care.data – 3. A mother’s journey: Fears and Facts

MGM 1939 The Wizard of Oz

My final of 3 parts response to The Times article recently which mentioned unfounded fears which ‘evaporate like candyfloss’.

The Wizard of Oz that article touched upon, is a threatening fantasy story for many children. But the threats created by the removal of the confidentiality between patient and GP in care.data are real.

We risk patients who will not go to the family GP for care, knowing that the record may be seen by someone other than our trusted local doctor. Or who hold back facts which will influence their treatment. Teens may not visit a clinic believing it can no longer treat them anonymously. These are threats for Public Health. There are other risks of concern for particular groups such as those with disabilities.

Separately, but it seems ever more often built into the current narrative, is the path towards Electronic Patient Record access, which will need all sorts of privacy issues addressed within families and for the vulnerable. The at-risk woman made to reveal her medical record by a threatening partner checking up on her, or checking that there is nothing about him. Women may not speak up with their GP. Carers may even inadvertently, put pressure on the elderly at home, to know all. I know there will be many who want to access their own record. I would myself if it did not mean a fully identifiable record held at a central level. But we should not march on leaving the vulnerable behind a digital divide. It is not just ‘Internet banking’. My fear is that for those who want no electronic record, it will not just mean getting no front end access. It should not be created at all.

Identifiable extraction and re-identifiable data releases to third parties increase the risks of identity fraud, discrimination in education, insurance, and employment. And risk of provider fraud by the commercial third party providers now used ever more widely in the NHS, since the Health and Social Care Act 2012.

It is between these third parties that NHS England demands identifiable data shared for invoice validation. Did Mr. X get treatment Y from provider A? Has the Health and Social Care Act created a dichotomy for NHS confidentiality? Some common identifier is needed to match data with other data held too.

Whilst identifiable data is ‘a no brainer’ for clinical use, we should not be expected to have it extracted, stored, and available to link on demand for bespoke requests to any customer. The vague ‘health purposes, benefiting health and social care’ as undefined yet a small body, with little public oversight at the arms-length HSCIC decides if they are met.

There are decisions reached, out of committee, which are not detailed in the minutes of approval meetings. With only 4 people on the group, it would be easy no matter how well intentioned, for the decision to be much more swayed by someone approaching the group outside of the process, or for there to be conflict of interest. It’s quite a different set up at the Health Research Authority. I fear that my idea of legitimately approved uses in research differ with those of the MRC. Who champions the patient when I have no voice at the table?

Why should a Cabinet Office get given personal confidential information on teenagers, requesting both physical and mental health data, who are taking part in a non-health project, as was done last summer, and which only got documented in January? Even with consent, that seems excessive and unnecessary. We have no control over what future governments may want our data for. The HSCIC Data Advisory Group is yet to fully publicly document those purposes, alongside each new application in any detail. (Compared with CAG which lists a named individual applicant and precise purpose).

Will my children be labelled with a condition which they might outgrow but their notes share it with others for their lifetime and beyond? Will they be stigmatised and discriminated against by deciding NOT to share records and be seen as hiding something? Some people comment, ‘it doesn’t matter I’m not a celebrity or state figure’, as if that somehow entitles one to a greater degree of privacy. But even if we accept that, what of our children, who knows who they may yet become?

We have no idea to what uses their data may be put in our children’s adulthood. We have no idea where it may be stored. Their NHS number is with them from cradle to grave and will be increasingly used across health and non-health settings. The future of medical research and its applications are unimaginable today.

If we are to give them away, it must be  under the strictest of governance and well documented and workable processing solutions.There is a strong argument for allowing queries to share information, not extracts of actual data. The master copy, nor in-part sections of the database, would not leave the secure environment at HSCIC.

Facts often inform and can chase away fears. But until the needed changes are made in process and governance, these fears cannot ‘evaporate like candyfloss.’ They are founded on facts, and shared by many professional bodies as well as individuals.

The leadership team and others needs to stop trying to scare us into submission too. Patients will die if we don’t carry on with care.data.  The end of the NHS is nigh. Tim Kelsey told the Health Select Committee if 90% opt out there will be no NHS. Well, perhaps that is the crux of the question. What is the NHS today? Whom does it serve? It belongs to all of us. If you’re doing something that means the end is nigh, then hurry up and tell us what.

If we see care.data as business intelligence in order to make financial transactions flow between a disparate set of providers, then yes, without it, the payments process may need to change or fail without our data. But for patients, that is not what the NHS is about. We want to make it work, but not at the expense of the age old principle of good care: confidentiality.

What needs to happen? 
Fix the Data Protection for pseudonymous data.
Fix boundaries for scope creep, and vague changing purposes.
Fix the failure of Fair Processing and put in place a continual change communications’ plan.
Facilitate the objection and clarify what it means, as offered by the Secretary of State.
Focus on the reality of care.data now, not Online Patient Access in a down-the-line vision.
And fundamentally, be honest with us patients.
Engage with patients without commercial drivers.

Why are we really funding this massive top-down programme, and leaving local hospitals unable to interact? That is what patients need when they transfer between care settings. Beverley Bryant said in London at a conference this week, that ‘interoperability’ was key. Yet between hospitals the Clinical Informatics Director, NHS England, emphasized at the same event, the need for local systems and that there would be no top down support or directive for enforced  interoperability standards. There is a massive disconnect between two leaders in the same quango. I fear this is the biggest challenge – what is care.data really about? The business case cover, according to the February 2014 Board Performance Pack, was still not in place.

To face up to and fix these issues, will take courage. The question should be, not what are we patients afraid of, but have our future Data Controllers, NHS England and HSCIC, the head and heart for the task ahead?

care.data – 2. A mother’s journey in Oz: communication & choice

David Aaronovitch’s Times’ opinion article on March 27th stated data privacy fears have made health-data sharing “toxic” and that campaigners are nothing but a ‘man with a megaphone’, like the Wizard of Oz. My response, part two. Communications & Choice.

1939 – The Wizard of Oz – MGM

Honesty, clarity and real communication, not PR, is fundamental to a renewal of trust across these areas.

The announcement via HSJ today comes, that the HSCIC Chair had concerns over the impact of the care.data leaflet drop, and asked the Department of Health to intervene. One wonders then, who made the decision to go ahead? 

On care.data communications, the Times commentator said HSCIC has probably thought, “Stick out a leaflet, bish, bash, bosh.” The result seems to be more ding, dong. The balloon upped and left before anyone was ready to go  and ICO, GPs, representatives from the BMA and others, including the campaign group, had well founded, and serious concerns.

I spoke with HSCIC communications and managers directly last October, as well as my MP and the Department of Health, to flag how misleading I felt it was for patients to say ‘your name is not extracted’ when it is held at HSCIC already but most of us did not know that. Many of the same leaflet concerns were, much more significantly than by little ol’ me, raised by both GPES advisory group in September and ICO before the launch. So now, despite the £1-2M state funded doormat drop leaflet & cartoon, it’s all up in the air.

(Whilst I know for HSCIC with its own budget of £220M and control of a £1BN annual spend, it may be peanuts, but what a waste of money. At a conservative estimate of £1M for the leaflet drop, at least 50 nurses could have been employed for a year on that. That makes me cross.) We still have no explanation of why so many did not get delivered, what they did when they heard they had not been nor any plans to clarify that. It was our money spent. We deserve to know.

I received a reply to my October letter, from the Secretary of State to assure me that ‘patient identifiable data was not and will not be shared with third parties’. I think with subsequent information coming out about releases, that is at best, may I say, questionable? It has been shown that patient data at individual level has been shared, and we know with researchers for sure. They are not my clinicians, they are not the only third party who may have access. It’s clearly documented by CAG and releases by DAAG from 2013 have just been released in detail for the first time today.

Through the campaign groups’ and ICO intervention that demanded a national communications programme and the subsequent ICO FOI release about the leaflet review and its shortcomings, we go a significant step forwards towards transparency why the leaflet failed to work for patients. It shows that all the issues we found after the event; junk mail vs letter, hard to reach groups, unclear language, missing opt out form, lack of internal communication and the Information Commissioner’s concerns were clearly known but ignored in advance. Why it happened, who made the decision to go ahead anyway and what follow up will be, remains to be seen. With all the past experience and tools at the disposal of NHS England it is stretching my credulity to believe it was simply poorly executed. Let’s not forget, the original plan was to not tell us at all.

We need to stop hearing we need a fix to communications. I’m trying to understand why, with everything at their disposal, they could want or have allowed to let such a thing happen? It was no surprise the leaflet drop was a disaster. HSCIC communications, leaders and now it seems the Department of Health knew clearly. So why go ahead?

The point of the communication should have been to give us fair processing and the leaflet said, ‘you have a choice.’ I have a duty to my children to safeguard their own health, its provision in a safe State health service and to safeguard their autonomy for future. As it stands, it seems an impossibility to choose all three.

Whilst the leaflet nominally gives us a choice, I struggle to see what value it is. It is some, but limited. The only choice we have truly, is before the extraction happens. A GP in Hampshire devised this flow chart to try to help his patients understand it. Anyone can object now and opt in later. But once opted in, there is no get out clause.

If I don’t opt my children out now, they are in for life whether they later want to exercise their Right to be be Forgotton, or not. If I change my mind later and want to opt out (after a media scandal huge breach, for example. Or perhaps my child grows to become a public figure, or contracts a rare condition and we worry about discrimination), it is impossible. Records will just be re-labelled as pseudonymous. Really?

So, if I share their data for secondary purposes by doing nothing, by allowing their data sharing with even health purposed non-NHS intermediaries who sign up to care.data, it feels like I may as well flog it on ebay myself. But although I want to share it, under good governance only for their care and its commissioning, that is impossible.

Surely we should be able to have their health records used only for their care and its direct management, in all forms? Pseudonymous is not anonymous. But we’ve been given a very limited choice. We can only restrict fully ‘identifiable’ data flows according to the leaflet.
The data that HSCIC already holds, is simply given a new label, the HES ID instead of my NHS number, and linked depending on the bespoke request design, I don’t know what else modified, and then exchanged for cash with buyers from commercial health analysts to medical researchers to intermediaries. Amendment to the Care Bill changes nothing, because as long as ‘health purposes’ are served, the customers are deemed acceptable.

What real kind of patient choice is that? Is my hospital data in pseudonymous, potentially re-identifiable form required from all, for all purposes, for all time whether I like it or not? They haven’t given us that choice in the only communication which we were meant to have received (but no one in my area did), the leaflet ‘Better information, means better care‘.

Right now, the only options are to restrict fully identifiable patient confidential data sharing. The leaflet says this means 1) you can restrict a flow between GP and HSCIC of the NHS Number, DOB, Postcode and Ethnicity, and/or 2) flowing out from the HSCIC, for anything other than commissioning to the regional DSCRO (One of 11 Data processing Centres at regional level). The second option also prevents researchers, even with Regulation 5, Section 251 approval, from obtaining red, fully identifiable data.

However, the objection code is not yet operational, so right now, our fully identifiable hospital data may be released without our knowledge or consent. Other data, considered non-personal, diagnoses, GP practice code, other local IDs from our records can still be shared. And according to September meeting minutes, there is no need to respect an objection for pseudonymous data.

To restrict identifiable flow for care.data from the GP record, we need to apply the code 9Nu0 to our record. 9Nu4 restricts the identifiable HES data flow. But NHS number is extracted with anonymous and aggregated data to identify who opts out. Since that must be matched with HES data to find the record we want restricted already at HSCIC, I don’t see how that can  work without landing, matching and being pseudonymised for all of us. I await to be corrected.

We cannot restrict pseudonymous, potentially identifiable data sharing from HES at all. Patients were not told us before HES was extracted, that it would have all these secondary uses, and now they tell us, tough luck? Without fair processing, it’s not even legal. The Health and Social Care Act, the Secretary of State’s direction of Section 251, and waiving the common law of confidentiality all still require us to be informed before the event.

There is no clarity on the options offered in the leaflet or mention of sharing pseudonymous data even if you opt out. That is not choice. The only publicly loud supporters of real choice are campaigners who provided an opt out form, that official channels still have not.

Six weeks into the six month pause, there has been no public communication to give us any clue what is going on to improve the situation, neither by NHS England nor the Secretary of State for Health.  This is not good communication. And knowing that many parents, including friends, have no idea about the initiative I just feel this is wrong.

I’ve written to my MP for the second time. I found in the whirlwind of information and my frustration, that Twitter #caredata and #datasharing offers an informed group of interested individuals. Thank goodness for their support, insights & banter in this tumultuous journey trying to understand what is going on. Until the ‘pause’, HSCIC and NHS England staff would engage and answer questions, too. Now they seem to have gone very quiet.

Like Dorothy, after seeing behind the curtain of how political and state decisions are made and executed, I have been surprised that so much happens ‘about us, without us,’ and will now never be quite as naive. We all deserve the full story, as patients and citizens. According to Jeremy Hunt at frequent presentations, and Tim Kelsey at Strata and other events, we are on the cusp of a brave new world of health data use and its wide ranging impact in our future healthcare provision of personalised medicine. If they expect to use me in that, I want to know how. So right now, there is no way I’m going home, until we know how the story ends.

Now, all this is not very constructive. Not like me at all. But what is past cannot be brushed away without clear answers. That would effectively say, ‘we don’t care we wasted your state money. We don’t care we misled you. We don’t care what you think.’ Get out the broomstick and clear up what went wrong and why. Then we can start fresh and see if together we can find solutions which fit the needs.

We are more than a cohort, and we are not a commodity. We need change.

If we should be Cameron’s ‘willing research patients’, then tell us precisely what that involves. Give me a definition with a limited scope. I support appropriate research use. Aside from the fact that we didn’t know about this either, research approved by CPRD, Thin, QResearch all have a different approach however, from the commercial and apparently limitless dynamic of care.data. It is quite one thing for researchers to access data and contact us for trials. Quite another to find without our knowledge our data may have been exchanged for cash and I want to know it has not been used in research abroad nor with projects with which my ethics may fundamentally disagree.

Data is not just a collection of codes and academic algorithims. It is the detailed knowledge of the inner workings of our mind, bodies and lifestyle which we entrusted to our medical guardians. Of individual people who did not ask nor sign up to become part of Big Data.Treat my children’s data with the respect that it deserves.

No number of animations, leaflets or letters with ‘improved communication’ is going to gloss over the fundamental fixes needed in handling patient data. Show us the flaw and what you have done to fix it. Along the lines of, ‘you said’, ‘we did’. Real communication.

And if you do decide to give us real choice, then make it statutory for life. Choice will only be worth having if we know that what we choose today, does not get transformed into something else tomorrow. It needs more than a magic wand to wave away the issues. Let’s hope the new care.data advisory group, can make it happen.

care.data – 1. A mother’s journey in Oz: transparency.

1939 The wizard of Oz MGM

David Aaronovitch’s Times’ article on March 27th stated data privacy fears have made health-data sharing “toxic” and that campaigners are nothing but a ‘man with a megaphone’, like the Wizard of Oz.

Mr. Aaronovitch chose the perfect fairy tale, but like Dorothy, it landed the wrong way round.

It is long overdue that the curtain of secrecy, behind which the mechanics of the Health and Social Care Information Centre has operated, was finally pulled away. Our medical records shared and sold for over 25 years? We had no idea, yet now find out with whom and how it has been used only though the campaigners. 

The group the article described as ‘not speaking for most of us’, MedConfidential, has in fact spoken with support from leading figures across a wide range of professional organisations, including before the Health Select Committee alongside the Chair of the BMA GP Committee on Feb 25th.  They have spoken about patient choice and fair processing, technical security issues and good governance to get the care.data scheme right, and secure a good future foundation on which to build safe & trusted patient data practices.

I should think ‘not most of us’, but in fact all of us, want to get these things right. These things need to be right, in order for the informed public to support the system. Not just come autumn, but for life. Otherwise they risk revolt and more than just this system, will lose support.

Yet six weeks into the six month delay, we see no publicly communicated changes.

The toxic ‘smoke and mirrors’ lack of transparency to date must change, this scheme is too important to hide away and get wrong. This sort of attitude is precisely why it has repeatedly cost the country billions in failed IT programmes over 10 years whether at the MOD, BBC or Department of Health. The NPfIT via the now named HSCIC, continue making the same mistakes at arms-length from the DH and whilst refusing to apologise, projects carry on regardless, wasting money, time, public and professional trust.

Kingsley Manning, Chair of HSCIC said last week, “One of our key measures of success might have been that we were safely below the radar of public attention.” He may as well have said, “Pay no attention to the man behind the curtain!”

He stated an “innocent lack of transparency” has fuelled suspicion that arrangements for organisations’ use of data were “unfairly tipped in favour of profit making”. Perhaps it’s rather the HSCIC 2013-15 Roadmap which gives us fact, not suspicion. By 2015 HSCIC  would ‘agree a plan for addressing the barriers to entry into the market for new commercial ventures’ using our data provided by the HSCIC and:

“Help stimulate the market through dynamic relationships with commercial organisations,
especially those who expect to use its data and outputs to design new information-based services.”

Working with care.data is promised as a sweetener to commercial business, to ‘innovators of all kinds’  including Google for unproven State economic development and gain. Why should any commercial monkeys, even under the wings of ‘healthcare purposes’, carry off a piece of our most intimate personal data without asking our permission, when we go for healthcare at our most vulnerable and trusting?

Thank goodness for the privacy campaigners, the Freedom of Information requestors, the experts and professionals who altruistically take the time and trouble to champion the patient and public interest. Otherwise, we would not have been informed at all of plans.

The rights of fair processing and Data Protection appear to be trampled upon in the rush to implement the increased sharing of pseudonymous data, which is not anonymous yet not protected.

MedConfidential offers a simple method to enable the opt outof identifiable data flows which NHS England did not do. A right to objection was offered by the Secretary of State for Health and would be upheld as, ‘a constitutional rather than legal right.’ The Commissioning Board NHS England’s unclear leaflet wording and no form compared with the SCR opt out makes the intent of the process hard to understand.

We need honesty, clarity and communication, not PR. Transparency is fundamental to a renewal of trust across these areas.

Don’t tell us one thing and say another to business and government. Talk to us without spin. Give us clarity of purpose, choice, good independent governance, defined scope and an ongoing communications plan. Let me understand why you need fully identifiable data and how it will be used by whom and how you will protect pseudonymous, re-identifiable records. Don’t appear to use technicalities to get what you want. Not only must our data protection be legal, but be seen to be legally appropriate. Listen to the informed critics. Ensure ethics champion commercial decision making. Address the risks as well as the benefits and tell us your forward plans. Then perhaps, you will have paved the pathway to properly use our world class data in the world class NHS, for the public good.

Oh, and please get rid of the monkeys.

care.data – Intro. A mother’s journey in Oz.

Mother’s Day seemed as good a day as any, to reflect how I safeguard my children in future, in a cloud-based digital world and currently, on care.data. Ever since I first read last summer about the initiative to be implemented by the Health and Social Care Centre, I have followed as in depth, as much as time has permitted. I began the journey, as an NHS patient who believed my health records were used by my GP at my GP practice. In 2010 I had opted out of the Summary Care Record. I usually read forms to the end and tick the boxes or not, to keep my data confidential.

Along the way, I have been surprised to learn our hospital records were used for anything other than our care and its delivery. I’ve been shocked to see how it has been widely distributed to third parties, in various formats. I’ve come to understand how our health data entered at a whole range of different entry points (Prescription Service, Choose and Book, Mental health and more), end up stored in linkable silos under the umbrella of one organisation. And I’ve learned that the more I know, the more patients like me, should know. So, feeling that this is missing in the current online debate, I’ve decided to share my point-of-view and learnings, from a patient’s point-of-view.

David Aaronovitch’s Times’ opinion article on March 27th stated data privacy fears have made health-data sharing “toxic” and that campaigners are nothing but a ‘man with a megaphone’, like the Wizard of Oz. Whilst he is correct that there is a vocal minority, I believe it is simply because the majority are not able to take the time or had the interest to get to grips with the subject in depth. I have, albeit as an ordinary lay person on the outside.

There has been little opportunity for discussion of our ordinary patient opinion. Yet it is all of our records, ordinary patients, parents and children, which are being handled as a commodity beyond our direct care, without past knowledge or consent. I think a lot about it, and have broken this into parts. Part one: Transparency, Part two: Communications and Choice. Part three looks at the simplest concrete risks the Times article believed, “have made for public disquiet, but when you examine them they behave like candyfloss”.

I’ve followed it for almost eight months now. Its highs and lows still need a brain, heart and courage. By standing up, I risk being labelled ‘selfish’, a consent fetishist, or scaremongering. I don’t believe it is any of those to seek facts, education and engagement.

So here’s my #caredata story so far.

Thinking to some purpose