Feeds

What does the NHS’s new IT plan really want to extract from us?

Uncosted system should’ve gone live two months ago

High performance access to file storage

Feature Following last month’s announcement of a £1m nationwide spam drop, what now for care.data, the NHS's latest multi-million pound big data project?

Is it, as the carefully managed news release implied, merely taking its time – in fact, delaying a key project by almost a year - so as to nail issues of patient confidentiality? Or is it, already, in deeper mire, and using data protection issues as a figleaf to cover up more significant problems with system delivery?

And if it does go bad, will we ever find out why and how (and how much it cost)? Or is the new arms-length NHS wholly immune from parliamentary scrutiny?

Let’s start with the mire.

The theory behind care.data is straightforward enough. Data from all (non-dissenting) UK patients is to be lodged in a central database, from where it may be used for admin purposes, for statistical analysis by the NHS or sold on to select research companies.

It is managed under the auspices of the Health and Social Care Information Centre (HSCIC), part of the new devolved NHS England, and intended to be “a modern information service on behalf of the NHS”, using information from a patients’ medical record to improve the way that healthcare is delivered for all”.

Moreover: “The service will only use the minimum amount of information needed to help improve patient care and the health services provided to the local community”.

So far, (sounds) so good.

care.data now forms a significant part of the Secondary Uses Service (SUS), initially set up as part of the ill-fated National Programme for IT in the NHS. The ambition of using one major supplier – BT – as national application service provider has now replaced by an open data platform (ODP) approach. This is in line with the principles of the Government ICT Strategy with the separation of technical components into those, such as data storage and processing, that need to be delivered centrally, and apps for turning data into information that may more sensibly be developed to meet specific needs.

According to the HSCIC, the key components of the platform's architecture look like this:

You want to extract what?

According to a GP toolkit, published earlier this year by NHS England, the system build process starts with the General Practice Extraction Service (GPES) a centrally managed extraction service, divided into two parts: ATOS provides the extract query tool; the extractions will be carried out by the GP practice system suppliers, including EMIS, TPP, Microtest and INPS.

In addition to data set out in the main spec, the GPES will also hoover up personal identifiers: NHS number, gender, date of birth, postcode and ethnicity are among the eight criteria required.

All data will first be uploaded to a Data Management Environment (DME) within the HSCIC. Initial upload may be to HSCIC direct or to one of a number of regional Data Management Integration Centres (DMICs). From there, it is matched to an index file (HES index file): the initial data upload is then deleted; and further secondary data may be matched in, also using the HES index. Unfortunately, that appears to be most of what is known publicly.

This leaves a host of questions, such as:

  • Who are the lead providers?
  • Have any of them been ejected?
  • Are we getting multiple platforms that may or may not be able to interact?
  • And the daddy of the lot: How much is care.data costing?

The answer is, despite putting all these questions and more to the relevant parties over a period of time, few answers are forthcoming. Nor are we likely to get more information any time soon. For the Health and Social Care Act 2012 (HSCA) that established NHS England also effectively removed that body from parliamentary accountability.

The Department of Health passes such questions directly over to NHS England.

Repeated attempts to elicit comment from the office of opposition Health spokesman, Andy Burnham, MP, have also drawn a blank.

However, according to sources close to the project, technical issues are already surfacing, and not in a good way. The use of local IT providers to build the various DMICs mean that while care.data itself is up and running, data loads are not. Because different local builders mean a range of different systems architectures and a system that is currently not interoperable.

A second source claims that the GPES itself is not working as it should, and that even if it wished to, HSCIC could not presently commence uploading data. We have asked NHS England for comment on both these claims – but so far no answer. Costs, with or without the impact of any technical glitches, remain a mystery.

How much? Oh, you can't tell us...

Officially, according to NHS England: “We are not yet in a position to provide the full costs of the programme.” They are working with HSCIC to do so and “anticipate” that further information may be forthcoming in the New Year.”

However, a good starting point seems to be a briefing paper put out by the Informatics Services Commissioning Group that states that “care.data programme costs will be built on the current costs of the proposed Open Data Platform”, and that the ODP cost “at outline business case is estimated at £33m over three years”.

They add: “This figure, excludes any additional accelerator project costs, which remain to be determined” – though one such cost may be an extra £11.8m of funding that Councils will receive to support the move to a new social care data collection system, which appears to be part of the care.data ecosystem. Add to this the £1m to £2m minimum for the door drop now needed to meet the demands of the Information Commissioner.

Meanwhile, care.data is starting to encounter opposition both for the enormity of what it intends to put in place, and the somewhat hamfisted way in which it has proceeded to date. For the vision is clear: under the HSCIC, what was once a simple data warehouse for producing statistical information on patient care is to be transformed into a whole life system of universal health surveillance.

According to the GP toolkit, the amount of personal, privacy-busting information to be uploaded is massive. Categories of information include diagnoses (anything from diabetes to schizophrenia), health group (including whether a patient smokes or has high cholesterol), interventions and prescriptions.

Those concerned about the scale of information being released might be relieved to learn that “sensitive information” – that’s information relating to subjects such as termination of pregnancy, convictions and domestic violence – are to be omitted. For now.

However, NHS England is keen to “listen to” calls by patient groups to open such data up, since its current omission might be considered “stigmatising”. Or in other words, you ain’t seen nothing yet – and information currently considered too sensitive for inclusion may yet be added.

The first iteration of care.data is also relatively limited, compared to what is already in the pipeline: hospital data is due to be added a year after GP data; and social care data a year after that.

Concerns over confidentiality fall under two heads. First, despite assurances that security is “the most important priority of the HSCIC”, and that care.data “will conform to the same strict standards of data security and confidentiality that have governed the use of HES for many years”, experience suggests otherwise. Government and data security, many would argue, are mutually exclusive things, and history seems largely to prove that where security can be breached, it will be. Given the literally career-changing nature of some of the data soon to be passed around, the risk, critics argue, is not worth it.

Accidents apart, the uses that the HSCIC intends for the data have raised eyebrows. Outputs for release 1 distinguish between a range of aggregate statistics, much as before, and pseudonymous statistics: that’s data anonymised, according to the HSCIC, sufficiently to resist a “jigsaw attack”.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.