Tag Archives: communications

Digital revolution by design: infrastructures and the fruits of knowledge

Since the beginning of time and the story of the Garden of Eden, man has found a way to share knowledge and its power.

Modern digital tools have become the everyday way to access knowledge for many across the world, giving quick access to information and sharing power more fairly.

In this third part of my thoughts on digital revolution by design, triggered by the #kfdigi15 event on June 16-17, I’ve been considering some of the constructs we have built; those we accept and those that could be changed, given the chance, to build a better digital future.

Not only the physical constructions, the often networked infrastructures, but intangible infrastructures of principles and power, co-dependencies around a physical system; the legal and ethical infrastructures of ownership, governance and accountability.

Our personal data flow in systems behind the screens, at the end of our fingertips. Controlled in frameworks designed by providers and manufacturers, government and commercial agencies.

Increasingly in digital discussions we hear that the data subject, the citizen, will control their own data.

But if it is on the terms and conditions set by others, how much control is real and how much is the talk of a consenting citizen only a fig leaf behind which any real control is still held by the developer or organisation providing the service?

When data are used, turned into knowledge as business intelligence that adds value to aid informed decision making. By human or machine.

How much knowledge is too much knowledge for the Internet of Things to build about its users? As Chris Matyszczyk wrote:

“We have all agreed to this. We click on ‘I agree’ with no thought of consequences, only of our convenience.”

Is not knowing what we have agreed to our fault, or the responsibility of the provider who’d rather we didn’t know?

Citizens’ rights are undermined in unethical interactions if we are exploited by easy one-click access and exchange our wealth of data at unseen cost. Can it be regulated to promote, not stifle innovation?

How can we get those rights back and how will ‘doing the right thing’ help shape and control the digital future we all want?

The infrastructures we live inside

As Andrew Chitty says in this HSJ article: “People live more mobile and transient lives and, as a result, expect more flexible, integrated, informed health services.

To manage that, do we need to know how systems work, how sharing works, and trust the functionality of what we are not being told and don’t see behind the screens?

At the personal level, whether we sign up for the social network, use a platform for free email, or connect our home and ourselves in the Internet of things, we each exchange our personal data with varying degrees of willingness. There there is often no alternative if we want to use the tool.

As more social and consensual ‘let the user decide’ models are being introduced, we hear it’s all about the user in control, but reality is that users still have to know what they sign up for.

In new models of platform identity sign on, and tools that track and mine our personal data to the nth degree that we share with the system, both the paternalistic models of the past and the new models of personal control and social sharing are merging.

Take a Fitbit as an example. It requires a named account and data sharing with the central app provider. You can choose whether or not to enable ‘social sharing’ with nominated friends whom you want to share your boasts or failures with. You can opt out of only that part.

I fear we are seeing the creation of a Leviathan sized monster that will be impossible to control and just as scary as today’s paternalistic data mis-management. Some data held by the provider and invisibly shared with third parties beyond our control, some we share with friends, and some stored only on our device.

While data are shared with third parties without our active knowledge, the same issue threatens to derail consumer products, as well as commercial ventures at national scale, and with them the public interest. Loss of trust in what is done behind the settings.

Society has somehow seen privacy lost as the default setting. It has become something to have to demand and defend.

“If there is one persistent concern about personal technology that nearly everybody expresses, it is privacy. In eleven of the twelve countries surveyed, with India the only exception, respondents say that technology’s effect on privacy was mostly negative.” [Microsoft survey 2015, of  12,002 internet users]

There’s one part of that I disagree with. It’s not the effect of technology itself, but the designer or developers’ decision making that affects privacy. People have a choice how to design and regulate how privacy is affected, not technology.

Citizens have vastly differing knowledge bases of how data are used and how to best interact with technology. But if they are told they own it, then all the decision making framework should be theirs too.

By giving consumers the impression of control, the shock is going to be all the greater if a breach should ever reveal where fitness wearable users slept and with whom, at what address, and were active for how long. Could a divorce case demand it?

Fitbit users have already found their data used by police and in the courtroom – probably not what they expected when they signed up to a better health tool.  Others may see benefits that could harm others by default who are excluded from accessing the tool.

Some at org level still seem to find this hard to understand but it is simple:
No trust = no data = no knowledge for commercial, public or personal use and it will restrict the very innovation you want to drive.

Google gmail users have to make 10+ clicks to restrict all ads and information sharing based on their privacy and ad account settings. The default is ad tailoring and data mining. Many don’t even know it is possible to change the settings and it’s not intuitive how to.

Firms need to consider their own reputational risk if users feel these policies are not explicit and are exploitation. Those caught ‘cheating’ users can get a very public slap on the wrist.

Let the data subjects rule, but on whose terms and conditions?

The question every citizen signing up to digital agreements should ask, is what are the small print  and how will I know if they change? Fair processing should offer data protection, but isn’t effective.

If you don’t have access to information, you make decisions based on a lack of information or misinformation. Decisions which may not be in your own best interest or that of others. Others can exploit that.

And realistically and fairly, organisations can’t expect citizens to read pages and pages of Ts&Cs. In addition, we don’t know what we don’t know. Information that is missing can be as vital to understand as that provided. ‘Third parties’ sharing – who exactly does that mean?

The concept of an informed citizenry is crucial to informed decision making but it must be within a framework of reasonable expectation.

How do we grow the fruits of knowledge in a digital future?

Real cash investment is needed now for a well-designed digital future, robust for cybersecurity, supporting enforceable governance and oversight. Collaboration on standards and thorough change plans. I’m sure there is much more, but this is a start.

Figurative investment is needed in educating citizens about the technology that should serve us, not imprison us in constructs we do not understand but cannot live without.

We must avoid the chaos and harm and wasted opportunity of designing massive state-run programmes in which people do not want to participate or cannot participate due to barriers of access to tools. Avoid a Babel of digital blasphemy in which the only wise solution might be to knock it down and start again.

Our legislators and regulators must take up their roles to get data use, and digital contract terms and conditions right for citizens, with simplicity and oversight. In doing so they will enable better protection against risks for commercial and non-profit orgs, while putting data subjects first.

To achieve greatness in a digital future we need: ‘people speaking the same language, then nothing they plan to do will be impossible for them’.

Ethics. It’s more than just a county east of London.

Let’s challenge decision makers to plant the best of what is human at the heart of the technology revolution: doing the right thing.

And from data, we will see the fruits of knowledge flourish.

******

1. Digital revolution by design: building for change and people
2. Digital revolution by design: barriers by design
3
. Digital revolution by design: infrastructures and the fruits of knowledge
4. Digital revolution by design: infrastructures and the world we want

Off the record – a case study in NHS patient data access

Patient online medical records’ access in England was promised by April 2015.

HSCIC_statsJust last month headlines abounded “GPs ensure 97% of patients can access summary record online“. Speeches carried the same statistics.  So what did that actually mean? The HSCIC figures released in May 2015 showed that while around 57 million patients can potentially access something of their care record only 2.5 million or 4.5% of patients had actively signed up for the service.

In that gap lies a gulf of a difference. You cannot access the patient record unless you have signed up for it, so to give the impression that 97% of patients can access a summary record online is untrue.  Only 4.5% can, and have done so. While yes, this states patients must request access, the impression is somewhat misrepresentative.

Here’s my look at what that involved and once signed up, what ‘access your medical records’ actually may mean in practice.

The process to getting access

First I wrote a note to the practice manager about a month ago, and received a phone call a few days later to pop in any time. A week later, I called to check before I would ‘pop in’ and found that the practice manager was not in every day, and it would actually have to be when she was.

I offered to call back and arrange a suitable date and time. Next call, we usefully agreed the potential date I could go in, but I’d have to wait to be sure that the paper records had first been retrieved from the external store (since another practice closed down ours had become more busy than ever and run out of space.) I was asked whether I had already received permission from the practice manager and to confirm that I knew there would be a £10 charge.

So, one letter, four phone calls and ten pounds in hard cash later, I signed a disclosure form this morning to say I was me and I had asked to see my records, and sat in a corner of the lovely practice manager’s office with a small thinly stuffed Lloyd George envelope, and a few photocopied or printed-out A4 pages  (so I didn’t get to actually look at my own on-screen record the GP uses) and a receipt.

What did my paper records look like?

My oldest notes on paper went back as far as 1998 and were for the most part handwritten. Having lived abroad since there was then a ten year gap until my new registration and notes moved onto paper prints of electronic notes.

These included referral for secondary care, correspondence between consultants and my GP and/or to and from me.

The practice manager was very supportive and tolerant of me taking up a corner of her office for half an hour. Clutching a page with my new log-in for the EMIS web for patient records access, I put the papers back, said my thank yous and set off home.

Next step: online

I logged on at home to the patient access system. Having first had it in 2009 when I registered, I hadn’t used the system since as it had very limited functionality, and I had had good health. Now I took the opportunity to try it again.

By asking the GP practice reception, I had been assigned a PIN, given the Practice ID, an Access ID and confirmation of my NHS number all needed entry in Step 1:

emis1

 

Step 2: After these on screen 2, I was asked for my name, DOB, and to create a password.

emis2

 

Step 3: the system generated a long number user ID which I noted down.

Step 4: I looked for the data sharing and privacy policy. Didn’t spot with whom data entered would be shared or for what purposes and any retention or restrictions of purposes. I’d like to see that added.

emis3
Success:

Logged on using my new long user ID and password, I could see an overview page with personal contact details, which were all accurate.  Sections for current meds, allergies, appointments, medical record, personal health record and repeats prescriptions. There was space for overview of height, BMI and basic lifestyle (alcohol and smoking) there too.

emis4c

 

A note from 2010 read: “refused consent to upload national. sharing. electronic record.” Appropriately some may perhaps think, this was recorded in the “problems” section, which was otherwise empty.

Drilling down to view the medication record,  the only data held was the single most recent top line prescription without any history.

emis4b

 

And the only other section to view was allergies, similarly and correctly empty:

emis5

The only error I noted was a line to say I was due an MMR immunization in June 2015. [I will follow up to check whether one of my children should be due for it, rather than me.]

What else was possible?

Order repeat prescription: If your practice offers this service there is a link called Make a request in the Repeat Prescriptions section of the home page after you have signed in. This was possible. Our practice already does it direct with the pharmacy.

Book an appointment: with your own GP from dates in a drop down.

Apple Health app integration: The most interesting part of the online access was this part that suggested it could upload a patient’s Apple health app data, and with active patient consent, that would be shared with the GP.

emis6

 

It claims: “You can consent to the following health data types being shared to Patient Access and added to your Personal Health Record (PHR):”

  • Height
  • Weight
  • BMI
  • Blood Glucose
  • Blood Pressure (Diastolic & Systolic)
  • Distance (walked per day)
  • Forced expired volume
  • Forced Vital capacity
  • Heart Rate
  • Oxygen Saturation
  • Peak Expiratory Flow
  • Respiratory rate
  • Steps (taken per day)

“This new feature is only available to users of IOS8 who are using the Apple Health app and the Patient Access app.”

 

With the important caveat for some: IOS 8.1 has removed the ability to manually enter Blood Glucose data via the Health app. Health will continue to support Blood Glucose measurements added via 3rd party apps such as MySugr and iHealth.

Patient Access will still be able to collect any data entered and we recommend entering Blood Glucose data via one of those free apps until Apple reinstate the capability within Health.

What was not possible:

To update contact details: The practice configures which details you are allowed to change. It may be their policy to restrict access to change some details only in person at the practice.

Viewing my primary care record: other than a current medication there was nothing of my current records in the online record. Things like test results were not in my online record at all, only on paper. Pulse noted sensible concerns about this area in 2013.

Make a correction: clearly the MMR jab note is wrong, but I’ll need to ask for help to remove it.

“Currently the Patient Access app only supports the addition of new information; however, we envisage quickly extending this functionality to delete information via the Patient Access service.” How this will ensure accuracy and avoid self editing I am unsure.

Questions: Who can access this data?

While the system stated that “the information is stored securely in our accredited data centre that deals solely with clinical data. ” there is no indication of where, who manages it and who may access it and why.

In 2014 it was announced that pharmacies would begin to have access to the summary care record.

“A total of 100 pharmacies across Somerset, Northampton, North Derbyshire, Sheffield and West Yorkshire will be able to view a patient’s summary care record (SCR), which contains information such as a patient’s current medications and allergies.”

Yet clearly in the Summary Care Record consent process in 2010 from my record, pharmacists were not mentioned.

Does the patient online access also use the Summary Care Record or not? If so, did I by asking for online access, just create a SCR without asking for one? Or is it a different subset of data? If they are different, which is the definitive record?

Overall:

From stories we read it could appear that there are broad discrepancies between what is possible in one area of the country from another, and between one practice and another.

Clearly to give the impression that 97% of patients can access summary records online is untrue to date if only 4.5% actually can get onto an electronic system, and see any part of their records, on demand today.

How much value is added to patients and practitioners in that 4.5% may vary enormously depending upon what functionality they have chosen to enable at different locations.

For me as a rare user of the practice, there is no obvious benefit right now. I can book appointments during the day by telephone and meds are ordered through the chemist. It contained no other information.

I don’t know what evidence base came from patients to decide that Patient Online should be a priority.

How many really want and need real time, online access to their records? Would patients not far rather the priority in these times of austerity, the cash and time and IT expertise be focused on IT in direct care and visible by their medics? So that when they visit hospital their records would be available to different departments within the hospital?

I know which I would rather have.

What would be good to see?

I’d like to get much clearer distinction between the data purposes we have of what data we share for direct and indirect purposes, and on what legal basis.

Not least because it needs to be understandable within the context of data protection legislation. There is often confusion in discussions of what consent can be implied for direct care and where to draw its limit.

The consultation launched in June 2014 is still to be published since it ended in August 2014, and it too blurred the lines between direct care and secondary purposes.  (https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data).

Secondly, if patients start to generate potentially huge quantities of data in the Apple link and upload it to GP electronic records, we need to get this approach correct from the start. Will that data be onwardly shared by GPs through care.data for example?

But first, let’s start with tighter use of language on communications. Not only for the sake of increased accuracy, but so that as a result expectations are properly set for policy makers, practitioners and patients making future decisions.

There are many impressive visions and great ideas how data are to be used for the benefit of individuals and the public good.

We need an established,  easy to understand, legal and ethical framework about our datasharing in the NHS to build on to turn benefits into an achievable reality.

Are care.data pilots heading for a breech delivery?

Call the midwife [if you can find one free, the underpaid overworked miracle workers that they are], the care.data ‘pathfinder’ pilots are on their way! [This is under a five minute read, so there should be time to get the hot water on – and make a cup of tea.]

I’d like to be able to say I’m looking forward to a happy new arrival, but I worry care.data is set for a breech birth. Is there still time to have it turned around? I’d like to say yes, but it might need help.

The pause appears to be over as the NHS England board delegated the final approval of directions to their Chair, Sir Malcolm Grant and Chief Executive, Simon Stevens, on Thursday May 28.

Directions from NHS England which will enable the HSCIC to proceed with their pathfinder pilots’ next stage of delivery.

“this is a programme in which we have invested a great deal, of time and thought in its development.” [Sir Malcolm Grant, May 28, 2015, NHS England Board meeting]

And yet. After years of work and planning, and a 16 month pause, as long as it takes for the gestation of a walrus, it appears the directions had flaws. Technical fixes are also needed before the plan could proceed to extract GP care.data and merge it with our hospital data at HSCIC.

And there’s lots of unknowns what this will deliver.**

Groundhog Day?

The public and MPs were surprised in 2014. They may be even more surprised if 2015 sees a repeat of the same again.

We have yet to hear case studies of who received data in the past and would now be no longer eligible. Commercial data intermediaries? Can still get data, the NHS Open Day was told. And they do, as the HSCIC DARS meeting minutes in 2015 confirm.

By the time the pilots launch, the objection must actually work, communications must include an opt out form and must clearly give the programme a name.

I hope that those lessons have been learned, but I fear they have not been. There is still lack of transparency. NHS England’s communications materials and May-Oct 2014 and any 2015 programme board minutes have not been published.

We have been here before.

Back to September 2013: the GPES Advisory Committee, the ICO and Dame Fiona Caldicott, as well as campaigners and individuals could see the issues in the patient leaflet and asked for fixes.The programme went ahead anyway in February 2014 and although foreseen, failed to deliver. [For some, quite literally.]

These voices aren’t critical for fun, they call for fixes to get it right.

I would suggest that all of the issues raised since April 2014, were broadly known in February 2014 before the pause began. From the public listening exercise,  the high level summary captures some issues raised by patients, but doesn’t address their range or depth.

Some of the difficult and unwanted  issues, are still there, still the same and still being ignored, at least in the public domain. [4]

A Healthy New Arrival?

How is the approach better now and what happens next to proceed?

“It seems a shame,” the Walrus said, “To play them such a trick, After we’ve brought them out so far, And made them trot so quick!” [Lewis Carroll]

When asked by a board member: What is it we seek to learn from the pathfinder approach that will guide us in the decision later if this will become a national approach? it wasn’t very clear. [full detail end of post]

First they must pass the tests asked of them by Dame Fiona [her criteria and 27 questions from before Christmas.] At least that was what the verbal background given at the board meeting explained.

If the pilots should be a dip in the water of how national rollouts will proceed, then they need to test not just for today, but at least for the known future of changing content scope and expanding users – who will pay for the communication materials’ costs each time?

If policy keeps pressing forward, will it not make these complications worse under pressure? There may be external pressure ahead as potential changes to EU data protection are expected this year as well, for which the pilot must be prepared and design in advance for the expectations of best practice.

Pushing out the pathfinder directions, before knowing the answers to these practical things and patient questions open for over 16 months, is surely backwards. A breech birth, with predictable complications.

If in Sir Malcolm Grant’s words:

“we would only do this  if we believed it was absolutely critical in the interests of patients.” [Malcom Grant, May 28, 2015, NHS England Board meeting]

then I’d like to see the critical interest of patients put first. Address the full range of patient questions from the ‘listening pause’.

In the rush to just fix the best of a bad job, we’ve not even asked are we even doing the right thing? Is the system designed to best support doctor patient needs especially with the integration “blurring the lines” that Simon Stevens seems set on.

If  focus is on the success of the programme and not the patient, consider this: there’s a real risk too many opt out due to these unknowns. And lack of real choice on how their data gets used. It could be done better to reduce that risk.

What’s the percentage of opt out that the programme deems a success to make it worthwhile?

In March 2014, at a London event, a GP told me all her patients who were opting out were the newspaper reading informed, white, middle class. She was worried that the data that would be included, would be misleading and unrepresentative of her practice in CCG decision making.

medConfidential has written a current status for pathfinder areas that make great sense to focus first on fixing care.data’s big post-election question the opt out that hasn’t been put into effect. Of course in February 2014 we had to choose between two opt outs -so how will that work for pathfinders?

In the public interest we need collectively to see this done well. Another mis-delivery will be fatal. “No artificial timelines?”

Right now, my expectations are that the result won’t be as cute as a baby walrus.

******

Notes from the NHS England Board Meeting, May 28, 2015:

TK said:  “These directions [1] relate only to the pathfinder programme and specify for the HSCIC what data we want to be extracted in the event that Dame Fiona, this board and the Secretary of State have given their approval for the extraction to proceed.

“We will be testing in this process a public opt out, a citizen’s right to opt out, which means that, and to be absolutely clear if someone does exercise their right to opt out, no clinical data will be extracted from their general practice,  just to make that point absolutely clearly.

“We have limited access to the data, should it be extracted at the end of the pathfinder phase, in the pathfinder context to just four organisations: NHS England, Public Health England, the HSCIC and CQC.”

“Those four organisations will only be able to access it for analytic purposes in a safe, a secure environment developed by the Information Centre [HSCIC], so there will be no third party hosting of the data that flows from the extraction.

“In the event that Dame Fiona, this board, the Secretary of State, the board of the Information Centre, are persuaded that there is merit in the data analysis that proceeds from the extraction, and that we’ve achieved an appropriate standard of what’s called fair processing, essentially have explained to people their rights, it may well be that we proceed to a programme of national rollout, in that case this board will have to agree a separate set of directions.”

“This is not signing off anything other than a process to test communications, and for a conditional approval on extracting data subject to the conditions I’ve just described.”

CD said: “This is new territory, precedent, this is something we have to get right, not only for the pathfinders but generically as well.”

“One of the consequences of having a pathfinder approach, is as Tim was describing, is that directions will change in the future. So if we are going to have a truly fair process , one of the things we have to get right, is that for the pathfinders, people understand that the set of data that is extracted and who can use it in the pathfinders, will both be a subset of, the data that is extracted and who can use it in the future. If we are going to be true to this fair process, we have to make sure in the pathfinders that we do that.

“For example, at the advisory group last week, is that in the communication going forward we have to make sure that we flag the fact there will be further directions, and they will be changed, that we are overt in saying, subject to what Fiona Caldicott decides, that process itself will be transparent.”

Questions from Board members:
Q: What is it we seek to learn from the pathfinder approach that will guide us in the decision later if this will become a national approach?
What are the top three objectives we seek to achieve?

TK: So, Dame Fiona has set a series of standards she expects the pathfinders to demonstrate, in supporting GPs to be able to discharge this rather complex communication responsibility, that they have under the law  in any case.

“On another level how we can demonstrate that people have adequately understood their right to opt out [..]

“and how do we make sure that populations who are relatively hard to reach, although listed with GPs, are also made aware of their opportunity to opt out.

Perhaps it may help if I forward this to the board, It is in the public domain. But I will forward the letter to the board.”

“So that lays out quite a number of specific tangible objectives that we then have to evaluate in light of the pathfinder experience. “

Chair: “this is a programme in which we have invested a great deal, of time and thought in its development, we would only do this  if we believed it was absolutely critical in the interests of patients, it was something that would give us the information the intelligence that we need to more finely attune our commissioning practice, but also to get real time intelligence about how patients lives are lived, how treatments work and how we can better provide for their care.

“I don’t think this is any longer a matter of huge controversy, but how do we sensitively attune ourselves to patient confidentiality.”

“I propose that […] you will approve in principle the directions before you and also delegate to the Chief Executive and to myself to do final approval on behalf of the board, once we have taken into account the comments from medConfidential and any other issues, but the substance will remain unchanged.”

******

[4] request for the release of June 2014 Open House feedback still to be published in the hope that the range and depth of public questions can be addressed.

care.data comms letter

******
“The time has come,” the walrus said, “to talk of many things.”
[From ‘The Walrus* and the Carpenter’ in Through the Looking-Glass by Lewis Carroll]

*A walrus has a gestation period of about 16 months.
The same amount of time which the pause in the care.data programme has taken to give birth to the pathfinder sites.

references:
[1] NHS England Directions to HSCIC: May 28 2015 – http://www.england.nhs.uk/wp-content/uploads/2015/05/item6-board-280515.pdf
[2] Notes from care.data advisory group meeting on 27th February 2015
[3] Patient questions: https://jenpersson.com/pathfinder/
[4] Letter from NHS England in response to request from September, and November 2014 to request that public questions be released and addressed

Nothing to fear, nowhere to hide – a mother’s attempt to untangle UK surveillance law and programmes

“The Secret Service should start recruiting through Mumsnet to attract more women to senior posts, MPs have said.”
[SkyNews, March 5, 2015]

Whilst we may have always dreamed of being ‘M’, perhaps we can start by empowering all Mums to understand how real-life surveillance works today, in all our lives, homes and schools.

In the words of Franklin D. Roosevelt at his 1933 inaugural address:

“This is preeminently the time to speak the truth, the whole truth, frankly and boldly…

“Let me assert my firm belief that the only thing we have to fear is fear itself—nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance.”

It is hard to know in the debate in the ‘war on terror’, what is truthful and what is ‘justified’ fear as opposed to ‘nameless and unreasoning.’

To be reasoned, we need to have information to understand what is going on and it can feel that picture is complex and unclear.

What concrete facts do you and I have about terrorism today, and the wider effects it has on our home life?

If you have children in school, or are a journalist, a whistleblower, lawyer or have thought about the effects of the news recently, it may affect our children or any of us in ways which we may not expect.

It might surprise you that it was surveillance law that was used to track a mother and her children’s [1] movements when a council wasn’t sure if her school application was for the correct catchment area. [It legally used the Regulation of Investigatory Powers Act 2000, (RIPA) [2]

Recent headlines are filled with the story of three more girls who are reported to have travelled to Syria.

As a Mum I’d be desperate for my teens, and I cannot imagine what their family must feel. There are conflicting opinions, and politics,  but let’s leave that aside. These girls are each somebody’s daughter, and at risk.

As a result MPs are talking about what they should be teaching in schools. Do parents and citizens agree, and do we know what?

Shadow business secretary Chuka Umunna, Labour MP told Pienaar’s Politics on BBC Radio 5 Live: “I really do think this is not just an issue for the intelligence services, it’s for all of us in our schools, in our communities, in our families to tackle this.”

Justice Minister Simon Hughes told Murnaghan on Sky News it was important to ensure a counter-argument against extremism was being made in schools and also to show pupils “that’s not where excitement and success should lie”. [BBC 22 February 2015]

There are already policies in schools that touch all our children and laws which reach into our family lives that we may know little about.

I have lots of questions what and how we are teaching our children about ‘extremism’ in schools and how the state uses surveillance to monitor our children’s and our own lives.

This may affect all schools and places of education, not those about which we hear stories about in the news, so it includes yours.

We all want the best for our young people and security in society, but are we protecting and promoting the right things?

Are today’s policies in practice, helping or hardening our children’s thinking?

Of course I want to see that all our kids are brought up safe. I also want to bring them up free from prejudice and see they get equal treatment and an equal start in life in a fair and friendly society.

I think we should understand the big picture better.

1. Do you feel comfortable that you know what is being  taught in schools or what is done with information recorded or shared by schools or its proposed expansion to pre-schools about toddlers under the Prevent programme?.

2. Do government communications’ surveillance programmes in reality, match up with real world evidence of need, and how is it measured to be effective?

3. Do these programmes create more problems as side-effects we don’t see or don’t measure?

4. If any of our children have information recorded about them in these programmes, how is it used, who sees it and for what purposes?

5. How much do we know about the laws brought in under the banner of ‘counter-terror’ measures, and how they are used for all citizens in everyday life?

We always think unexpected things will happen to someone else, and everything is rightfully justified in surveillance, until it isn’t.

Labels can be misleading.

One man’s terrorist may be another’s freedom fighter.

One man’s investigative journalist is another’s ‘domestic extremist.’

Who decides who is who?

Has anyone asked in Parliament: Why has religious hate crime escalated by 45% in 2013/14 and what are we doing about it? (up 700 to 2, 273 offences, Crime figures [19])

These aren’t easy questions, but we shouldn’t avoid asking them because it’s difficult.

I think we should ask: do we have laws which discriminate by religion, censor our young people’s education, or store information about us which is used in ways we don’t expect or know about?

Our MPs are after all, only people like us, who represent us, and who make decisions about us, which affect us. And on 7th May, they may be about to change.

As a mother, whoever wins the next General Election matters to me because it will affect the next five years or more, of what policies are made which will affect our children, and all of us as citizens.

It should be clear what these programmes are and there should be no reason why it’s not transparent.

“To counter terrorism, society needs more than labels and laws. We need trust in authority and in each other.”

We need trust in authority and in each other in our society, built on a strong and simple legal framework and founded on facts, not fears.

So I think this should be an election issue. What does each party plan on surveillance to resolve the issues outlined by journalists, lawyers and civil society? What applied programmes does each party see that will be, in practical terms: “for all of us in our schools, in our communities, in our families to tackle this.”

If you agree, then you could ask your MP, and ask your prospective parliamentary candidates. What is already done in real life and what are their future policies?

Let’s understand ‘the war on terror’ at home better, and its real impacts. These laws and programmes should be transparent, easy to understand, and not only legal, but clearly just, and proportionate.

Let’s get back to some of the basics, and respect the rights of our children.

Let’s start to untangle this spaghetti of laws; the programmes, that affect us in practice; and understand their measures of success.

Solutions to protecting our children, are neither simple or short term. But they may not always mean more surveillance.

Whether the Secret Service will start recruiting through Mumsnet or not, we could start with better education of us all.

At very least, we should understand what ‘surveillance’ means.

****

If you want to know more detail, I look at this below.

The laws applied in Real Life

Have you ever looked at case studies of how surveillance law is used?

In  one case, a mother and her children’s [1] movements were watched and tracked when a council wasn’t sure if her school application was for the correct catchment area. [It legally used the Regulation of Investigatory Powers Act 2000, (RIPA) [2]

Do you think it is just or fair that  a lawyer’s conversations with his client [3] were recorded and may have been used preparing the trial – when the basis of our justice system is innocent until proven guilty?

Or is it right that journalists’ phone records could be used to identify people by the police, without telling the journalists or getting independent approval, from a judge for example?

ft

These aren’t theoretical questions but stem from real-life uses of laws used in the ‘counter terrorism’ political arena and in practice.

Further programmes store information about every day people which we may find surprising.

In November 2014 it was reported that six British journalists [4] had found out personal and professionally related information had been collected about them, and was stored on the ‘domestic extremist’ database by the Metropolitan Police in London.

They were not criminal nor under surveillance for any wrongdoing.

One of the journalists wrote in response in a blog post on the NUJ website [5]:

“…the police have monitored public interest investigations in my case since 1999. More importantly if the police are keeping tabs on a lightweight like myself then they are doing the same and more to others?”

Ever participated in a protest and if not reported on one?

‘Others’ in that ‘domestic extremist list’ might include you, or me.

Current laws may be about to change [6] (again) and perhaps for the good, but will yet more rushed legislation in this area be done right?

There are questions over the detail and what will actually change. There are multiple bills affecting security, counter-terrorism and data access in parliament, panels and reviews going on in parallel.

The background which has led to this is the culmination of lots of concern and pressure over a long period of time focuses on one set of legal rules, in the the Regulation of Investigatory Powers Act (RIPA).

The latest draft code of practice [7] for the Regulation of Investigatory Powers Act (RIPA) [8] allows the police and other authorities to continue to access journalists’ and other professionals’ communications without any independent process or oversight.

‘Nothing to hide, nothing to fear’, is a phrase we hear said of surveillance but as these examples show, its use is widespread and often unexpected, not in extremes as we are often told.

David Cameron most recently called for ever wider surveillance legislation, again in The Telegraph, Jan 12 2015  saying:[9]

“That is why in extremis it has been possible to read someone’s letter, to listen to someone’s telephone, to mobile communications.”

Laws and programmes enable and permit these kinds of activity which are not transparent to the broad public. Is that right?

The Deregulation bill has changes, which appear now to have been amended to keep the changes affecting journalists in PACE [10] laws after all, but what effects are there for other professions and how exactly will this change interact with further new laws such as the Counter Terrorism and Security Act [p20]? [11]

It’s understandable that politicians are afraid of doing nothing, if a terrorist attack takes place, they are at risk of looking like they failed.

But it appears that politicians may have got themselves so keen to be seen to be doing ‘something’ in the face of terror attacks, that they are doing too much, in the wrong places, and we have ended up with a legislative spaghetti of simultaneous changes, with no end in sight.

It’s certainly no way to make legal changes understandable to the British public.

Political change may come as a result of the General Election. What implications will it have for the applied ‘war-on-terror’ and average citizen’s experience of surveillance programmes in real life?

What do we know about how we are affected? The harm to some in society is real, and is clearly felt in some, if not all communities. [12]

Where is the evidence to include in the debate, how laws affect us in real life and what difference they make vs their intentions?

Anti-terror programmes in practice; in schools & surgeries

In addition to these changes in law, there are a number of programmes in place at the moment.

The Prevent programme?[16] I already mentioned above.

Its expansion to wider settings would include our children from age 2 and up, who will be under an additional level of scrutiny and surveillance [criticism of the the proposal has come across the UK].

How might what a three year old says or draws be interpreted, or recorded them about them, or their family? Who accesses that data?

What film material is being produced that is: ” distributed directly by these organisations, with only a small portion directly badged with government involvement” and who is shown it and why? [Review of Australia‘s Counter Terror Machinery, February 2015] [17]

What if it’s my child who has something recorded about them under ‘Prevent’? Will I be told? Who will see that information?  What do I do if I disagree with something said or stored about them?

Does surveillance benefit society or make parts of it feel alienated and how are both its intangible cost and benefit measured?

When you combine these kinds of opaque, embedded programmes in education or social care  with political thinking which could appear to be based on prejudice not fact [18], the outcomes could be unexpected and reminiscent of 1930s anti-religious laws.

Baroness Hamwee raised this concern in the Lords on the 28th January, 2015 on the Prevent Programme:

“I am told that freedom of information requests for basic statistics about Prevent are routinely denied on the basis of national security. It seems to me that we should be looking for ways of providing information that do not endanger security.

“For instance, I wondered how many individuals are in a programme because of anti-Semitic violence. Over the last day or two, I have been pondering what it would look like if one substituted “Jewish” for “Muslim” in the briefings and descriptions we have had.” Baroness Hamwee:  [28 Jan 2015 : Column 267 -11]

“It has been put to me that Prevent is regarded as a security prism through which all Muslims are seen and that Muslims are suspect until proved otherwise. The term “siege mentality” has also been used.

“We have discussed the dangers of alienation arising from the very activities that should be part of the solution, not part of the problem, and of alienation feeding violence. […]

“Transparency is a very important tool … to counter those concerns.”

Throughout history good and bad are dependent on your point of view. In 70s London, but assuming today’s technology, would all Catholics have come sweepingly under this extra scrutiny?

“Early education funding regulations have been amended to ensure that providers who fail to promote the fundamental British values of democracy, the rule of law, individual liberty and mutual respect and tolerance for those with different faiths and beliefs do not receive funding.” [consultation guidance Dec 2014]

The programme’s own values seem undermined by its attitudes to religion and individual liberty. On universities the same paragraph on ‘freedom of speech’ suggests restrictive planning measures on protest meetings and IT surveillance for material accessed for  ‘non-research purposes’.

School and university is a time when our young people explore all sorts of ideas, including to be able to understand and to criticise them. Just looking at material online should not necessarily have any implications.  Do we really want to censor what our young people should and should not think about, and who is deciding the criteria?

For families affected by violence, nothing can justify their loss and we may want to do anything to justify its prevention.

But are we seeing widespread harm in society as side effects of surveillance programmes?

We may think we live in a free and modern society. History tells us all too easily governments can change a slide into previously unthinkable directions. It would be complacent to think, ‘it couldn’t happen here.’

Don’t forget, religious hate crime escalated by 45% in 2013/14 Crime figures [19])

Writers self-censor their work.  Whistleblowers may not come forward to speak to journalists if they feel actively watched.

Terrorism is not new.

Young people with fervour to do something for a cause and going off ‘to the fight’ in a foreign country is not new.

In the 1930s the UK Government made it illegal to volunteer to fight in Spain in the civil war, but over 2,000 went anyway.

New laws are not always solutions. especially when ever stricter surveillance laws, may still not mean any better accuracy of terror prevention on the ground. [As Charlie Hebdo and Copenhagen showed. in these cases the people involved were known to police. In the case of Lee Rigby it was even more complex.]

How about improving our citizens’ education and transparency about what’s going on & why, based on fact and not fear?

If the state shouldn’t nanny us, then it must allow citizens and parents the transparency and understanding of the current reality, to be able to inform ourselves and our children in practical ways, and know if we are being snooped on or surveillance recorded.

There is an important role for cyber experts in/and civil society to educate and challenge MPs on policy. There is also a very big gap in practical knowledge for the public, which should be addressed.

Can  we trust that information will be kept confidential that I discuss with my doctor or lawyer or if I come forward as a whistleblower?

Do I know whether my email and telephone conversations, or social media interactions are being watched, actively or by algorithms?

Do we trust that we are treating all our young people equally and without prejudice and how are we measuring impact of programmes we impose on them?

To counter terrorism, society needs more than labels and laws

We need trust in authority and in each other in our society, built on a strong and simple legal framework and founded on facts, not fears.

If the Prevent programme is truly needed at this scale, tell us why and tell us all what our children are being told in these programmes.

We should ask our MPs even though consultation is closed, what is the evidence behind the thinking about getting prevent into toddler settings and far more? What risks and benefits have been assessed for any of our children and families who might be affected?

Do these efforts need expanded to include two-year-olds?

Are all efforts to keep our kids and society safe equally effective and proportionate to potential and actual harm caused?

Alistair MacDonald QC, chairman of the Bar Council, said:

‘As a caring society, we cannot simply leave surveillance issues to senior officers of the police and the security services acting purportedly under mere codes of practice.

What is surely needed more than ever before is a rigorous statutory framework under which surveillance is authorised and conducted.”

Whether we are disabled PIP protesters outside parliament or mothers on the school run, journalists or lawyers, doctors or teachers, or anyone, these changes in law or lack of them, may affect us. Baroness Hamwee clearly sees harm caused in the community.

Development of a future legislative framework should reflect public consensus, as well as the expert views of technologists, jurists, academics and civil liberty groups.

What don’t we know? and what can we do?

According to an Ipsos MORI poll for the Evening Standard on October 2014 [20] only one in five people think the police should be free to trawl through the phone records of journalists to identify their sources.

Sixty-seven per cent said the approval of a judge should be obtained before such powers are used.

No one has asked the public if we think the Prevent programme is appropriate or proportionate as far as I recall?

Who watches that actions taken under it, are reasonable and not reactionary?

We really should be asking; what are our kids being shown, taught, informed about or how they may be  informed upon?

I’d like all of that in the public domain, for all parents and guardians. The curriculum, who is teaching and what materials are used.

It’s common sense to see that young people who feel isolated or defensive are less likely to talk to parents about their concerns.

It is a well known quote in surveillance “Nothing to hide, nothing to fear.” But this argument is flawed, because information can be wrong.

‘Nothing to fear, nowhere to hide’, may become an alternative meme we hear debated again soon, about surveillance if the internet and all communications are routinely tracked, without oversight.

To ensure proper judicial oversight in all these laws and processes – to have an independent judge give an extra layer of approval – would restore public trust in this system and the authority on which it depends.

It could pave the way for a new hope of restoring the checks and balances in many governance procedures, which a just and democratic society deserves.

As Roosevelt said: “let me assert my firm belief that the only thing we have to fear is fear itself—nameless, unreasoning, unjustified terror.”

 

******

[On Channel4OD: Channel 4 – Oscar winning, ‘CitizenFour’  Snowden documentary]

References:

[1] The Guardian, 2008, council spies on school applicants

[2] Wikipedia RIPA legislation

[3] UK admits unlawfully monitoring communications

[4] http://www.theguardian.com/uk-news/2014/nov/20/police-legal-action-snooping-journalists

[5] Journalist’s response

[6] SOS Campaign

[7] RIPA Consultation

[8] The RIPA documents are directly accessible here

[9] The Telegraph

[10] Deregulation Bill

[11] Counter Terrorism and Security Act 2015

[12] Baroness Hamwee comments in the House of Lords [Hansard]

[13] Consultation response by charity Children in Scotland

[14] The Telegraph, Anti-terror plan to spy on toddlers ‘is heavy-handed’

[15] GPs told to specify counter terrorism leads [Prevent]

[16] The Prevent programme, BBC / 2009 Prevent programme for schools

[17] Review of Australia’s CT Machinery

[18] Boris Johnson, March 2014

[19] Hate crime figures 2013-14

[20] Ipsos MORI poll, October 2014

 

******

 image credit: ancient history

MORE: click the link below

Continue reading “Nothing to fear, nowhere to hide – a mother’s attempt to untangle UK surveillance law and programmes” »

The care.data coach ride: communications – all change or the end of the line?

Eleven months ago, care.data was put on hold and promises made to listen to professional and public opinion, which would shape programme improvement.

Today, Sir Bruce Keogh of NHS England said: “an unprecedented shift of resources and care into GP surgeries was necessary to help the NHS withstand the twin pressures of rising demand and tight budgets.”
[The Guardian, 19 Jan 2015]

care.data right now, seems like the straw on the camel’s back that GPs do not need, and that in its current format, many patients do not want.

Why the rush to get it implemented and will the costs of doing so, – to patients, to professionals and to the programme – be worth it?

What has NHS England heard from these listening events?

The high level ‘you said, we did’ document, sharing some of the public concerns raised with care.data, has been published by NHS England.

It is an aggregated, high level presentation, but I wonder if it really offers much more insight than everyone knew a year ago? It’s a good start, but does it suggest any real changes have taken place as a result of listening and public feedback?

Where are we now, what does it tell us, and how will it help?

Some in the media argue, like this article, that a:

“massive privacy campaign effectively put a halt to it last year.”

In reality it was the combination of the flaws in the care.data plans for the GP  data extraction and sharing programme, and past NHS data sharing practices, which was its own downfall.

Campaigners merely pointed these flaws out.

Once they were more apparant, many bodies involved in good data sharing and those with concerns for confidentiality, came together with suggestions to make improvements.

But to date and a year after patients first became aware of the issues, even this collaboration has not yet solved patients’ greatest concern, that data is being given, without the individuals’ knowledge or consent, to third parties for non-clinical care, without oversight once they receive it.

The HSCIC 2013-15 Roadmap outlined HSCIC  would ‘agree a plan for addressing the barriers to entry into the market for new commercial ventures’ using our data provided by the HSCIC and:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

 

Working with care.data was first promised, to ‘innovators of all kinds’  just as HES was delivered to commercial businesses, [including reportedly Google, and PA Consulting getting 15 years of NHS data], all with unclear and  unproven patient benefit or UK plc economic development and gain.

 

Patients are concerned about this.

 

They have asked about the assurance given that the purposes are more defined but still don’t rule out commercial users, re-use licences have not been categorically ruled out, and patients have asked further, detailed questions, which are still open.

View some of them for yourself here:  including coercion, disability inclusion, and time and time again concerns over the accuracy and quality of records, which may be uploaded, and mistakes never deleted upon which judgments are made, from records which the patient may never have seen.

care.data events have been hosted by and held for a group of charities, other care.data listening events held by the care.data advisory group, [include Peterborough and Coin Street, London]  [you can view the 26th November Manchester event with questions from 33 minutes in] and those held as part of the NHS Open House event in June [from 01:13.06 in the NHS Open House video], all asked sensible detailed questions on process and practice which are still to be addressed, which are not in the high level ‘you said, we did.’

Technical and practical processes of oversight have been changed to improve the way in which data was shared, but what about data use that has been the crux of patient concern?

How will the questions that remain unanswered be addressed? – because it seems the patient letter, posters and flyers won’t do it.

What now?

Communications are rolling out in pathfinders

All year the message has been the same: communication was poor.

“We have heard, loud and clear, that we need to be clearer about the care.data programme and that we need to provide more support to GPs to communicate the benefits and the risks of data sharing with their patients, including their right to opt out.” [October 2014, Mr. Kelsey, NHS England]

The IIGOP report on care.data outlined in December 2014 what still remains to be done and the measures required for a success.

These go far beyond communications issues.

But if pathfinders are being asked to spend time and money now, it must be analysed now, what will new communications materials look like, compared with those from a year ago.

Whilst I would agree that communications were poor, the question that remains to be asked is why? Why was communication poor? Why did a leaflet that was criticised by ICO, criticised by the GPES advisory group, criticised by many more and glaringly a failed piece of communication to outsiders, why was all that advice and criticism ignored and it got sent [or not sent] to patients across England?

[Sept 2013 GPES Advisory] “The Group also had major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”.

We could say it doesn’t matter. However it is indicative of the same issues now, as then, and throughout the year. There has been lots of positive advice given, shared, and asked for at patient listening events. If this is the extent of “you said, we did”, feedback is still being ignored. That matters.

Because if it continues to be, any new communications will have the same failure-to-launch that they did a year ago.

In the last year we have heard repeatedly, that the pause will enable the reshaping of communications materials.

Sadly, the bell hasn’t rung yet, on what really needs done. It looks to me as though the communications people have done their best, dealing with glaring gaps in content.

Communications materials are not ready, because it’s not clear where care.data is going, or what’s the point of the trip.

bellbroken

 

All change?

It has failed to address the programme as a change issue.

That is what it is at its core, and it is this failure which explains why it has met so much resistance.

If the 26th November Manchester questions are anything to go by the reason for the change as to why our data is needed at all, remains very unclear, for professionals and patients.

How patients will be empowered to manage its ongoing changes into the future, is also undefined.

In addition, there has been little obvious, measurable change in the substance of the programme communication in the last 12 months.

New materials suggest no real changes have taken place as a direct result of listening to public feedback at all. They may have from feedback that was given before the pause, but what impact has the pause had?

If you disagree, look over the GP care.data leaflet from 2013 and see what changes you would make now. Look at the 2013 patient leaflet and see what substantial improvement there is. Look at the basic principles of data protection and see if the care.data programme communications clearly and simply address them any better now.

What are the new plans for new communications, and how do they pick up on the feedback given at ‘hundreds’ of listening events?

The communications documents are a good start at addressing a complex set of questions.

However, whilst they probably meet their spec it doesn’t meet their stated objective: to show clear ‘we did’ nor a clear future action plan.

The listening feedback may have been absorbed, but hasn’t generated any meaningful new communications output.

It shows as far as listening goes, real communications in this one-way format, may have reached the end of the line.

How can patients make a decision on an unknown?

The new communications in posters and the ‘you said, we did’, state that access to the information collected will be limited in the pathfinder – but it does not address the question in the longer term.

This is a key question for patients.

It should be simple. Who will have access to my data and why?

No caveats, no doubts, no lack of clarity.

Patients should be properly informed how ALL their data is being used that is held by HSCIC. The opt out talked in February 2014 of two options; for data to be extracted under care.data at GPs and all the other data already stored at the HSCIC from hospitals and elsewhere. To explain those two different options patients first need told about all the data which is stored, and how it is used.

Talk about the linkage with other datasets, the future extraction and use of social care data, the access given via the back office to police and other non-health government departments. Stop using ‘your name will not be used’ in materials like the original patient leaflet – It may be factual for care.data per se, but is misleading on what of our personal data is extracted and used without our consent or awareness – most of us don’t know the PDS extracts name at all.

Being cagey does not  build trust. Incomplete explanation of uses would surely not meet the ICO data protection requirements of fair processing either. And future uses remain unexplained.

For care.data this is the unknown.

NHS England is yet to publish any defined future use and scope change process, though its plan is clearly mapped:

caredatatimeline

 

There must be a process of how to notify patients either of what will be extracted, or who will be given access to use it > a change process. A basic building block for fair processing. Not a back door.

It needs to address: how is a change identified, who will be notified within what time frame before the extraction, how will the training and access changes be given, and how will patients be informed of the change in what may be extracted or who may be using it and be given the right to change their opt in / out selection. The law requires fair processing BEFORE the change happens.

We patients should also be made aware what impact this choice has on data already extracted, and that nothing will be deleted from our history. Even if its clearly a mistake. How does that affect reports?

Communication is impossible whilst the content & scope is moving.

I’ve been banging on, quite frankly,  about scope, since March.

This is what needs done. Pull over, and get the fixes done.

> Don’t roll out any comms in a pathfinder yet. They’re not ready.

> First sort out the remaining substance so you know what it is that materials are communicating.  What, who, why, when, how?

The IIGOP report lists clearly all that needs done and how to measure their success: it’s not communications, it’s content.

The final technical, security and purposes pieces still need resolved; practical questions on opt out,  legislation needed to make sure the  opt out really is robust, that the so-called ‘one strike and out’ isn’t just a verbal assurance but actually happens, and that future access is defined beyond the pathfinder – who will have access at and outside the new secure lab – not only for the pilot, but future.

Get the definition of scope limited so as to meet fair processing, and get the future scope change communication process ironed out.

How will patients be communicated to not only now, not in a pathfinder, but for every change that happens in the future which has a fair processing requirement?

Only then can the programme start to truly address change and communications with meaningful messages. Until then, it’s PR.

Once you know what you’re saying, how to say it becomes easy.

If it’s not proving easy to do well, we need to ask why.

change>>>References>>>

 1. You said, we did NHS England presentation

2. IIGOP report into care.data

3. Pharmacists to access DWP data – example of scope change who accesses data and why, which fails fair processing without a change process in place to communicate

>>>>>>>>>

For anyone interested in considering the current materials in detail, see below: this doesn’t address the posters shared in the Manchester event or what is missing, but many of the messages are the same as in the ‘you said, we did’ and it’s a start.

>>>>>>>>>

Addendum:

1. The “co-production” approach to materials

2. Why a scope change management process is vital to trust for care.data.

3. Some feedback on the high level ‘you said, we did’ document

4. What do communications require to improve from those before?
5. Hard questions

 

1. The “co-production” approach to materials

The IIGOP report on care.data outlined in December 2014 asked a very sound question on page 8:

“What are the implications of using locally developed communications material (“co-production”) for subsequent national rollout ?”
The Programme is developing a “co-production” approach to initial GP and patient-facing material, based on feedback from the care.data “listening period” and from local events and formal research.
“The intent is to ensure that there is local ownership of material used to communicate with professionals and patients in the Pathfinder stage.”
To ask a basic tenet of change management: what’s in it for them?
It’s unclear to what level of detail the national materials will go, and how much local sites will create.

 

If I were at CCG or GP level and responsible for ‘local ownership’ of communications from this national programme, I’d be asking myself why I am expected to reinvent the wheel? I’d want to use national standards as far as possible.

Why should local organisations have to produce or design materials which should be communicating the intent of a programme whose purpose is to be identical for every one of the 62 million in England registered with a GP? Let’s hope the materials are national.

What benefit will a local level site see, by designing their own materials – it will cost time and money – where’s the benefit for the patients in each practice, for the GPs and the programme?
Is it too cynical to ask, has NHS England not got the resources to do this well and deliver ready-done?
If so, I should urge a rethink at national level, because in terms of time and people’s effort this multiple duplication will be a costly alternative.
It also runs the risk of costly mistakes in accuracy and inconsistency.
There appears to date to be no plan yet how future changes will be communicated. This must be addressed before the pathfinder and in any current communication, and all local sites need the same answer because the new decisions on extraction, will be at national level.

2. Some feedback on the high level ‘you said, we did’ document:

page 9: “present the benefits” – this fails to do so  – this is however not a failing of this presentation – there is simply still no adequate cost benefit document available in the public domain.

page 11: “keep data safe” – the secure lab is mentioned – a great forwards step compared with HES access – and it states analysts will only access it there in the pathfinder – but what about after that?

page 13: “explain the opt out clearly”: “You can opt out at any time. Just talk to your GP Practice.” > I have, but as far as I know my data is still released by the HSCIC from HES and wider secondary collections of data, which I did not know were extracted and did not consent to being used for secondary purposes. Opt out doesn’t appear to actually work. Please let me know if that’s a misunderstanding on my part. I’d be delighted to hear it is functional.

page 15: “legislative changes” – the biggest concern patients raise over and over again, is sharing data beyond their direct care with commercial companies and for non-NHS purposes. This has not been excluded. No way round that. No matter how you word it and made harder by the fact that data was released from HES in July to Experian for use in mosaic. If that makes the definition, then it’s loose.

The one-strike-and-out is not mentioned in materials, although it was discussed on Nov 26th in Manchester. When is the legislation to actually happen?

Both this and the opt out are still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

page 17: “access safeguards” – the new audit trail is an excellent step. But doesn’t help patients know if OUR data was used, it’s generic. We need some sort of personal audit trail of our consent, and show how it is respected in what data is released, to who, when, and why. The over emphasis of ‘only with legal access’ is overdone as 251 has been used to approve data access for years without patient knowledge or consent. If it is to be reassuring, it is somewhat misleading; data is shared much more widely than patients know. If it is to answer questions asked in the listening feedback events, there needs to be an explanation of how the loop will be closed to feed the information back and how it will be of concrete benefit.

And in general:

Either “this will not affect the care you receive”  or it will. Both sentences cannot be true.  Either way, there should be no coercion of participation:

“If you decide to opt out it won’t affect the care and treatment you receive. However, if significant amounts of people do opt out, we won’t be able to collect enough information to help us improve NHS services across the nation.”
Agreement must in usual medical environments, be given voluntarily and freely, without pressure or undue influence being exerted on the person either to accept or refuse.

3. What do communications require to improve from those before?

a. Lessons Learned for improvement:

The point of the pause was in order to facilitate the changes and improvement needed in the programme, whose flaws were the reason to stop in February. All the questions need shared so that all the CCGs can benefit from all the learning. If all the flaws are not discussed openly, how can they be fixed? Not only being fixed, but being seen to be fixed would be productive and useful for the programme. [The IIGOP report on care.data outlined in December 2014 covers these.]

b. Consistency:

Raw feedback will be vital for CCGs and GP practices to have. It has not been released and the ‘you said, we did’ is a very high level aggregate of what was clear last February. Since then, the detailed questions are what should be given to give all involved the information to able to understand, and to have the answers for consistently.

This way they will be properly prepared for the questions they may get in any pilot rollout. If questions have already been asked in one place, the exact same answer should be reproduced in another.

c. Time-saving:

If the same question has already been asked at a national or regional event, why make the local level search for the same answer again?  This could be costly and pointless multiplied many times over.

d. Accuracy:

Communications aren’t always delivered correctly. They can be open to misinterpretation or that the comms team simply gets facts wrong.  That would fail data protection requirements and fail to protect GPs. How will this accuracy be measured if done at local level and how will it be measured and by whom?

The IIGOP report asked: “What are the success criteria for the Pathfinders? How will we know what has worked and what has not? “

I know from my own experience that either the communications team or consultants can misunderstand the facts, or something can easily become lost in translation, from the technical theory to the tangible explanation.

4. Future change: Control of scope change for linkage and  access

Current communications may address the current pathfinder extraction, but they are not fit for purpose for a rollout which is intended to be long term and ever changing.

So what exactly is it piloting? – a “mini” approach? – if so, to what purpose? or is it just hoping to get X amount of data in, done and dusted, as ‘a start.’

If the pathfinder patients are only told a sub-set of information in a pilot rollout, we should ask:

a. why? Is this in order to make the idea sound more appealing?

b. how will it be ensured that their consent, or lack of objection, is fully informed and therefore meets Data Protection requirements?

and finally

c. how will future changes be communicated? This must be addressed before the pathfinder and in any current communication.

For example; who gets access to data may change so you can’t say only “” access to the information collected will only be given to a limited number of approved analysts who will have to travel to a new secure data facility that the HSCIC is setting up.”

Pharmacists who have access to this data for direct care, may also now be getting access to DWP data.

“the Royal Pharmaceutical Society has already said that the new measures could affect trust between patients and pharmacists.” [EHI Dec 30th 2014]

When patients signed up for the SCR at a GP practice they may not realise it is shared with pharmacies. When data is shared with the Department of Work and Pensions, citizens may not realise it could be shared with pharmacies.  Neither told the other when signing up that future access would allow this cross referencing and additional access.

This is a real life scenario that should not be glossed over in a brochure. A hoped for ‘quick-fix’ now, will simply cause later problems, and if data is used inappropriately, there may not be another opportunity for winning back trust again.

To get it legally wrong now, would be inexcusable.

Here’s why it would be better to do no more communications now:

5. Hard questions can’t be avoided

Currently, comms still avoid the hard questions, and those are the ones people want answers for. Open questions remain unaddressed.

Raw questions asked in July at a charities’ event are, with some post-event reshaping and responses here. Note how many are unknowns.

Changes have been suggested to be constructive.

One attendee of a public listening event commented online in October 2014, on the NHS England CCG announcement:

“I am one of those that has tried hard to engage with you to try and make sure that people can be assured that their personal and private information will not be exploited, I feel that you have already made the decision to press ahead regardless and feel very let down.

“Please publish the findings of your listening exercise and tell people how you intend to respond to their concerns before proceeding with this.”

People have engaged and want to be involved in making this programme work better, if it has to work at all like this.

Q: Where is the simple, clear public business case for cost and benefits?

The actual raw questions have been kept unpublished for no clear purpose. It could look like avoiding answering the hard questions.

The IIGOP report captures many of them; for example on process of competence, capacity and processes – and the report shows there is still a need to “demonstrate that what goes on ‘under the bonnet’ of Pathfinder practice systems operates in the same way that patients are being told it does.”

When is the promised legislative change to actually happen? The opt out is still not on a robust legal basis – much verbal assurance has been given on “legislative changes” but they are meaningless if not enacted.

It’s all about trust and that relationship, like the communication and feedback responses, has to be two-way.

Patient questions on care.data – an open letter

Dear NHS England Patients & Information Directorate,

We’ve been very patient patients in the care.data pause. Please can we have some answers now?

I would like to call for greater transparency and openness about the promises made to the public, project processes & policies and your care.data communication plans.

In 2013, in the Health Service Journal Mr. Kelsey wrote:

“When patients are ignored, they are most at risk; that was the central conclusion of the report by Robert Francis into Stafford hospital.

Don Berwick, in his safety review, said the NHS should be “engaging, empowering and hearing patients and their carers all the time.

“That has been my mission since I started as National Director for Patients and Information: to support health and care services transform transparency and participation.

HSJ, 10th December 2013

It is time to walk-the-talk for care.data under this banner of transparency, participation and open government.

Response to the Listening exercises

The care.data listening phase, introduced by the pause announced on February 18th, has captured a mass of questions, the majority of which still remain unaddressed.

At one of these sessions, [the 1-hr session on June 17th Open House, linking ca. 100 people at each of the locations in Basingstoke, Leicester, London, and York] participants were promised that our feedback would be shared with us later in the summer, and posted online. After the NHS AGM on Sept 18th I was told it would happen ‘soon’. It is still not in the public domain.

At every meeting all the unanswered questions, on post-it notes, in table-group minutes or scribbled flipcharts, were gathered ‘to be answered at a later date’. When will that be?

To date, there has been no published information which addresses the unanswered event questions.

Transparency of Process, Policies and Approach

The care.data Programme Board has held meetings to plan the rollout process, policies and approach. The minutes and materials from which have not been published. I find this astonishing when one considers that the minutes of the care.data advisory group, NIB (new), CAG, GPES advisory or even NHS England Board itself are in the public domain. I believe the care.data Programme Board meeting materials should be too.

It was acknowledged through the Partridge Review of past use of our hospital records that this HES data is not anonymous. The extent of its sale to commercial third-parties and use by police and the Home Office was revealed. This is our medical data we gave to hospitals and in our wider medical use for our care. Why are we the last to hear it’s being accessed by all sorts of people who are not at all involved in our clinical care?

Even for commissioning purposes it is unclear how these datasharing reasons are justified when the Caldicott Review said extracting identifiable data for risk stratification or commissioning could not be assumed under some sort of ‘consent deal’?

“The Review Panel found that commissioners do not need dispensation from confidentiality, human rights and data protection law…” [The Information Governance review, ch7]

The 251 approval just got extended *again* – until 30th April 2015. If you can’t legally extract data without repeat approvals from on high, then maybe it’s time to question why?

The DoH, NHS England Patients and Information Directorate, HSCIC, and indeed many data recipients, all appear to have normalised an approach that for many is still a shock. The state centralised and passed on our medical records to others without our knowledge or permission. For years. With financial exchange. 

Amazingly, it continues to be released in this way today, still without our consent or fair processing or publicised way to opt out.

“To earn the public’s trust in future we must be able to show that our controls are meticulous, fool-proof and solid as a rock.”  said Sir Nick Partridge in his summary review.

Now you ask us to trust in care.data that the GP data, a degree more personal, will be used properly.

Yet you ask us to do this without significant changes in legislation to safeguard tightly defined purposes who can access it and why, how we control what future changes may be made without our knowledge and without a legally guaranteed opt out.

There is no information about what social care dataset is to be included in future, so how can we know what care.data scope even is yet?

Transparency cannot be a convenient watch word which applies with caveats. Quid pro quo, you want our data under an assumed consent process, then guarantee a genuinely informed public.

You can’t tell patients one approach now, then plan to change what will be said after the pilot is complete, knowingly planning a wider scope to include musculoskeletal or social care data and more.  Or knowing you plan to broaden users of data [like research and health intelligence currently under discussion at IAG ] but only communicate a smaller version in the pilot. That is like cheating on a diet. You can’t say and do one thing in public, then have your cake and eat it later when no one is looking. It still counts.

In these processes, policies and approach, I don’t feel my trust can be won back with lack of openness and transparency. I don’t yet see a system which is, ‘meticulous, fool-proof or solid as a rock’.

‘Pathfinder’ pilots

Most recently you have announced that four areas of CCGs will pilot the ‘pathfinder’ stage in the rollout of phase one. But where and when remains a  mystery. Pathfinder communications methods may vary from place to place and trial what works and what fails. One commendable method will be a written letter.

However even given that individual notice intent, we cannot ignore that many remaining questions will be hard to address in a leaflet or letter. They certainly won’t fit into an SMS text.

Why pilot communications at all which will leave the same open questions unanswered you already know, but have not answered?

For example, let’s get a few of the missing processes clarified up front:

  • How will you communicate with Gillick competent children, whose records may contain information about which their parents are not aware?
  • How will you manage this for elderly or vulnerable patients in care homes and with diminished awareness or responsibility?
  • What of  the vulnerable at risk of domestic abuse and coercion?
  • When things change in scope or use, how will we be given the choice to change our opt out decision?

I ask you not to ignore the processes which remain open. They need addressed BEFORE the pilot, unless you want people to opt out on the basis of their uncertainty and confusion.

What you do now, will set the model expectations for future communications. Patient online. Personalised medicine. If NHS health and social care is to become all about the individual, will you address all individuals equally or is reaching some less important than others?

It seems there is time and effort in talking to other professionals about big data, but not to us, whose data it is. Dear Patients & Information Directorate, you need to be talking to us, before to others about how to use us.

In March, this twelve point plan made some sensible suggestions.

Many of them remain unaddressed. You could start there. But in addition it must be clear before getting into communications tools, what is it that the pathfinders are actually piloting?

You can’t pilot communications without clearly defined contents to talk about.

Questions of substance need answers, the ten below to start with.

What determines that patients understand the programme and are genuinely informed, and how will it be measured?

Is it assumed that pilots will proceed to extraction? Or will the fair processing efforts be evaluated first and the effort vs cost be taken into account whether it is worth proceeding at all?

Given the cost involved, and legal data protection requirements, surely the latter? But the pathfinder action plan conflates the two.

Citizen engagement

Let’s see this as an opportunity to get care.data right, for us, the patients. After all, you and the rest of the NHS England Board were keen to tell us at the NHS AGM on September 18th, how valuable citizen engagement is, and to affirm that the NHS belongs to us all.

How valued is our engagement in reality, if it is ignored? How will involvement continue to be promoted in NHS Citizen and other platforms, if it is seen to be ineffective? How might this negatively affect future programmes and our willingness to get involved in clinical research if we don’t trust this basic programme today?

This is too important to get wrong. It confuses people and causes concern. It put trust and confidence in jeopardy. Not just for now, but for other future projects. care.data risks polluting across data borders, even to beyond health:

“The care.data story is a warning for us all. It is far better if the industry can be early on writing standards and protocols to protect privacy now rather than later on down the track,” he said. [David Willets, on 5G]

So please, don’t keep the feedback and this information to internal departments.

We are told it is vital to the future of our NHS. It’s our personal information.  And both belong to us.

During one Health Select Committee hearing, Mr. Kelsey claimed: “If 90 per cent opt out [of care.data], we won’t have an NHS.”

The BMA ARM voted in June for an opt in model.

ICO has ruled that an opt in model by default at practice level with due procedures for patient notification will satisfy both legal requirements and protect GPs in their role as custodians of confidentiality and data controllers. Patient Concern has called for GPs to follow that local choice opt in model.

I want to understand why he feels what the risk is, to the NHS and examine its evidence base. It’s our NHS and if it is going to fail without care.data and the Board let it come to this, then we must ask why. And we can together do something to fix it. There was a list of pre-conditions he stated at those meetings would be needed before any launch, which the public is yet to see met. Answering this question should be part of that.

It can’t afford to fail, but how do we measure at what cost?

I was one of many, including much more importantly the GPES Advisory Group, who flagged the shortcomings of the patient leaflet in October 2013, which failed to be a worthwhile communications process in January. I flagged it with comms teams, my MP, the DoH.

[Sept 2013 GPES Advisory] “The Group also had major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”.

No one listened. No action was taken. It went ahead as planned. It cost public money, and more importantly, public trust.

In the words of Lord Darzi,

“With more adroit handling, this is a row that might have been avoided.”

Now there is still a chance to listen and to act. This programme can’t afford to pilot another mistake. I’m sure you know this, but it would appear that with the CCG announcement, the intent is to proceed to pilot soon.  Ready or not.

If the programme is so vital to the NHS future, then let’s stop and get it right. If it’s not going to get the participation levels needed, then is it worth the cost? What are the risks and benefits of pressing ahead or at what point do we call a halt? Would it be wise to focus first on improving the quality and correct procedures around the data you already have – before increasing the volume of data you think you need? Where is the added intelligence, in adding just more information?

Is there any due diligence, a cost benefit analysis for care.data?

Suggestions

Scrap the ‘soon’ timetable. But tell us how long you need.

The complete raw feedback from all these care.data events should be made public, to ensure all the questions and concerns are debated and answers found BEFORE any pilot.

The care.data programme board minutes papers and all the planning and due diligence should be published and open to scrutiny, as any other project spending public funds should be.

A public plan of how the pathfinders fit into the big picture and timeline of future changes and content would remove the lingering uncertainty of the public and GPs: what is going on and when will I be affected?

The NHS 5 year forward view was quite clear; our purse strings have been pulled tight. The NHS belongs to all of us. And so we should say, care.data  can’t proceed at any and at all costs. It needs to be ‘meticulous, fool-proof and solid as a rock’.

We’ve been patient patients. We should now expect the respect and response, that deserves.

Thank you for your consideration.

Yours sincerely.

 

Addendum: Sample of ten significant questions still outstanding

1. Scope: What is care.data? Scope content is shifting. and requests for scope purposes are changing already, from commissioning only to now include research and health intelligence. How will we patients know what we sign up to today, stays the purposes to which data may be used tomorrow?

2. Scope changes fair processing: We cannot sign up to one thing today, and find it has become something else entirely tomorrow without our knowledge. How will we be notified of any changes in what is to be extracted or change in how what has been extracted is to be used in future – a change notification plan?

3. Purposes clarity: Who will use which parts of our medical data for what? a: Clinical care vs secondary uses:

Given the widespread confusion – demonstrated on radio and in press after the pathfinders’ announcement – between care.data  which is for ‘secondary use’ only, i.e. purposes other than the direct care of the patient – and the Summary Care Record (SCR) for direct care in medical settings, how will uses be made very clear to patients and how it will affect our existing consent settings?

3. Purposes definition: Who will use which parts of our medical data for what?  b) Commercial use  It is claimed the Care Act will rule out “solely commercial”purposes, but how when what remains is a broad definition open to interpretation? Will “the promotion of health” still permit uses such as marketing? Will HSCIC give its own interpretation, it is after all, the fact it operates within the law which prescribes what it should promote and permit.

3. Purposes exclusion: Who will use which parts of our medical data for what?  c) Commercial re-use by third parties: When will the new contracts and agreements be in place? Drafts on the HSCIC website still appear to permit commercial re-use and make no mention of changes or revoking licenses for intermediaries.

4a. Opt out: It is said that patients who opt out will have this choice respected by the Health and Social Care Information Centre (i.e. no data will be extracted from their GP record) according to the Secretary of State for Health  [col 147] – but when will the opt out – currently no more than a spoken promise – be put on a statutory basis? There seem to be no plans whatsoever for this.

Further wider consents: how patients will know what they have opted into or out from is currently almost impossible. We have the Summary Care Record, Proactive care in some local areas, different clinical GP systems, the Electronic Prescription Service and soon to be Patient Online, all using different opt in methods of asking and maintaining data and consent, means patients are unsurprisingly confused.

4b. Opt out: At what point do you determine that levels of participation are worth the investment and of value? If parts of the population are not represented, how will it be taken into account and remain valuable to have some data? What will be statistically significant?

5. Legislation around security: The Care Act 2014 is supposed to bring in new legislation for our data protection. But there are no changes to date as far as I can see – what happened to the much discussed in Parliament, one strike and out. Is any change still planned? If so, how has this been finalised and with what wording, will it be open to Parliamentary scrutiny?  The Government claim to have added legal protection is meaningless until the new Care Act Regulations are put in front of Parliament and agreed.

6. What of the Governance changes discussed?

There was some additional governance and oversight promised, but to date no public communication of changes to the data management groups through the HRA CAG or DAAG and no sight of the patient involvement promised.

The Data Guardian role remains without the legal weight that the importance of its position should command. It has been said this will be granted ‘at the earliest opportunity.’ Many seem to have come and gone.

7. Data security: The planned secure data facility (‘safe setting’) at HSCIC to hold linked GP and hospital data is not yet built for expanded volume of data and users expected according to Ciaran Devane at the 6th September event. When will it be ready for the scale of care.data?

Systems and processes on this scale need security designed, that scales up to match in size with the data and its use.

Will you proceed with a pilot which uses a different facility and procedures from the future plan? Or worse still, with extracting data into a setting you know is less secure than it should be?

8. Future content sharing: Where will NHS patients’ individual-level data go in the longer term? The current documentation says ‘in wave 1’ or phase one, which would indicate a future change is left open, and indicated identifiable ‘red’ data is to be shared in future?  “care.data will provide the longer term visions as well as […] the replacement for SUS.

9.  Current communications:

    • How will GPs and patients in ‘pathfinder’ practices be contacted?
    • Will every patient be written to directly with a consent form?
    • What will patients who opted out earlier this year be told if things have changed since then?
    • How will NHS England contact those who have retired or moved abroad recently or temporarily, still with active GP records?
    • How will foreign pupils’ parents be informed abroad and rights respected?
    • How does opt out work for sealed envelopes?
    • All the minorities with language needs or accessibility needs – how will you cater for foreign language, dialect or disability?
    • The homeless, the nomadic,  children-in-care
    • How can we separate these uses clearly from clinical care in the public’s mind to achieve a genuinely informed opinion?
    • How will genuine mistakes in records be deleted – wrong data on wrong record, especially if we only get Patient Online access second and then spot mistakes?
    • How long will data be retained for so that it is relevant and not excessive – Data Protection principle 3?
    • How will the communications cater for both GP records and HES plus other data collection and sharing?
    • If the plan is to have opt out effective for all secondary uses, communications must cater for new babies to give parents an informed choice from Day One. How and when will this begin?

No wonder you wanted first no opt out, then an assumed consent via opt out junk mail leaflet. This is hard stuff to do well. Harder still, how will you measure effectiveness of what you may have missed?

10. Pathfinder fixes: Since NHS England doesn’t know what will be effective communications tools, what principles will be followed to correct any failures in communications for any particular trial run and how will that be measured?

How will patients be asked if they heard about it and how will any survey, or follow up ensure the right segmentation does not miss measuring the hard to reach groups – precisely those who may have been missed?  i.e. If you only inform 10% of the population, then ask that same 10% if they heard of care.data, you would expect a close to 100% yes. That’s not reflective that the whole population was well informed about the programme.

If it is shown to have been ineffective, at what point do you say Fair Processing failed and you cannot legally proceed to extraction?

> This list doesn’t yet touch on the hundreds of questions generated from public events, on post-its and minutes. But it would be a start.

*******

References for remaining questions:

17th June Open House: Q&A

17th June Open House: Unanswered public Questions

Twelve point plan [March 2014] positive suggestions by Jeremy Taylor, National Voices

6th September care.data meeting in London

image quote: Winnie The Pooh, A.A. Milne

care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two]

How our data sharing performance will be judged, matters not just today, or in this electoral term but for posterity. The current work-in-progress is not a dress rehearsal for a care.data quick talent show, but the preparations for lifetime performance and at world standard.

How have we arrived where we are now, at a Grand Pause in the care.data performance? I looked at the past, reviewed through the Partridge Review meeting in [part one here] the first half of this post from attending the HSCIC ‘Driving Positive Change’ meeting on July 21st. (official minutes are online via HSCIC >>  here.)

Looking forward, how do we want our data sharing to be? I believe we must not lose sight of classical values in the rush to be centre stage in the Brave New World of medical technology. [updated link  August 3rd]* Our medical datasharing must be above and beyond the best model standards to be acceptable technically, legally and ethically, worldwide. Exercised with discipline, training and precision, care.data should be of the musical equivalent of Chopin.

Not only does HSCIC have a pivotal role to play in the symphony that the Government wishes research to play in the ‘health & wealth’ future of our economy, but they are currently alone on the world stage. Nowhere in the world has a comparable health data set over such length of time, as we do, and none has ever brought in all it’s primary care records into a central repository to merge and link, as is planned with care.data. Sir Kingsley Manning said in the current July/August Pharma Times article, data sharing now has to manage its reputation, just like Big Pharma.

reputation
Pharma Times – July/Aug 2014 http://www.pharmatimes.com/DigitalOnlineArea/digitaleditionlogin.aspx

Countries around the world, will be watching HSCIC, the companies and organisations involved in the management and in the use of our data.  They will be assessing the involvement and reaction of England’s population, to HSCIC’s performance. This performance will help shape what is acceptable, works well and failings will be learned from, by other countries, who will want to do the same in future.

Can we rise to the Challenge to be a world leader in Data Sharing?

If the UK Government wants England to be the world leader in research, we need, not only to be exemplary in how we govern the holding, management and release of data, but also exemplary in our ethics model and expectations of each other in the data sharing process.

How can we expect China [1] with whom the British Government recently agreed £14 billion in trade deals, [2] India, the country to which our GP support services are potentially poised to be outsourced through Steria [3] or any other organi Continue reading “care.data should be like playing Chopin – or will it be all the right notes, but in the wrong order? [Part two]” »

Thinking to some Purpose – a new era, a new look

Regular readers here or on twitter, may notice the new-look.

I’m moving away from The Amateur Book Blogger banner, and will be posting simply as me, as I go on.  The start of the summer holidays seemed as good a day as any, to saunter out into the sunshine on my own.  [I may even see if it’s worth updating my resultant twitter handle @TheABB]. The reason? This week, the View From Here Magazine announced it will be closing on November 1st, 2014. After seven  years on the writing team, it is not only the end of an era, but perhaps the start of a something new.

I started on the comms side, announcing writing events and industry news, and later moved into interviews. It’s been an amazing experience. Editor Mike French was a great remote-mentor. We’ve met only once, at the launch of his latest novel, Convergence, in The Dandelion Trilogy.  Mike both enabled and encouraged me to interview some great writers, editors, scouts and publishers, every quarter. I learned something new each time, from every contribution, and had great fun. All of which I enjoyed, but some stand out in the memory more than others, and every one was unique.

I travelled to The London Book Fair in 2010, the year the Icelandic volcanic ash prevented many traveling from abroad by plane.  The resulting bonus, many people’s meeting schedules became unexpectedly less full. I got squeezed in to film a serendipitous  interview with Jamie Byng at Canongate and  spoke with Helen Garnons-Williams, which led to producing a three part interview with her, the then newly head-hunted Editorial Director for Fiction at Bloomsbury UK.

Thank you to all whom I have interviewed since 2006, but also to readers and fellow unpublished writers who supported me, the team, and made the community at The View From Here what it is. With eclectic tastes, I learned much on writing, but also enjoyed the art of the creative collective.

The most recent interview I did for them, was here, with Isabel Allende. In her wide ranging career, it was hard to know what to ask and how to narrow it down, but one thing stays with me, in all she said, on the role of a writer:

“Writers have no obligation to comply with the official story or the official version, their only obligation is with their own consciousness.  Honesty above all.”

The other part of my writing recently has been more akin to her engagement in politics and civil society. I’ve been on twitter really only for the last nine months, throughout the difficult pregnancy of care.data, pronounced care [dot] data. If you missed it, that’s the government proposed scheme to suck up our GP medical records, merge them with data already held at the central Health and Information Centre from our hospital care, and then use the new, richer record for commissioning purposes and potentially more, as yet undefined.  Since our hospital and other health sourced-data is already sold to private companies and will continue to be so in future, but without having asked for informed consent, I’ve been a very skeptical critic and lay voice for positive changes for these wide secondary uses. [In case you’ve landed here for the first time,  I’ve a background in tech database implementations, communications and change, and I took it upon myself to fully understand and follow the subject, a year ago when I came across the topic online, by accident.]

It looks now, as though some improvements on past failings will  happen, but much remains undefined in detail, and as we all know, that’s where the devil likes to sup. I look forward to seeing some of the recently discussed changes and definitions in the Care Act, for example, becoming concrete.

So, that’s the reason for the insignificant changes on my part, and should I explain the image? I’ve chosen my favourite coffee mug for my header photo, with my favourite scarf. I use both often. The latter, reminds me a little of Bridget Riley’s op art. As a retro fan that appeals to me. The former, depicts the cover of Susan Stebbing’s most popular work Thinking to some purpose (1939) which was described on the cover of the first Pelican Books edition as being:

“A manual of first-aid to clear thinking, showing how to detect illogicalities in other people’s mental processes and how to avoid them in our own”

The work arose out of a synopsis she wrote for a series of radio broadcasts intended for the BBC. Published on the eve of the Second World War, Stebbing wrote:

“There is an urgent need to-day for the citizens of a democracy to think well. It is not enough to have freedom of the Press and parliamentary institutions. Our difficulties are due partly to our own stupidity, partly to the exploitation of that stupidity, and partly to our own prejudices and personal desires.”

Her words seem very timely.

To borrow from Wikipedia here: “This metaphor seems to me to be appropriate, because potted thinking is easily accepted, is concentrated in form, and has lost the vitamins essential to mental nourishment. You will notice that I have continued  the metaphor by using the word ‘vitamins.’ Do not accept the metaphor too hastily: it must be expanded.”

I wrote about use of language and the need for common sense in its use around our health, as well as food marketing, in a previous post. But on the book, Professor Stebbing [British philosopher 1885- 1943] went on to say:

Potted meat is sometimes a convenient form of food; it may be tasty, it contains some nourishment. But its nutritive value is not equivalent to that of the fresh meat from which it was potted. Also, it must have originally been made from fresh meat, and must not be allowed to grow stale. Similarly a potted belief is convenient; it can be stated briefly, sometimes also in a snappy manner likely to attract attention. A potted belief should be the outcome of a belief that is not potted. It should not be held on to when circumstances have changed and new factors have come to light. We should not allow our habits of thought to close our minds, nor rely upon catch-words to save ourselves from the labour of thinking. Vitamins are essential for the natural growth of our bodies; the critical questioning at times of our potted beliefs is necessary for the development of our capacity to think to some purpose.”

So here’s to that, my ‘critical questioning’ may have shifted from one arena into another, but I hope I continue ‘thinking to some purpose’.

care.data communications and core concepts [Part one]

“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is doublespeak talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”

Today at the Health Select Committee Mr. Tim Kelsey, on behalf of NHS England, said that care.data pilots will be in October/ November and in the meantime they are listening to the “constructive challenge to NHS England how to build trust in the [care.data] programme.”

Here’s my real experience of that listening, why it may not help and what still needs done. (And in under 4 months if in time to be of any use for the pathfinder pilots, which are only of use to the whole if done properly. )

[Part one]  care.data communications and core concepts – Ten takeaways from the Open House event.

The NHS England led Open House Day [1] on June 17th was a listening opportunity according to the draft agenda for:

“patients and the public to influence the work of NHS England at national and regional level.”

Here are some of the things I learned:

1. Public Awareness

Mr.Kelsey asked the room (he was in London, other locations took part by live link) how many have:

a) heard of care (dot) data and

b) how many think they understand what it is is?

We couldn’t see his room, but he said ‘about half’ understood it. Our room’s show of hands was similar.

My reaction: One would expect everyone attending to have heard of it, the event after all was billed as in part about care.data. The level of understanding should be higher than the average in the public, since many (in Basingstoke at least) were NHS England or more involved than the average citizen.

Feedback overall was consistent with the latest MORI Ipsos poll [2] commissioned by the Joseph Rowntree Reform Trust in which the minority know it well and over 50% say they have never heard of it. That’ s a long way to go to reach people, inform them adequately to meet legal Data Protection minimums and let them enact their patient choice.

ipsosmori_q4know

2. Communications Message & Scope

A consistent, frequent communications message is that ” there are FAQs and materials, we have the answers, we just need to communicate them better.”

My response: communication is failing because the core scope of what care.data is, is fluid. Without something concrete and limited, it cannot be explained neatly. As one NHS England communications member of staff said to me this week, ‘we haven’t got an elevator pitch.’  So it’s not about the materials or the methods, it’s the substance that is flawed. When you’re talking about extracting, storing, sharing and selling some of our most intimate information, a vague notion of pooled experience is not good enough to trust. People want to know exactly what information, is being shared for what purpose, with whom, where. And how long will they keep it for?  NHS England simply do not have the answers to that, so, that elevator pitch? It’s never going to get off the ground in a meaningful way. And anything less than the answers to those questions, doesn’t meet the Fair Processing requirement of Data Protection Law.

Today at the Health Select Committee Mr.Kelsey was asked, will patients be able to trace in future where their data went? There was a rare and stunning silence. And after a benefits statement, there was still no answer given to the question. [update: Hansard now available, Q525/526]

Scope cannot be fluid and changing – the use of our personal information that we sign up to today, must stay what we agreed to tomorrow.

Data Protection requires that the minimum data is extracted so this ever increasing scope creep, but only *one* chance at opt out are at odds with each other.  What plans are in place to meet Data Protection fair processing EVERY time new things should be added and more data could be extracted? It’s a legal necessity. An ongoing change communications process MUST be in place.

3. Timing

Mr. Kelsey said, on rollout timing that NHS England would take it  ‘as slowly as we need to.’

My response: This reiterates the ‘no artificial deadlines’ but appears to be doublethink in contrast with the statement confirming  ‘autumn 2014’ extraction for Pathfinder (pilot) 100-500 practices. How will the pathfinder (pilot) locations be ready to test a communications process which as yet does not exist? How will it pilot a consent process for young people, the vulnerable, those with complex health system needs, the at risk, those outside ‘the system’ with GP records? A process which by its nature must be applied to any opt in or opt out choice, if others make a decision on their behalf yet from the meetings’ discussion, whose informed consent appears not even begun to be considered?  Or how will solutions to past Data protection Law failings be found from thin air, when data has been breached in the past, continues to be shared in the present and there is no solution to resolving those failings for the future?

4. Language simplification

There is a tendency to oversimplify the language of the Care Act, into ‘care.data will not be used for any purpose other than ‘health benefit’ – whereas benefit is not mentioned in the wording:

Care Act 2014My response: Is to question why this is? Does benefit sound better than promotion perhaps? Again, words should be used accurately.

5. Users simplification of the Care.Act wording

The actual wording is ‘the promotion of health’.

NHS England are similarly very keen to point out explicitly that care.data  cannot possibly be used for insurance or marketing purposes, such as junk mail.

My response:  Yet again, the wording of the Care Act does not state this explicitly. In fact, it leaves pharmaceutical marketing for example, quite open, ‘for the promotion of health’. And there is no legal barrier in the Care Act per se, for firms which receive data for one purpose, such as BUPA the hospital provider in London, using it for another, such as BUPA as refining premiums. BUPA Health Dialog received individual level patient data in the past. How do those patients know what it was then used for or shared with? Perhaps Data Sharing Agreements can specify this, but the Care Act, does not.

Claims to rule out “solely commercial” can’t be backed up by the wording of the Act. Will “the promotion of health” still permit uses such as marketing by pharmacies or ‘healthy eating’ campaigns from big food chains?  There is no obvious definition – and leaves wide interpretation open.

When Sir Manning spoke at the Health Select Committee he (rightly) said HSCIC can only restrict and determine what they do ‘within the law’. The law needs to be tight if the purposes are to be tight. Loose law, loose uses.

6. Use by Data Intermediaries to continue

care.data will continue to be on offer to third party Data Intermediaries it was confirmed in the panel Q&A.

My response: some third party intermediaries in part perform outsourced data services for the NHS. But do they also use the data within their own business to inform their business intelligence markets? They sell knowledge gleaned from raw data onwards,  or have commercial re-use licenses for raw data over which we in the public have no visibility or transparency.  We cannot see within these businesses how they build their own ‘Chinese walls’, self-imposed restrictions to ensure security between different parts of the same umbrella organisation. Allowing third parties to re-sell data means control over its use, owners and management is lost forever. Not secure, transparent or trustworthy. I explore their uses with commercial brokers more here in a previous post. [3] Considering I was told that my personal confidential data will not be shared with third parties, in a letter signed by the Secretary of State for Health, I am most unhappy about this. I will find it hard to trust new statements of best intent, without legislation to govern them.

7. Data Lab – restricting user access

Mr. Kelsey indicated that going forward the default access to our health data will be on the premises of HSCIC, the so called “Fume cupboard” or “Data Lab.” However he noted, this would not be for all, but be the ‘default’.

”The default will be access it on the premises of the IC. That won’t be universal for all organisations….”

My questions: Whilst a big improvement from giving away chunks of raw data via CD or to remote users, these processes need documented and publicly communicated for us to trust they will work. When will it be built and operational? How will we know who all the end users are if the same rules do not apply to all? How will those exceptions be granted? Documented? Audited? Will raw data extraction still be permitted? It’s the exceptions which cause issues and in future, the processes and how they are seen to be governed must be whiter than white. For those with direct access, users of the HDIS or HES, will a transparent list of users be published? At least for now, they do not show up on extraction audits so the public cannot see what those users access or why. So, a good step, but can’t stand alone.

Until this secure data lab is physically built, any data extracted cannot go into it. That won’t happen by October/November I should think. So will NHS England be prepared to extract data anyway, into a setting they *know* is LESS secure and a NOT yet a safe setting?

8. Governance

We were informed, an Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, has agreed to advise the care.data Programme Board to evaluate the first phase pathfinder (pilot) stage.

My feedback: I find this interesting not least because the Information Governance Review [4] under her direction in March 2013 decided that commissioning purposes were insufficient reason to extract identifiable data. Personal confidential data should only be disclosed with consent or under statute and “while the public interest can also provide a legal basis for disclosure it should not be relied upon for routine data flows. [footnote, p.63]”

What value is Independent Governance if it has no legislative teeth and can only advise? At the Health Select Committee today, he said she would be able to offer a view, and a number of parties will be able to express views & be ‘in agreement’. But I wonder who owns the ultimate final go/ no-go decision whether the pilot should progress to full roll-out?

9. Anonymous Sounds Safer

Feedback on the handout: The care.data notes need not only to be accurate but transparently truthful.

In my opinion, words are again misused words to indicate that data is anonymous. 1706204_datauses Whilst the intention of the merged CES output (GP records combined with HES files) may be that some users will see only pseudonymous data, the extracted and stored data is identifiable unless opted out. Name is held in the Personal Demographics Service. [5] This is one of the key communications messages I have taken up with HSCIC, NHS England, raised to the DH through my MP. To reassure the public by saying name is not stored, is deliberately deceptive unless it states simultaneously that it may already be held in the PDS and/or linked on demand.[6]

1706datauses

The Partridge Review [7] has dispensed with the notion that data is anonymous once and for all. Now it must be managed accordingly as identifiable data within Data Protection law and communications must stop misusing the anonymous concept to reassure the public.

“It’s a beautiful thing, the destruction of words.”                                 ( George Orwell, 1984)

10. My own experience of engagement

The most interesting part of the day for me personally however, were the discussions which were unstructured and when we were free to talk amongst ourselves. Unfortunately, that was very little. The structure (at least in Basingstoke and appeared similar on screens elsewhere) was based around tables of about 10 which included at least two NHS England staff at each.

At the end of the morning session, before lunch, as the other participants had left the table, a Communications person and I got into conversation on the differences between care.data, the Summary care Record (SCR) and where Patient Online was to fit in our understanding of which data was used for which purpose.

We discussed that since care.data is only monthly retrospective extracts, not for real-time record access, it would not be a suitable basis for Patient Online access – care.data is for secondary uses. So, we moved onto the challenges of SCR access at local level and how it will be possible to offer everyone Patient online when so many have opted out of the Summary Care Record. We began to talk stats of SCR availability and actual use in hospitals.[8]

Sadly, the table facilitator appeared to decide at that point, that our discussion needed guidance and rushed to fetch a senior member of staff from Strategic systems. And rather than engaging me in what had been a very positive, pleasant two-way conversation, with the Comms person asking me questions and our exchange of views, the Strategic Head took over the conversation with her NHSE team member, effectively restricting further discussion, even with her body positioning and language. Being informed is OK, as long as its the ‘right’ information?

I don’t think that’s what patient engagement is about. The subject needs real, hard discussion, not just managed exchange using pre-designed template cards of topics that we are told we ‘should’ discuss. Perhaps ignorance is strength, but in my opinion, keeping Communications staff informed only ‘on message’ and not of the wider facts and concerns is shortsighted and does them, and patients, a disservice, but then again:

“If you want to keep a secret, you must also hide it from yourself.” (George Orwell, 1984)

For [Part two] care.data communications and core concepts – Questions, Communications and Actions : link here >>

*****

[1] The NHS England Open House recording June 17th http://www.nhsengland-openhouse.public-i.tv/core/portal/NHSopenhouse

[2] IPSOS Mori poll conducted for the Joseph Rowntree Foundation: http://www.ipsos-mori.com/Assets/Docs/Polls/jrrt-privacy-topline-nhs-2014.pdf

[3] My post on uses of our records with commercial Data Brokers – https://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] The Information Governance Review ‘Caldicott 2‘ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] The Personal demographics Service at HSCIC (including name) http://systems.hscic.gov.uk/demographics/pds/contents

[6] The Data Linkage Service at HSCIC http://www.hscic.gov.uk/dles

[7] The Partridge review: http://www.hscic.gov.uk/datareview

[8] Summary Care Record use statistics https://www.whatdotheyknow.com/request/scr_care_settings_with_viewing_c#incoming-446569

***

Fun fact: George Orwell’s Nineteen Eighty-Four is currently number 5 in the UK Classics Fiction Amazon ranking. And 86th in fiction overall. Sales up over 5,000% in the US since the Snowden revelations, a year ago.

MORE BACKGROUND ON THE EVENT:

Within the other programmes of Patient Online and Patient Participation, care.data was a one hour session. It included the blue plasticine people short animation, a speech by Mr.Kelsey, a 15 minute table discussion on one pre-given theme from a range of four, reading aloud the summary of that discussion from each table within the room, one question per venue raised outside the room to the panel via video link in London, and their answers. Our discussion topics were brief, controlled and relatively superficial. It could have been a productive day’s workshop on only that.

The Open House  took place simultaneously in four venues across England, Basingstoke, Leicester, York and London, connected through a live videolink at a number of points throughout the day. The recording in part, can be viewed here.

I attended the Basingstoke event, particularly keen to learn about national programmes such as care.data and hear about any updated plans for its rollout, to learn about patient online, and to meet the NHS England team in the South as well as other interested people like me. I hoped for some real public discussion and to hear others get their questions aired, shared and on the table for resolution.

I met one other ‘only’ patient and whilst I was kindly told by a further active PPG organiser, that I should never refer to myself as ‘only’ a patient, but you know what I mean. I’ve applied as a lay rep on our local CCG for an opening next year, until then, I’m learning as much as I can from others. Other attendees I met were those already more closely involved with NHS England in some way already. As NHS England staff, facilitators, representatives from Clinical Commissioning Groups, Patient Leaders and PPG leaders.

care.data communications and core concepts [Part two]

“My concerns about care.data are heightened, not allayed by the NHS England apparently relentless roll-out and focus on communications. Whilst they say it will take as long as it needs, there is talk of Oct-Nov. pilots. It is still all about finding the right communications, not fixing flaws in core concepts.”

For part one of this post see here >>care.data communications and core concepts [Part one]

1984Other sessions on the 17th Open House included:

Patient participation in general practice: exploring how can you be involved in the changes in general practice, including the introduction of the Friends and Family Test and changes to the GP contract in relation to Patient Participation Groups.

Patients Online: This session was to enable attendees to find out more about work to increase the number of patients who can access their health records online, book GP appointments online and order repeat prescriptions. The accompanying film was described by a fellow table guest as, ‘awful. Too long, dull and dry.’  It felt that there was a lot of weight given to this part of the day and that the uses of data during the event were all mixed into one pot. care.data will not be the source for patient online access, yet we came away thinking of the data as one source to enable that purpose. Poor communication or clever marketing, will depend on your point of view.

The big picture however, of how our health records will be used and bring benefit is in my opinion, being manipulated and purposes conflated to make one thing seemingly lead to another, which are in fact unrelated.

care.data is for secondary purposes, not direct care use by physicians for example. We are told this sharing of data is a requirement for other things as well. Firstly for patient safety and quality. And for integration between services.

Integration

Mr.Kelsey said at the Open House day, (around 36:00 minutes in, if you listen yourself) “we’ve all heard this word integration, I’m not terribly sure what it means, but I think what it means is that local people have a proper say in the way that health services are designed. So to give you voice, to give the local community voice, care.data is really important….”

I should hope that Mr.Kelsey has a jolly good understanding of integration and knows exactly that it is the merging of health and social care under the motto ‘transformation’. Social care under ADASS and health care are under all sorts of pressures to integrate, budgets are being pooled, shared and ring-fenced in various discussions, including my local county Health & Adult Social Care Select Committee:

“…Director Adults’ Services, told the (Chichester) Committee [9] in November 2013: The Care Bill would mean a radical whole system change involving the biggest ever transformational change for Adults’ Services The Council was building the foundations for further significant change.”
Perhaps on the day, he meant something else.

Mr. Kelsey did, in his speech note however, that the programme should be respecting the fact it is *their* data, *not* the NHSs. (This is in contrast to his previous position in which patients should not be given an opt out choice – Prospect Magazine, 2009 when his stance was “no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised”).

It’s an argument oft repeated that we should *own* our data, but somewhat meaningless if it took a campaign and public outcry to require an opt out mechanism, and put the programme on hold. I feel the language is being manipulated to create the impression we don’t already own or have rights to our health data. The opposite is true.  And many know that, just see the killer question below from Leicester. As long as records are held only at GP level, we will have much greater control and visibility of their use, than if shared centrally.

Many I have spoken with ask why it is not possible to leave data at local GP level for only clinical care, and extract nothing identifiable from hospitals without consent?

Other People’s Questions

In that vein, I summarise what 4 other people asked Mr. Kelsey and his panel in London about care.data on the day, and what I felt was missing from the answers to give balanced communications. The locations of about 80-100 people at each, were each allowed to put forward one question to the panel via web link, the question selected from all those discussed at the tables, by an organiser at the site. They covered Benefits / Data Uses / Confidentiality / Communications.

View them for yourself here, from 01:13.06 in the NHS Open House video:

Question selected to be asked from Basingstoke: “If people opt out of giving data will then the results not then be inaccurate?”

The larger volume of data, the better quality the data will be, the greater the benefits will be. Choosing not to opt out. That will, depending on the volume of that, affect data quality to a degree we won’t know that. Over time, once people’s concerns have been addressed, we hope that quality will improve.

Missing from the answer: [10] HES data is cleaned, SUS data is not, and both are known to have significant quality issues on validity and accuracy. The data has been extracted and stored for twenty plus years. Higher volume of data does not equate with a higher quality of data. You don’t make a better quality haystack, just by adding more hay. The volume of data is less important than it be representative of all parts of the population, but there is a risk that those opting out tend to be, as one GP has told me, ‘the white middle class and educated leaving others overly represented’. Only having more data is not a solution for quality.

*****

Question from Leicester: “Are we saying there will be only clinical use of the data – no marketing, no insurance, no profit making? This is our data.”

Panel: New legislation was brought in which made it very clear, data could only be released for the benefit for health and care, and it cannot be released solely for commercial purposes – yes, data can go to a private sector organisation, yes commercial companies, but only where they are working for the benefit of health and care, for example, Dr.Foster Intelligence, or other data information intermediaries who do a lot of work with data and who do a lot of work with the NHS to help inform decisions. Data will still be available to commercial companies. The other point, there is going to be independent scrutiny, which will be formalised within the law, to have independent scrutiny by the Confidentiality Advisory Group, which already exists which can independently scrutinise the releases.

Missing from the answer: care.data is not for clinical care. This indeed is our data and belongs to patients not NHS England, and should be respected as the NHS Constitution requires. Data continues to be released, and will continue to be so even under the Care Act legislation, to third parties in financial transactions. No recipient organisation by function (such as insurance) is excluded per se, rather recipients are judged based on their intended use of the data. The precise terms are open under the Act :

Care Act 2014****

Question from London: “How do you propose to reset expectations and perceptions, with any future communications, and  given that the way the first round was handled, provoked apparently such strong public resistance and suspicion about the NHS England motives?”

Panel spokesperson: We didn’t get it right the first time round, partly because we approached that at the National level. There was a leaflet that went out nationally. We will work with the 100-500 GP practices, and work co-produce materials in those areas and work with what is already there locally, GP practices, LMCs, PPGS, Healthwatch, using local knowledge, and patients so we can make sure everyone can understand, we understand how we can communicate this, what the concerns are, so we can get the message across, so everyone can understand what the choice is and what this is about.

Mr.Kelsey added: …[…]This isn’t about us and you, this is about us collectively. How do we ask patients and citizens for permission to use their personal information…we need to get that conversation right.”

Communications materials

Draft FAQs and information sheets to use in those conversations were on the table for participants information and to take away. The Data Uses page wording is interesting but poorly phrased, as it misled a couple on my table to think the ‘extraction’ was not identifiable. (see point 9 above). And the Benefits case study header is “How might it reduce variations in cancer treatment & care” but concludes that actually the Cancer Registry already does this, and they instead mean something similar would be useful for diabetes. This misuse of benefits makes me think, they’re finding it jolly difficult to find real ones. But if we all at these public meetings, believe the presented stories with the positive spin as fact, then fact they will become.

“And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth.” (George Orwell, 1984)

What next?

It is vital in my mind that care.data communications match reality of what needs done technically and in procedures, to drive expectations of what care.data will deliver and when. Why does an easy read brochure make no mention whatever of who data may be sold to? There is no mention of what organisations continue to receive HES and wider data. Instead it talks about data being shared to ‘know the health needs of everyone’ yet the very people who are outside the system are the ones whose needs we don’t know today – there is a huge amount  known from the rest of the existing patients’ needs from QOF and other GP data extractions, even that used in CPRD for research – purposes for which GP records under care.data are not approved.

The current doublespeak between the comms message and the reality are so far apart, between the technical possibility of what can be done well now, and what needs done to achieve the hoped for benefits, that the current message is setting up the project for failure and benefits will not be realised any time soon. It’s not ready to roll out through ‘improved communications’.

To be fair, the smaller workshop I attended on the 27th, flagged ‘still need to consider how best to engage here’ with many population groups. But it appears to me the Communications teams are effectively doing their best to package something which is not ready to be wrapped. To dot the i on the report, when the chapters aren’t in place yet.

“They were engaged in producing something called an Interim Report, but what it was that they were reporting on he had never definitely found out. It was something to do with the question of whether commas should be placed inside brackets, or outside..” [1984, George Orwell]

I’ve worked on both technical and change management/ communications teams [in another industry]. Project teams’ close working and each having an understanding of the other is vital. But the team members I have met so far, appear to work in silos, without enough linkage to know the functional gaps between them, in technical system, procedures and the link to change & comms. There is no way in my lay opinion, that a pilot of these half-formed knowns will be ready for autumn. For the NHS England leadership to continue to plug that it is, with messages of emotional manipulation of why more data is needed, will condemn care.data to Room 101.  A tortuous drawn out reformation of an existing concept. When really it needs planned afresh from the ground up to get the needs of the people it should serve designed into its consent, collection and communications processes – not added on as the ribbon at the end.

I was more optimistic about the benefits in the past, as long as the procedures around consent, governance and security were addressed. Having spoken with and listened to the needs and concerns of various charity representatives this week, at another smaller event, I am much less so.  Their complex needs, people who go in and out of different parts of the health and social care system at different times in their lives, with real concerns around confidentiality and risks have not begun to be addressed. Real issues for all of disclosure to GPs to ensure care may affect us all. But for many of their clients, they have needs which often carry huge trust and security issues which could put not only their medical care, but their faith in the charities and people working with them, in jeopardy.

I may be in a minority, but I’d rather have my factual understanding and ask hard questions than hear only a tailored communications message, if we are to get this right for our public good.
“Being in a minority, even in a minority of one, did not make you mad. There was truth and there was untruth, and if you clung to the truth even against the whole world, you were not mad.” (George Orwell, 1984)

I therefore asked the group at the end of the morning workshop, as Mr.Kelsey had done at the Open House event, how many of the attendees were really comfortable and confident that they knew what care.data was so that they could be a go-to point for questions, or even advocate for the programme as NHS England hoped.

Did they understand what data would be extracted, why and used by whom. About 1/6 raised  a hand. That’s *after* the event at the end of the morning spent discussing what issues exist for hard-to-reach, or as one attendee said ‘easy-to-ignore’ groups, and how communications channels will reach them.

One said he did not need to know all the facts to help be a comms channel. Another said he wouldn’t advocate for something he himself did not believe in. It was the first time we started to get genuine cross-group discussion, when in the meeting the table model had been employed again, but for those groups, disabilities, challenges, societal issues are not in silos.  Real debate, of hard issues is needed, and yes it’s awkward and might not be able to be ‘managed’ in the same way, but it’s real.

Our group identified a similar basic concept need across their client interests – a rolling consent model which allows opt in and out to change over time. Consent not only for what parts of planned uses the data would be used, but should also consider what parts of the record they are happy to share. Military, youth offenders, teens, the at-risk nature of these groups may mean they wish sections of their history to be restricted if not used for clinical care. And they may wish to share data when under the care of a GP but restrict it again, when under a military one. Or teens may be happy to permit data sharing at another time in their lives, but not permit access to their whole history. The DH Youth Offender expert raised the prickly issue of teen confidentiality and how will consent be gathered when parents may not tell them about the scheme at all, thinking there is ‘nothing to know’. We explained the concept of Gillick to the comms staff and that it’s not about an age of consent in the normal legal sense. What happens if a teen finds out their data has been extracted and wants it removed as teen or adult? We asked about name stored in the Personal Demographics Service and asked why data could not be deleted if clinician and patient both agreed a mistake had simply been made.

These complex and simple core questions need asked to get the whole thing built on a sound and trusted foundation. And they need to be in place for a pilot to make it worth having at all.

If the needs, concerns and understanding of the reps in the room can’t be addressed in a dedicated workshop, how will a remote campaign achieve it for the population at large?

Some at our table asked why the system needs  more data when you haven’t managed or used much of what we had in the past? I would also ask what progress is to be expected on unresolved quality and procedural issues with the current systems and data? Simply adding more hay to make a bigger haystack, does not make it easier to find a needle.

No wonder we can ask if it is really not just about commercial uses which comms don’t want to talk about, wonder why you never mention the data linkage service using PDS data [5] held and have concerns of overzealous surveillance by Big Brother.

There are risks becoming so heavily reliant on centralised data. Recently, patients have been wrongly deleted from GP lists, leaving them without a doctor through the cleaning firm’s administrative or process error.

Some are concerned that patients lose trust in their GP and withhold information. Others about this honey-pot of data for the individual citizen’s security. Professionals have voiced concern for GPs and consultants if factual misrepresentation  by statistics used for ‘ranking and spanking’ will adversely impact their decision making and make them more risk averse. In a negative way. Or with respect to waiting times and treatment, the heavy use of data in measurement creates a risk that it is misrepresenting the facts through lack of context or even, as in several high profile press cases recently, that such pressure is felt, that records are falsified.[12]

“And when memory failed and written records were falsified—when that happened, the claim of the Party to have improved the conditions of human life had got to be accepted, because there did not exist, and never again could exist, any standard against which it could be tested.”                                 (1984, George Orwell)

I’m concerned about all of the above. Perhaps holding care.data in room 101 until it is a manageable and explainable concept, backed up with technically and procedurally sound processes, would be the best place for it, for some time to come. Results and expectations create failure if they cannot marry up in reality.  This isn’t about communications. If you don’t really know what you’re communicating and can’t get it understood easily, then it’s back to the drawing board.

My concerns about care.data are heightened, not allayed by the NHS England apparent relentless rollout and focus on communications. Whilst they say in doublespeak it will take as long as it needs, there is talk of a Oct-Nov pilot launch. A pilot must test the finished model at small scale, not a less-than-half-ready one. Whilst the public push is all about finding the right communications, what is needed is fixing flaws in core concepts.

Doing without it, and waiting, would be better than doing it wrong.

*****

For part one of this post see here with ten learnings from event feedback >>care.data communications and core concepts [Part one]

UPDATE: 3rd July 2014 – If you want to give your views on proposals to introduce tighter controls and safeguards on the use of personal health and care data do so by 8th August to Room 2N12. https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data

Or respond online here> http://consultations.dh.gov.uk/data-sharing/protecting-health-and-care-information

[links 1-8 reference Part One]

[1] The NHS England Open House recording June 17th http://www.nhsengland-openhouse.public-i.tv/core/portal/NHSopenhouse

[2] IPSOS Mori poll conducted for the Joseph Rowntree Foundation: http://www.ipsos-mori.com/Assets/Docs/Polls/jrrt-privacy-topline-nhs-2014.pdf

[3] My post on uses of our records with commercial Data Brokers – https://jenpersson.com/flagship-care-data-2-commercial-practice/

[4] The Information Governance Review ‘Caldicott 2‘ https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf

[5] The Personal demographics Service at HSCIC (including name) http://systems.hscic.gov.uk/demographics/pds/contents

[6] The Data Linkage Service at HSCIC http://www.hscic.gov.uk/dles

[7] The Partridge review: http://www.hscic.gov.uk/datareview

[8] Summary Care Record use statistics https://www.whatdotheyknow.com/request/scr_care_settings_with_viewing_c#incoming-446569

[9] Minutes of the November Health & Adult Social Care Select Committee in Chichester http://www2.westsussex.gov.uk/ds/cttee/hasc/hasc141113ucmins.pdf

[10] The Quality of Nationally Submitted Health and Social Care Data, England – 2013, Second annual report, Experimental statistics – http://www.hscic.gov.uk/catalogue/PUB11530

[11] My post on commercial use of data with brokers

[12] Falsified hospital waiting times: The Telegraph http://www.telegraph.co.uk/health/healthnews/10590713/One-in-four-hospitals-records-false-waiting-times.html

***

Sales of 1984 have rocketed since the Snowden story broke in 2013: http://www.latimes.com/books/jacketcopy/la-et-jc-nsa-surveillance-puts-george-orwells-1984-on-bestseller-lists-20130611-story.html