and why, is not to be hidden away in some civil service spreadsheet. Publish the business case. Publish the concerns. Publish how they are to be addressed.

From that meeting and the others I have been to, many intelligent questions from the public remain unanswered. The most recent care.data advisory workshop summarised many from the last year, and brought out some minority voices as well.

 

On the day of NHS Citizen, the new flagship of public involvement, people like me who attended the NHS England Open Day on June 17th, or care.data listening events, may be understandably frustrated that there is no publicly available feedback or plan of any next steps.
care.data didn’t make it into the NHS Citizen agenda for discussion for the 18th. [Many equally other worthy subjects did, check them out here if not attending or watch it online.] So from where will we get any answers? Almost all the comment, question and feedback I have heard at events has been constructively critical, and worthy of response. None is forthcoming.

 

Instead, the article above, this reported speech by Mr.Kelsey and its arguments, make me think engagement is going nowhere. No concerns are addressed. PR is repeated. More facts and figures which are a conflation of data use for clinical treatment and all sorts of other uses, are presented as an argument for gathering more data.

Citizens do not need told of the benefits. We need concrete steps taken in policy, process and practice, to demonstrate why we can now trust the new  system.

Only then is it worthwhile to come back to communications.

How valued is patient engagement in reality, if it is ignored?

How will involvement continue to be promoted in NHS Citizen and other platforms, if it is seen to be ineffective?

How might this affect future programmes and our willingness to get involved in clinical research?

I sincerely hope to see the raw feedback published very soon, which NHS England has gathered in their listening events. How that will be incorporated into any programme changes, as well as  communications, will go a long way to assuring the quantity in numbers and quality of cross-population participation.

The current care.data status is in limbo, as we await to see if and when any ‘pathfinder’ CCGs will be announced that will guinea pig the patient records from the GP practices in a trial rollout, in whatever form that may take. The latest official statements from Mr.Kelsey have been on 100-500 practices, but without any indicator of where or when. He suggests ‘shortly’.

What next for care.data? I’ll keep asking the questions and hope we hear some answers from the NHS England Patients and Information Directorate. Otherwise, what was the [&88!@xY!] point of a six month pause and all these efforts and listening?

Publish the business case. Publish the concerns. Publish how they are to be addressed.

What is there to hide?

After this six-month engagement, will there be a happy ending? I feel patients are about to be left jilted at the eleventh hour.
******

You’ll find my more recent posts [last] have more depth and linked document articles if you are looking for more detailed information.

******

March 31st: A mother’s journey – intro

March 31st: Transparency

April 3rd: Communication & Choice

April 4th: Fears & Facts

April 7th: What is care.data? Defined Scope is vital for Trust

April 10th: Raw Highlights from the Health Select Committee

April 12th: care.data Transparency & Truth, Remit & Responsibility

April 15th: No Security Blanket : why consent packages fail our kids

April 18th: care.data : Getting the Ducks in a Row

April 23rd: an Ode to care.data (on Shakespeare’s anniversary)

May 3rd: care.data, riding the curve: Change Management

May 15th: care.data the 4th circle: Empowerment

May 24th: Flagship care.data – commercial uses in theory [1]

June 6th: Reality must take Precedence over Public Relations

June 14th: Flagship care.data – commercial use with brokers [2]

June 20th: The Impact of the Partridge Review on care.data

June 24th: On Trying Again – Project Lessons Learned

July 1st: Communications & Core Concepts [1] Ten Things Learned at the Open House on care.data and part two: Communications and Core Concepts [2] – Open House 17th June Others’ Questions

July 12th: Flagship care.data – commercial use in Practice [3]

July 25th: care.data should be like playing Chopin – review after the HSCIC Data Sharing review ‘Driving Positive Change’ meeting

July 25th: Care.data should be like playing Chopin – but will it be all the right notes, in the wrong order? Looking forwards.

August 9th: care.data and genomics : launching lifeboats [Part One] the press, public reaction and genomics & care.data interaction

August 9th: care.data and genomics : launching lifeboats [Part Two] Where is the Engagement?

September 3rd: care.data – a Six Month Pause, Anniversary round up [Part one] Open questions: What and Who?

September 3rd: care.data – a Six Month Pause, Anniversary round up [Part two] Open questions: How, Why, When?

September 16th: care.data cutouts – Listening to Minority Voices Includes questions from those groups.

September 16th: care.data – “Anticipating Things to Come” means Confidence by Design

October 30th: patient questions on care.data – an open letter

November 19th: questions remain unanswered: what do patients do now?

December 9th: Rebuilding trust in care.data

December 24th: A care.data wish list for 2015

2015 (updated after this post was published, throughout the year)

January 5th 2015: care.data news you may have missed

January 21st 2015: care.data communications – all change or the end of the line?

February 25th 2015: care.data – one of our Business Cases is Missing.

March 14th 2015: The future of care.data in recent discussions

March 26th 2015: Wearables: patients will ‘essentially manage their data as they wish’. What will this mean for diagnostics, treatment and research and why should we care? [#NHSWDP 3]

May 10th 2015: The Economic Value of Data vs the Public Good? [1] care.data, Concerns and the cost of Consent

The Economic Value of Data vs the Public Good? [2] Pay-for-privacy, defining purposes

The Economic Value of Data vs the Public Good? [3] The value of public voice.

May 14th 2015: Public data in private hands – should we know who manages our data?

June 20th 2015: Reputational risk. Is NHS England playing a game of public confidence?

June 25th 2015: Digital revolution by design: building for change and people (1)

July 13th 2015: The nhs.uk digital platform: a personalised gateway to a new NHS?

July 27th 2015: care.data : the economic value of data versus the public interest? (First published in StatsLife)

August 4th 2015: Building Public Trust in care.data sharing [1]: Seven step summary to a new approach

August 5th, 2015: Building Public Trust [2]: a detailed approach to understanding Public Trust in data sharing

August 6th 2015: Building Public Trust in care.data datasharing [3]: three steps to begin to build trust

August 12th 2015: Building Public Trust [4]: “Communicate the Benefits” won’t work for care.data

August 17th 2015: Building Public Trust [5]: Future solutions for health data sharing in care.data

September 12th 2015: care.data: delayed or not delayed? The train wreck that is always on time

****

Questions, ideas, info & other opinions continue to be all welcome. I’ll do my best to provide answers, or point to source sites.

For your reference and to their credit, I’ve found the following three websites useful and kept up to date with news and information:

Dr. Bhatia, GP in Hampshire’s care.data info site

HSCIC’s care.data site

medConfidential – campaign for confidentiality and consent in health and social care – seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent

 

 

 

#caredata, care.data, change, change management, confidentiality, empowerment, engagement, NHSEngland, scope, scope creep, SCR, transparency

care.data – “anticipating things to come” means confidence by design

“By creating these coloured paper cut-outs, it seems to me that I am happily anticipating things to come…I know that it will only be much later that people will realise to what extent the work I am doing today is in step with the future.” Henri Matisse (1869-1954) [1]
My thoughts on the care.data advisory event Saturday September 6th.  “Minority voices, the need for confidentiality and anticipating the future.”

Part one here>> Minority voices

This is Part two >> the need for confidentiality and anticipating the future.”

[Video in full > here. Well worth a viewing.]

Matisse – The cut outs

Matisse when he could no longer paint, took to cutting shapes from coloured paper and pinning them to the walls of his home. To start with, he found the process deeply unsatisfying. He felt it wasn’t right. Initially, he was often unsure what he would make from a sheet. He pinned cutouts to his walls. But tacking things on as an afterthought, rearranging them superficially was never as successful as getting it right from the start. As he became more proficient, he would cut a form out in one piece, from start to finish. He could visualise the finished piece before he started. His later work is very impressive, much more so in real life than on  screen or poster. His cut outs took on life and movement, fronds would hang in the air, multiple pieces which matched up were grouped into large scale collections of pieces on his walls. They became no longer just 2D shapes but 3D and complete pictures. They would tell a joined-up story, just as our flat 2D pieces of individual data will tell others the story of our colourful 3D lives once they are matched and grouped together in longitudinal patient tracking from cradle to grave.

Data Confidentiality is not a luxury

From the care.data advisory meeting on September 6th, I picked out the minority voices I think we need to address better.

In addition to the minority groups, there are also cases in which privacy, for both children and adults, is more important to an individual than many of us consider in the usual discussion. For those at risk in domestic violence the ability to keep private information confidential is vital. In the cases when this fails the consequences can be terrible. My local news  told this week of just such a woman and child whose privacy were compromised.

“It is understood that the girl’s mother had moved away to escape domestic violence and that her ex-partner had discovered her new address.” (Guardian, Sept 12th)

This story has saddened me greatly.  This could have been one of my children or their classmates.

These are known issues when considering data protection, and for example are addressed in the RCGP Online Roadmap (see Box 9, p20).

“Mitigation against coercion may not have a clear solution. Domestic violence and cyberstalking by the abuser are particularly prevalent issues.”

Systems and processes can design in good privacy, or poor privacy, but the human role is a key part of the process, as human error can be the weakest link in the security chain.

Yet as regards care.data, I’ve yet to hear much mention of preventative steps in place, except an opt out. We don’t know how many people at local commissioning levels will access how much of our data and how often. This may go to show why I still have so many questions how the opt out will work in practice, [5] and why it matters. It’s not a luxury, it can be vital to an individual. How much of a difference in safety, is achieved using identifiable vs pseudonymised data, compared with real individual risk or fear?


“The British Crime Survey (BCS) findings of stalking prevalence (highest estimate: 22% lifetime, 7% in the past year) give a 5.5% lifetime risk of interference with online medical records by a partner, and a 1.75% annual risk.”
This Online Access is for direct care use. There is a greater visible benefit for the individual to access their own data than in care.data, for secondary uses. But I’m starting to wonder, if in fact care.data is just one great big pot of data and the uses will be finalised later?Is this why scope is so hard to pin down?


The slides of who will use care.data included ‘the patient’ at this 6th September meeting. How, and why? I want to have the following  explained to me, because I think it’s fundamental to opt out. This is detailed, I warn you now, but I think really important:

How does the system use the Opt out?

If you imagine different users looking at the same item of data in any one record, let’s say prescribing history, then it’s the security role and how the opt out codes work which will determine who gets to see what.



I assume here, there are not multiple copies of “my medications” in my record.  The whole point of giant databases is real-time, synched data, so “my medications” will not be stored in one place in the Summary Care Record (SCR) and copied again in ‘care.data’ and a third time in my ‘Electronic Prescription Service (EPS). There will be one place in which “my medications” is recorded.


The label under which a user can see that data for me, is their security role, but to me largely irrelevant. Except for opt out.


I have questions: If I opt out of the SCR programme at my GP, but opt in at my pharmacy to the EPS, what have I opted in to? Who has permission to view “my medications”  in my core record now? Have I created in effect an SCR, without realising it?


[I realise these are detailed questions, but ones we need to ask if we are to understand and inform our decision, especially if we have responsibility for the care of others.]


If I want to permit the use of my record for direct care (SCR) but not secondary uses (care.data) how do the two opt outs work together,  and what about my other hospital information?


Do we understand what we have and have not given permission for and to whom?
If there’s only one record, but multiple layers of user access who get to see it,  how will those be built, and where is the overlap?
We should ask these questions on behalf of others, because these under represented groups and minorities cannot if they are not in the room.

Sometimes we all need privacy. What is it worth?

Individuals and minorities in our community may feel strongly about maintaining privacy, for reasons of discrimination, or of being ‘found out’ through a system which can trace them. For reasons of fear. Others can’t always see the reasons for it, but that doesn’t take away from the value it has for the person who wants it or their need for that human right to be respected. How much is it worth?

It seems the more we value keeping data private, the more the cash value it has for others. In 2013, the FT created a nifty calculator and in an interview with Dave Morgan, reckoned our individual data is worth less than $1. General details such as age, gender and location are in the many decimal place range of fractions of a cent. The more interesting your life events, the more you can add to your data’s total value. Take pregnancy as an example.  Or if you add genomic data it  goes up in market value again.

Whilst this data may on a spreadsheet be no more than a dollar amount, in real life it may have immeasurably greater value to us on which you cannot put a price tag. It may be part of our life we do not wish others to see into. We may have personal or medical data, or recorded experiences we simply do not want to share with anyone but our GP. We might want a layered option like this suggestion by medConfidential to allow some uses but not others. [6]

In this debate it is rare that we mention the PDS (Personal Demographic Service), which holds the name and core contact details of every person with and NHS number past and present, almost 80 million. This is what can compromise privacy, when the patient can be looked up by any A&E, everyone with Summary Care Record access on N3 with technical ability to do so. It is a weak link. The security system relies on human validations, effectively in audit ‘does this seem OK to have looked up?’  These things happen and can go unchecked for a long period without being traced.

Systems and processes on this scale need security designed, that scales up to match in size.

Can data be included but not cut out privacy?

Will the richness of GP record / care.data datasharing afford these individuals the level of privacy they want? If properly anonymised, it would go some way to permitting groups to feel they could stay opted in, and the data quality and completeness would be better. But the way it is now, they may feel the risks created by removing their privacy are too great. The care.data breadth and data quality will suffer as a consequence.

The requirement of care.data to share identifiable information we may not want to, and that it is an assumed right of others to do so, with an assumed exploitation for the benefit of UK plc, especially if an opt-out system proceeds, feels to many, an invasion of the individual’s privacy and right to confidentiality. It can have real personal consequences for the individual.

The right to be open, honest and trusting without fear of repercussion matters. It matters to a traveller or to someone fleeing domestic violence with fears of being traced. It matters to someone of transgender, and others who want to live without stigma. It matters to our young people.

The BMA recognised this with their vote for an opt-in system earlier this year. 

Quality & Confidence by Design

My favourite exhibition piece at Tate Britain is still Barbara Hepworth’s [3] Pelagos from 1946. It is artistically well reviewed but even if you know little of art, it is simply a beautiful thing to see. (You’re not allowed to touch, even though it really should be, and it makes you want to.) Carved from a single piece of wood, designed with movement, shape, colour and shadow. It contains a section of strings, a symbol of interconnectivity. (Barbara Hepworth: Pelagos[4]). Seen as a precious and valuable collection, the Hepworth room has its own guard and solid walls. As much as I would have liked to take pictures, photography was not permitted and natural light was too low. Visitors must respect that.

So too, I see the system design needs of good tech. Set in and produced in a changing landscape. Designed with the view in mind of how it will look completed, and fully designed before the build began, but with flexibility built in. Planned interconnectivity. Precise and professional. Accurate. And the ability to see the whole from the start. Once finished, it is kept securely, with physical as well as system-designed security features.

All these are attributes which care.data failed to present from its conception but appear to be in progress of development through the Health and Social Care Information Centre. Plans are in progress [6] following the Partridge Review, and were released on September 3rd, with forward looking dates. For example, a first wave of audits is scheduled for completion 1/09 for four organisations. HSCIC will ‘pursue a technical solution to allow data access, w/out need to release data out to external orgs. Due 30/11.’ These steps are playing catch up, with what should have been good governance practices and procedures in the past. It need not be this way for GP care.data if we know that design is right, from the start.

As I raised on Saturday, at the Sept 6th workshop advisory committee, and others will no doubt have done before me, this designing from the start matters.  Design for change of scope, and incorporating that into the communications process for the future is vital for the pathfinders. One thing will be certain for pathfinder practices, there will be future changes.

This wave of care.data is only one step along a broad and long data sharing path

To be the best of its kind, care.data must create confidence by design, build-in the solutions to all these questions which have been and continue to be asked. We should be able to see today the plans for what care.data is intended to be when finished, and design the best practices into the structure from the start. Scope is still a large part of that open question. Scope content, future plans, and how the future project will manage its change processes.

As with Matisse, we must ask the designers, planners and comms/intelligence and PR teams, please think ahead  ”anticipating things to come”. Then we can be confident that we’ve  something fit for the time we’re in, and all of our kids’ futures. Whether they’ll be travellers, trans, have disabilities, be in care or not.  For our majority and all our minorities. We need to build a system that serves all of the society we want to see. Not only the ‘easy-to-reach’ parts.

”Anticipating things to come” can mean anticipating problems early, so that costly mistakes can be avoided.

Anticipating the future

One must keep looking to design not for the ‘now’ but for tomorrow. Management of future change, scope and communication is vital to get right.

This is as much a change process as a technical implementation project. In fact, it is perhaps more about the transformation, as it is called at NHS England, than the technology.The NHS landscape is changing – who will deliver our healthcare. And the how is changing too, as telecare and ever more apps are rolled out. Nothing is constant, but change. How do we ensure everyone involved in top-down IT projects understands how the system supports, but does not drive change? Change is about process and people. The system is a tool to enable people. The system is not the goal.

We need to work today to be ahead of the next step for the future. We must ensure that processes and technology, the way we do things and the tools that enable what we do, are designing the very best practices into the whole, from the very beginning. From the ground up. Taking into account fair processing of Data Protection Law, EU law – the upcoming changes in EU data protection law –  and best practice. Don’t rush to bend a future law in current design or take a short cut in security for the sake of speed. Those best practices need not cut out the good ethics of consent and confidentiality. They can co-exist with world class research and data management. They just need included by design, not tacked on, and superficially rearranged afterwards.

So here’s my set of challenge scenarios for NHS England to answer.

1. The integration of health and social care marches on at a pace, and the systems and its users are to follow suit. How is NHS England ensuring the building of a system and processes  which are ‘anticipating by design’ these new models of data management for this type of care delivery, not staying stuck on the model of top-down mass surveillance database, planned for the last decade?

2. How will NHS England audit that a system check does not replace qualified staff decisions, with algorithms and flags for example, on a social care record? Risk averse, I fear that the system will encourage staff to be less likely to make a decision that goes against the system recommendation, ‘for child removal’, for example. Even though their judgement based on human experience, may suggest a different outcome. What are the system-built-in assumed outcomes – if you view the new social care promotional videos at least it’s pretty consistent. The most depressing stereo typed scenarios I’ve seen anywhere I think. How will this increase in data and sharing, work?

“What makes more data by volume, equal more intelligence by default?”

Just like GP call centre OOH today, sends too many people calling the 111 service to A&E now, I wonder if a highly systemised social care system risks sending too many children from A&E into social care? Children who should not be there but who meet the criteria set by insensitive algorithms or the converse risk that don’t, and get missed by over reliance on a system, missing what an experienced professional can spot.

3. How will the users of the system use their system data, and how has it been tested and likely outcomes measured against current data? i.e. will more or fewer children taken into care be seen as a measure of success? How will any system sharing be audited in governance and with what oversight in future?

Children’s social care is not a system that is doing well as it is today, by many accounts, you only need glance at the news most days, but integration will change how is it delivers service for the needs of our young people. It is an example we can apply in many other cases.

What plan is in place to manage these changes of process and system use? Where is public transparency?

care.data has to build in consent, security and transparency from the start, because it’s a long journey ahead, as data is to be added incrementally over time. As our NHS and social care organisational models are changing, how are we ensuring confidentiality and quality built-in-by-design to our new health and social care data sharing processes?

What is set up now, must be set up fit for the future.

Tacking things on afterwards, means lowering your chance of success.

Matisse knew, “”Anticipating things to come” can mean being positively in step with the future by the time it was needed. By anticipating problems early, costly mistakes can be avoided.”

*****

Immediate information and support for women experiencing domestic violence: National Domestic Violence, Freephone Helpline 0808 2000 247

*****

[1] Interested in a glimpse into the Matisse exhibition which has now closed? Check out this film.

[2] Previous post: My six month pause round up [part one] https://jenpersson.com/care-data-pause-six-months-on/

[3] Privacy and Prejudice: http://www.raeng.org.uk/publications/reports/privacy-and-prejudice-views This study was conducted by The Royal Academy of Engineering (the Academy) and Laura Grant Associates and was made possible by a partnership with the YTouring Theatre Company, support from Central YMCA, and funding from the Wellcome Trust and three of the Research Councils (Engineering and Physical and Sciences Research Council; Economic and Social Research Council and Medical Research Council).

[4]  Barbara Hepworth – Pelagos – in Prospect Magazine

[5] Questions remain open on how opt out works with identifiable vs pseudonymous data sharing requirement and what the objection really offers. [ref: Article by Tim Kelsey in Prospect Magazine 2009 “Long Live the Database State.”]
[6] HSCIC current actions published with Board minutes
[8] NIB https://app.box.com/s/aq33ejw29tp34i99moam/1/2236557895/19347602687/1
*****

More information about the Advisory Group is here: http://www.england.nhs.uk/ourwork/tsd/ad-grp/

More about the care.data programme here at HSCIC – there is an NHS England site too, but I think the HSCIC is cleaner and more useful: http://www.hscic.gov.uk/article/3525/Caredata

 

#caredata, care.data, communications, confidentiality, NHSEngland, scope, scope creep

Care.data – my six month pause, anniversary round up [Part 1]

On the 18th February 2014, a six month pause in the rollout of care.data was announced. [1] It’s now September. Six months is up.

When will we find out what concrete improvements have been made? There are open questions on plans for the WHAT of care.data Scope and its future change management, the WHO of Data Access and Sharing and its Opt out management, the HOW of Governance & Oversight, Legislation, and the WHY – Communication of the care.data programme as a whole. And WHEN will any of this happen?

What can happen in six months?

Based on Mo Farah‘s average running speed of 21.8km/hour over The Olympic Games 10,000m gold medal winning performance, and on 12 hours a day, he could have covered about 47,000 km in that time. Once around the world, in those 180 days. With some kilometres spare margin, into the bargain.

That’s perhaps unrealistic in 180 days, but last February promises made to the public, to the Health Select Committee and Parliament were given about data sharing as both realistic, and achievable.

So what about the publicly communicated changes to the care.data rollout in the six month time frame?

The letter from Mr.Kelsey on April 14th, said they would use the six months to listen and act on the views of patients, public, GPs and stakeholders.

I’d like to address some of those views and see how they have been acted on. Here’s the best I have been able to put together of promises made, and the questions I still have, six months on.

Scope. What part of our records is included in care.data?

The truth is this should be the simplest question, but seems the hardest to answer. Scope is elusive, and shifting.

A simple description would help us understand what data will be extracted, shared and for what purpose. The public needs an at-a-glance chart to be properly informed, to distinguish between care.data, the Summary Care Record, HES/SUS and how patient data is used, by whom for what purposes.  This will help patients distinguish between direct and indirect care uses. What doctors would use in the GP practice, versus researchers in a lab. It will help set expectations for Patient Online.  It could help explain data use in Risk Stratification.  [see care.data-info by Dr.Neil Bhatia for high level items in scope, or field name detail here p22 onwards] [11]. This lack of clarity was already identified in April 2013, point 3.3, but nothing done.

Mid-August to further complicate matters, it became apparant from published care.data advisory group minutes, that the content scope is under review and may now include sensitive data. This was met with serious concern in many quarters, not least HIV support groups, on broadening the scope of care.data extraction and access.  I realised I wasn’t in the least surprised, but continue to be shocked by the disconnect between project leadership and the public.

Are the listening exercises a complete waste of time?

If people aren’t comfortable sharing basic health records, how will suggesting they share anything more sensitive be likely to encourage participation?

[The scope of how our GP part of care.data will be used is also under consideration for expansion to research – more in part two, on that.]

Scope is undefined. It will continue to ever expand as the replacement for SUS. In April, I wrote down my concerns at that time. Most of which remain unchanged.

Stephen Dorrell, MP on the 11th March in Parliament summed up nicely, why this move now to shift scope is ludicrous. If we do not have stability of scope, we cannot know to what we are consenting. This is the foundation of our patient trust.

Mr Dorrell: I am not going to comment on whether the free text data should or should not be part of the system, or on whether the safeguards are adequate. However, I agree with the hon. Lady absolutely that the one sure way of undermining public confidence in safeguards is to change those safeguards every five minutes according to whichever witness we are listening to.

If the Patients & Information Directorate at NHS England is serious about transparency, then we should be clear about all our patient data, where it comes from, where it goes to, who accesses it and why.

Data protection principle 3 requires that the minimum possible data required is extracted, not excessive. Is this being simply ignored, as inconvenient in a project which intends scope to ever accumulate as SUS replacement?

“Will NHS England prepare an at-a-glance of differences between SCR and care.data, and HES/SUS extractions and users?”

scrcdoverview

 

Conclusion on Scope & its Communications:

This scope clarification alone would be I believe, if well done, one of the most effective communications tools for patients to make an informed choice.

1. We need to know what parts of our personal, confidential records, sensitive or otherwise are to be extracted now. 

2. How will we be informed if that scope changes in future?

3. What do we do, if we object to any of those items being included?

Before any launch of pilot or otherwise, a proper plan to ensure informed communication and choice, today and looking to future scope changes, must be clear for everyone.

What’s happened since February to the verbal agreements and promises that were made back then?

Whether in Parliament by Dan Poulter and the Secretary of State Mr.Hunt, in Select Committee Hearings, by the Patients & Information Directorate at NHS England and in patient facing hour at the mixed-subject Open Day, promises have been made, but what evidence has the public, that they are real? There has been little public communication since then.

I have read, watched or attended NHS England Board meetings, Health Select committee meetings, and read the press, media releases and social media. I’ve been to a general NHS Open Day, listened in to NHS England online events, the first HSCIC Partridge Review follow up event, and spoken to patients, public and charity groups. Had I not, I would know nothing more than I did in February which was, that something had been put on hold, about which I should have, but hadn’t, received a doordrop leaflet.

Pilot practices ‘pathfinders’ we were told will trial the extraction, in six months, then in autumn, or October 1st according to Mr.Kelsey at the Health Select Committee (extract below).

reply

I’ve not seen anywhere yet, where these practices will be, nor that patients have been informed.  The latest status I read was on EHI. In response to this lack of information, medConfidential wrote to Healthwatches and CCGs with important questions and ideas. [Well worth a read].

Scope of Access – Who will get our records and for what?

Where and to whom may our data be transferred?

As part of the what of scope, we also need clarification on the who will be in scope in which countries to access data.

“Can I confirm now, that the data connected to care.data will not be allowed outside the United Kingdom? Let me confirm that before we have further hares running.” Tim Kelsey, said at the Health Select Committee.

Since GP care.data is to be connected with HES data, and data may be linked via the Data Access Request Service (the recently renamed former HSCIC Data Linkage Service DLES) on demand;

Q.  How will I know in future that there are no plans to release my data outside the UK and EU, as HES has been in the past?

As far as I have read, geographical scope is not legislated for. I would like to be pointed to this if it is.

From the Health Select Committee: Committee Room 15 : Meeting started on Tuesday 25 February at 2.29pm – Ended at 5.20pm

Mr. Tim Kelsey, National Director for Patients and Information stated: The pause was announced, precisely to address the issues.

“People are concerned about the purpose to what their data is being put.”

It’s not yet been addressed. Neither for the now, nor the future.

We need to have a robust mechanism in place for all future scope of use changes. If today I agree to have some of my data extracted used for public health research for the public good, I don’t want to find that I’ve had all my personal details including my genomic records [which personally are somewhere in my record already] spliced with Dolly the sheep research, in the hunt for a cure for arthritis five years down the line, and there’s another me living at the Roslin Institute. [I jest to exaggerate the point, not all research definitions are equal].  A yes today, cannot mean a yes for anything and everything.

The opt out term at present only allows a later ‘opt out’ to mean that data is made less identifying ‘pseudonymous’ from that request date, nothing deleted. ‘Opt out’, is not ‘get out’.

The records from before that request date, will remain clear and fully identifying for all time. So if a company requests an historical report, will our identifiable data still be included in it?

Opt out is not as simple as it sounds.

OPT OUT

The whole issue of opt out was at best an inaccurately communicated process. I believe it was misleading.

What is still wrong to my mind with this mechanism, is that there appears to be the assumption that all data may be matched and de-identified before release. That corresponds to the September 2013 NHS England Directions led by Mr. Kelsey to HSCIC saying there is “ “no need” to take into account individual objection to pseudonymous data sharing “. [2] And the patient leaflet, which was produced before any opt out changes, which stated we could object to ‘identifiable’ data sharing. That ‘identifiable’ doesn’t include all our data.

I’d like to see that clarified. Because Mr.Hunt has promised an opt out in entirety:

25th February in Parliament:

Mr.Hunt: …”we said that if we are going to use anonymised data for the benefit of scientific discovery in the NHS, people should have the right to opt out. We introduced that right and sent a leaflet to every house in the country, and it is important that we have the debate..”

“the reason why we are having the debate is that this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research

Dr Julian Huppert (Cambridge) (LD): There are of course huge benefits from using properly anonymised data for research, but it is difficult to anonymise the data properly and, given how the scheme has progressed so far, there is a huge risk to public confidence. Will the Secretary of State use the current pause to work with the Information Commissioner to ensure that the data are properly anonymised and that people can have confidence in how their data will be used and how they can opt out?

Hunt: “I will do that, and NHS England was absolutely right to have a pause so that we ensure that we give people such reassurance…”

Status: the public still has no communication about any opt outs on offer or a consistent, effectively communicated method by which to request it.

Our data continues to be released regardless.

What I want to understand on opt out:

1. Can I choose to have my data used for only care, or for bona fide public health research, but not, for example, other types, such as commercial pharma marketing or data intermediaries?

2. Can I restrict the use of all my children’s data, to include all of it, including fully ‘anonymous’ data as the Secretary of State stated? Not only restricting red and amber, but all data sharing?

3. How will patients know that all of their medical data is covered by these options, not only our GP records? (For other data held see > http://www.hscic.gov.uk/datasets)

4. Will NHS staff be given the right to opt out to prevent their personal confidential data or employment data being shared as part of the workforce data set?

5. Does opt out really mean opt out – when will we see the revised definition?

6. How will objection management (storing our opt out decision) be implemented with other data sharing? (SCR, Electronic Prescription Service, OOH access, Proactive care at local level.)

7. How will objection be effectively communicated and measured?

8. Will the BMA vote [3] be ignored by the Patients & Information Directorate at NHS England? They called for an opt in system? And also for it to have the option to be used only for improving care, not commercial exploitation. They appreciate the risks of losing patient confidentiality and trust.

9. Will the views of Dr. Mike Bewick, deputy medical director at NHS England, also be ignored, who said parts (referring to commercial use) should be ‘opt-in’ only? [Pulse, June 2014]

10. What will ensure opt out remains more than just Mr.Hunt’s word, if it has no legislative backing?

The opt out on offer at Christmas was to restrict identifiable data sharing. There was “no need” to take into account individual objection to pseudonymous data sharing said the September 13th NHS England directions. Those NHS England Board directions from September and December 2013 are now possibly out of date, but I’d like to see new ones which replaced them, to reassure me that an opt out that we are offered,  works the way I would expect.

Most importantly for me, will the opt out be given more legislative weight, Q.10? Today I have only the Secretary of State’s word that any “objection will be respected.”  And as we all know, post holders come and go, a spoken agreement by one person, may not be respected by another.

**********

ACCESS

Many of the concerns around which organisations will have access to our medical records, and which were somewhat dismissed on Newsnight then, have been shown to have been legitimate concerns since:

“Access by police, sold to insurance companies, sold for commercial purposes” Newsnight, February 19th 2014
… all shown to be users of existing medical records held by the HSCIC through the Partridge Review.
police

Which other concerns over access were raised and have they been addressed?

Dr. Sarah Wollaston MP, then member, now Chair, of the Health Select Committee raised the concerns of many when she asked whether other Government Departments may share care.data. Specifically she asked Mr.Kelsey,

“are you going to have a clear concrete offer to the public at the end of the six-month delay as to how these requests will be handled […] see if their data is going to be accessed by DWP […]?”

dwp_wollaston

I believe this is still more than a very valid and open question, particularly with reference to the December 2013  Admin Data Task Force which was exploring a ‘proof of concept’ to link DWP [6] and Department of Health data:

“Primary and Secondary Care interventions with DWP over a six year period.”

DWP_strategy

 

HSCAct

 

At the Health Select Committee evidence session, Mr. Kelsey and Mr. Jones did not give a straight yes/no answer to the question.

Personally I believe it would be clearly possible that DWP administering social care or welfare payments will make a case under ‘health and social care’. Unless I see it in legislation that DWP will not have access care.data or other HSCIC held data, I personally will assume that it is going to, and may have already especially given the ‘primary and secondary linking’ pilot listed above.

What about other government departments access to health data?

A group met for the event ‘Sharing Government Administrative Data: new research opportunities’: strategic meeting on 14 July 2014, at the Wellcome Trust, London [4]  – at which both care.data and DWP data had their own agenda slots.

The DWP holds other departments’ data and is “open to acting a hub.” July 2014 [7]

The Cabinet Office presenter included suggestions UK legislation [9] may change to enable all departments (excluding NHS) to share data, and the ADT recommended that new ‘Data Sharing” legislation should be put forward in the next [Parliamentary] term.

1. Since HSCIC is an ALB and not NHS, are they included in this plan to broaden sharing across government departments?

2. Will the care.data addendum of September 2013 be amended to show the public that those listed then, are no longer considered appropriate users?

3. Will Mr.Kelsey now be able to answer Dr.Wollaston MP’s question regards DWP with a yes / no answer?

Think tanks, intermediaries and for the purposes of actuarial refinement were included in documents at the time, which suggested that DAAG alone in future, would review applications.

The DAAG is still called the DAAG and appears to have gone from 4 to 6 members. The Data Access Advisory Group (DAAG), hosted by the Health and Social Care Information Centre (HSCIC), considers applications for sensitive data made to the HSCIC’s Data Access Request Service.

Three key issues remain unclear to me on recent Data Release governance at DAAG:

1. Free text access and 2. Commercial use 3. Third Party use

The July 2014 DAAG approved free text release of data for CSUs on a conditional cleansed basis, and for Civil Eyes with a caveat letter to say it shouldn’t be used for any ‘additional commercial use.’ It either is or isn’t commercial I think this is fudging the edges of purpose and commercial use, and precisely why the lack of defined scope use undermines trust that data will be used only for proper purposes and in the definition of the Care Act.

Free text is a concern raised on a number of occasions in Parliament and Health Select Committee.  On the HSCIC website it says, none will be collected in future for care.data. How is it now approved for release, if it has not already been collected in the past – in HES?  So it would appear, free text has already been extracted and is being released. How are we to trust it will not be the case for care.data?

****

In summary: after six months pause, it remains unclear what exactly is in scope, to whom will it be released. We are still not entirely clear who will have access to what data, and why.

In part two I’ll look in brief at what legislative changes, both in the UK and wider EU may influence care.data and wider health data sharing.  Plus some status updates on Research seeking approval, Changes to Oversight & Governance and Communications.

That commercial use, the concept that you are exploiting the knowledge of our vulnerability or illness, in commercial data mining, is still the largest open question, and largest barrier to public support I foresee. ‘Will the Care Act really help us with that?’ I ask in my next post.

MedConfidential have released their technical recommendations on safe settings access to data. Their analogy struck me again, as to how important it is that the use of data is seen by the users, as a collective.

Any pollution in the collective pool, will contaminate the data flow for all.

I believe the HSCIC, NHS England Patients & Information Directorate, the Department of Health need to accept that the continued access to patient data by commercial data intermediaries is going to do that. Either those users, some of whom are young and inexperienced commercial companies, need to be excluded, or to be permitted very stringent uses of data without commercial re-use licenses.

The commercial intermediaries still need to be told, don’t pee in the pool. It spoils it, for everyone else.

I’ll leave you with a thought on that, from Martin Collignon, Industry Analyst at Google.

**********

For part two, follow link >>here>>  I share my thoughts on current status of the HOW of Governance & Oversight, Legislation, and the WHY – addressing Communication of the care.data programme as a whole.  And WHEN will any of this happen?

Key refs:

[1]. Second delay to care.data rollout announcedThe Guardian February 18th 2014: http://www.theguardian.com/society/2014/feb/18/nhs-delays-sharing-medical-records-care-data

[2] NHS England directions to HSCIC September 13th 2013: http://www.england.nhs.uk/wp-content/uploads/2013/09/item_5.pdf

[3] BMA vote for opt In system: http://www.bmj.com/content/348/bmj.g4284

[4] July 14th at Wellcome Trust event ‘Sharing Government Administrative Data: new research opportunities’

[5] EU Data Legislation http://www.esrc.ac.uk/_images/presentation%208_Beth%20Thompson%20Wellcome%20Trust_tcm8-31281.pdf

[6] DWP data linkage proof of concept trial 6 year period of primary and secondary data, December 2013

[7] Developments in Access to DWP data 2014

[8] NHS data sharing – Dr.Lewis care.data July 2014 presentation

[9] Possible UK Legislation http://www.esrc.ac.uk/_images/Presentation_7_Rufus_Rottenberg_tcm8-31280.pdf

[10] Progress of the changes to be made at HSCIC recommendations of the Partridge Review https://medconfidential.org/wp-content/uploads/hscic/20140903-board/HSCIC140604di_Progress_on_Partridge_review.pdf

[11] Scope list p22 onwards: http://www.england.nhs.uk/wp-content/uploads/2013/08/cd-ces-tech-spec.pdf

[12] Health and Social Care Transparency Panel April 2013 minutes https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/259828/HSCTP_13-1-mins_23_Apr_13__NewTemp_.pdf

#caredata, care.data, HES, HSCIC, leadership, privacy, research, scope, transparency, trust

care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part one]

Five months after the most recent delay to the care.data launch, I’ve come to the conclusion that we must seek long-term excellence in its performance, not content ourselves with a second-rate dress rehearsal.

“Sharing our medical records, is like playing Chopin. Done well, it has the potential to demonstrate brilliance. It separates the good, the bad and the ugly, from the world-class players.  But will we get it right, or will we look back at repeat dire performances and can say, we knew all the right notes, but got them all in the wrong order?”

Around 100 interested individuals filled a conference room at the King’s Fund, on Cavendish Square in London last Monday, July 21st, where the Health and Social Care Information Centre (HSCIC) [1] held a meeting to publicly discuss the Partridge Review [2] and HSCIC data sharing policies, practices and stakeholder expectations going forward.  Driving Positive Change.[3]

The vast majority were from organisations which are data users, some names familiar from the care.data press coverage in spring, [Beacon Consulting, Harvey Walsh] plus many university and charity driven researchers.

Sir Kingsley Manning, Sir Nick Partridge and Andy Williams [The  CEO since April 2014] all representing HSCIC, spoke about the outcomes of the PWC audit, which sampled 10% of the releases of identifiable or pseudonymous data sharing agreements for closer review, and what is termed ‘Back Office’ access (by the police, Home Office, court orders) in the eight years as the NHS IC prior to the HSCIC rebrand and changes on April 1st, 2013.

“The standard PwC methodology was adopted for sample testing data releases with the prevailing governance arrangements. Samples were selected for each of the functional areas under review. Of the total number of data releases identified (3,059); approximately a 10% sample was tested in total.” (Report, Data Release Review June 2014)

I believe it is of value to understand how we got here as well as the direction in which the HSCIC is moving. This is what the meeting sought to do, to first look back and then look forward. They are Data Controller and Processor of our health records and personal identifiable data. As care.data pathfinder pilots approach at a pace, set for ‘autumn’, the changes in the current processes and procedures for data handling will not only effect records which are already held, from our hospital care and other health settings‘, but they will have a direct effect on how our medical records extracted from GP practices will be treated, for care [dot] data in the future.

Data Management thus far has failed to meet the standards of world class delivery; in collection, governance and release

After the event, walking back to the train home, I passed the house from which Chopin left, to play his last concert. [4]

It made me think, that sharing our medical records, is like playing Chopin. Done well, it has potential for brilliance. It separates the good, the bad and the ugly, from the world-class players. Even more so, when played as part of suite, where standards are understood and interoperable . Data sharing demands technical precision, experience and discipline. Equally, gone wrong, we can look back at past performances and say, we had world class potential and knew all the right notes, but got them all in the wrong order. Where did we fail? Will we learn, or let it repeat?

The 2.5 hour event, focused more on the attendees’ main interest, how they will be affected by any changes in the release process. Some had last received data before the care.data debacle in February put a temporary halt on releases.

As a result of planned changes, will some current data customers find, that they have already received data for the last time, I wonder?

After the initial review of the critical findings in the Partridge report, the discussion centred on listening to suggestions what may be done in England to prevent future fails. But in fact, I think we should be going further. We should be looking at what we are doing in England to be the world-class player that the Prime Minister said he wants.[5]

We are focused on making the best of a bad job, when we could be looking at how to be brilliant.

To me, the meeting missed a fundamental point. Before they decide the finer points of release, they need to ensure there will be data to collect. There was not one mention of the public’s surprise that our data was collected and had been sold or shared with each of them until last spring. So now that the public in part knows about it, the recipients should also consider we are watching them closely.

Data users are being judged as one, by their group performance

What the data recipients may or may not be conscious of, is that they too each are helping to shape the orchestra and will determine the overall sound that is heard outside.

They may not realise that as data recipients, we citizens, the data providers, will see and hear their actions and respond to them all collectively, in terms of what impact it may have on our opt in/out decision.

I heard on Monday one or two shriller voices from global data intermediaries claiming that others had been receiving data whilst their own requests had been overlooked. As of last Friday, HSCIC said 627 requests were on standby, waiting for review and to know whether or not they would receive data. Currently HSCIC is getting 70 new requests a month. Bearing in mind the attendees were mostly data users, they can be forgiven that they were mostly concerned about data release and use, but they did in part also raise the importance of correct communication, governance and consent of extraction. They realise without future public trust, there is no future data store.

One consultancy however, seemed to want to blame all the other players for their own past mistakes, though there was no talk of any blame in any discussion otherwise. They asked, what about the approvals process for SUS (Secondary Uses Service data), how are those being audited and approved, is it like HES? How about HSCIC getting their act together on opt out, putting power back in the hands of patients, they asked. What about the National Cancer Registries, ONS (Office of National Statistics), all the data which is not HES, will there be one entrance point to access all these data stores for all requests? And as for insurance concerns by patients, the same said, people were foolish to be concerned. Why, “if they don’t get our health data then all the premiums will go up.”

My my, it did feel a little like a Diva having a tantrum at the rest of the performers for messing up her part. And she would darn well pull the rest of them into the pit with her if she was going to get cancelled. In true diva style, I’m sure that company didn’t even realise it.

But all those data recipients are in the same show now – if one of them screws up badly, the critics will slam them all. And with it, their providers of data, we patients, will not share our data. Consent and confidentiality are golden tickets and will not be given up lightly. If  all the data-using players perform well, abide by the expected standards, and treat both critics, audience and each other with proper etiquette, then they will get their pay, and get to stay in the show. But it won’t be a one time deal. They will need to learn continuously, do whatever the show conductor asks, and listen and learn from the critics as they perform in future, not slacking off or getting complacent.

Whilst the meeting discussed past failings in the NHS IC, I hope the organisations will consider what has truly shocked the public is some of the uses to which data has been put. How the recipients used it. They need to examine their own practices as much as HSCICs.

The majority of the attendees were playing from the same score, asking future questions which I will address in detail in part two.

The vast majority asked, how will the data lab work? And other Research users asked many similar and related questions. [This from medConfidential [6] whilst on the similar environment for accredited safe havens, goes some way to explaining the principle of a health research remote data lab (HRRDL).]

Governance questions were raised. Penalties were an oft recurring theme and local patient representative group and charity representatives, asked how the new DAAG lay person appointments process would work and be transparent.

Other questions on past data use, were concerned with the volume of Back Office data uses. The volume of police tracing for example. How person tracing by the border agency, particularly with reference to HIV and migrant health, which may reveal data to border agencies which would not normally be shared by the patients’ doctors. “If people are going to have confidence in HSCIC, this was a matter of policy which needed looking at in detail. ” The HSCIC panel noted that they also understood there were serious concerns on the quantity of intra-government departments sharing, the HMRC, Home and Cabinet Offices getting mentions.  “There was debate to be had”, he said.

And  what do you think of the show so far? [7]

They’re collectively recovering from unexpected and catastrophic criticism at the start of the year. It is still having a critical effect on many organisations because they don’t have access to the data exactly as they used to, with a backlog built up after a temporary stop on the flow which was restarted after a couple of months. HSCIC has reviewed themselves, in part, and any smart attendees on Monday will know how each of their organisations have fared. The audit has found some of their weaknesses and sought to address them. There is a huge number of changes, definitions and open considerations under discussion and not yet ready to introduce. They realise there is a great amount of work still to be done, to bring the theory into practice, test it out, edit and get to a point where they are truly ready for a new public performance.

But none of the truly dodgy sounding instruments have been kicked out yet. I would suggest there are simply organisations which are not themselves of the same standards of ethics and physical best practices which deserve to manage our data. They will bring down the whole, and need rejected – the commercial re-use licenses of commercial intermediaries. And the playing habits of the data intermediaries need some careful attention, drawing the line between their clinical support work and their purely commercial purposes. The pace may have slowed down, but data is still flowing out, and there was no recognition that this may be without data protection permission or best practice, if individuals aren’t aware of their data being used in this way. The panel conducted a well organised and orderly discussion, but there were by far more open questions, than answers ready to be given.

What we do now, sets the future stage of all data sharing, in the UK and beyond – to be brilliant, will take time to get right

How HSCIC puts into action and implements the safeguards, processes and their verbal plans to manage data in the short and medium term, will determine much for the future of data governance in England, and the wider world. Not only in terms of the storage and release of data – its technical capability and process governance, but in the approach to data extraction, fair processing, consent, communication and ongoing management.

This is all too important to rush, and I hope that the feedback and suggestions captured on the day will be incorporated into the production. To do so well, will need time and there is no point in some half-ready dress rehearsal when so much is yet to be done.

The next Big Thing – care.data

When it came to care.data, Andy Williams said it had been a serious failing to not recognise that patients view their GP records quite, totally differently, from the records held at a hospital. Sharing their HES data.

“And it is their data, at the end of the day,” he recognised.

So to conclude looking back, I believe where data sharing has reached, is leaps and bounds ahead of where it was six months ago. The Partridge Review and its recommendations recognises there are problems and makes 9 recommendations. There is lots more the workshop suggested for consideration. If HSCIC wants to achieve brilliance, it needs to practise before going out on a public stage again. The excellence of Chopin’s music does not happen by chance, or through passion alone. To achieve brilliance we cannot follow some romantic notion of ‘it will all be alright on the night’. Hard edged, technical experience knows world-class delivery demands more.

So rolling out care.data as a pathfinder model in autumn before so much good preparation can possibly be done, is in my opinion, utterly pointless. In fact, it would be damaging. It will be like pushing  a grade 5 school boy who’s not ready into the limelight, and just wishing him luck, while you wait whistling in the wings. But what will those in charge say?

Will our health data sharing be a virtuoso performance [8]? Or will we end up with a second rate show, where we will look back and say, we had all the right notes, but played them all in the wrong order [9]?

{Update August 6th, official meeting notes courtesy of HSCIC}

I look forward to the future and address this more, as we did in the second part of the meeting, in my post Part Two. [10]

*****

[1] The Health and Social Care Information Centre – HSCIC

[2] The Partridge Review – links to blog post and all report files

[3] HSCIC Driving Positive Change http://www.hscic.gov.uk/article/4824/Driving-positive-change

[4] Chopin’s Last concert in London http://www.chopin-society.org.uk/articles/chopin-last-concert.htm

[5] What are we doing in England to be the world-class player that the Prime Minister said he wants? https://www.gov.uk/government/news/record-800-million-for-groundbreaking-research-to-benefit-patients

[6] A Health Research Remote Data Lab (HRRDL) concept for the ASH consultation – https://medconfidential.org/2014/hrrdls-for-commissioning/

[7] “What do you think of the show so far?” A classic Waldorf and Statler line from the Muppet Show. https://www.youtube.com/watch?v=jJNxj1FdKuo&list=PL1BCB0B838EBE07C6&index=12

[8] Chopin Rubenstein Piano Concerto no.2 with Andre Previn https://www.youtube.com/watch?v=T_GecdMywPw&index=1&list=RDT_GecdMywPw

[9] Classic comedy Morecambe & Wise, with Andre Previn – all the right notes, but not necessarily in the right order https://www.youtube.com/watch?v=-zHBN45fbo8

[10] Blog post part two: care.data is like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two – future]

**** In case care.data is news for you, here is a simple guide via Wired  and a website from GP and Caldicott Guardian Dr. Bhatia > the official NHS England page is here   ****

####

Fun facts: From The Telegraph, 2010: Prince of The Romantics by Adam Zamoyski

“That November farewell, given in aid of a Polish charity, came at the end of a difficult six-month British sojourn, which had included concerts in Manchester (one of the largest audiences he ever faced), Glasgow and Edinburgh, where the non-religious Chopin had unwillingly endured Bible readings by a pious patroness anxious to convert him to the Church of Scotland. Finally back in London, the composer-pianist spent three weeks preparing for what turned out to be his final recital by sitting wrapped in his coat in front of the fire at St James’s Place, attended by London’s leading homeopath and the Royal Physician, a specialist in tuberculosis. A week after the concert, he was on his way home to Parisian exile and death the following year.”

Born Zelazowa Wola, Poland of a French emigrant father and Polish mother, he left Poland aged 20, never to return. Well known and by some controversially for his long romantic liaison with novelist George Sand (Aurore Dudevant) after they separated his health failed and in 1848 he paid a long visit to Britain where he gave his last public performance at the Guildhall. He died in Paris.

#caredata, care.data, commercial, confidentiality, HES, HSCIC, NHSEngland, scope, transparency, trust

Flagship care.data – [2] Commercial use with the Brokers

Image

“If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, to give it our support.”

“He that filches from me my good name, robs me of that which not enriches him, and makes me poor indeed.”                     William Shakespeare, Othello

I read this Shakespeare quote last week, not in the original but in the statement Data Brokers: A Call for Transparency and Accountability by US Commissioner of the Federal Trade Commission Julie Brill, May 27 2014. [1] . Since then I have tried to piece together a lay consumer understanding, of how this commercial data market works and how our health records fit in. Experts in data markets and many others will undoubtedly see how naïve it is. But by sharing my ordinary understanding as a mother who is thinking about the impacts of my shopping habits and upcoming care.data decision will have on my children’s future, perhaps I can highlight how trusting we are, and why those governing our data need to ensure the processes around our data are worthy of that trust.

The Commissioner begins:

“Data brokers gather massive amounts of data, from online and offline sources, and combine them into profiles about each of us. Data brokers examine each piece of information they hold about us – where we live, where we work and how much we earn, our race, our daily activities (both off line and online), our interests, our health conditions and our overall financial status – to create a narrative about our past, present and even our future lives. Perhaps we are described as “Financially Challenged” or instead as “Bible Lifestyle.”

Perhaps we are also placed in a category of “Diabetes Interest” or “Smoker in Household.” Data brokers’ clients use these profiles to send us advertisements we might be interested in, an activity that can benefit both the advertiser and the consumer. But these profiles can also be used to determine whether and on what terms companies should do business with us as individual consumers, and could result in our being treated differently based on characteristics such as our race, income, or sexual orientation. If data broker profiles are based on inaccurate information or inappropriate classifications, or used for inappropriate purposes, the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
In other words, organisations, which we may not know store our personal, sensitive or confidential data, use it to classify, segment  and label us. In this environment when third parties it seems know more about us than we may know ourselves, it would seem prudent to want to control and understand what data is held by whom and how they use it. Especially, if in her words, “the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”

This is why it matters what is being done at break-neck pace to extract and share our health records in England.

I believe we are not yet sufficiently aware of how our data is used by these intermediaries, and if we were, we’d be horrified. We are complicit consumers in how our data is used with minimal understanding. We’re prepared to unwittingly trade a little privacy with the supermarket, to get our discount vouchers through the post. But we don’t look beyond that to understand what price we are paying and how our commercial interests may be harmed, in much more significant ways than £10 discount or a Legoland entry may compensate. Just like our food, the public are complicit [2] in our own downfall, accepting the marketing spin. We don’t understand credit ratings [3] and risk scores, and even if we do, most consumers don’t know data brokers offer companies scores for other purposes unrelated to credit in an onward chain of reselling. Data can be inaccurate, we are unaware of how to manage or correct it, how we are labelled by it, what opportunities it may restrict as highlighted in the report. We should be better informed.

I’ve recently learned how these, “powerful cross-channel consumer classifications help companies understand the demographics, lifestyles, preferences and behaviours of the UK adult population in extraordinary detail.” [4] demonstrated by Experian.

That they understand and track my behaviours probably better than I do, and at such detailed level, I find surprising and invasive. “Within rural areas we are able to pick out the individual households that are likely to be commuting to towns and cities nearby…” I’ll go more into that later.

It has come to the attention of the general public,  only in the last 6 months, that our hospital episode statistics (HES) and data from other secondary care sources, have been on sale in this consumer market. As I said in a previous post [5], a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries stated at that time, there was no legitimate or statutory basis to share at least ONS data [6] in that way for commercial purposes:

“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem…The panel identified this as a significant barrier to developing a vibrant market of information intermediaries.”

The HSCIC at that time saw a “vibrant market of information intermediaries, for commercial purposes” using our personal records as desirable and indeed, as Sir Kingsley Manning’s comments to the Health Select Committee demonstrate, in their DH handed-down policy remit.


In this way, companies who process data such as Beacon Dodsworth received data in the last year and offered it for commercial exploitation by others “HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”. Others included  OmegaSolver [7] and Harvey Walsh [8].


Some of that data goes back into our health market as business intelligence, both for NHS and private use, for benchmarking, comparisons and making commercial decisions. In our commissioning based marketplace [9], now becoming normalised.

Through the press earlier this year, and the first data release register [10] we have come to understand in part, who is using it and at least in part, how. Aside from bone fide public health planners and health researchers, and the intermediaries using data for commissioning support tools, recipients include these commercial companies and third-party intermediaries exploiting the data as a commodity. Organisations which may buy raw data and sell it on, or process it and sell that data mined information onwards. Organisations after which, Chair Kingsley Manning told the Health Select Committee, [11] we have no idea whom all the end users may be. He indicated the progress that is needed and that HSCIC is already working on improvements, stating the view that “the process HSCIC inherited was no longer robust. ” Q285

“Kingsley Manning: I realise that, and may I come back to that? That is why, specifically with regard to the sets of data that are covered by data-sharing agreements, I took the view that the process that we inherited was no longer robust. We have therefore been in the process of changing the management and the processes, and we have voluntarily adopted a process of being much more transparent about the process and about the data releases we have made.

              Q286Barbara Keeley: But what I was trying to get to was the concern.  We are just looking for transparency and honesty here. On all the data that was previously released through these commercial reuse licences where there are end users—the question that the Committee wanted to put to you—you are unable to say what are the uses to which the data release under those licences may be put, what controls are in place and what information is provided—you don’t know. With the whole 13 years of the HES database and however many million records have gone out to one of these providers that then provides on to others—in the United States, this has involved putting up the data on Google cloud, and we are not sure of the security of that—you can’t say. You should admit it now. If you can’t tell us where all that data is and what all its uses are, it seems you can’t. You have already admitted that entirely commercial market uses—

              Kingsley Manning: The control is through both the overriding regulations established within the Data Protection Act and the data-sharing agreements that we enter into with people, which specifically allow the reuse of data with safeguards with regard to anonymity.

              Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.

              Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.

              Q288Barbara Keeley: So, just to be clear, audit is not going to be possible for all the uses and all the end users. The data is out there. You have licensed people to use it and other people to buy it, and there is no control over that—it is just out there.

              Kingsley Manning: I don’t accept there is no control. There is control established in accordance with law and the regulations as they are today.

              Q289Barbara Keeley: But you are not able to say who is using it and for what reason. You are not able to say that.  There are end users out there.

              Kingsley Manning: No, because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data to advance both the health and social care system in this country and the economy. If, for example, we supply pseudonymised data to a drug company to help it to develop a new drug, we do not know the end users beyond that organisation, but that is perceived as being a task and a function that we have. It is done in such a manner that the data is safe and secure, and is not identifiable back to an individual.

              You may wish to change the base upon which we act. We absolutely welcome the suggestion that we should submit these to the confidentiality advisory group. We have identified a number of cases where we think its guidance would be very helpful, including in this area. We would absolutely welcome that, but I am afraid we cannot make up the rules that we act by.”

This is what concerns me, if the purposes and permissions granted for care.data are to be defined by the reason why recipients get data for the “promotion of health ” [12] and that their worthiness to receive data is based on,  a wooly, undefined notion of whether it will improve care or promote health. It cannot be transparently judged if many users of data are intermediaries with re-use licences, if even the HSCIC doesn’t know who all the end users are, and does not routinely audit them. Nor can anyone know how identifiable therefore the accumulated data sets may be.

If HSCIC does not track each release, each time, each recipient receives data, how do they know every time a new request is granted, how much of the jigsaw puzzle for any given individual, is left to complete?

If you don’t know who they are, how can you govern them and what they do with our data? How on earth can anyone judge how they will be for purposes in the Care Bill 2014 of:

(a)the provision of health care or adult social care, or

(b)the promotion of health.

How can the data controllers judge whether that  release, together with all the data these companies already hold, will not do us ‘significant harm’  in the words of Commissioner Brill, of the Federal Trade Commission? Will it not by its nature of labels discriminate against segments of our society, whom the data owners select, based on information beyond our visibility or control? Is society which is segmented and stratified at risk of every increasing inequality? Disability groups for example, may feel at increased risk of stigma or exclusion. David Gillon [13] addresses this in his post here. How can individuals determine if releasing our data to these companies is in our own, or the public interest [14]?

Impossible if we don’t know who they are, and we don’t know what they already hold. A model which is hardly transparent nor conducive to trust.

Dr.Neil Bhatia in Hampshire, a GP who founded the non-commercial website care-data.info, asked HSCIC in an FOI request for the data *about him* which was released to these type of intermediaries. He was told this week, that the data controller, the Health and Information Centre, does not know. We can then only surmise, if our individual data was contained in pseudonymous bulk data transfers in which there remains ‘a latent risk’ of identification. So from the released data register, we should look at what types of companies are using pseudonymous data. We are also told that penalties may be imposed, or even ‘one strike and you’re out’ for misuse of data. Until now at least without robust audit procedures, I believe we’d never know. So how could data be better secured?

There is talk of a ‘fume cupboard’ access, [15] or giving customers data only in query format, instead of giving out raw chunks of the database. But the Care Bill certainly didn’t legislate for any changes in those types or indeed any governance procedures. We can only wait and see if talk becomes reality and how we can trust it becomes a secure policy and stays so, after we entrust our data. There is no delete button after all.

The Secretary of State wrote on April 25th [16], asking to ensure current practices are up to the task, but as polite as it is, a letter is no form of governance. On June 12th, HSJ [17] reported that the HSCIC has ordered a significant number of trusts to “promptly” delete a series of datafields, which it claims could put patients at risk of being identified, because some of the information in “secondary uses service” that they had submitted to the agency had been entered in an incorrect way over ten years. The good news in this, is it would appear progress is being made in audit, and these errors are being addressed.

However, it highlights the issue created when you release raw data beyond your control. It will mean that organisations who should not have received data, did. How now is that data to be removed from information into which it has become? It will now no longer be raw numbers, but be in graphs, comparative studies and have been inexorably merged with other data. Unlike Cinderella’s carriage, it’s not an automatic process that the raw materials, the data, returns to its previous state after it has become enhanced, turned into business intelligence. The raw files may be traced, removed and deleted, but the knowledge it has turned into, will be almost impossible to find and delete. The links between the two may have disappeared into thin air. Harder to find, than the owner of the glass slipper. An impossible audit trail.

An audit process on leaving the trusts and upon arrival at HSCIC and on leaving HSCIC – at least a three place checkpoint – is what I would have  been familiar with in the past for payroll & personal data. It seems that audit procedures for our health records, have just not kept up with the speed at which the data has been sent out on the open seas, and there has been no audit.

Q287Barbara Keeley: So you have no idea who the end user is. You have no idea if they are using it properly because there is no audit.

  Kingsley Manning: And that is in accordance with the law and the regulations as they stand today.”

It’s not to say there are no controls. We are told that data sharing agreements prevent data provided being matched with other data held, which prevents making individuals identifiable. However, as I’ll look at in my next post, I don’t think it even has to get the the person level to be sufficiently identifiable as to be discriminatory. The segmenting of society at group level, at household level, with detailed understanding of our behaviours, is sufficient, aside from the identifiable individual level data these companies hold for identity verification and so on. When companies extract and store raw data, we have no idea where and with whom it lands up. I’ve been completely surprised by what I have learned in the last few weeks how these third parties use our data.

The current controls around and governance of our health data remains unchanged by the Care Bill.  Through policy, law and directions the HSCIC has

…”licensed people to use it and other people to buy it, and there is no control over that.” [12]

As Sir Manning said,

…”because we have a large range of organisations that we have been encouraging. Government policy has for a long time been to encourage the use of this data”

Controls may be in line with policy and the law, but I believe it simply hasn’t kept up with the functional need for a decent governance framework.

Julie Brill’s Statement made a recommendation:

“A second accountability measure that Congress should consider is to require data brokers to take reasonable steps to ensure that their original sources of information obtained appropriate consent from consumers.”

Accountability in the UK of these data brokers seems quite absent in real terms, unknown to the public at large.

The same core issue identified by Julie Brill in the US, lack of informed consent. If we don’t know you have it, how can we ask to check if it’s correct or who uses it? In an era of borderless electronic data transfers, we should seek to put in place the highest standards as common denominators, and in terms of privacy, there are lessons worth learning from the US actions post Snowden which in the UK, we have not yet begun.

If our health records should sail off in the flagship care.data programme, on the sea of commercial Big Data, are we confident that there is consent, fair processing, transparency, accountability, security and good governance? We must know that these basic mainstays are in place, and will stay so in future, to give it our support. Well governed data is more likely to get our trust, therefore our consent and be of better quality for buyers.

We must also not forget to clarify why it is our records are needed in the broad and undefined care.data scope that we still have not seen pinned down. Is the public good really defined for care.data and does it outweigh the private long established rights of consent and confidentiality? Do we trust these commercial company uses to do “no harm” as the US Commissioner of the Federal Trade Commission examined?

…”the profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”

When we visit a medic we are vulnerable, ill or in need of help. We entrust our knowledge in confidence, and trust it will be used for our care. A whole hotchpotch of other indirect uses, including commercial exploitation is not what we expect. We need to trust the data we give away to local staff,  is processed appropriately all the way up the data chain, when it is stored, when it is released and beyond. For now at least, it appears citizens can only control the one point at which we first give our data up. After that, we have faith that those governing our data ensure the processes around its management are worthy of that trust. The governance processes that go beyond the HSCIC control, will directly influence that trust, and our care.data decision to object, or not.

For citizens to see this still precarious commercial hull, and trust that our innermost confidences should be safe within it, is stretching our trust, just a little too far.  The knowledge of our health and lifestyle should not be commercially exploited in this uncontrollable marketplace by data brokers without our knowledge and consent.  Health data is on the cusp of including more widespread biomedical data. In my children’s lifetime that may be a whole new era of data management to contend with. For now,  all this intensive data mining may be much more than we already imagined and we should carefully consider how society will be affected if it includes every aspect of our health and lifestyle data. It may be yet another aspect of individual surveillance more than society can stand.[18]

The care.data storm may not yet be over.

*****

In part three on commercial uses, I’m going to explore, from my lay perspective, on how some of these intermediaries and data processing companies, use data concretely in practice. As Julie Brill says how these intermediaries, “create a narrative about our past, present and even our future lives.”

******

[1] Data Brokers: A call for transparency and accountability – http://www.ftc.gov/system/files/documents/public_statements/311551/140527databrokerrptbrillstmt.pdf

[2] Food Marketing film by Catsnake with Actress Kate Miles via Upworthy  http://www.upworthy.com/no-one-applauds-this-woman-because-theyre-too-creeped-out-at-themselves-to-put-their-hands-together

[3] Your Credit Ratings explained BBC http://news.bbc.co.uk/1/hi/business/2963580.stm

[4] “Mosaic is Experian’s most comprehensive cross-channel classification system …it helps you understand consumers in extraordinary detail.” http://www.experian.co.uk/marketing-services/products/mosaic/mosaic-in-detail.html

[5] Flagship care.data – Commercial Uses in theory: https://jenpersson.com/flagship-care-data-precious-cargo-1-commercial-uses-in-theory/

[6] Health and Social Care transparency panel:- minutes from 23rd April 2013 –  https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/259828/HSCTP_13-1-mins_23_Apr_13__NewTemp_.pdf

[7] 17th March Omega Solver in the Guardian, by Randeep Ramesh http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care

[8] 16th March Harvey Walsh in the Sunday Times by Jon Ungoed-Thomas  ‘healthcare intelligence company, has paid for a database’ http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece

[9]  The Privatisation of the NHS Prof.A.Pollock at Tedex event

[10] HSCIC Data Register http://www.hscic.gov.uk/dataregister

[11} Evidence at Parliamentary Health Select Committee April 8th 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/8416.html

[12] Care Bill 2014 – Enacted: http://www.legislation.gov.uk/ukpga/2014/23/section/122/enacted

[13] care.data in their own words – D. Gillon Where’s the Benefit? http://wheresthebenefit.blogspot.co.uk/2014/03/caredata-in-their-own-words.htm

[14] Public vs Private interest – Dr. M Taylor, “Information Governance as a Force for Good? Lessons to be Learnt from Care.data”, (2014) 11:1 SCRIPTed

[15] Fume Cupboard access in NHS England stakeholder  letter April 14th 2014

[16] Letter from Jeremy Hunto HSCIC regarding patient confidentiality

[17] Health Service Journal, June 12th, Nick Renaud-Komiya, http://www.hsj.co.uk/news/trusts-ordered-to-delete-incorrect-data/5071902.article?blocktitle=News&contentID=8805

[18] John Naughton, Observer 8th June, http://www.theguardian.com/technology/2014/jun/08/big-data-mined-real-winners-nsa-gchq-surveillance

#caredata, care.data, commercial, HES, HSCIC, NHSEngland, scope, trust

Flagship care.data – precious cargo [1] & commercial uses in theory

“The challenge is that if many users of data are intermediaries with re-use licences and even the HSCIC doesn’t know who all the end users are, how on earth can anyone judge how they will be for purposes of ‘improving NHS care’?”

Commercial and third party use is one of the most damaging aspects of the rollout which is wrecking the care.data programme.

I’ve cut my opinion on this care.data topic into two parts, theory and practice, to address the outcomes of the LMC conf of yesterday from a patient POV. From my lay perspective, the result of the debate and votes was partly due to the failure to shore up the policy theory around commercial uses to make any perceivable improvement to trust for the future. And partly based on proven failures in practice to protect our data in the past. Failures around commercial use of care.data in theory and practice.

The theme of making money, is a recurring topic for women in literature, and graced or should I say, grubbied  our screens in recent weeks in the adaptation of Dame Daphne Du Maurier’s Jamaica Inn.

Mary Yellan, orphaned and without means, seeks the only family she has and lands among the smugglers and muddy marsh of the Cornish moors. It’s not only set against a backdrop  of smuggling, but wrecking. The heroine struggles between moral conflict and practical necessity, whether to join in their activities, against her ethical principles.  She gets used to it but ultimately can’t live with it.

Given that the real inn is in the middle of a very bleak moor, with no outlook except the rough shorn grass, you need to really see unmet potential to want to be its new owner. For that, you need to see strong commercial opportunities or be a committed hard core Du Maurier fan. Or both.

So it can appear, from a patient point of view on care.data. Either the driving parties promoting the release of patient data see unmet potential [1] which needs commercial harnessing [1b], have direct commercial interests[1c], or they have another personal interest in its extraction and access. Or perhaps they are just hard core fans of data sharing, to the point that we should support mashing our health data up with commercial retail loyalty cards as Mr. Tim Kelsey suggested in November 2013 at Strata [from 16:00] [2].

Are the same people and organisations driving the programme and calling for ‘data for patients’ not also the same who will benefit most from having access to the data? The measurable benefits to us patients remain unclear, at best. The cost, our confidentiality and GP trust, is however clearly non-refundable. Consent, the age old pillar of medical ethics is to be waived aside. The LMC Conf obviously see value in protecting confidentiality at source if it cannot be guaranteed by others, whether the HSCIC or the data users.

Who will all the end users of our data be? They remain somewhat undefined, because the care.data addendum including Think Tanks, commercial companies and information intermediaries was not approved [3] and because future users are undefined in social care, for example. Future scope will entail additional future users. But then perhaps this should not surprise us that NHS England and the HSCIC expect us to acquiesce to this fair processing failure although we don’t yet know all the future end users, because Sir Kingsley Manning admitted that HSCIC does not know who all the current end users are either (Q272) [4a] at the  Health Select Committee hearing. So, were the GPs at LMC Conf just expected to trust ‘on spec’ to whom their approval of care.data would entitle its sharing?

Information intermediaries in particular, seem to still be on the key stakeholders list[5] in January 2014. But only a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries clearly stated there was no legitimate or statutory basis to share at least ONS data with them. [6]

“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem. A number of possible approaches had been considered but advice from the relevant Government legal teams was that there did not appear to be a statutory basis for doing so. The panel identified this as a significant barrier to developing a vibrant market of information intermediaries (IIs). It also limited the ability of IIs to support NHS organisations with business intelligence to evaluate and benchmark the quality of their services.

It was agreed that this issue needed to be resolved, and if necessary changes to the relevant legislation should be considered. ” 

I would love to know whether the law changed in the last year, how was the issue resolved, or has HSCIC and have we just through use, acknowledged that this sharing with intermediaries is acceptable and legal? The meeting later in July should have given clarity, but I can’t see minutes beyond April. They are no doubt somewhere, and someone cleverer than me, can help find them and clarify how the decision was reached I expect. I did find notes in the recent HSCIC audit of past data releases [4b], that ONS data was granted under existing law after all:

“The ONS data are supplied under the Statistics and Registration Service Act 2007 section 42(4) as amended by s287 of the Health and Social Care Act 2012, for the purpose of assisting the Secretary of State for Health, or the Welsh Ministers, in the performance of his, or their functions in relation to the health service.”

Since the Health and Social Care Act revoked the Secretary of State’s duty of care to provide a national health service, I wonder what functions it relates to as pertains to third party intermediaries? The ONS application form is detailed but no more enlightening for commercial intermediary use. I can’t help feeling we’re seeking justifications rather than good cause as the starting point for widening data releases. That we are starting to accept that our hospital records have been shared without our consent and sold. (Let’s give up the recouping costs word play, call a spade a spade. Data and cash change hands.). ‘What can we do about it anyway? we may well ask. As time has gone on in the care.data debacle, and in the three months since the delay, it appears from the leadership comments of NHS England from Mr. Kelsey in Pulse that, we’re not to worry, “now we are working to make care.data safe.” [free registration required] Still no one has said, we made a mistake of its handling in the past.

This acknowledgement however that work needs done to make the data safe, underlines exactly what so many saw months ago including the GPES advisory group which had concerns [17] in Sept 2013 on commercial uses and its communication, governance and patient trust. Care.data was launched regardless. Now it’s grounded.  What has improved since then? What remains to fix?

How well exactly did HES storage and sharing work so far, with breaches identified as well as the basic legal fair processing failing to inform us of its extraction? What has been done to prevent it happening again? I have seen no concrete steps which give me faith the past flaws have been fixed enough to now trust it in future.

In February, before the pause Jeremy Taylor of National Voices wrote a very sound 12 point plan of what needed to change.  Since then, what has actually  changed [7] as far as I can see, is only the introduction of a delay, and that his words were listened to, that there should be no artificial deadline:

‘”the timescale for launching Care.Data was entirely artificial, as is the six month “pause”.

Three months into the delay, nothing of substance other than agreeing there is no artificial deadline, appears to have changed.

The most significant past let downs have all been commercial or third party uses. OmegaSolver, Beacon Dodsworth, PA ConsultingEarthware.

The Care Bill amendment touted as a change in the legal protection of our care.data, does not block commercial Third party intermediaries sharing care.datauses of our data, only stating that it should be used ‘for the promotion of health’ which is open to all sorts of interpretation. Not least I imagine, those similar to ‘fight against obesity’ campaigns by marketing masters of commercialism.

So with little transparent change on policy, since we have become aware of data breaches, misuse and patient anger about commercial use, it should come therefore as no surprise that the BMA Local Medical Committees (LMCs) yesterday voted to state a preference for opt in not opt out, pseudo or anonymisation at source and insists that care.data should only be used for its stated purpose of improving health care delivery, and not sold for profit.

Simply: the public don’t trust that our identifiable data is protected and we object to all our data being traded commercially.

This is in direct conflict with HSCICs stated purpose in the HSCIC 2013-15 roadmap [8]:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

And in statements by both Sir Manning at the Health Select Committee and Dr. Geraint Lewis [9]:

…”we think it would be wrong to exclude private companies simply on ideological grounds; instead, the test should be how the company wants to use the data to improve NHS care. And, as Polly Toynbee put it, if “it aids economic growth too, that’s to the good.”

The challenge is that if many users of data are intermediaries with re-use licences and we don’t even know who all the end users are, how on earth can the HSCIC judge how they will benefit ‘improving NHS care’?

As regards economic growth, if the aim is to give away data for free, as Mr. Kelsey told the September 13th NHS England board (from 26:10)[10], how is the NHS to make profit from it? It’s not. Commercial companies are to buy at prices only to help HSCIC recoup costs [11], so that is not technically opposed in wording to ‘ not making a profit.’ Citizens, GPs and others can be aligned with that on paper. But not in spirit. For now commercial companies profit from our state funded records, paid for by NHS DoH money.  They profit intermediaries with re-use licences beyond which we have no visibility or control of where our data goes or why. And the fact that the wider profiting third parties from the whole scheme,  ATOS paid zero tax in the UK in 2012,[12] really grates. How does the cash given to ATOS benefit economic growth in the country?

Therefore, for the LMCs to have voted now any differently, would have expected them be soothsayers, knowing that the care.data work-in-progress and any future changes will make both the future scope purposes and future users clearly defined, in order to fulfil their duty as data controller, ensuring patients have a reasonable expectation of how their data will be used. It asks GPs to betray their age old fundamental principle of medicine, to betray patient confidentiality, for commissioning. They are being told to betray the good ethics of consent.  They are being asked to betray patients’ trust and even to use that trust to ‘sell’ the idea in which they may not believe.

And care.data current processes betray the best practices of data collection – seek to collect the minimum data required, for a specific purpose and delete it when that is completed.

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’ consistent with the Data Protection Act principle 5. [13]

Instead HSCIC’s remit over the coming years of care.data is to fill in all the remaining gaps with any health and social care information not already collected [14], and keep it linkable from cradle to grave – or even from “germ to worm” for everyone with an NHS number in England. Purposes are non-specific and unlimited because they’ll change over time and the end users are not all defined for it plans to be opened up increasingly widely for use in social care and we don’t know what else.

caredatatimeline

 

In my lay view, the BMA LCs had no choice in the interests of their patients but to call for a rejection of assumed consent and commercial uses. The two do not go together. Opt out for uses of our data purely for NHS care and its planning would be much more palatable. But add in commercial uses, which is what has both been the main source of patient objection and data breaches, and it’s a deal breaker.

They can’t stake their support and reputation on a best guess of what might be. They can only base their judgement on what they know now. And no one supports care.data exactly as she is right now, which is why it is postponed and work in progress. Shore up trust, governance and axe these commercial uses and perhaps an assumed consent would seem more palatable. For example, Cross border governance needs documented when the application form gives non UK options. Scope and users need defined to ensure proper fair processing to meet DPA ICO requirements [16]. But so far, nothing has visibly changed.

It’s no different from when Ben Goldacre was telling us public trust cannot be easily regained and it broke his heart [15]. I know why, there are expected benefits to public research amongst others to access primary care data more than they already have in CPRD or pseudonymous data in QResearch and others, but we need to act based on today’s approved uses for care.data, not what might be remain in an undefined future. Right now, we’ve seen no changes of substance since the delay was announced.

NHS England can’t therefore genuinely expect to see a shift in trust in citizens or GPs based on nothing more than lines in the sand.

I believe GPs at the LMC Conf took the best decisions they could with the programme in its current form, with knowledge of past problems and lack of future clarity over scope and users.

They voted for how they feel best protects, respects and empowers their patients.

If our current Data Controllers and  guardians of confidentiality don’t stand up for patients to get the build of the infrastructure right before they agree to release our data to fill it, who will? The question will be whether the Secretary of State and NHS England will force their legal right of extraction through regardless, or will respect the medical profession’s representatives and the rights of citizens they care for?

There is an opportunity to fix things. The LMC Conf after all have no legal efficacy, they stated their opinion and stance which commands respect and attention. Flagship care.data is not washed up, yet. But it can’t sail without addressing governance and professional support. Commercial exploitation and assumed opt in are not going to work comfortably together. Transparency of who has access to what data for what purposes and how it is released needs sharpened up. And regardless of whether opt in ever comes onto the table or not, if care.data keeps her strongly  commercial heading many, many more will jump ship to opt out. The damage of bias will be done, either way.

She needs some new directions, helmsmanship that we trust and sound repairs.

********

If you have missed the background to this saga, I’d recommend the Julia Powles article in WIRED – what to save when the care.data ship goes down.

I’m going to look at some more of the commercial uses of care.data in practice another time. And clarify the communication of the opt out codes and why research purposes is a misnomer in the GP patient record sharing part of care.data purposes – it’s not (yet at least) an approved use.

********

[1] MOU between AstraZeneca and the HSCIC, December 2012

[1b]  ABPI Vision for harnessing Real World Data 2011

[1c] Hansard, Nov 2010 George Freeman ‘I know from my own experience that we are sitting on billions of pounds-worth of patient data. Let us think about how we can unlock the value of those data around the world.’

[2] Strata November 2013, Tim Kelsey keynote ‘mash it up with other data sources to get their local retailers to tell them about their purchasing habits so they can mash that up with their health data’

[3] care.data addendum Sept 2013

[4] Written Hansard of the Health Select Committee , 8th April

[4b] The HSCIC data release register issued on April 3rd 2013

[5] Oversight panel with input from Dame Fiona Caldicott, January 2014, with stakeholders’ list

[6] Health and Social Care Transparency Overview Panel April 2013

[7] National Voices – Jeremy Taylor, an excellent overview of 12 points which needed fixed from February 2014

[8] HSCIC 2013-15 Roadmap

[9] NHS England comments by Dr.Lewis on commercial principle

[10] September 13th 2013, care.data directions approved by the NHS England Board – care.data from 25:40 – 39:00 – note identifiable, not anonymous data is extracted and stored with the DLES at HSCIC, and GP objections to date on care.data opt-in seem not to have been respected in contrast to the claim ‘GPs make a decision’ from 31:00. There is to date, no communicated way to prevent HES data extraction and its sharing in pseudonymous form.

[11] The HSCIC Data Linkage price list

[12] The Independent, November 2013 Atos & G4 pay no corporation tax in 2012, National Audit Office stats via Adam Withnall, The Independent

[13] Data Protection Standards – retention, principle 5

[14] care.data programme overview April 2013

[15] the Guardian, 28th February 2014 – care.data is in chaos – Ben Goldacre

[16] Blog from the Information Commissioner’s Office on care.data Data Protection and Fair processing

[17]The GPES Advisory Group meeting minutes Sept 12th 2013

{updated 28th May – looks like past uses of our health data are now also under scrutiny by ICO which is investigating claims that insurers have accessed full medical records using subject access requests.}

By [email protected]
#caredata, HES, NHS, QOF, research, scope, scope creep, SCR, Tech, transparency

What is Care.data? Defined scope is vital for trust.

It seems impossible to date, to get an official simple line drawn around ‘what is care.data’. And therefore scope creep is inevitable and fair processing almost impossible. There is much misunderstanding, seeing it as exclusively this one-time GP load to merge with HES. Or even confusion with the Summary Care Record and its overlap, if it will be used in read-only environments such as Proactive care and Out-of-hours, or by 111 and A&E services.  The best unofficial summary is here from a Hampshire GP, Dr. Bhatia.

Care.data is an umbrella initiative, which is planned over many years.

Care.data seems to be a vision. An ethereal concept of how all Secondary Uses (ref.p28) health and social care data will be extracted and made available to share in the cloud for all manner of customers. A global standard allowing extract, query and reporting for top down control by the men behind the curtains, with intangible benefits for England’s inhabitants whose data it is. Each data set puts another brick in the path towards a perfect, all-knowing, care.data dream. And the data sets continue to be added to and plans made for evermore future flows. (Community Services make up 10 per cent of the NHS budget and the standards that will mandate the national submission of the revised CIDS data is now not due until 2015.)

Whilst offering insight opportunity for top down cost control, planning, and ‘quality’ measures, right down to the low level basics of invoice validation, it will not offer clinicians on the ground access to use data between hospitals for direct care. HES data is too clunky, or too detailed with the wrong kinds of data, or incomplete and inaccurate to benefit patients in care of their individual consultants. Prof Jonathan Kay at the Westminster Health Forum on 1st April telling hospitals, to do their own thing and go away and make local hospital IT systems work. Totally at odds with the mantra of Beverley Bryant, NHS England of, ‘interoperability’ earlier the same day. An audience question asked, how can we ensure patients can transfer successfully between hospitals without a set of standards? It is impossible to see good value for patients here.

Without a controlled scope I do not wish to release my children’s personal data for research purposes. But at the moment we have no choice. Our data is used in pseudonymous format and we have no known publicly communicated way to restrict that use. The patient leaflet, “better data means better care” certainly gives no indication that pseudonymous data is obligatory nor states clearly that only the identifiable data would be restricted if one objected.

Data extracted now, offers no possibility to time limit its use. I hope my children will have a long and happy lifetime, and can choose themselves if they are ‘a willing research patient’ as David Cameron stated in 2010 he would change the NHS Constitution for. We just don’t know to what use those purposes will be put in their lifetime.

The scope of an opt-in assumption should surely be reasonably expected only to be used for our care and nothing else, unless there is a proven patient need & benefit for otherwise? All other secondary uses cannot be assumed without any sort of fair processing, but they already are.

The general public can now see for the first time, the scope of how the HSCIC quango and its predecessors have been giving away our hospital records at arms-length, with commercial re-use licenses.

The scope of sharing and its security is clearly dependent on whether it is fully identifiable (red),  truly anonymous and aggregated (green, Open data) or so-called amber. This  pseudonymous data is re-identifiable if you know what you’re doing, according to anyone who knows about these things, and is easy when paired with other data. It’s illegal? Well so was phone hacking, and we know that didn’t happen either of course.  Knowledge once leaked, is lost. The bigger the data, the bigger the possible loss, as Target will testify. So for those who fear it falling into the wrong hands, it’s a risk which we just have to trust is well secured. This scope of what can be legitimately shared for what purposes must be reined in.

Otherwise, how can we possibly consent to something which may be entirely different purposes down the line?

If we need different data for real uses of commissioning, various aspects of research and the commercial ‘health purposes,’ why then are they conflated in the one cauldron? The Caldicott 2 review questioned many of these uses of identifiable data, notably for invoice validation and risk stratification.

Parents should be able to support research without that meaning our kids’ health data is given freely for every kind of research, for eternity, and to commercial intermediaries or other government departments. Whilst I have no qualms about Public Health research, I do about pushing today’s boundaries of predictive medicine. Our NHS belongs to us all, free-at-the-point-of-service for all, not as some sort of patient-care trade deal.

Where is the clear definition of scope and purposes for either the existing HES data or future care.data? Data extractions demand fair processing.

Data is not just a set of statistics. It is the knowledge of our bodies, minds and lifestyle choices. Sometimes it will provide knowledge to others, we don’t even yet have ourselves.

Who am I to assume today, a choice which determines my children have none forevermore? Why does the Government make that choice on our behalf and had originally decided not to even tell us at all?  It is very uncomfortable feeling like it is Mother vs Big Brother on this, but that is how it feels. You have taken my children’s hospital health records and are using them without my permission for purposes I cannot control. That is not fair processing. It was not in the past and it continues not to be now.  You want to do the same with their GP records, and planned not to ask us. And still have not explained why many had no communications leaflet. Where is my trust now?

We need to be very careful to ensure that all the right steps are put in place to safeguard patient data for the vital places which need it, public health, ethical and approved research purposes, planning and delivery of care. NHS England must surely step up publicly soon and explain what is going on. And ideally, that they will take as long as necessary to get all the right steps in the right order. Autumn is awfully close, if nothing is yet changed.

The longer trust is eroded, the greater chance there is long term damage to data quality and its flawed use by those who need it. But it would be fatal to rush and fail again.

If we set the right framework now, we should build a method that all future changes to scope ensure communication and future fair processing.

We need to be told transparently, to what purposes our data is being used today, so we can trust those who want to use it tomorrow. Each time purposes change, the right to revoke consent should change. And not just going forward, but from all records use. Historic and future.

How have we got here? Secondary Uses (SUS) is the big data cloud from which Hospital Episode Statistics (HES) is a subset. HES was originally extracted and managed as an admin tool. From the early days of the Open Exeter system GP patient data was used for our clinical care and its management. When did that change? Scope seems not so much to have crept, but skipped along a path to being OK to share the data, linked on demand even with Personal Demographics or from QOF data too, with pharma, all manner of research institutions and third party commercial intermediaries, but no one thought to tell the public. Oops says ICO.

Without scope definition, there can be no fair processing. We don’t know who will access which data for what purposes. Future trust can only be built if we know what we have been signed up to, stays what we were signed up to, across all purposes, across all classes of data. Scope creep must be addressed for all patient data handling and will be vital if we are to trust care.data extraction.

***