What does the NHS’s new IT plan really want to extract from us?
Uncosted system should’ve gone live two months ago
Money-spinning datasets to cost, er... one quid
Such relatively limited data releases will be within the NHS family (GPs and managers who need information to hone the service they provide) and “customers” as approved by the HSCIC’s Data Access Advisory Group. Companies such as BUPA, Dr Foster and Civil Eyes research are among the early approvals, and likely to benefit greatly from plans to make extracts available commercially for no more than £1. (That appears to be the price for whole datasets)
While initial releases of data will be anonymised, the scope remains to match back to personal identifiers and make what is described in the literature as a s251 release. According to the Health Research Authority, this – s251 of the NHS Act 2006 – allows “confidentiality to be overridden to enable disclosure of confidential patient information for medical purposes, where it was not possible to use anonymised information and where seeking consent was not practicable, having regard to the cost and technology available.”
Patient confidentiality may therefore be overridden wherever the Secretary of State feels a sufficient case for doing so. Or as HSCIC puts it: “Release 2 will further consider the outputs to be provided from care.data to each of the receiving types of organisation”. Procedures are already in place to formalise the data sharing process with third parties.
Confidential? Define confidential.
Besides, an s251 exemption now allows use of identifiable data for commissioning purposes. In practice this appears to mean that identifiable patient data can be passed around routinely for non-direct care purposes – including admin, audit, and invoice reconciliation - at national (NHS England), regional (NHSE Area Teams, CSUs) and local (CCG, local authority) level.
In other words, mission creep is already happening. Use of the GPES is governed by an Independent Advisory Group, drawn from medical professionals and lay advisors. Minutes of this group’s meeting from September 2013 highlight concerns that deidentified data could be reidentified by commercial customers of HSCIC: their solution was to require customers to sign an undertaking to the effect that they would not do this (PDF).
This follows a decision by the same group, In August 2013, to permit the storing of NHS numbers and practice IDs within the HSCIC DME for a month at a time in respect of a project on diabetic retinopathy screening. This, the group agreed (PDF) “could raise some privacy risks” – in fact breaches the initial premise that once upload had taken place, that DME data would be deleted after matching - but that was OK as “this data would be stored securely and encrypted”.
care.data has also had something of a setback recently over its failure to communicate adequately with GP’s or patients.
It certainly did not help that the request for a large new GP dataset to be supplied from practices was sprung out of the blue on joint chairman of the BMA and RCGP's joint IT committee, Dr Paul Cundy in January of this year – or that the first many GPs heard of it was when an information pack arrived at their practice in late August, informing them that they had just eight weeks to make patients “aware” of the scheme.
Many GP’s were concerned that, as data controllers for their patient data, they were about to breach the Data Protection Act (DPA) and therefore open themselves to expensive legal action. On the other hand, if they did NOT support the upload of patient data, they may also find themselves in breach of the law, as the HSCA, responsible for the recent re-invention of the NHS also empowered the HSCIC to require providers of NHS care to send it confidential data in certain circumstances – such as when the Secretary of State for Health orders them to.
MedConfidential, jointly co-ordinated by Phil Booth and Terri Dowty, who were previously movers behind No2ID and ARCH (Action on Rights for Children), have started a campaign urging patients to opt out of care.data – something that Health Secretary Jeremy Hunt had previously agreed was permitted.
In August, the Information Commissioner joined the fray, expressing concerns that patient data was about to be processed in breach of the DPA. Patients should be aware of how their data might be processed and there needed to be reasonable assurance that such steps had been taken.
In fact, the ICO position, confirmed last week, was that “as far as practically possible, all patients” [should be] “aware of these changes”. They are not, however, prepared to state exactly what constitutes the level of awareness required.
However, advice by NHS England that patient awareness would be sufficiently engaged by putting up posters in GP surgeries and communicating through “routine communications” such as practice newsletters – or the 8 week window within which they were supposed to do all of this - certainly did not cut it.
Hence last month’s surprise announcement that NHS England is now to distribute leaflets to all 22 million households likely to be affected at a cost of 8p per household: £1.76m – or £1 million, as they more economically reported!
Although presented as a positive, this is something of an embarrassment for that organisation, which had already stated, somewhat bullishly in their business plan for 2013/14-2015/16 that “75 per cent of GP practices will be providing the full extract to care.data by September 2013”. Er, no.
The door-drop is due to go out in January 2014. Thereafter, assuming that the ICO deems patient awareness to have climbed to a sufficient level, uploading will commence in spring or summer.
But is that really the issue? Is the current willingness to go along with ICO recommendations a face-saving excuse for delay while HSCIC get on with fixing system glitches behind the scenes?
The problem is: we just don't know. On the one hand, the HSCIC has opened up a little, making public both physical architecture and debates about process. On the other, key questions - what all this will cost, who are the main providers - remain closed. On cost, supposedly, some two months after the project was due to go live, they are not in a position to say.
And there, beyond the technology, beyond issues of confidentiality and privacy, lies the real issue: that in the end, all might go swimmingly, but along the way, the right of public, politicians or anyone else to engage, to point out potential pitfalls is now seriously, officially limited. ®