care.data – Riding the Change Curve

I’ve been inspired by many people this week.

Shakespeare who is long dead. Another, less famous, we celebrated at her funeral after only a few weeks of living with diagnosed endocrine cancer. She would have turned 76 this week.

The change curve

How do we deal with change?

Anyone familiar with the theory of grief, or more happily (as I am from my previous professional life) the similar theory for managing change, knows the stages along the curve we need to go through, to reach a new status quo after a process of adjustment.

After the initial shock and denial, there may be anger, frustration and fear before any acceptance or new optimism is possible.

Individuals follow the curve at their own pace. Some may not go through each stage. Others may simply be too upset, disagree early, give up with or repel the change, and never reach a comfortable position or commitment to a new status quo.

Whether it is grief or a business change, the natural initial response is emotional, and starts with loss. Loss of a person, of position, of something we cannot control. It can take a great deal of support, time and good communication to go through the journey.

(And yes, there’s a comms lesson for care.data in here.)

Before we begin on a change we need to understand the point from where we are starting. And crucially, to understand that Change is about people, not technology or business process.

The change curve starts with shock

From many people’s perspective, the concept of care.data, has been a shock.

For those working on the project, or at NHS England, that is probably hard to understand. ‘Why on earth all the fuss?’, they may ask. It’s easier to understand, if you realise the majority of the public had no idea at all, our health data was used for anything other than our direct care and some planning. Much less may have been winging its way on the cloud across the Atlantic. It feels like data theft.

It’s easy for those in a technology project to see ‘coded’ health records simply as data.

‘Coded’ is however like saying we speak the ‘French language’. Computers ‘only speak’ code, so telling the public it is coded is either trying naively to make it sound safer than as if ‘plain language’ was sent from the GP system to the central system, or it is misleading.

In the same way, if you say ‘opt out’ the system records  ‘9Nu4’ on your record. In addition, there will be a label to go with it, so if GPs run a report to find everyone who has opted out, they can. It’s not hard to understand that MOTDOB is mother’s date of birth. There is a full public dictionary of these codes.

NHS England and the project team, should also not forget that this is not just ‘data’.

To us, this is our irrevocable health and social imprint. Signposts to who we are, have been and perhaps, will be.

It’s personal and private. And as yet, we may have only shared those facts with our GP. Only our GP and not yet our partners, or parents. And then we find out global Health Intelligence companies might have our sexuality or pregnancy history, conditions we may not have told anyone but the GP. Data intermediaries may have complete picture of prescribed medicines, drawing on information from 100,000 suppliers, and on insights from billions of annual healthcare transactions. “mountains of data from pharmacies, insurance claims, medical records, partners and other sources, 17 petabytes of data spread across 5,000 databases.” We want data used by the right people for the right reasons, and know where it goes and why.

HSCIC is giving it away almost for free.

To them it may be only data. To us it’s intimate.

But for the three of us in this marriage, it’s information which has been used and shared with these third parties, and as far as we can see, only one of us really benefits from the deal. Identifiable or not, is only part of the story. It’s our biography we did not give you permission to read or tell.

The initial shock, fears, anxiety and general disgust that our personal details are sold (sorry) given away on a cost recovery basis charging to cover processing and delivering the service, should therefore be more understandable if you realise it was a complete surprise.

(The surprise may or may not be quite as great as the exploding whale posted via Wired at the end of this post. Go on, you know you want to.)

Change is the only constant. How can we progress?

The Change Curve based on the Kübler-Ross Grief model

 

So, what happens now? How can the public move forward, to get to a position of trust and acceptance, that this is what is already happening with our hospital data (HES), and planned to happen with the majority of our GP stored data in future (whether we like the idea or not)?

In order to move us along the curve, NHS England have a large task ahead. In fact, a series of tasks ahead, which are not going to happen overnight. How are change and communications working together?

As there’s no detailed ‘care.data progress’ public communications easy to see on the top level of NHS websites I can only see other info as it comes out through online search alerts. And since it’s my, my children’s and all of us as citizens, whose data that is being discussed here, I think we should be interested and want to find out and question the ongoing status. The GP FAQs have gone or are hard to find, and the patient FAQs are still inaccurate IMO. This page should be top level leading, not six unsearchable clicks down.

From the latest update in the care.data advisory group meeting notes, with much more concrete progress to see, it is good to see that communications features often, and note ‘a comprehensive engagement plan is already underway.’

That plan will be interesting to see mapped out as time goes on, but I do wonder whether it is the right time to be looking at engagement, when so much for the care.data programme remains to be clarified or is undecided?

Questions remain how less raw data can be given away, further legislation, the ‘one strike and out’  how to deal with data breaches, views on enabling small and medium enterprises (SMEs) data access, GP staff opt out understanding, public op out understanding, clarifying the narrative of risks and safeguards. Some steps to be reviewed not until ‘over the summer’. And that’s only a summary of a summary, I am sure only a glimpse of the foam on the top of the wave of what is being done under the surface.

An engagement plan can’t have gaps. Communications is not one-way, that’s PR. So we can only hope there is a real engagement underway of listening which will result in action, but not in ‘transmit mode’. Engagement needs to be concrete to work from day one. We don’t need a sticky plaster and pat on the head, we need fixes and facts to back them up.

Communications and Change

Why can comms not start now and be added to as we go along, you may ask? Whilst it can, and indeed most communications plans need some flexibility, a good Communications Plan needs to ride leashed tightly to the Change Management Plan.  And given that different individuals are each somewhere different on the change curve, at any given point in time, you need to be able to address questions that any of them may have, simultaneously, regardless of whether they have just heard the news, or are almost finished their change journey. For GPs, their staff, other medical professionals, citizens and patients.

Riding the wave of the change curve, some are nearly back on the beach, when others haven’t yet entered the water. Some have got out and will not be persuaded back. Others may.

Therefore until many of the open issues are resolved, until governance and legislation is clear, unless it is focused on listening and resulting action, most communications can only be wasted PR rhetoric. Perhaps there are great plans. But Houston, we don’t have a communications problem. Honestly. As far as I can see.

There is no communications issue, there are issues which need communication.

Why? Because folks who opted out already will not be sold on the benefits. They will only be convinced by a clear picture of known and well governed, legislated, mitigated risks AND benefits. Then they can weigh up a decision. (Assuming indeed, the Secretary of State is a man of his word and maintains the patients’ right to object, which is not a legislative right.)

“The law is a statutory enactment which requires the disclosure of the data, which means the data becomes exempt from the main parts of the DPA.” (ICO)

For the population not reached yet, however, there is a requirement to at least give fair processing, even if you can debate the fineries, all common sense says make the same mistake twice, and you’re sunk.

The trickiest part in the communications, is to address different segments of the population who are at different points in the curve, at the same time. Some of whom are hard to reach.

I am sure there are many people working behind the scenes to bring about this managed change. Let’s not forget, this programme was intended first to launch a year ago. Professionals are working on this, it’s not new. But Dear God, please don’t launch more communications along the same lines as before. September saw GP materials go out with no training and no measure of how well practices had understood the materials. A misleading poster and misdelivered leaflet for patients created more confusion. Which all went out before proper governance, legislation and technical solutions were in place to make it all work well. The advisory group minutes and Mr.Kelsey’s letter indicate there is much work to be done in these areas still. Yet engagement activities are planned May-July.

To look at basics, I think these three things for starters, need resolved before you can talk about risk mediation:

1. a) Purposes of what data is taken and b) who accesses data:  the care.data addendum which sought wider purposes and third party access by think-tanks and information intermediaries is still to resurface, after being returned by the GPES IAG in February for amendment. Which means final data users remain somewhat undefined. And we’re still pending the complete audit of past and current data recipients through the audit overseen by Sir Nick Partridge. [NB: since done in June < see post]

2. Amber is not Green – data protection: Why is potentially identifiable data and what really quite clearly, will be identifiable when so many companies sole purpose is to take a wide range of data sources and mash them together,  given no data protection in law and no clear choice over its use in HES release?

It may for release from HSCIC be treated more carefully than green data only in so far as it is not publicly published on a website,and goes to committee review, but it may be provided to a wide range of commercial companies who then create information from it which they release.

The raw data’s nature can be sensitive to us and it’s certainly personal, so that we would expect it to be kept confidential, and yet it is  shared and may be combined with recipient’s other data sets are at individual patient level?  It feels like a great big whale in the room – it’s not green, we can’t protect it, but if we close our eyes it might go away.

It’s not conducive to trust, when it feels like a con. Just call me Ishmael.

3. Individual data control – opt out and rights: Point 2 leads to a huge potential iceberg ahead which still needs resolved. The UK and upcoming new EU protection laws and their, the ICO and the HSCIC definition of anonymous and pseudonymous data. We must understand how they are to apply and are not only legal, but feel just and fair to us as citizens. It should be looking ahead to meet the coming law now, shaping not avoiding best practices.

What rights does the individual have? How will GPs resolve their conflict of protecting patient confidentiality and complying with the new law requiring them to release it? Some GPs don’t think it’s a good idea.

There will be some citizens who want no data stored centrally at all and even want their HES back out. What will they say to someone who point blank does not want any of their medical record outside their practitioners’ control?

So, are we about to see a repeat of the same communications catastrophe – launching engagement, before we know what exactly what it is we’re talking about? Surely not. But looking at the calendar…

As an outsider, I just wonder how can effective engagement begin, when questions may be asked which cannot be answered?

Workshops to separate truth from myth, risk going down as well as Ahab in Melville’s story, if you have people who are upset, and you have nothing to offer them but unsupported ‘reassurance’. I’d like to see a webpage or presentation of those myths, because I don’t feel I’ve seen many myself. If anything, issues have been debunked by careful wording rather than straight talking.

Change and Trust

Change can’t be done to us without huge resistance. Change has to happen with us, if we are to trust and adopt it. If collectively we get stuck in anger and fear, we’ll not get to acceptance. And it actually has the potential, suggested Ben Goldacre, if not already done, to leave a negative wake on wider research & society.

There has to be trust in the change, that it is for widely acknowledged ‘right’ reasons.

There has to be trust that the terms of the change are defined and stable. Words such as currently, and initially, have little place in the definition of future agreements.

There has to be trust that what we will lose, is in proportion and outweighed by what we’ll gain from the new.

When we read global stories of how healthcare data is misused, and we can’t see who has access to our own data on any real-time rolling basis, it leaves open the fear that data can be given inappropriately, without check and balance, for months. The recently released register is one good thing to come from the debacle so far, and the further audits are ongoing, expected towards mid-May, but any future register is only going to be publicly accurate 4 times a year. It’s better than nothing, but surely not hard to update in real time.

Until the history is entirely transparent, it is a challenge to see how concerns about past use and lack of past governance, and the lack of trust those errors created will be possible to fix. The sensitivity of our raw data is likely only to increase as scope is broadened in future, and the scale of the requests is expected to increase as the era of Health Intelligence takes off and becomes ever more profitable for those third parties. 

Trust will need to increase if anything proportionately, as this scale and sensitivity increases. So any communications of future releases and their governance needs to be sustained. It’s not an afterthought of ‘what we’ve done’. It’s the key to being allowed to carry on doing it.

Change Managers need to understand an individual’s own story, values and what makes them tick, to have an expectation of what the change impact (possibly negative) will be for individuals or groups and what’s in it for them (the positive) and any wider impacts, for example considering the Public Interest. And all leaders, need to have available from the start, the information which will answer the questions for people in each of these groups, at every stage of the curve.

Decisions in the public interest, may be subjective. Jeremy Hunt has said that we,

will “get through” the heated public debate this scheme has caused regarding patient privacy and the potential for the data to be re-identified.”

I’d like to hope we get more than ‘through it.’

To say that, underestimates the task ahead.

It’s not a tunnel or a final destination, but a process.

And the longer the data is shared over our lifetimes, the more likely it will be re-identified with all the other passive and other Big Data which is shared in our future. So there’s no patch, pop up and coast to the beach. I can only think this is a one time chance, and the leadership comments seem to underestimate it.

It must be done correctly now, to set up a framework which will be robust enough for the future size and complexity of the future Big Data vision.

Legislation to build a solid Future foundation

There are still many unknowns it reads from the meetings, from opt out, to wide ranging governance issues, to securing watertight legislation.  The scale and sensitivity of the data and how it has been handled in the past, shows how the current model is not fit for purpose.

This week there is still crucial legislation being considered which will help to fundamentally cement or fail public trust.

Trust not only in how our data will be governed, but in common sense in our governing bodies. The legislation addresses:

  • Retaining control and management of confidential information
  • Putting the independent Information Governance Oversight panel on a statutory footing
  • Independent oversight over certain directions  and the accreditation scheme
etaining control and management of confidential information – See more at: http://www.allysonpollock.com/?p=1820#sthash.No8G7kcT.dpuf
retaining control and management of confidential information – See more at: http://www.allysonpollock.com/?p=1820#sthash.No8G7kcT.dpuf

I’m no legal beagle, but it appears to make excellent sense and the detailed wording (via Prof. Alison Pollock’s page)  is very straightforward.

I hope it is clear that patient choice and public interest complement one another in these proposals. Just as Dr. Mark Taylor, Chair of CAG, outlined in an excellent essay,

“the current law of data protection, with its opposed concepts of ‘privacy’ and ‘public interest’, does not do enough to recognise the dependencies or promote the synergies between these concepts.”

If the Lords support Life Sciences’ interests, as many in the chamber do, they will need to support the proposals in order to ensure the public remain opted in to care.data.

Without these governance amendments, many more will opt out I am certain from talking to people on the street, and the value of the population-wide database will be undermined. So, the theory on paper next week, will have a crucial role in the practical outcome of the care.data implementation and its lifetime value.

No one said, change is easy

Importantly, in any theory one does well to remember the practical reality. Each response is unique to an individual. No one model will fit all. Each person commences the journey of a changing situation, from a different starting point. We each begin the process from a different level of baseline knowledge. We each have our own ways of dealing with loss, and experience different levels of anger or fear. There are early and late adopters.

Some things are difficult, but have to be gone through. For me, Tuesday was a day of looking back at wonderful memories.

We also sometimes need to accept what cannot be changed. When the time comes, I support the idea that we can live with a disease and dignity, not just the label that we are ‘dying’.

My final inspiration of the week, Kate Granger articulated this, so much better than I could, last week:

“I cannot imagine a human society free from cancer, no matter how much money we invest. As a cancer patient who will die in the relatively near future, I believe rather that instead of reaching for the traditional battle language, [life] is about living as well as possible, coping, acceptance, gentle positivity, setting short-term, achievable goals, and drawing on support from those closest to you.”

 

care.data requires courage from all the parties involved, because everyone is going through a certain process of change and compromise. Even those who planned the now delayed launch, need to recognise a need for change and why we’ve got to put a solid, not rushed foundation in now, and be in it for the long haul to get it right.

With lasting legislative powers, we public can better entrust our faith and data to the system, not just today, but into the future. With a proper independent Governance and oversight process we can hand you our trust for safekeeping with our records in good faith. We can only trust these proposed changes make not just waves, but make real progress.

If nothing really substantial changes in the pause, and we don’t see increased measures to create trust, all that will happen is a build up of frustration and pressure of all the people who can’t move forward from the initial anger and confusion. They will opt out. And there’s a risk public opinion will burst under pressure. No one will want to support health record sharing for any purposes, even bona fide good research, and there will be an explosion of opt outs. Projects will be abandoned, like a dead, washed up whale. (Which you really don’t want to happen. Really. It’s not pretty viewing, don’t say I didn’t warn you. But it’s kind of fascinating too and all the number crunching too.)

This can be avoided.

But plus ça change, plus c’est la même chose. Two months into the pause, are we seeing changes taking effect, or more of the same talk?

I look forward to better information on how and where our data has gone in the past. I think only after that will it be possible to get the history aired and resolved for improved future procedures once we have the complete audit picture, including that under Sir Nicholas Partridge, due towards the end of this month.

The further governance and independent oversight issues will be best resolved in legislation, which would help them be free of political change and create a framework worthy of the big data vision for the future.

In Summary

I hope the Change Management is as carefully thought out as communications and engagement is based on substantive steps before it.

These steps simply, start with:

1. a) Tighten and define clearly the purposes of what data is taken and b) who accesses data. Now and for future change.

2. Amber is not Green – data protection: Tighten what is potentially identifiable data and what really quite clearly, will be identifiable when so many companies sole purpose is to take a wide range of data sources and mash them together.

3. Individual data control – opt out, and legal rights. Will opt out get a statutory footing rather than Mr.Hunt’s word? Will we design now, for change in the UK and upcoming new EU protection laws?

Tighten the processes, define more of the facts, so you know what you’re communicating.  Let people ask questions, and let us have sufficient time to go through the curve.

A rushed rollout, will create more people who block the change, opt out, and never return.

I realise much of this post addresses how I feel, and the feelings I have picked up from care.data events, from others discussing it on the street and school playground. Emotions have a role to play in this discussion, but better facts will go a long way to making objective informed decisions. And crucially, our decision making must be allowed to be objective and free from emotional coercion.

I’m cautiously optimistic and look forward to seeing public materials to get the GP profession and public on board and riding the care.data change curve each at their own pace. There is clearly a tonne of work to be done. It’s not going to be glassy, by any stretch of the imagination, but perhaps we need a few rough times to remind us what matters most to us, and why.

It makes us engage.

The question is, in the coming weeks and months, is NHS England prepared for genuine change and engagement with the public, not just PR?

Flagship care.data – precious cargo [1] & commercial uses in theory

“The challenge is that if many users of data are intermediaries with re-use licences and even the HSCIC doesn’t know who all the end users are, how on earth can anyone judge how they will be for purposes of ‘improving NHS care’?”

Commercial and third party use is one of the most damaging aspects of the rollout which is wrecking the care.data programme.

I’ve cut my opinion on this care.data topic into two parts, theory and practice, to address the outcomes of the LMC conf of yesterday from a patient POV. From my lay perspective, the result of the debate and votes was partly due to the failure to shore up the policy theory around commercial uses to make any perceivable improvement to trust for the future. And partly based on proven failures in practice to protect our data in the past. Failures around commercial use of care.data in theory and practice.

The theme of making money, is a recurring topic for women in literature, and graced or should I say, grubbied  our screens in recent weeks in the adaptation of Dame Daphne Du Maurier’s Jamaica Inn.

Mary Yellan, orphaned and without means, seeks the only family she has and lands among the smugglers and muddy marsh of the Cornish moors. It’s not only set against a backdrop  of smuggling, but wrecking. The heroine struggles between moral conflict and practical necessity, whether to join in their activities, against her ethical principles.  She gets used to it but ultimately can’t live with it.

Given that the real inn is in the middle of a very bleak moor, with no outlook except the rough shorn grass, you need to really see unmet potential to want to be its new owner. For that, you need to see strong commercial opportunities or be a committed hard core Du Maurier fan. Or both.

So it can appear, from a patient point of view on care.data. Either the driving parties promoting the release of patient data see unmet potential [1] which needs commercial harnessing [1b], have direct commercial interests[1c], or they have another personal interest in its extraction and access. Or perhaps they are just hard core fans of data sharing, to the point that we should support mashing our health data up with commercial retail loyalty cards as Mr. Tim Kelsey suggested in November 2013 at Strata [from 16:00] [2].

Are the same people and organisations driving the programme and calling for ‘data for patients’ not also the same who will benefit most from having access to the data? The measurable benefits to us patients remain unclear, at best. The cost, our confidentiality and GP trust, is however clearly non-refundable. Consent, the age old pillar of medical ethics is to be waived aside. The LMC Conf obviously see value in protecting confidentiality at source if it cannot be guaranteed by others, whether the HSCIC or the data users.

Who will all the end users of our data be? They remain somewhat undefined, because the care.data addendum including Think Tanks, commercial companies and information intermediaries was not approved [3] and because future users are undefined in social care, for example. Future scope will entail additional future users. But then perhaps this should not surprise us that NHS England and the HSCIC expect us to acquiesce to this fair processing failure although we don’t yet know all the future end users, because Sir Kingsley Manning admitted that HSCIC does not know who all the current end users are either (Q272) [4a] at the  Health Select Committee hearing. So, were the GPs at LMC Conf just expected to trust ‘on spec’ to whom their approval of care.data would entitle its sharing?

Information intermediaries in particular, seem to still be on the key stakeholders list[5] in January 2014. But only a year ago, in April 2013, The ‘Health and Social Care Transparency Panel’ discussion on sharing patient data with information intermediaries clearly stated there was no legitimate or statutory basis to share at least ONS data with them. [6]

“The issues of finding a legitimate basis for sharing ONS death data with information intermediaries for commercial purposes had been a long running problem. A number of possible approaches had been considered but advice from the relevant Government legal teams was that there did not appear to be a statutory basis for doing so. The panel identified this as a significant barrier to developing a vibrant market of information intermediaries (IIs). It also limited the ability of IIs to support NHS organisations with business intelligence to evaluate and benchmark the quality of their services.

It was agreed that this issue needed to be resolved, and if necessary changes to the relevant legislation should be considered. ” 

I would love to know whether the law changed in the last year, how was the issue resolved, or has HSCIC and have we just through use, acknowledged that this sharing with intermediaries is acceptable and legal? The meeting later in July should have given clarity, but I can’t see minutes beyond April. They are no doubt somewhere, and someone cleverer than me, can help find them and clarify how the decision was reached I expect. I did find notes in the recent HSCIC audit of past data releases [4b], that ONS data was granted under existing law after all:

“The ONS data are supplied under the Statistics and Registration Service Act 2007 section 42(4) as amended by s287 of the Health and Social Care Act 2012, for the purpose of assisting the Secretary of State for Health, or the Welsh Ministers, in the performance of his, or their functions in relation to the health service.”

Since the Health and Social Care Act revoked the Secretary of State’s duty of care to provide a national health service, I wonder what functions it relates to as pertains to third party intermediaries? The ONS application form is detailed but no more enlightening for commercial intermediary use. I can’t help feeling we’re seeking justifications rather than good cause as the starting point for widening data releases. That we are starting to accept that our hospital records have been shared without our consent and sold. (Let’s give up the recouping costs word play, call a spade a spade. Data and cash change hands.). ‘What can we do about it anyway? we may well ask. As time has gone on in the care.data debacle, and in the three months since the delay, it appears from the leadership comments of NHS England from Mr. Kelsey in Pulse that, we’re not to worry, “now we are working to make care.data safe.” [free registration required] Still no one has said, we made a mistake of its handling in the past.

This acknowledgement however that work needs done to make the data safe, underlines exactly what so many saw months ago including the GPES advisory group which had concerns [17] in Sept 2013 on commercial uses and its communication, governance and patient trust. Care.data was launched regardless. Now it’s grounded.  What has improved since then? What remains to fix?

How well exactly did HES storage and sharing work so far, with breaches identified as well as the basic legal fair processing failing to inform us of its extraction? What has been done to prevent it happening again? I have seen no concrete steps which give me faith the past flaws have been fixed enough to now trust it in future.

In February, before the pause Jeremy Taylor of National Voices wrote a very sound 12 point plan of what needed to change.  Since then, what has actually  changed [7] as far as I can see, is only the introduction of a delay, and that his words were listened to, that there should be no artificial deadline:

‘”the timescale for launching Care.Data was entirely artificial, as is the six month “pause”.

Three months into the delay, nothing of substance other than agreeing there is no artificial deadline, appears to have changed.

The most significant past let downs have all been commercial or third party uses. OmegaSolver, Beacon Dodsworth, PA ConsultingEarthware.

The Care Bill amendment touted as a change in the legal protection of our care.data, does not block commercial Third party intermediaries sharing care.datauses of our data, only stating that it should be used ‘for the promotion of health’ which is open to all sorts of interpretation. Not least I imagine, those similar to ‘fight against obesity’ campaigns by marketing masters of commercialism.

So with little transparent change on policy, since we have become aware of data breaches, misuse and patient anger about commercial use, it should come therefore as no surprise that the BMA Local Medical Committees (LMCs) yesterday voted to state a preference for opt in not opt out, pseudo or anonymisation at source and insists that care.data should only be used for its stated purpose of improving health care delivery, and not sold for profit.

Simply: the public don’t trust that our identifiable data is protected and we object to all our data being traded commercially.

This is in direct conflict with HSCICs stated purpose in the HSCIC 2013-15 roadmap [8]:

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

And in statements by both Sir Manning at the Health Select Committee and Dr. Geraint Lewis [9]:

…”we think it would be wrong to exclude private companies simply on ideological grounds; instead, the test should be how the company wants to use the data to improve NHS care. And, as Polly Toynbee put it, if “it aids economic growth too, that’s to the good.”

The challenge is that if many users of data are intermediaries with re-use licences and we don’t even know who all the end users are, how on earth can the HSCIC judge how they will benefit ‘improving NHS care’?

As regards economic growth, if the aim is to give away data for free, as Mr. Kelsey told the September 13th NHS England board (from 26:10)[10], how is the NHS to make profit from it? It’s not. Commercial companies are to buy at prices only to help HSCIC recoup costs [11], so that is not technically opposed in wording to ‘ not making a profit.’ Citizens, GPs and others can be aligned with that on paper. But not in spirit. For now commercial companies profit from our state funded records, paid for by NHS DoH money.  They profit intermediaries with re-use licences beyond which we have no visibility or control of where our data goes or why. And the fact that the wider profiting third parties from the whole scheme,  ATOS paid zero tax in the UK in 2012,[12] really grates. How does the cash given to ATOS benefit economic growth in the country?

Therefore, for the LMCs to have voted now any differently, would have expected them be soothsayers, knowing that the care.data work-in-progress and any future changes will make both the future scope purposes and future users clearly defined, in order to fulfil their duty as data controller, ensuring patients have a reasonable expectation of how their data will be used. It asks GPs to betray their age old fundamental principle of medicine, to betray patient confidentiality, for commissioning. They are being told to betray the good ethics of consent.  They are being asked to betray patients’ trust and even to use that trust to ‘sell’ the idea in which they may not believe.

And care.data current processes betray the best practices of data collection – seek to collect the minimum data required, for a specific purpose and delete it when that is completed.

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’ consistent with the Data Protection Act principle 5. [13]

Instead HSCIC’s remit over the coming years of care.data is to fill in all the remaining gaps with any health and social care information not already collected [14], and keep it linkable from cradle to grave – or even from “germ to worm” for everyone with an NHS number in England. Purposes are non-specific and unlimited because they’ll change over time and the end users are not all defined for it plans to be opened up increasingly widely for use in social care and we don’t know what else.

caredatatimeline

 

In my lay view, the BMA LCs had no choice in the interests of their patients but to call for a rejection of assumed consent and commercial uses. The two do not go together. Opt out for uses of our data purely for NHS care and its planning would be much more palatable. But add in commercial uses, which is what has both been the main source of patient objection and data breaches, and it’s a deal breaker.

They can’t stake their support and reputation on a best guess of what might be. They can only base their judgement on what they know now. And no one supports care.data exactly as she is right now, which is why it is postponed and work in progress. Shore up trust, governance and axe these commercial uses and perhaps an assumed consent would seem more palatable. For example, Cross border governance needs documented when the application form gives non UK options. Scope and users need defined to ensure proper fair processing to meet DPA ICO requirements [16]. But so far, nothing has visibly changed.

It’s no different from when Ben Goldacre was telling us public trust cannot be easily regained and it broke his heart [15]. I know why, there are expected benefits to public research amongst others to access primary care data more than they already have in CPRD or pseudonymous data in QResearch and others, but we need to act based on today’s approved uses for care.data, not what might be remain in an undefined future. Right now, we’ve seen no changes of substance since the delay was announced.

NHS England can’t therefore genuinely expect to see a shift in trust in citizens or GPs based on nothing more than lines in the sand.

I believe GPs at the LMC Conf took the best decisions they could with the programme in its current form, with knowledge of past problems and lack of future clarity over scope and users.

They voted for how they feel best protects, respects and empowers their patients.

If our current Data Controllers and  guardians of confidentiality don’t stand up for patients to get the build of the infrastructure right before they agree to release our data to fill it, who will? The question will be whether the Secretary of State and NHS England will force their legal right of extraction through regardless, or will respect the medical profession’s representatives and the rights of citizens they care for?

There is an opportunity to fix things. The LMC Conf after all have no legal efficacy, they stated their opinion and stance which commands respect and attention. Flagship care.data is not washed up, yet. But it can’t sail without addressing governance and professional support. Commercial exploitation and assumed opt in are not going to work comfortably together. Transparency of who has access to what data for what purposes and how it is released needs sharpened up. And regardless of whether opt in ever comes onto the table or not, if care.data keeps her strongly  commercial heading many, many more will jump ship to opt out. The damage of bias will be done, either way.

She needs some new directions, helmsmanship that we trust and sound repairs.

********

If you have missed the background to this saga, I’d recommend the Julia Powles article in WIRED – what to save when the care.data ship goes down.

I’m going to look at some more of the commercial uses of care.data in practice another time. And clarify the communication of the opt out codes and why research purposes is a misnomer in the GP patient record sharing part of care.data purposes – it’s not (yet at least) an approved use.

********

[1] MOU between AstraZeneca and the HSCIC, December 2012

[1b]  ABPI Vision for harnessing Real World Data 2011

[1c] Hansard, Nov 2010 George Freeman ‘I know from my own experience that we are sitting on billions of pounds-worth of patient data. Let us think about how we can unlock the value of those data around the world.’

[2] Strata November 2013, Tim Kelsey keynote ‘mash it up with other data sources to get their local retailers to tell them about their purchasing habits so they can mash that up with their health data’

[3] care.data addendum Sept 2013

[4] Written Hansard of the Health Select Committee , 8th April

[4b] The HSCIC data release register issued on April 3rd 2013

[5] Oversight panel with input from Dame Fiona Caldicott, January 2014, with stakeholders’ list

[6] Health and Social Care Transparency Overview Panel April 2013

[7] National Voices – Jeremy Taylor, an excellent overview of 12 points which needed fixed from February 2014

[8] HSCIC 2013-15 Roadmap

[9] NHS England comments by Dr.Lewis on commercial principle

[10] September 13th 2013, care.data directions approved by the NHS England Board – care.data from 25:40 – 39:00 – note identifiable, not anonymous data is extracted and stored with the DLES at HSCIC, and GP objections to date on care.data opt-in seem not to have been respected in contrast to the claim ‘GPs make a decision’ from 31:00. There is to date, no communicated way to prevent HES data extraction and its sharing in pseudonymous form.

[11] The HSCIC Data Linkage price list

[12] The Independent, November 2013 Atos & G4 pay no corporation tax in 2012, National Audit Office stats via Adam Withnall, The Independent

[13] Data Protection Standards – retention, principle 5

[14] care.data programme overview April 2013

[15] the Guardian, 28th February 2014 – care.data is in chaos – Ben Goldacre

[16] Blog from the Information Commissioner’s Office on care.data Data Protection and Fair processing

[17]The GPES Advisory Group meeting minutes Sept 12th 2013

{updated 28th May – looks like past uses of our health data are now also under scrutiny by ICO which is investigating claims that insurers have accessed full medical records using subject access requests.}

By [email protected]

Deeds not Words – Women’s Political and Electoral Engagement

Suffragette
ca 1920 first US election to offer women the right to vote

“A hundred years on, would those suffragist women feel it was worth their collective effort and what it cost them as individuals?”

One hundred years ago today, protestors gathered outside Buckingham Palace under the banner of ‘Votes for Women‘. It was barely a year since the death of Emily Wilding-Davison at the Derby in June, 1913. Possibly the best known of the women who had campaigned in the suffragist movement (1), made famous after she died from her injuries after being trampled by the King’s horse Anmer at Tattenham Corner (2). There is still debate whether it was suicide or accidental.

The National Union of Women’s Suffrage (the NUWSS) had failed through peaceful means to reach their goal despite having the support of men and members’ bills in Parliament. The Sufragette group, the WSPU, were less patient.

Under the slogan ‘Deeds not Words’, the anniversary of Emily Wilding Davison’s death last summer triggered a spate of features. There was an excellent historical account delivered in Parliament, by Dr. Mari Takayanagi (4), which includes how the movement and ‘votes for women’ and first female MPs appeared to have made a difference in Parliament.

“There was a raft of legislation passed throughout the 1920s on issues that affected women’s lives and gender equality – including things like the Sex Disqualification Removal Act which allowed women to practice as lawyers, to enter professions like accountancy and become vets and so on for the first time. There were acts about things like pensions; there were acts allowing women to inherit property; there were acts about things like the age of consent and the sale of alcohol to young people. The list goes on and on.

And none of this kind of thing was passed before the First World War and you’ve got to think it’s because women are part of the electorate now and the male MPs had to sit up and take notice of their views as they hadn’t before.”

However, what has been done since the anniversary to address the importance and relevance of women’s votes today and to encourage electoral engagement before these European and local elections on May 22nd 2014?

A hundred years on, would those suffragist women feel it was worth their collective effort (3) and what it cost them as individuals?

In 2013 my local election saw the Conservative candidate win only 231 votes ahead of UKIP – both candidates attaining over 1000 votes, in a turnout of barely 32%. I spoke to her and others, after that vote, on the subjects of women in politics and the continued importance of women’s rights and activism.

Pat Arculus, is our Conservative County Councillor and an Adult Safeguarding Champion. She said,

“It’s a funny game politics, how can we change it? I’ve just been watching Question Time. They’re arguing about the Health Service. You watch it and think, how is this relevant? Why don’t they just get together and sort it out? I think that may be it, women just want to get things done. You run a family, you have a problem, you sort it out and get on. You don’t spend hours arguing about it. Perhaps that’s what puts women off politics.”

Women today in the UK get to participate in the democratic process thanks at least in part, to the efforts and commitment of those women, not so many generations ago  But do women today see the need for their active participation? According to Mrs. Arculus, her recent experience of electoral engagement is poor.

“There is a complete disaffection. It’s not even apathy. It’s “we don’t like politics”, “it doesn’t make any difference,” and “it doesn’t matter who we vote for.” If our young people hear that, then it’s a self-fulfilling prophecy.

“I was delivering leaflets and teenagers in the garden, I don’t know if they were of voting age, said, “no no take it back, we don’t vote for them.” I was shocked. As a mother it’s not my place to tell them who to vote for. I’d say to young people, read everything, read them all and make your own mind up. If you go into schools and they run mock elections, they are more active than we give them credit for. They seem to lose it, when they get older and don’t see any point.”

But this comment from a year ago, is what we must encourage the major parties pay attention to now, for the 2015 General election:

“In the last election, my majority fell from 2,800 to 220 and that all went to UKIP. So the public are feeling angry, about something.”

Emily Davison, with a first class degree in English as a man, could have walked into many jobs. In her time, with the equivalent as a woman, she was unable to participate in various circles, and found work as a governess and then, as a result of her activism, was sacked.

The issues of equal employment rights, pay and the role of women in childcare and the home are as current today as they were then. We should not take women’s rights to vote here, or in non-UK locations for granted even in countries we may not expect it. Switzerland granted women the vote only in 1971, and it wasn’t until the 90s in some municipalities. And it is easy to forget that full Parliamentary equality in the UK was not achieved until the Peerages Act of 1963.

Women as MPs, mothers, as managers, all as ordinary citizens need to stay as alert as ever to the equality of rights we have come to expect as the norm, to preserve them and to pass on their worth and relevance to our children. Men need to as well, just as importantly.

Rosamund McNeil, Head of Education and Equality at the NUT told me,

“Sometimes it is taken for granted that women today can have public roles, a life outside the home and can speak for themselves. The suffragettes must be celebrated because it reminds us that change and progress is hard won, and that gains for women must be guarded and not reversed. By looking back, it can generate creativity about how to take forward the debate on women’s inequality. I think their stories can inspire young women today to take control of their lives, to make their voices heard and to defy the stereotypes that remain about what women should say, think and do.”

So are the voices of our young women being included and heard in the current election? The suffragist women campaigned with passion for enfranchisement, for the right to vote and to have woman’s voices heard. One may say today,  to become empowered.

There is a feeling about voting today, that it has lost its power.  Not just for women. As exemplified in Pat Arculus’s story, the feeling that whoever we vote for makes no difference, it’s all the same anyway. Talking to people on the street this week about the European Election on May 22nd, I heard the same things.

Worryingly for me, I’ve found there is an undercurrent of nervous excitement when someone mentions UKIP. In our exchanges in the street, whilst out campaigning to encourage voting participation (of any party) on the European Election, there was a spark in the conversation. People talk openly between each other, of a shake up, of change. Men I spoke with seem quite unconcerned with racism or policy, almost as if acknowledging that there’s a touch of racism and misogyny in all of us, just the ‘real politicians’ are too plastic to let it show. A few men brushed aside hard questions, with a hand flutter of bravado. You get the feeling, there’s almost a hint of ‘at least he’s himself, flaws and all.’

Our respected elder statesmen, have for the most part, left the House of Commons.  We hear staged soundbites and laugh at PR gaffes. But is this to the detriment of politics seeming real? Has spin created an image of politics so worried about what it looks like in the press (5), that to the people it looks like nothing we can connect with or trust? So afraid of making a mistake, that can be exploited by the other side, that the leaders have forgotton who they really are at heart and why we should trust in them?

I feel it is this, which women in England feel disaffected by, why politics seems like a man’s game. But both men and women appear to feel disenfranchised, that mainstream parties are too similar, and anyway, ‘they’re all politicians’. 72% of adults surveyed by Ipsos Mori last June felt in general MPs could not be trusted to tell the truth (10). We don’t trust most politicians, we can’t be bothered with all the game playing and word play behind ceremony and late night debates with party political point scoring. We’ve too much else to do with family, work, volunteering and caring, and everything else women take on and juggle. That’s the impression and sentiments I have been given listening on the street to the middle aged and younger voters.

The risk is, through lack of political involvement we disempower our voice. It is even harder to influence politics from outside. The broader risk is, we also see women falling away from the polling booths as was reflected in some of the women I spoke to this week, who either weren’t aware of the election or did not plan to vote on May 22nd. Political apathy leads to electoral apathy as well.

We also risk passing on that disinterest and lack of knowledge to our children.  As one 17 year old girl told me when I asked how they would feel about voting in the next General Election,

“I don’t know anything about it. I don’t think it matters what you vote for, so I don’t think I would. I thought Tony Blair was Prime Minister till someone told me last week he’d changed.”

Her friend added,

“It’s quite exciting though. Seeing as we would be allowed to (vote) for the first time.”

I’d like to think that spark of excitement, could be spread, and underpinned by some conscious thought, to make a difference in the future. But surrounded by friends or family who are apathetic, without encouragement, it is likely to be put out.

Women who choose not to vote run the risk that we will enable men with the hints of the Farage to become empowered through our inaction.  I’m not saying all men, and all women, revealed this split in  tendencies by any means. Or that support of any party is gender based. But it was a noticeable enough trend in a spread of white, middle class Sussex adults whom I spoke with this week.

As it appears manstream parties which have become ever closer together are not representing the views of many people and are not to be trusted, people are looking at the outer wings of the political spectrum, and looking to people who may be imperfect, but look and sound real.

Overall, people just want a decent life in which people get on, are safe, thrive and look out for one another. Most people, like society to be inclusive. That’s what I picked up in a the majority of opinions. But they don’t appear to believe that common sensed approach is well enough represented in politics. Because party politics skews it.

Just talking to people, it appears a common thread that when it feels that manifestos are meaningless especially in coalition (6), people fail to trust them and the parties who propose them. Unable to be convinced by policies, they are instead attracted to people they believe in. We need people with whom the disenchanted can connect in a sensible way without having to reach out to the extreme margins of politics. We need policies and politicians we can trust. We need genuine, passionate people we can believe in.

We need to see that there is value in our vote and see a need to use it wisely.

As the Rt Hon the Baroness D’Souza reiterated in a presentation (7) last autumn,

“political engagement is not a luxury which can be tacked on to society, once it is sufficiently developed. It is a basic human right which affects our lives and livelihoods.”

You could argue that where people’s priorities are simply subsistence and survival, political empowerment is low on their agenda. Standing up for political and electoral involvement should not be a luxury in the UK, where we might believe developmental barriers do not stand in our way to political engagement. But there are many families and individuals in this country for whom economic security or access to further education are not a given.  Government policies which undermine  either for any parts of society, risk not only harming parity of esteem, but risk undermining the opportunities for full & equal access to involvement in political engagement,  which undermines basic democracy.

The electoral commission, identified (8) that those suffering from social deprivation tend to also be the most politically excluded in society and political disengagement can itself be a form of social exclusion.

A basic lack of trust in our elected representatives, is a sad state of affairs. Combined with a lack of knowledge,  a cynicism about politics is shaping politics in ways which mainstream parties should be taking seriously and acting upon.

According to an Ipsos MORI poll in December 2013, 77% of adults asked agree that they know less about the issues in a European Parliamentary Election than at a General Election. (9)

Public cynicism with politics is nothing new, but it looks like it has become entrenched.  Disenchantment with politicians is shared across supporters of all parties – but is noticeably higher among UKIP voters, who seem most unhappy with the current political scene.” (Ipsos MORI 10)

It might not be sweet in reality to become actively, politically  involved, like Disney’s Mrs. Banks would have us believe of the suffragettes, but we need to remember their ‘Deeds not Words’ of the past. We need to remember why it is still necessary today. And we need to encourage our friends, family and daughters to remember Emily and all the ordinary women who made a difference, so that we may have the choice to vote as a right, one which they had to fight for.

No matter how disenchanted we feel, we are no longer  disenfranchised unless by choice. Women, get out and vote.  Get electorally involved at least. Remember what others sacrificed for us to be able to do so. Well done  sister suffragette!

If the majority of the population don’t vote, we shouldn’t be surprised if the collective majority opinion, is less represented than it should be. That allows the extreme views, over representation.

We need our collective engagement just as much today, as a hundred years ago.

____

Refs:

1. Votes for Women Open lecture slides by Dr. Mari Takayanagi

2. British Pathe – Emily Davison and the Derby

3. BBC bitesize history of the Suffrage movement

4. Dr. Mari Takayanagi full lecture notes

5. Rebranding ed Miliband – The Guardian April 2nd 2014,  Krishnan Guru-Murthy, Michael White, Lauren Cochrane, Lance Price and David Schneider

6. Defending the Coalition will cost the Lib Dems letter from Social Liberal Forum, August 2013

7. Towards Political engagement for women Rt Hon the Baroness D’Souza presentation Nov 2013, Parliament Week 2013

8. Social exclusion and political engagement Research report by the Electoral Commission – Nov 2005

9. Ipsos MORI December 2013 poll. Ipsos MORI interviewed a representative sample of 1,286 adults aged 18+ across Great Britain.

10. Ipsos MORI 2013 Trust in MPs poll, Ipsos MORI interviewed a representative sample of 1,023 adults aged 18+ across Great Britain. Data are weighted to match the profile of the population.

 

 

 

 

care.data – the 4th circle

commedia“Will it become a productive process putting patients’ choice and empowerment first, or is it all talk, hurling stones at one another, going round in circles and building nothing?”

Since The Lords voted to reject proposed amendments last week, to legislation which would have emphasised patient empowerment in the programme and shored up trust, I feel a little in limbo.

As patients of the NHS in recent times, we have been bombarded with the language of patient choice, personalised care and patient empowerment. Putting patients first.

But what power or choice do we patients really have in the use of our health data?

It seems that increasingly media articles, meeting minutes and speeches talk of power and patient empowerment, but it feels like in reality we have less and less.

So too we hear repeated how ‘powerful’ our health data is. How the power of data and its management is used, how the concomitant language is used, misused and shared with others, influences decision making around the subject and our patient rights.

All things are subject to interpretation. Whichever interpretation prevails at a given time is a function of power and not of truth. – Friedrich Nietzsche

As a Germanist at university, interpreting Nietzsche was both a cause for celebration and a cause of much gnashing of teeth. Having also studied Italian, I’m mixing my Dante in there, apologies.

The gnashing of teeth, biblical in origin, was reserved by Dante for the fourth circle of Hell, in his most famous work of his trilogy, the Divine Comedy. The fourth circle was the realm of money. It contained two opposite groups, the avaricious and the squanderers. The bridge builders and the destroyers.

Both the hoarders and the wasters are obsessed with development, either promoting it, or stopping it at all costs. And their punishment is to go round in circles, labouring against each other with heavy rocks, from opposing sides for eternity.

My background is in making technology functional for users to make their work easier. Systems only work which  have a proven benefit for the stakeholders. Introducing new systems is not about technology, but about people. If people don’t want to use your system, you can’t make them. They will find a workaround or data quality will be so poor as to make it worthless. Any project with opposing sides, will have some degree of argument and failure for one or more parties. It’s not what working together, should be about.

When I heard the Lords debate, two things struck me.

The first, whilst different arguments were debated they were really not opposed to one another, but trying to find the best way of achieving the project aims. The vast majority were common sensed and aligned. Wellcome and the AMRC support the legislative shoring up of trust. The biggest difference was that citizens’ trust and empowerment were supported better by the amendments, yet the vote went the other way.

The second thing which struck me, was how the language used can sway what we believe. We only believe what we want to believe, after all.

Labelling data as anonymous or de-identified when what is meant is pseudonymous, and mixing in ‘Open Data’ when ‘shared data’, is meant, is not the same thing at all. And it’s very misleading.

The Lords ‘ping pong’ last week again misrepresented, I feel, the weight that anonymous data sharing should have in the debate.

Earl Howe said;

“I stress this point in particular, as I understand that it has been the subject of some confusion. There is already a strong legal framework protecting the confidential and identifiable data held in people’s health and care records, not just the information held by the HSCIC but more generally. The Data Protection Act, which implements the EU data protection directive into UK law, provides powerful protection of information about living individuals. To summarise what is a lengthy and complex provision, it requires all such data to be anonymised except where there is good reason to the contrary. It remains the case that the Data Protection Act continues to offer strong protection of personal data…”

The fact he wants to make such efforts to ‘stress this point in particular’ does not fill me with faith in the system. In fact, I’ll be honest, I feel that on this point he was factually misleading.

Firstly, in terms of extraction.

The default position is to extract fully identifiable and personal data unless individuals object. PCD will leave the practice for all patients, where there is a legal basis i.e. under the HSCA 2012 or Section 251 approval.

So for Earl Howe to focus on anonymous use, detracts from the fact that it is not anonymous upon extraction at all and may be used and is used with identifiers, far more widely than patients might expect once processed. And will be by default, unless people activley opt out.

Misuse and inappropriate levels of risk exposure are made less transparent by the wording of what type of data it is.

Time and time again, even in the Lords last week, I am frustrated to hear inappropriate use of terminology which perpetuates misunderstanding.

We need to be very clear what  differences there are between data sharing and Open Data. Professor Sir Nigel Shadbolt addressed these differences and the release of Open Data at this conference on March 20th 2014. He importantly makes the distinction that the reusable open-to-use-by-anyone data of Open Data definition, is separate from most uses of personal data, even in the current ‘grab’ going on. [his words]

The Open Data movement is not trying to liberate and put out all our personal data.  He sees personal data, fully and properly anonymised, with consent,  will play a role. But we need to understand different ways of handling the different types of data.

Governmental legal guidance in 2010 did not have the interpretation we have been given today of amber, pseudonymous data. In this file you’ll see it’s personal (red) or it’s not (therefore fully anonymous). But it is clearly noted that anything which is not fully anonymous, i.e. what may identify individuals (what HSCIC labels Amber), should be treated no differently from red data.

“If the data to be shared is fully anonymised, then it will be less likely for problems should arise, though consideration still has to be given to the principles in the Data Protection Act 1998 (DPA). If the data required for statistical purposes contains information which may identify individuals (personal data), then the sharing should be approached in the same way as for any other circumstances, as explained in this guidance.”

I have no idea by whom and for whom it was written, but they state they consulted ICO.

We need to be clear, this is important both for public and parliamentary perception to make informed choices and inform the parliamentary care.data and wider data sharing debate.

In Parliament yesterday, Chi Onwurah MP (14 May 2014 : Column 848) said with regard to the Apprenticeships, Skills, Children and Learning Act 2009 – my bold:

It is therefore deeply troubling that the Government have tabled a last-minute new clause to the Bill to authorise data sharing among the Department for Business, Innovation and Skills, Her Majesty’s Revenue and Customs and persons providing services to them when it comes to apprenticeships. This may be both necessary and useful—the actual data to be shared may be entirely harmless—but it should be done transparently, with the right safeguards and accountability in place, and it should be done as part of a coherent strategy. This is clearly not the case here. The “person providing services” could be anyone, from individual consultants to big multinational companies.

We therefore tabled amendment (a) to ask what information was being shared, with whom, by what process, with what accountability, and how it fitted into the Government’s data sharing strategy. If the Minister can answer all those questions, perhaps the amendment will prove superfluous. If not, why not?

Doesn’t it sound rather familiar? Rushed amendment, lack of transparency, loose terminology of data recipients and purposes. If data is presented in wording which is inaccurate, we can only expect its use to be so too.

We need to ask what is the Government’s data sharing strategy and whom does this legislation serve?

Increasingly it seems to me that the Government is firefighting ad hoc bits of data legislation into existing Bills to enable their initiatives which need our personal data. We are being mined on all fronts. Open Data across the board, HMRC plans, DWP, the NPD, DVLA, care.data and more. And mostly, without our consent and often without our informed knowledge.

How is this empowering patients and citizens by removing our choice or rights of autonomy?

Some data sharing programmes may have been addressed and work well. But it takes more than a bathful of corks, to make a watertight boat. It sounds to an outsider, like overall data sharing design and strategy needs to go back to the drawing board and draw up a decent infrastructure. Patching like this, is a waste of time IMO and we can just sit back, and await the future leaks. I just hope they won’t be nightmare stories in health.

All in all, ‘you have a choice’ sounds rather hollow in all manner of fields right now. It’s been a bad week for patient power from where I write. Our local GP practice caring for 4,000 patients is set to close at the end of the month and the list shared out to three already full alternative practices.

Tim Kelsey as Director for Patients and Information outlined in 2012:

“making data available to the public does drive choice in the same way it would in consumer markets such as financial services or mobile telephones or whatever.”

Freed data was seen to walk hand-in-hand with choice. We were told with patient choice, would come patient empowerment. The NHS was turned into a consumer market in the HSC Act 2012.

It’s therefore ironic that the foundations of care.data fail to put patient choice as its cornerstone. It’s not a consent process which is set out by the HSCA 2012 (250-60’ish). It’s a gateway for extraction with no more than fair processing requirement. That loss of autonomy is not giving patients control nor choice. And the choice that is on offer, is limited. Both in scope and time. The only choice offered in the patient leaflet and communications, is to restrict fully identifiable onward data sharing from GPs or from HSCIC. And to be excluded from care.data is a limited offer – before it is launched. After that, the only choice left is to request the data which has been extracted is made pseudonymous, but it is not possible to remove it.

There can be no arguing with what has happened in the past regarding data releases which may no longer be seen as wise. Despite the fact the Information Centre cannot tell us today, (Q272) who all the end users of data have been in the past, we are offered no new barriers to breaches of trust happening again.

The Health and Social Care Act 2012 brought in fundamental changes in both practice and balance of power between patient and provider, and the State. These are changes in society over which we have little control, for now. Come the next General Election, there may be political change and ideology may be different. It may not be. And inevitably in our current political system, it will swing between different thinkings over time. But our health records given up today, are given up for life. Commercial exploitation is a value set being thrust upon us, which we may or may not not embrace. Both in terms of with whom our data is shared, who is managing it and how.

I met my own MP last week, thanked him for sharing my concerns with the Department of Health last October, and discussed the current status of the programme. He asked me, was I against sharing our medical records at all costs? To which my answer was no. No with a number of caveats.

We are used to, what most would see in this country, as a benign government. Events around the world, show us that we should not take it for granted. (I imagine at this point a failed Conservative election 2015, Boris with his cornflake model for society, replaces Cameron at some point in the next term, and wins in 2018 with support of a minority UKIP coalition. My personal result from hell. Don’t forget to vote May 22nd!)

If we have no statutory strength, what do patients really have power over in the choice to share our medical records?

So far we have only an objection to identifiable data sharing. No opt out of other data sharing from HES at all has been offered in patient communications. No opt out form and nothing in law. And Mr.Hunt’s word of ‘an objection which will be respected’ but does not yet match with what he promised on February 25th, and opt out of anonymised data used in research. 

…”we said that if we are going to use anonymised data for the benefit of scientific discovery in the NHS, people should have the right to opt out”

That’s not only on identifiable data as the patient leaflet proposed.  However I fear this may once again become subject to interpretation. Mr.Hunt has the power to make his promise a reality. I would greatly respect what he says, if we see his words become action.

In 2009 Mr.Kelsey voiced his opinion on opt out, in article published in his name in Prospect.

no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised..”

So who holds the power to make the decision? Mr.Hunt, Mr.Kelsey or do they mean what they say, they want empowered patients?

Whilst there are individuals who appear obsessed with pushing forward the promotion of health data sharing, at all costs, whether with their own Life Science company background interests, or with a vision of how we will mash it up with supermarket loyalty cards, others may be pushing back, immovably opposed to the whole idea of removal of GP patient confidentiality.

Unlike the fourth circle of Hell, there appears to be a more commonly held middle ground.

However, reality is that the opt out does not work like that yet. So far, we do not have a communicated choice on amber HES.

So even for those who support some data sharing, whilst trust hangs in the balance, people will not support a system which appears to deliberately disempower us. By first starting with opt out, care.data is skewed to removing patient choice from those who are not paying attention to public issues and we’re not sure of the security of the objection on offer anyway. Those who are alert, mainly dislike the idea of our data being traded with third parties who may use the data to create knowledge which they sell on, for profit. When we see stories of who uses it and how, we feel let down.

It feels both an abuse of trust and of power, that having trusted ‘the system’, we have been failed by its gatekeepers and guardians.

It is ironic that in a society in which news and campaigns persistently remind our children that their bodies are their own, that the knowledge of their workings will be taken from them without their knowledge or future ability to withdraw their consent and remove their records. In their lifetime, it might not only be e-data but biomedical.

Within assumed consent and opt out based on an honour system, is the question of power and control.  There is one person making a decision who can choose whether or not to respect our objection.

We have only his word, that we have an objection to share any individual identifying data from our GP practice.

The patient leaflet says, ‘you have a choice.’

In reaching our choice, I also ask if we are each individually empowered to make it of our own free will, or will we be emotionally ‘encouraged’ to see it as the right thing to do?

Perhaps made to feel selfish if we do not. Is this free and informed, and not coercion?

Citizens must be pro-active to opt out. The last letter from May 2nd online from Mr.Kelsey suggested we can work together, to get care.data right. However,  in the same letter our patient choice, comes at a price. Whilst being encouraged to see reasons to stay opted in and give up our data, we are told of a patient who was misdiagnosed and died.

“In future, this can help prevent cases such as Alison, from Hampshire, who went to her GP suspecting she had a brain tumour, but was prescribed painkillers. She was eventually diagnosed in A&E after a seizure and died less than a year later.”

I feel when I read that, it came across very much as, “see what happens if you don’t share your data? You’ll die prematurely” and the second statement on cancer in A&E made us feel guilt that we may not help us identify why someone else who died.  And if fear and guilt are not strong enough sticks, here’s the carrot, by sharing our data we’ll keep it safer somehow, by entrusting it to the State:

“minimise the risk to a person’s privacy being compromised in an age of increasingly sophisticated digital threats.”

(Erm, let me keep it only accessible by my GP practice then, rather than risk sharing it via Google Cloud?)

Please. Stop chivvying us into doing what you want. We have a choice. The leaflet, which we may or may not have ever received, told us so on the front cover.  You cannot also tell us what to choose.  Big Brother, you don’t have the right to make up our mind for us. No matter your own experiences, whether it’s a family friend’s care, or the terminal illness of a son, or indeed each of our own family experiences. None of us have the right to decide what is a correct decision for others. Neither should Mr. Hunt be asking GPs to ‘sell’ the programme to patients. It’s an abuse of power to coerce a free choice.

I don’t want to feel emotionally manipulated. Just be straight talking and trust us to make up our mind as we see fit.

Overly aggressive charity collector chuggers asking for cash donations on the street, get short shrift these days. It feels like the programme is still trying the same, with mildly threatening tactics in order to use our data, by research charities among others. The lesson why that’s not right seems not to have been learned. The Wellcome Trust clearly does understand what is needed and backed the Lord Howe’s governance and oversight proposal. (Col 1520).

The letter also gave the impression that poor or missed diagnoses in primary care were responsible for disproportionately finding cancer in A&E, which was disputed on social media Twitter by medics suggesting similar use of statistics had been previously corrected, when NHS England retracted it last autumn. Another lesson not learned. Is it an abuse of statistical data if whilst factual, it is knowingly being misunderstood and creating misinformation.  One could also ask, is this not an abuse of the power of data and anecdote?

Dante was a tad cheeky in the Comedy. He sought to create his own immortality. By retelling the stories of the damned, he created his own power over them. He controls the narrative, selecting whose stories get shared and those which do not. He is selective with the truth. He believes that by interpreting others’ stories he could give them, and himself, an eternal life. He puts himself among the great poets who have gone before him and enjoys their glory.

He is led through Hell, by Virgil, someone he both adulates and trusts.

So too patients need leadership we can trust and respect. We need transparent and accurate truth, if we are to build trust. There is no room for emotional blackmail.

There should be no power struggle in a free decision. Like in the Divine Comedy, there’s lots of rights and wrongs, differing ethics  and moral dilemmas to consider. But judgement should not be made.

Personally I believe it is not right that we parents should determine now what should be our children’s choice, with no correction nor future opt out. Not everyone *is* a willing research patient, and that’s OK. Others may want to be as involved as possible. Only 4% of the population are blood donors, but I’m not going to browbeat anyone into doing it who isn’t.

A stick is still a stick, even if you tell us in your opinion, it’s the right thing to do. You want to empower patients? Prove it. Empower us with statutory opt out and trust us to make our own choice.

Put patients first and show us you mean it.

Will it become a productive process putting patients’ choice and empowerment first, or is it all talk, hurling stones at one another, going round in circles and building nothing?

Does Mr. Hunt, Government and NHS England really want to involve patients about decisions made in the NHS, and in the use of our health data in particular?

What powers-at-be are deciding how our data is managed and governed and who can have it and why?

One of my favourite mottos is found in ‘Inferno’, Dante’s Hell.

“The hottest places in hell are reserved for those who, in a time of moral crisis, maintain their neutrality.”

In Dante’s Commedia, treachery against religion and against government are both reserved for Hell’s final circle.

I hope my public stance is helpful. I fear it has become a bit of a rant.  Apathy is neutral. But this is no time for neutrality.  There are those in power who make decisions, those with power who influence them and the rest of us. We need to speak up.

To protect our patient choice and to ask to exercise our patient power, so oft championed in word by NHS England and Government, feels so far, rather a risky position to take and challenge what is yet an empty promise.   But public opinion should not be ignored when considering what is deemed to be in the  Public Interest.  We need a more interested public to understand what it will mean if our health data is given freely to third parties, perhaps cross borders, in pseudonymous form without data protection controls or any need to respect consent or inform us. Not just today, but for our lifetime and beyond.

We need some good interpretation and good bridge builders.

We need leaders we can trust to lead us through this process and positively out the other side.

..”every single NHS patient should have a right to opt out of having their data used in anonymised scientific research. I think that was the right thing to do. Of course we are having a difficult debate, but its purpose is to carry the public with us so that we can go on to make important scientific discoveries.”

[Jeremy Hunt, 25th February 2014 – col 148]

Power to the People, was timely this week. Is it all talk, or do you trust us to make our own choices? Trust is a two-way process. You want us to trust the system? Give us a statutory opt out. Get the governance and oversight procedures sorted out.  Narrow the commercial purposes for which data can be used.

I think patients can see the benefits of the programme, but it’s going to be hell getting to a workable solution if basic patient empowerment is left off the discussion table. After all, it’s our data.

PS: (The remix of power to the people may be better than the original.) Maybe there’s a second chance for most things.

 

An ode to care (dot) data

To be or not to be, that is the question.
O, what men dare do!
Two gentleman of Verona
Measure for measure
and in a Midsummer’s Night’s Dream
And like the baseless fabric of this vision
imagined there would be much ado about nothing.
Mum’s the word!
But this denoted a foregone conclusion.
Open-eyed conspiracy!
Wherefore are these things hid?

Oft expectation fails, and most oft there
Where most it promises.
The plan would be a winter’s tale.
But as you like it
or as not
Damn’d be him that first cries, ‘hold enough’!
These tedious old fools!
The tempest doth make delay.

Will the work done be love’s labour lost?
Will the storm nay be calmed?
Sigh no more, ladies, sigh no more,
Men were deceivers ever.

Would they want that chinks be earned
Gold? Yellow, glittering, precious gold?
No, Gods, I am no idle votarist!
All gold and silver rather turn to dirt!
As ’tis no better reckon’d, but of those
who have want.
“Shylock, we would have moneys,” you say so
the pound of flesh which I demand of him
is dearly bought. ‘Tis mine.

What might be toward, that this sweaty haste
Doth make the night joint-laborer with the day:
Who is’t that can inform me?
Friends, Romans, countrymen, lend me your ears!
Who bare my letter, then, to Romeo?
The letter was not nice but full of charge,
Of dear import, and the neglecting it
May do much danger!

Ignorance is the curse of God;
knowledge is the wing wherewith we fly to heaven.
No legacy is so rich as honesty.

For all this same, I’ll hide me hereabout.
His looks I fear, and his intents I doubt.
And exempt from public haunt,
finds tongues in trees.
You are thought here to the most senseless and fit man for the job.
Alas poor Yorrick
a fellow of infinite jest, of most excellent fancy.
Conscience doth make cowards of us all.

And enterprises of great pitch and moment
With this regard their currents turn awry,
And lose the name of action.
What’s more to do,
Which would be planted newly with the time,
How poor are they that have not patience!
Yet, do thy worst, old Time: despite thy wrong.

Don’t trust the person who has broken faith once?
The quality of mercy is not strain’d
I have spoke thus much
To mitigate the justice of thy plea
If we should fail –
We fail!
But screw your courage to the sticking-place,
And we’ll not fail.
All’s well if all ends well.
Love all, trust a few, do wrong to none.

Now this overdone or come tardy off,
though it make the unskillful laugh,
cannot but make the judicious grieve,
the censure of the which one must in your allowance
o’erweigh a whole theatre of others.

What’s done can’t be undone.
Forget, forgive, conclude, and be agreed: Our doctors say this is no time to bleed.

*****
Words taken in tribute,  from the works of Shakespeare
(23 April 1564 – 23 April 1616). 

All his words, not necessarily in the right order.
Celebrated on the date of the 450th anniversary of his birth, on  Metro considered, what if Shakespeare had Twitter?

Care.data – Getting the ducks in a row

Good Friday has different meanings and traditions across the cultures. For some the most sombre day of their church calendar. For others, another Bank Holiday and start of the long weekend in spring. For Mr.Cameron this year, getting stung by a jelly fish abroad.

For me, visiting family in a small nordic village, it’s the day of the annual duck race fundraiser.

2,000 numbered plastic ducks are thrown into fast moving water high upstream, and the public waits and watches anxiously as the toys approach the central village bridge and race beyond. The first to hit the finish line net at the weir after an arduous course, is the winner.

There are lots of obstacles along the route and some ducks get stuck. Children are allowed to pick up those off-track in side eddies and hurl them back into the main channel. As a parent, you inevitably lose your child at some point in the crowd, fret they may have joined the ducks for a swim, and the whole race always takes longer than we expect.

So, it feels, as a citizen and patient, is the current progress of care.data.

There was a misjudged start. There’s lots of obstacles still to overcome. It looks like the finish line is getting clearer. And some believe it might take longer than first thought.

Whilst on holiday I’ve taken time to read over the recent letter, to colleagues, from Tim Kelsey & NHS England. It’s addressed to colleagues, which I’m not, so perhaps it feels a little like looking over someone’s shoulder on the train, but hey, It’s the only update we’ve got.

Looks like some positive acknowledgements and steps are in progress:

  • We will work with stakeholders to produce support materials, such as an optional template letter for patients and ways of making opting-out more straightforward
  • We need to do more to ensure that patients and the public have a clear understanding of the care.data programme
  • This work is continuing and we will update you on these changes separately 
  • We want to hear your views and suggestions so we can take action to improve and build confidence in the care.data programme. We will also be engaging with patient groups, GPs and other stakeholders through local and regional engagement events

Notably, it’s the first time NHS England has said opt out. In the past it has only ever been an objection. As a linguist, language is important to me. And the two are not synonymous no matter how often I may be told by NHS England that they are to be used interchangeably.

It’s the first time there really feels like more give, and less we’ll take without asking you first.

And it’s the first mention towards offering local and regional engagement.

There are some new hints which need explanation, such as a change towards who may use the data – described always as for secondary uses, clinicians and patients using it is new:

“Care.data is an initiative to ensure more joined-up data is made available to clinicians, commissioners, researchers, charities and patients.”
And there are some ideas which are making progress, but seem a little stuck.
“In addition, steps have already been taken in making changes to the law”…

Whilst changes have been put into the Care Bill, other rather sensible ones, such as legal penalties for data misuse were rejected. And the purposes are still so loose as to be possible to give data for a wide range of ‘health purposed’ clients. That was the day in which it appeared fewer than 50 MPs were in the chamber to hear the Care Bill debate in which nearly 500 came in to vote. (How they can reasonably and effectively vote on something in which they did not hear the debate, I don’t understand.) These are legal changes I believe which need hurled back to Parliament to get them on track again.

Experts much wiser than me, have made a proposal of comprehensive amendments, and seem, from my lay understanding, both really positive and practical.

The “optional template letter for patients” may be something GP practices could consider using to contact individuals where they know that leaflets were not delivered. Even Dame Fiona Caldicott did not receive hers. (BBC PM listen from 33:30)

If centrally, it is known where they did not reach patients, it would be helpful for GP practices to then be able to evaluate if there is an additional need to contact their patients. For example, in my area, no one I have spoken to received a leaflet.

Perhaps that might seem trivial now, and in the past, but for trusting the scheme I believe it is really important to know why that was. Because since no opt out was originally planned I want to know that the intention was truly to tell us all. Did they print enough? Distribute enough? Follow up at all? I’ve asked to find out.  After all, it was our state money that paid for it. A previous Freedom of Information request, on the status of its distribution with Royal Mail, from Phil Booth of MedConfidential appears to contradict ministerial mutterings that said an exception was invoked. I know that for myself, I had not opted out of junk mail, yet I still didn’t get one. I knew to look out for it and inspected my pizza flyers and dog walking leaflets in every post in January. No leaflet and all of my friends were the same.

If the experts such as Dame Fiona, the GPES advisory group which in September had:

major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced”

and ICO felt the leaflet went out with the wrong content and was rushed then I want to know why, so that the same people are not making the same decisions, and will cost us time and trust again. Why it went ahead against every expert’s better advice is important to understand. “Regrettable that you are not now able to take any of our comments into account” was ICOs comment and the sentiment seems echoed by Dame Fiona on today’s radio broadcast.

Even a lay person like me, could see it was a disaster about to happen.

My suggestion, was that role-based patient communication would be much more understandable. Take some stereotypical sample citizens, map their ‘day-in-the-life’ using HSCIC data systems, show how these interactions send data to HSCIC and map them to show what data is extracted and where it goes, is stored and may be viewed and distributed by whom. There are an awful lot of individual scenarios so no model may match any real patient experience, but looking at it backwards, take all the HSCIC systems and extract a situation which would send the data up. A&E, School nurse, Electronic Prescription Service, Choose&Book, GP screening. Mental health call centre. It would be possible.

People should know what data, is extracted when, why and who will use it. Visuals are better than words. The leaflet failed in the case of care.data, but would an individual letter have achieved more, in just a few sentences?

More has been achieved to raise our awareness of the Health and Social Care Information Centre and Government uses of our health data, through all the hoo-ha in the press, and the re-tweet by David Nicholson of the care.data downfall parody, than by the original leaflet. Perhaps the leaflet’s measure of success was not intended to be a 100% reach at all. I hope we’ll understand more soon.

(** for updated thought 19th April see note below.) Should we presume an ‘optional template’ means that no paid letter will be provided from NHS England to all? GP practices may decide to use the ‘optional’ template to send out letters now. Professor Mathers had called for one. But I wonder if GPs themselves will be expected to bear the cost, of an imposed central initiative for which there is no choice to participate and yet the GPs are legally liable Data Controllers for complaints? If no funding is offered, and GP practices decide not to send letters out, it would seem a risk trade off. The risk of a patient complaining or indeed legal action, if they did not know their data was going to be extracted and and potential risk for harm ensued. Yet fair processing should be a Data Protection Act requirement. But is it for care.data?

This week also saw the list of number of patients published by GP practice. Helpfully with postcode. So if my practice were to want to post a letter to every patient in my area, at 53p second class, it would cost around four thousand pounds. I don’t know if they get any bulk discounts and one per household might reduce numbers. But that’s a lot of money – but perhaps (**) it may be covered centrally after all, though the letter does not indicate that? (I now also know how few over 90 yr old men are registered, if interested).

It seems like there is much positive going on in the undercurrents of the care.data developments, which the general public cannot see, such as the care.data advisory group work-in-progress.

There would seem much which needs work in a very short space of time for relaunch in autumn. But if Dame Fiona Caldicott, Chair of the panel set up to advise NHS and Ministers on the use and governance of patient information, said she thinks we need longer, then I am sure she is right. To take as long as is needed to get it right would seem sensible. To rush and fail a second time, would be irretrievable. Surely, her advice would not be ignored again?

The HSCIC this week also released the Framework Agreement between the Department of Health and HSCIC. 

It will be interesting to see if this affects and changes the HSCIC roadmap. In my opinion, it should. The care.data addendum to widen commercial uses was pushed back but is still to resurface. There is still no clarity around commercial re-use licenses. These commercial drivers should come out if Mr.Hunt’s rock solid assurance is to be believed which, “puts beyond any doubt that the HSCIC cannot release identifiable, or potentially identifiable, patient data for commercial insurance or other purely commercial purposes.”

At the moment I would hope the HSCIC roadmap would change in its commercial focus:

“especially in relation to the potential sale of data”. 

“Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services.”

It remains to see if it does.

That framework is a good read with a hot coffee (and a short snaps if you are where I am). What’s missing for me, is any reassurance at all that the HSCIC will remain public. There is a large chapter on what process would need to be followed if it were to change structure or be merged. And therefore does not rule out a private owner of the single central repository for our health, social care, research and recipient of integrated ONS data in future.

“Any change to its core functions or duties, including mergers, significant restructuring or abolition would therefore require further primary legislation. If this were to happen, the Department would then be responsible for putting in place arrangements to ensure a smooth and orderly transition, with the protection of patients being paramount.”

It would appear to me, that a future intent to privatise the ownership of care.data and more could remain open. Certain aspects of the day-to-day functions were potentially to be outsourced in a past ISCG roadmap. I would hope the core will remain firmly State owned.

Bizarrely, duck races are not treated equally across the globe. Wisconsin recently repealed their ban. It seems almost as bizarre, as the idea of selling our taxpayer financial and VAT data. Or our school pupils personal details. I wish I could say, one of these stories were not true.

What the duck is going on with Government’s attitude to our personal data?  The Cabinet Office seems to be failing to give out legally required Freedom of Information responses, and yet happily selling the knowledge of our health, wealth and our children?

“These regulations also allow the department to disclose individual pupil information, subject to the Data Protection Act 1998, to named bodies and persons who, for the purpose of promoting the education or well-being of children in England are conducting research or analysis; producing statistics; or providing information, advice or guidance. The department may decide to share pupil and children’s information with third parties on a case by case basis where it is satisfied that to do so would be in accordance with the law and the Data Protection Act, and where it considers that such disclosure would promote the education or well-being of children.”

So if McDonalds wants to run a healthy eating campaign, would they qualify?

Open Data does not equate (must read) with being open with all of our data. Tables and summaries at aggregated level of statistics are nothing to do with individual level data. Before any Government body considers if they should enable private and other organisations to use data more freely and effectively, and their stance on charging and profit from use of data, they should think twice.

Remember the daft Deregulation Bill 162? It revokes the need to sell pre-packed knitting yarn by net weight and other nonsense. Perhaps it is the ‘Exercise of regulatory functions’ which is the root cause of much of these  issues on the monetisation of our data:

Clause 63 provides a power for a Minister of the Crown to issue guidance on: how regulatory functions can be exercised so as to promote economic growth;

Sections 60-67 of the Deregulation Act currently passing through Parliament allow the removal of any regulation that conflicts with the interests of a profit-maker. If your body manages data, there’s really only going to be one way to meet the obligations of Bill 162. Sell it.

Someone needs to tell all the departments, if you have any chance at all of getting care.data through to the finish line, stop giving away or selling any of our personal data which we trusted you with for an entirely different original purpose.

Whilst there are many people working on many manoeuvres to get all the ducks ready to relaunch for care.data, the Government has to pay attention to the whole race. If we lose faith in the Government to make wise decisions on what will be done with all data we share for a given purpose and find later it is given to others without our knowledge, we won’t trust it with our health data. If the data warehouse may one day be sold off, then all the gameplanning and rules in between will appear to have been pointless.

This is not a race to the finish with the least bad option. Care.data needs to be exemplary if it is to have any chance of reaching the podium as the world leader in patient data-sharing management. It’s got one second chance to get a relaunch.

Without public trust it will flounder. Without GPs to patient communications thoroughly thought out it and funded, it is destined for a rough ride. Without further legislative changes, it’s not going far enough to be convincing of real commitment to change.  Without these three, it will not reach the finish line.

The best summary of why we need still much work and how to respect so many of these under good governance, came out this week, from the Chair of CAG. However, we cannot expect to have all of the answers in six months time. The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data.”

So between Dr. Taylor and Dame Caldicott the wise seem to indicate more than 6 months is needed.

There are encouraging signs, but many issues don’t seem to be addressed yet at all, from the recent NHS England letter nor Framework Agreement. Above all, in common with the tax data sharing, pseudonymous is not equal to anonymous. It’s not only what HSCIC currently determines as identifiable, which we need vital improved governance to protect.

In any upcoming public communications, I pray don’t patronise the public saying that ‘name and address will not be extracted’ as the last FAQs and poster did. Explain instead what the Personal Demographics Service stores already, educate us how the PDS and linkage works and why. Details like this must not get lost in any rushed relaunch.

And other departments’ decisions must not put it in jeopardy.

Whilst care.data is getting its ducks in a row, the wider Government approach to data management seems to have gone, I can’t help but say, absolutely quackers.

——-

** 19th April Update: This via twitter comment says, if GPs get patient letters made available they only have to address them to send to their patient list. Will this happen in this case? Good news for informed communications? Let’s hope so.

No Security Blanket – why consent packages fail our children – care.data and more

As a mother, I want to know that my children’s personal data, when it is collected by any organisation, will be kept safe and used in ways I would expect. I see it as my responsibility safeguarding my children today, to also think of their future.

We should seek to protect the fundamentals in the Universal Declaration of human rights for all:

Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment.

In effect, these basic human rights seek to prevent discrimination and interference.

But it feels as though the world around us in England has gone mad. Risking stigma, discrimination, giving our kids’ personal information quite freely away and with it, their future autonomy.

Here’s five recent case studies and why they fail our young people.

The Department of Education’s National Pupil Database & Personal Demographics Service

What About Youth is reportedly using contact details directly from the Personal Demographic Service (PDS) data stored at HSCIC and the schools’ database, the Department of Education’s National Pupil Database, and giving them to IPSOS Mori, the poll research organisation to carry out the What About Youth? study on behalf of the Health and Social Care Information Centre, funded by the Department of Health. To contact our 14-16yr olds directly.

“Your contact details were taken from NHS Registration data, held by the Health and Social Care Information Centre and the Department of Education’s National Pupil Database, which contains details of every pupil in England. The NHS Registration data has been used as it is a reliable source of details such as name, address, date of birth and NHS Number. It does not include any medical data so we don’t know anything about any illnesses or conditions you have had or received treatment for.

We have received approval to use your contact details only for this study. We won’t be using them for any other purpose, nor will we share them with anyone else. “

I don’t know that any parent would find that an expected use of their personal contact details to be contacted by the third party directly.

How is the questionnaire coded I wonder, whilst “the answers will not have the child’s name and address on, so no-one who sees them will know whose they are,” the “aim of the study is to make it easier for doctors, nurses and local authorities to help young people.” So it would appear Local Authority is going to be coded at least. And your individual postcode. And child’s age and gender and ethnicity and more.

If the child (14-16yr olds) agrees to being re-contacted, I would want to know as a parent exactly how, when and for what. But parents are encouraged not to influence the child completing the form, so we may never know. The survey asks about all sorts of insecurities, not all of which I believe every 14 year old will have yet considered. Is it right that the State should intrude with these topics into my child’s private time and thoughts? The content deserves scrutiny from parents before the children are involved. At least, not done in school, we get a letter and know about it at home.

But how can the project ethically ask my child to give their consent to share intimate details not only about themselves but about our whole household and potentially agree to future contact, whilst expressly asking me not to be involved in the decision?

I wonder how pupils will feel whose parents suggest they would prefer their child does not complete it?

Surely if the Department of Education’s National Pupil Database is obligatory it should not assume OK to give out personal contact details to anyone? Some families choose to be ex-directory. Does the cross-purposes use of the Personal Demographics Service make that now impossible?

Should our children and parents, who trust that their personal details are used for registering for the basic rights of health and education, not be allowed to trust those contact details are held in confidence, rather than shared with third parties?

What is the government thinking about, as it manages our young people’s data privacy?

The National Citizen Service and Health Data stored at the Health and Information Centre

While I was looking more closely at the DAAG (HSCIC) minutes this week as related to care.data, I looked at the approval for consent advice and request for future data linkage with the National Citizen Service (NCS) project, open to all 16 and 17-year-olds in England. The request checked that the consent was appropriate for future sharing of Mental health and Hospital Records with the Cabinet Office.

While I was at it, I took a look a close look at the NCS sign up process. At the bottom of the online register in small print was the required check box to proceed:

I agree to my personal data being stored, shared and used by the NCS Trust and other organisations to inform me of NCS and graduate opportunities and to support the delivery of NCS and its graduate programme. I agree to the NCS Terms & Conditions and Privacy Policy.

Then you need to click down twice, to the T&C and Privacy Policy.
From the Terms&Conditions we need to take another step:

Information about you : We will never pass any details you provide to us on to anyone other than those specified in our privacy policy.

You also need to go to the separate Privacy Policy. which turns out stating there is virtually nothing private about managing your personal data after you enquire at all – but is in fact a  ‘Data Sharing Policy’:

 “By submitting the Expression of Interest form you agree to your personal data being stored, shared and used by the NCS Trust (the data controller) and the following organisations: NCS contractors and their sub-contractors, government bodies, strategic partners of NCS, fraud detection organisations, organisations supporting the delivery of NCS or other organisations (including any organisation running or supporting all or part of NCS in the future).”

You must agree or cannot proceed with the application.

Where does the consent to link to a child’s medical Mental Health and Hospital records get asked I wonder? Does it get expressly asked later in the project or on paper because it does not get asked online in the Young Person nor the Adult/Guardian’s sign up. Is this the consent process the DAAG approved? Is it just meant to be included in the blanket “government bodies”? Perhaps the wording is still to be amended?

Sign the child (and your own ‘Guardian’ details) up for NCS and there is no choice but to accept that data sharing agreement. You must accept it to sign up for the programme but there is an open ended who, when and for what in the blanket consent …”supporting all or part of NCS in the future.” The NCS sign-up and consent doesn’t explicitly mention sharing data with named sub-contractors anywhere either.

The charities involved may do great work. But why Serco? Is this the organisation that we would wish to be managing our young people’s personal data? Think I agree with Navca on this one. By signing away rights …”in the future,” we have no idea WHO will own the data  later.

Should our children who need this NCS programme most, not be allowed to particpate unless their personal and potentially medical details go to all these unknown future places?

UCAS and student applications – further education

When I read recently in the Guardian about Ucas selling student records of our under 18s applying to university I was equally surprised.

At a time when teen deaths from alcohol consumption often mixed with energy drinks appear regularly in the news, it is highly irresponsible to me as a parent, to know that a commercial company promoted new energy drinks by sending cans to 17,500 selected students in order to create a “social media buzz”. I know from my own experience, university is often the place we are first exposed to a regular bar life. And so does business.

This goes far beyond the scope of what our teens signing up should expect their data to be used for. Who will decide what products and what uses of data will be acceptable in future?

I am fed up of these blanket consent approaches which deny a service unless we also sign away the knowledge of our personal habits and preferences for others to commercially exploit.

This mixing of purposes in which data privacy is to one’s disadvantage, is an abuse of trust. And it is the importance of trust and exploiting mixed purposes, which for me, has been so starkly highlighted in the management of our medical records.

Dental Service – the NHS Business Service Authority


When I signed the form to pay for my recent dental treatment I read the small print. The Dental Admin Assistant shared my surprise to find that the data processing takes place outside the UK, and requires data sharing with processors in ‘India or Sri Lanka.” WHO WILL USE IT WHERE and FOR WHAT PURPOSES? I am required to sign the form to agree to pay for my treatment. It gives permission to share with Dept of Work and Pensions, HM Revenue and Customs, local authorities and CCGS (then PCTs). But why should the one signature to bind them all, mean sending my personal confidential data abroad, outwith EU data laws even?

Is there fair processing on this form, does it indicate properly for what purposes the wide ranging bodies will be given access? Surely they don’t all need it for “fraud prevention and to ensure correctness” about my dental check up?

If the government bodies are all working together and can share data at will under these blanket assumptions, without our explicit consent or knowledge, then a great number of people will be rightly concerned. I am concerned by powers this Memorandum gives NHS Protect and the Border Agency from 2011 and I am a legitimate resident. ” To provide a centre of excellence for NHS anti-crime work by applying a strategic, coordinated and intelligence led approach.”  I only went for a scale-and-polish!

This default to wide sharing seems to be increasingly seen as the norm. Surely it should be assumed that the minimum data should be shared with the minimum necessary recipients? Current policies seem to have confused a drive for Open Data with giving away our privacy.

How could it be done differently?

If I sign a form to pay for my dental treatment, surely it should be only that. If you want other permissions, ask in other check boxes. I believe our NHS should be managing our NHS data within our borders, but that is a separate debate.

This blanket consent approach excludes the service unless you are happy to give open ended access to your personal data to Government and its contractors.

Should I not be allowed to have NHS dental treatment, for which I pay on completion, unless my personal details go to all these other places?

Let’s consider an alternative. Enable the ability to say yes to paying for my treatment, without sharing fully identifiable data with other government bodies or sending it abroad.

It is one thing to share truly anonymised data. And quite another to extract identifiable personal details for at minimum ten years or longer. Time limit the consent.

If the 14-16yr old on the What About Youth questionnaire agrees to ‘future contact’ they presumably are agreeing to  having identifiable data and contact data kept with their answers, to enable that future contact.

If children agree to the NCS blanket sign up, they are signed up for an unspecified time. These sign ups remove our children’s autonomy later in life, and they can never get it back.

Right now, I wouldn’t let my children’s personal data anywhere near any of these systems if I wanted to retain any future control of it at all. But do I have a choice? My children are in school, and that will mean in the Department of Education’s National Pupil Database. And they will have NHS records. I see some subject access requests ahead.

Given past historical purposes of the ONSET project at the Home Office, Contact Point and DWP I would want to keep my kids’ data free from all of these.

Some may ask, why does it matter?

Because this joining up of services is interweaving systems whose aim is on the one hand compassion and care, with those on the other which are punitive and controlling. Their aims are not aligned. And inevitably it is the systems which shout loudest, under any government of the day, whose opinion tips the balance of purpose and decision making. And recent claims of micro managing in Health show, top down control usually wins.

Because I believe the earlier we label our children the harder it is for them to become anything more.  Inevitably labels shape expectations. Not only for the individual but those who interact with them. It is only the very best educators and social care staff or police or medics who manage to put those aside and see the individual in each episode of contact. The future intent for care.data is integration of data sharing between medical contact, social care and education, under local authorities, health and wellbeing boards and more. How far would the impact of one wrong label spread in a child’s lifetime, in different places?

Because our children should enter adulthood with as few restrictions placed upon their development and self-determination as possible. Even, I would argue, those children who need the contact with all those organisations. I could argue, all the more so, precisely because they have those extra needs and contact. They may need excellent care and transition between youth and adult services. They need it facilitated first and foremost by qualified individuals who are trusted to do the job they trained for and have a vocational passion to complete. Yes the staff need data, but proportionate to the individual need, for the time period it is needed. We need to protect the extra vulnerable in many extra ways.

And we also need to protect the fundamentals in the Universal Declaration of human rights for all. Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment. In effect, these basic human rights seek to prevent discrimination and interference.

Our young people don’t care about the risks of personal data sharing?

Our young people are more savvy than we give them credit for. In a world of shared selfies and social media, it can be wrongly assumed that they are careless with their own privacy. This  Electronic Patient Records work run by the Academy of Engineering in 2010, with support from the Wellcome Trust, came out with a report and seven key questions p.39 which are very pertinent today. The young people identified themselves the risks of prejudice and discrimination. The concerns they raise are no different from concerned adults. Our young people are switched on to the risks of personal data sharing.

When it comes to our children’s data, organisations should be going the extra mile to be transparent. I believe they should carefully consider how the public will perceive anything that looks hidden. Consents should be all up front on the top layer of sign up forms. One consent per sentence. If you want to contact my children, ask me first. And if you offer a public service, would you consider first not piggy-backing a commitment to sharing with other bodies or commercial companies on to the consent package?

Why these blanket consents fail our children

These blanket consents are ubiquitous in modern data sharing, from the obvious supermarket sign ups, to which even David Cameron does not consent, to the totally surprising in education and health. Yet he happily signed us up under a blanket assumed opt in to be ‘willing research patients.’ This mixing of purposes under one blanket consent, in which looking after your data privacy is to one’s disadvantage, or criticised as selfish, is an abuse of trust. And an abuse of our children’s future freedoms. They fail to give proper governance of who will own the data once shared. They fail to give proper information of what it may be used for. And they fail to clearly limit the time period for which the consent is given, and after which data will be destroyed.

Not only trust, but the needs of genuine purposes in the public interest are undermined by mixing all these purposes into one consent. Worse still, assuming yes for all these conflated uses unless you opt out.

If there had been singular purpose, care.data would have been easier to understand and less likely to have failed to win our support.

I for one, am fed up with blanket consent. We can do it differently. We can do better for our children.

 

{cartoon: From Al.com via Scott Stantis 2007}

care.data – Transparency and Remit vs Truth and Responsibility

A year ago Big Brother Watch wrote that an opt out right had been won from the original plan to extract all our GP records without any choice. Caught trying to avoid the DPA and Fair processing, ICO recommended the need for a public awareness campaign.

At that time, I was a merry mother unaware of the machinations of our civil society. Then the powers-at-be closed my local mini blood mobile (I had just started as a donor) and decided to sell off our plasma supply, which was considered a rather poor idea so I read all the Annual Reports and asked questions about it. And I started to pay rather more close attention to what was going on in health. Now I listen to Radio 4 not 2, I buy papers (actual, printed versions) and would you believe, watch Parliamentary TV. And if you want more scandal which actually matters more than your average soap, you should too.

On the 8th April the Health Select Committee (at least part of it) interviewed Sir Kingsley Manning and Max Jones from the Health and Social Care Information Centre. The hope for us, as citizens and patients whose data this current debate is about, is that we will gain insight and understanding into how our medical records have been used in the past and are being so now. This will enable us to trust in the intent of how HSCIC will handle our patient data in the future, whether under the care.data or any other label.

If HSCIC and Government wants to achieve this, they seem to be going a backwards way about it.

Stop talking transparency and remit, and start talking truth and responsibility.

The question was asked how decisions are made within HSCIC by their Data Access Advisory Group about our patient data management. Specifically, it discussed the subject of an application from last summer by the Cabinet Office OC/HES/030 – Project National Citizen Service Data Linkage Project. It was included only 6 months later in the January 2014 minutes.

The very application title, reveals its intent, to link the mental health and hospital records of our young people who take part in the National Citizen Service together with their NCS project gathered data.

Caught with this concrete ‘Out of Committee’ governance approach, the HSCIC staff were both adamant in response to the MP’s question in insisting that no data was shared. 

“Q230 Barbara Keeley: What was requested was linkage of data, wasn’t it? It was linkage to medical data.
Kingsley Manning: No, he was asked by the Cabinet Office to give professional advice on the consent model they were considering. He gave that advice, which was a perfectly sensible thing for him to do. That was the end of the matter.”

Well, I’m sorry but I’ve read the document, And the DAAG minutes say clearly “The intention was to link to HES/MHMDS in the future.” I paste it below.

So, that was not the end of the matter, but is in fact the beginning. The intent is for future data sharing. Our young people at the start of their adult lives, by the very fact of taking the initiative and enquiring to take part in the Activities / Community Project-based work of the NCS, will find their intimate health records linked with the project data, with an unspecified end date.This is a real and active request which was approved, not some past mistake to dismiss. It was and still is approved,for future data sharing.”

Whilst I may believe HSCIC that no data was shared last summer,  and I might believe you were trying to be factual in answering the question, I do not believe that even you could think that consent advice was the sole intent of the DAAG approval, had you read the minutes of your own DAAG meeting. And clearly you had or would not have been so adamant in the answers.

The Guardian article Mrs. Keeley MP mentions, also had their own opinion of the relationships between the parties involved.

Bizarrely almost, we are repeatedly told as reassurance that any organisation with access to pseudonymous health data, which tries to re-identify the individuals whose data it was, would be doing so illegally. Yet the Cabinet Office wants to take medical records and match it to known individuals on their youth programme and keep and share those enriched records without it seems, any qualms at all?

Our trust needs to be based on absolute truth, not manufactured transparency. Truth is bigger and complete with background intent. Not just scraping out the minimum facts in carefully worded language to be legally compliant.

To increase our public trust, we have been told we will know who has had our data in the past, when and for what purposes. In Parliament on March 25th Dan Poulter Health Minister said,  “a report detailing all data released by the HSCIC from April 2013, (including the legal basis under which data was released and the purpose to which the data are being put), will be published by HSCIC on April 2.”

It didn’t happen. HSCIC made available only some. Those made under some sort of data agreement. What of those with direct access to HES at their site, or the police, others have asked?

The Commissioning Board NHS England, tells us repeatedly that they contacted every household in England by leaflet to tell us about care.data and our ‘choice’ to object.

It didn’t happen. Many did not get a leaflet, not just those who opted out of junk mail. Tim Kelsey said he was looking into it. With urgency. Two months later, not a cheep!

So far, we have no report or indication there will be any. Why there were not enough or not delivered leaflets? What they are doing to fix that? It cost the equivalent of at least 50 nurses’ annual salary and the best publicly avaialble information we have from the Information Commissioner’s Office, is that it should never have gone ahead at all. 

So who is taking responsibility for that? Over £1M of public money junked through some letter boxes for the dog to eat. Which no one could understand because it was deliberately obtuse.

And so we come to our future Data Controllers HSCIC. Who seem to have no control at all.

Based on their own admission they have no idea where our medical records are being used, by whom today, and yet we are expected to trust them to use care.data wisely in future?

Barbara Keeley: So have you got the information because I have asked for it twice, but not been given it? For all those 249 organisations with a commercial reuse licence, can we know who all the end users of our data are?

Kingsley Manning: No, because they are using it and putting it into additional services. So, for example, a company such as McKinsey or KPMG would have used it to support Monitor or the NHS TDA in advising on the transformation of health care services.

The Chair of the Heath and Social Care Information Centre has no idea know who has our medical and personal confidential data or what they are using it for.

You get the feeling now, that they are only looking into all of this because they got caught having had no audits in the past of data recipients. Sir Nick Patridge is now leading a review due in a couple of weeks. I sincerely and respectfully hope that his review is more transparent than the last.

Who has taken responsibility for where we have got to in the last year?

Government? Mr. Poulter, Hunt or Cameron, whose plan is this anyway? There has been nothing but dismissive comment which fails to address serious issues and party political point scoring, or no comment at all but how “fantastic for humanity” it will be. Yet care.data is meant ‘only for commissioning.’ See why we’re confused Mr. Hunt and Poulter when you both claim care.data has entirely different purposes? Where is the truth we can trust?

NHS England? Mr. Kelsey now seems to be hiding behind a tree. Or perhaps playing jazz as he tweeted the night before the Public Health Select Committee the last time. Whilst I appreciate it was at a health conference, Nero and Rome sprang to mind. I’ve asked nicely and been ignored, what happened and who is fixing it? Will there be some sort of public progress announcement from NHS England, perhaps from Ciarán Devane, who is on NHS England Board and now chairing the Care.data Advisory Committee trying to latch the stable door? There’s just been stunning silence since the pause announcement.

HSCIC? Clearly nothing to expect from them. Because Kingsley Manning and Max Jones seemed to believe everything was in their remit, legal, and not their fault if the directions from government and NHS England allowed sharing data with all comers. And their Get-Out-of-Jail-Free-Card, they shared concern with the Department of Health about the publicity campaign. (Admittedly, 3 months after the GPES advisory group and others had done so).

Amazingly, Kingsley Manning seemed to thrust the opt out rate from HES into the arena as some sort of achievement. in terms of the number of people who have acted to opt out, it is 14 over the past four years.”

Which only confirms how few of us knew HSCIC stored it and could link Secondary Uses data with Personal Demographic data on demand. (Compared with how many are opting out now we know, of care.data).

And whilst until this whole debacle I and most of the public did not know our hospital records were shared with any other organisations, beyond the NHS and legitimate public research, we now find the gradually closing net around our health data uses, means understanding it has gone to all sorts of commercial organisations. And clearly HSCIC has been caught doing something which now feels wrong even if legal, the HSCIC defended not the action, but their legitimacy for doing so:

Kingsley Manning: We operate according to the Act as it has been passed. We make decisions on the basis of the current regulations. It is not our job to make a judgment on whether we agree or disagree with the nature of a commercial organisation. That is not a criterion on which we act.

Q270 Barbara Keeley: So you are prepared to release even sensitive data out to organisations that just want to do a price comparison website on different pay procedures between different hospital consultants. That was what you did.
Kingsley Manning: I am terribly sorry, but we are bound by the law and the regulations. Under the current regulations that is perfectly legal and legitimate. Indeed, it is arguable that it is a benefit to the health and social care system as a totality. That is an argument that you, Parliament and the public will have to consider.

As part of the public, I have considered it. Too often in the last 8 months. Even whilst making yellow pea soup today, I was thinking how wrong it is for the government to sell our confidential data without having asked us if they could have it in the first place. To take something without asking, we teach our children, is wrong.

Not one person responsible for their part in the execution of the care.data rollout has yet said they are sorry as an apology. I am terribly sorry here, was interchangeable with ‘well, pardon me.’ 

But a true apology for such an almighty mess (Ben Goldacre said so on twitter in better words on February 22nd, but I try and keep readable above a PG rating), would at least be an admission that there is room for improvement. Improvement we can hope to build trust upon. Right now, we have vital Public Health research which it appears, is now on hold and costing money, because it is lumped in with all these commercial uses.

People are opting out of clinical research. And withholding information from their GPs.

Between the three of your organisations, Government, NHS England and HSCIC, if you want us to trust your intentions for the handling of our NHS patient data in future, try harder. Try to seem truthful and seem like you care. And mean it.

Because right now, it only looks like you’re sorry you got caught. You’re playing pass-the-parcel with responsibility. And using our public money to do so.

Kingsley Manning said previously, we should have “intelligent grown up debate” around care.data. Please, lead the way. For right now, it feels like kids squabbling in the back of the car, hoping we’ll just muddle though to get to October and they can ask, “are we there yet?”

As anyone with kids will know, that doesn’t make for happy parents.


********* For reference, the Health Select Committee extract about the Cabinet Office OC/HES/030 – Project National Citizen Service Data Linkage Project *********

Barbara Keeley: There was a lot of saying, “It’s nothing to do with us, guv; this all happened in the past.” You answered the question in that way when this person was a very senior manager, to the extent that he accompanied the Secretary of State on a trip to the United States to sign a data-sharing memorandum of understanding, and, to me, it is astonishing that you should say that the person who had been the chair of the DAAG did not have that responsibility and that you are still wriggling to try to get out of that now. I am not happy with that answer, Chair; I just do not think that is acceptable. 

Kingsley Manning: I am sorry. We are trying to be as transparent as possible.

Barbara Keeley: I don’t think so. I really don’t think so.
Kingsley Manning: May I just talk you through the history of this so that you can get a sense of it? [see full text for history] At that point, we knew that Dr Davies was redundant. He had been made redundant on the abolition of the information centre, and we put in place a plan to deal with that. He was in post. We were not in a position—
Q222 Barbara Keeley: Sorry—you had a plan to make him redundant last year?
Kingsley Manning: No, no. He was made redundant by virtue of the abolition of the NHS IC. It was not our decision.
Q223 Barbara Keeley: So you kept him on for eight or nine months?
Kingsley Manning: We kept him on because we needed to have cover on clinical governance and on clinical advice.
Q224 Barbara Keeley: In fact, he was a very senior manager, and he did accompany the Secretary of State on the visit when they shared the memorandum of understanding. And—
Kingsley Manning: He did. I was there also.
Q225 Barbara Keeley: Let me say a bit more. This is the person that you were making redundant, but you let him chair the DAAG, and he made a number of controversial decisions, including the decision out of committee to release the sensitive medical records of individual teenagers—
Kingsley Manning: I am sorry; that is not true, I am afraid.
Q226 Barbara Keeley: It was reported to be true—
Kingsley Manning: I think you are referring to the fact that he was asked to give advice by the Cabinet Office. He had actually worked for the Cabinet Office on the matter. He gave advice on the consent model that they were going to use. We never released any data and we have not been asked for any data by the Cabinet Office on this matter.
Q227 Barbara Keeley: This was reported last summer by The Guardian newspaper that the sensitive medical records of teenagers on the National Citizen Service were released. That was apparently “an out-of-committee decision” by the chair. Dr Mark Davies was allowed to make decisions out of committee as the chair, and that decision was apparently taken last summer.
Max Jones: I can clarify that Mark Davies did provide advice, as is one of DAAG’s functions, on the consent model, which was being considered by the Cabinet Office, but we have not received a request for that data, nor have we provided any data. The discussion that Mark had was referenced and recorded in the January—I think it was January; I’ll check in a minute—DAAG minutes.
Q228 Barbara Keeley: At least six months after the discussions took place.
Max Jones: That may be the case.
Q229 Barbara Keeley: So this is the person that you are going to make redundant—
Max Jones: No data was requested nor shared. Advice was requested on the consent model, which was given.
Q230 Barbara Keeley: What was requested was linkage of data, wasn’t it? It was linkage to medical data.
Kingsley Manning: No, he was asked by the Cabinet Office to give professional advice on the consent model they were considering. He gave that advice, which was a perfectly sensible thing for him to do. That was the end of the matter.
 Max Jones: And that was recorded in the minutes of DAAG held—
Q231 Barbara Keeley: Yes, I have a copy of that in front of me. You talked earlier, and it is quite important, about transparency. To have recorded this six months after it happened and to then be trying to change something—I am not aware that The Guardian was challenged on the fact that data had been released. It seems there is a very hurried after-the-event style of things happening here, and that is not good for transparency. This is being talked about quite a bit. People’s confidence in what you do has been really undermined by this and the fact that there could have been any suggestion of linkage to medical records for those people taking part in the National Citizen Service. For heaven’s sake, there are all kinds of undertakings made to them as they sign up to that service, and quite rightly. They even have an opt-in for their personal data, so to even consider that, and not to have documented what was happening until six months after the event, just makes you look shady.
 Kingsley Manning: I agree, but we did not have a data request. I absolutely agree, by the way, with your essential point, which is the sensitivity of linking these data in any way with receipt of data—benefits and all the rest of it.

Care.Data – Raw Highlights from The Health Select Committee

Words from The Health Select Committee 8th April 2014 – created via Wordle

From the Health Select Committee hearing on Tuesday April 8th, I have waded through all the words to come out with what I think are raw highlights of the key learnings and issues raised. The original in context, is here. The image is an indication of the emphasis of who spoke about what, based on word count alone.

Highlights from the Health Select Committee Members:

“…because what was happening in that meeting was that a lot of wriggling was going on”
“But you wrote to us, Mr Jones, with Mr Kelsey. Following on from my colleagues, we are not quite sure that the answers are very helpful. Could you turn to the letter and I will ask you for some information? This is very concerning and I hope this will be published on someone’s website—either yours or certainly the Health Committee’s website—so that people can see some of these answers and follow them up.”
“When things go wrong, as they appear to have done, we are entitled to ask you questions. I am absolutely appalled. I think the majority of us are, which is why you are back here again to try to work out why you don’t know what is going on in your organisation. This is a simple thing. It is either in the agreement, or it is not. “
“If we go back to the insurance actuaries—the Staple Inn Actuarial Society—these comments are from the report that it produced on the use of 188 million records taken from HES. It talked about the data as being “highly detailed”. We get an answer back saying that the data are in aggregated and anonymised form. Don’t forget that the HES database started off as an admin database for handling payments and information about patients. It was never set up to feed into the insurance industry, was it? After it had run all the things that it wanted for commercial reasons against hospital data, it said that HESID “does allow all periods of care for” a patient “to be identified and linked””
“Well, there is, because normally in the civil service, when there is a debate about something, civil servants will prepare a report, and find out the information and give it to the Minister, so that the Minister tells Parliament the correct position. That is not happening here, is it? A Minister can go into the Chamber and say something that is totally wrong…”
“We need to know what is out there now. There is a very strong feeling—I subscribe to it—that this data is not protected enough and has been let go. It is out there. You mentioned that there were 249 commercial reuse licences, of which 112 are left, but some of the ones I mentioned are also selling it on to other people. We have had lots of examples.”
“I looked at this [HES & other systems opt out] form and I found it difficult. We have been navigating around this system. After all these quite intrusive demands for information, we get on to an explanation of what happens if you request your patient information to be removed or anonymised. It states that “your data will be anonymised rather than removed”, but it goes on to say that there is a further step where you can request removal of your records from the NHAIS. Then it says this most damning thing: if you do that, your GP would no longer wish to have you on their list, and you would not be called for screening for things such as aortic abdominal aneurysm, which is a serious condition. Effectively, that is saying to people, “Yes, we can remove your records, but your GP wouldn’t want you on his list, and you wouldn’t be called for quite serious medical screening.” Surely there is something that falls short of that where a person can say, “I don’t want my records sold to these commercial companies, or to be used by insurance actuaries or comparison websites; I just want them used for my care.” I have asked the Minister this. You have produced a form that, I have to tell you, is quite scary. It is quite intrusive and it is quite scary. It says that if you fill it right to the end—it is quite confusing as to whether there are different steps here—your GP would no longer wish to have you on their list, and you wouldn’t be called for screening for serious medical conditions.” [note this is not the care.data opt out, but an additional choice]
“What we are talking about is audit. Can you audit? There are apparently going to be audits. Can you audit all the data releases? Can you say for all the HES data where it has gone, who is using it and for what?”
“there is a real difference from your pronouncements of what you say is the situation with data and what the people out there—commercial organisations that have HES data and already have large databases—are saying.”
“You have been seeking to demonstrate to us that you believe that the control regime you apply is effective for HES data, but now we are saying that for GP data, the control regime in future will be fundamentally different.”
“You said it would be treated differently “at its launch”. What changes do you anticipate? In other words, are we actually saying that we will pretend to give you additional security until we get that information from the public and the GPs, and after that we will subject it to different tests? In other words, this is a con job isn’t it? Dick Turpin with or without a mask is still Dick Turpin.”
“We don’t. There is actually no right to opt out in law. The Secretary of State has agreed that any objection will be dealt with, but we do not have a legal right.”
“That is CPRD, isn’t it? Is there any plan to bring CPRD under the HSCIC?”
“But the question I put to the Minister, which we do not seem to be getting to, is that I think there is a very strong drive for people to say, “I want my individual health records to be used for my care, and even for commissioning that care, but not for all these other uses.”  I think that is a very powerful desire. Why shouldn’t people ask for that?  The data is about them.”
“The implied consent model breaks down at the point at which people’s data starts to be used for marketing purposes.”
“It is different if your data is being used by researchers and academics, and by people who have built up a career and have integrity.”
“A lot of people are not comfortable that their data are used for such things, and nor am I.  You say that, constitutionally, you cannot make that distinction, but that is the point at which we lose confidence in the consent that was always there.”
““Without pseudonymisation, you risk substantial levels of patient and citizen objections. Without pseudonymisation, you lose data and devalue your dataset. Without pseudonymisation, the GP patient relationship is damaged and care may be impaired.” I must say, I think the patient reasons are a lot more compelling than the IT management reasons.”
“would it not be prudent to wait until you have that report on cyber-security before we press ahead with the data extraction?”

Highlights from the Health and Social Care Information Centre (HSCIC) Max and Manning:
“we have inherited the duties and responsibilities of the information centre and its 500 people, although they have been rewritten in the Act, but that is one part of what is now an organisation of 2,200 people”
“if you can demonstrate where we have not acted within the current law and the current regulations…”
“We need to be much more transparent about that.”
“The security threat and the volume of data are much greater, and the public’s confidence in public bodies to handle data—not just us, but across the whole public sector—has significantly changed. ”
“When I became chairman last June, it was clear that the approaches that had been adopted by the information centre were no longer entirely appropriate, given both the degree of data we were able to collect and a change in public expectations. It was also clear that some of the processes that the previous information centre had been operating were not as transparent or as consumer-friendly, if you like.”
“We think that, as of April 2013, there were 249 organisations that had extant data-sharing agreements issued by the NHS information centre…those data-sharing agreements applied to where we are issuing pseudonymised or identifiable data. This is where there is a theoretical risk of identification, so that is where we have data-sharing or data-reuse agreements in place.  There were 249 in April that had been issued by the NHS IC of which, in April this year, there remain 112, so they are running off as we go forward.”
“One of the areas that we think they should look at is indeed the extent to which we share or should share data with other Government bodies. This is an area where there is a lack of clarity and a great deal of sensitivity. We know from our research, by the way, that one area where we have absolute sensitivity is in this. People are very, very worried about the use of their medical records in any way that might have an impact on their tax returns, their benefits payments, their housing, or any of these things. This is where we would very much welcome the advice of Parliament and CAG—the extent to which this is possible. At the moment, as you know, we have not released any data to DWP or any such body but we absolutely recognise that it is a key issue.”
“The organisation used our logo without coming to us to seek our permission to do so. They were entitled to have access to that data under the agreement which they had..”
“We have an accountable relationship with our sponsor branch within the Department of Health, which results in us having a formal monthly meeting. I meet the permanent secretary on a monthly basis. That is the nature of an arm’s length body. We are accountable, then, through our attempt to be as transparent as possible to the public and Parliament.”
“Government policy has for a long time been to encourage the use of this data to advance both the health and social care system in this country and the economy.”
“.. I have a suspicion that it is because they [GPs] will not get paid if you are not on the list*.  You won’t appear on the register, and if you are not on the register, they won’t get paid.” [*not with reference to care.data but to the ‘third’ opt out form to opt out for other systems stored at HSCIC].
“At its launch it will be fundamentally different, because that was the basis on which the independent advisory group agreed to the extraction going forward. That was the basis, as I understand it, that NHS England negotiated with the RCGP and the BMA and other representatives. I think that is entirely appropriate.”
“As you are probably aware, there is considerable pressure from medical charities and researchers on the limitations—”
“There are no plans that I am aware of. Just for clarity we do handle data on behalf of CPRD to ensure the pseudonymisation process. We act as a contractor for CPRD”
“I cannot answer that question. I do not have that responsibility. You have to address the question to NHS England.”
“We are extremely concerned about the current threats to data security across the whole health and social care system. We will be carrying forward a series of actions, as I said, to significantly increase our surveillance and measures to attempt to get an enhanced level of assurance across the system as a whole.”
“The record of our ability to deliver high-quality technology systems is in the fact that the lights are on and on all the time in the NHS.”
“We are planning [for care.data launch] on the basis of what has been the last announcement, which is that it will be, I think, in October.”
“We have a good record. I used to be part of the Connecting for Health regime. We had a good working relationship with Atos running the choose and book service. Its delivery and performance on this first extract with the GP extraction software over the last few weeks has been encouraging.”
“Some of the older systems we have within the health and social care system simply cannot handle objections.”
“Patients have the ability to record two types of objection. The first type of objection is to any detailed information about them leaving their GP practice to the HSCIC. “
“The issue regarding what we would call dynamic consent—giving consent for different purposes—is one that we are conscious of. We think that we need to move in that direction.”
“I completely accept that the current consent models are too limited and that the objection process is too complicated. We need to be able to make it reversible as well.”
“the position in terms of care.data is entirely circumscribed.  We have already identified that that data is to be used only for very specific purposes; it will not go beyond that purpose.”
“All Governments have seen that as being a base upon which we can support and promote our health care and pharmaceutical industries. The health care research industry in this country is worth £5 billion a year, which is critical to the UK economy, and it is fundamentally linked to availability of data. The fact that we have that data is critical to the continuation of that research industry in this country. We must therefore balance issues such as privacy, access and the support of the industry. People have to have that debate, but we need to identify benefits from this data, as well as the issues you have raised.”
“Secondly, we have to recognise that we as the HSCIS have an awful lot of other information. When we think about pseudonymisation, we are going to link these data we collect to other data sources”
“We are therefore talking to the research community. It may well be a sensible solution with regard to supporting commissioning, where we may look at the costs and feasibility, to move to a situation where we will effectively provide an analytical service where researchers and others can effectively undertake the research within our data lab. That is something we think is a very good idea. HMRC do it already, and we have looked at that, and also the CMS in the States, which is the equivalent body to ourselves. We think it is very good. I am meeting with the MRC in the near future to discuss it for researchers. “
“In so doing, there was a view taken by the Department of Health and their lawyers that the document that we then produced did not meet the constitutional requirements of being a code of practice. What we did do was publish a guide to confidentiality which meets all the requirements of the code of practice. “
“In terms of your care record, if you opt out of type 1, your data will not be transferred for the purpose of the care.data programme for secondary uses. It won’t affect, by the way, the transfer of data for direct care.  It won’t impact on any direct service to you as a patient.”
“In terms of the number of people who have acted to opt out, [from secondary uses of hospital data, HES] it is 14 over the past four years.”
“we welcome the proposed involvement of the CAG, which would bring precisely that ethical and moral dimension to these decisions. We agree entirely that that dimension has been absent in the past..”
“It does cover HES data. At the moment, the only users of that HDIS service are in the public sector, not the private sector, during the trial period. We also make sure that all individuals who are users have been through individual training.”
“There are always going to be lots and lots of people who want to accumulate lots and lots of data in their own boxes. One of the reasons why we are interested in exploring the idea is because we are getting a plethora of databases being accumulated in universities and various other places. That gives us a technical problem because of the transformation errors that arise. These databases therefore are changed as they go through time.  I suspect that we are always going to have individuals who say, “I want to have my particular database.” We will have to discuss whether that will be feasible; there will always be that tension.”
“I know it is antiquated, but the danger is not the technology, but the people.”
“it deals with security and may include matters that we do not want to have in the public domain, but I am sure we could share it with the Committee on an individual basis. However, I do not want to go through the detail.”
“Our website is incredibly complicated, to say the least—I think we all recognise that. It is extremely good if you plough through it, but if you are unlucky, you will end up downloading 10 million lines of prescribing data.”
“You have raised an interesting point. When somebody says they do not want us to hold their record, do we delete it?”

HSCIC website

What is Care.data? Defined scope is vital for trust.

It seems impossible to date, to get an official simple line drawn around ‘what is care.data’. And therefore scope creep is inevitable and fair processing almost impossible. There is much misunderstanding, seeing it as exclusively this one-time GP load to merge with HES. Or even confusion with the Summary Care Record and its overlap, if it will be used in read-only environments such as Proactive care and Out-of-hours, or by 111 and A&E services.  The best unofficial summary is here from a Hampshire GP, Dr. Bhatia.

Care.data is an umbrella initiative, which is planned over many years.

Care.data seems to be a vision. An ethereal concept of how all Secondary Uses (ref.p28) health and social care data will be extracted and made available to share in the cloud for all manner of customers. A global standard allowing extract, query and reporting for top down control by the men behind the curtains, with intangible benefits for England’s inhabitants whose data it is. Each data set puts another brick in the path towards a perfect, all-knowing, care.data dream. And the data sets continue to be added to and plans made for evermore future flows. (Community Services make up 10 per cent of the NHS budget and the standards that will mandate the national submission of the revised CIDS data is now not due until 2015.)

Whilst offering insight opportunity for top down cost control, planning, and ‘quality’ measures, right down to the low level basics of invoice validation, it will not offer clinicians on the ground access to use data between hospitals for direct care. HES data is too clunky, or too detailed with the wrong kinds of data, or incomplete and inaccurate to benefit patients in care of their individual consultants. Prof Jonathan Kay at the Westminster Health Forum on 1st April telling hospitals, to do their own thing and go away and make local hospital IT systems work. Totally at odds with the mantra of Beverley Bryant, NHS England of, ‘interoperability’ earlier the same day. An audience question asked, how can we ensure patients can transfer successfully between hospitals without a set of standards? It is impossible to see good value for patients here.

Without a controlled scope I do not wish to release my children’s personal data for research purposes. But at the moment we have no choice. Our data is used in pseudonymous format and we have no known publicly communicated way to restrict that use. The patient leaflet, “better data means better care” certainly gives no indication that pseudonymous data is obligatory nor states clearly that only the identifiable data would be restricted if one objected.

Data extracted now, offers no possibility to time limit its use. I hope my children will have a long and happy lifetime, and can choose themselves if they are ‘a willing research patient’ as David Cameron stated in 2010 he would change the NHS Constitution for. We just don’t know to what use those purposes will be put in their lifetime.

The scope of an opt-in assumption should surely be reasonably expected only to be used for our care and nothing else, unless there is a proven patient need & benefit for otherwise? All other secondary uses cannot be assumed without any sort of fair processing, but they already are.

The general public can now see for the first time, the scope of how the HSCIC quango and its predecessors have been giving away our hospital records at arms-length, with commercial re-use licenses.

The scope of sharing and its security is clearly dependent on whether it is fully identifiable (red),  truly anonymous and aggregated (green, Open data) or so-called amber. This  pseudonymous data is re-identifiable if you know what you’re doing, according to anyone who knows about these things, and is easy when paired with other data. It’s illegal? Well so was phone hacking, and we know that didn’t happen either of course.  Knowledge once leaked, is lost. The bigger the data, the bigger the possible loss, as Target will testify. So for those who fear it falling into the wrong hands, it’s a risk which we just have to trust is well secured. This scope of what can be legitimately shared for what purposes must be reined in.

Otherwise, how can we possibly consent to something which may be entirely different purposes down the line?

If we need different data for real uses of commissioning, various aspects of research and the commercial ‘health purposes,’ why then are they conflated in the one cauldron? The Caldicott 2 review questioned many of these uses of identifiable data, notably for invoice validation and risk stratification.

Parents should be able to support research without that meaning our kids’ health data is given freely for every kind of research, for eternity, and to commercial intermediaries or other government departments. Whilst I have no qualms about Public Health research, I do about pushing today’s boundaries of predictive medicine. Our NHS belongs to us all, free-at-the-point-of-service for all, not as some sort of patient-care trade deal.

Where is the clear definition of scope and purposes for either the existing HES data or future care.data? Data extractions demand fair processing.

Data is not just a set of statistics. It is the knowledge of our bodies, minds and lifestyle choices. Sometimes it will provide knowledge to others, we don’t even yet have ourselves.

Who am I to assume today, a choice which determines my children have none forevermore? Why does the Government make that choice on our behalf and had originally decided not to even tell us at all?  It is very uncomfortable feeling like it is Mother vs Big Brother on this, but that is how it feels. You have taken my children’s hospital health records and are using them without my permission for purposes I cannot control. That is not fair processing. It was not in the past and it continues not to be now.  You want to do the same with their GP records, and planned not to ask us. And still have not explained why many had no communications leaflet. Where is my trust now?

We need to be very careful to ensure that all the right steps are put in place to safeguard patient data for the vital places which need it, public health, ethical and approved research purposes, planning and delivery of care. NHS England must surely step up publicly soon and explain what is going on. And ideally, that they will take as long as necessary to get all the right steps in the right order. Autumn is awfully close, if nothing is yet changed.

The longer trust is eroded, the greater chance there is long term damage to data quality and its flawed use by those who need it. But it would be fatal to rush and fail again.

If we set the right framework now, we should build a method that all future changes to scope ensure communication and future fair processing.

We need to be told transparently, to what purposes our data is being used today, so we can trust those who want to use it tomorrow. Each time purposes change, the right to revoke consent should change. And not just going forward, but from all records use. Historic and future.

How have we got here? Secondary Uses (SUS) is the big data cloud from which Hospital Episode Statistics (HES) is a subset. HES was originally extracted and managed as an admin tool. From the early days of the Open Exeter system GP patient data was used for our clinical care and its management. When did that change? Scope seems not so much to have crept, but skipped along a path to being OK to share the data, linked on demand even with Personal Demographics or from QOF data too, with pharma, all manner of research institutions and third party commercial intermediaries, but no one thought to tell the public. Oops says ICO.

Without scope definition, there can be no fair processing. We don’t know who will access which data for what purposes. Future trust can only be built if we know what we have been signed up to, stays what we were signed up to, across all purposes, across all classes of data. Scope creep must be addressed for all patient data handling and will be vital if we are to trust care.data extraction.

***

 

Thinking to some purpose