For immediate release – Saturday 1st March 2014
Responding to the announcement that the Secretary of State for Health is to legislate on the care.data scheme [1] in an attempt to appease some of the concerns that have been raised about it, Phil Booth, coordinator of medConfidential [2], said:
“medConfidential is glad to see the Secretary of State is taking the care.data debacle seriously. We’ll be watching closely to see if the small print of these legislative measures matches up to the headlines. At this point patient trust really won’t bear any more spin.”
On the statement that NHS data will only be released to organisations which have abided by data protection rules, Phil Booth said:
“A ‘one strike and you’re out’ approach to the abuse and misuse of patient data, if rigorously enforced, could be a game-changer. The fines that the courts and the Information Commissioner can hand out are peanuts in comparison to the turnover of some of the companies that will still be getting access to patient data.”
On the statement that respecting patient opt-outs will be made a statutory requirement, Phil Booth said:
“Jeremy Hunt is absolutely right to put patient opt-outs on a statutory footing, especially after some of the shenanigans that NHS England has tried to pull [3]. But every patient needs to be written to in person about their right to opt out – and be given the form and other easy ways of exercising it, this time.”
On other measures, Phil Booth said:
“We are less convinced by claims that legislation will prevent patient-level data being released when there is “not a clear health or care benefit for people”. The whole care.data scheme is engineered to pass around data for ‘secondary purposes’, not for direct care. We don’t believe it is helpful for the government to continue to conflate the future benefits of research use with things like the administrative and monitoring purposes of commissioning.”
“Putting the Confidentiality Advisory Group on a statutory footing may be a step in the right direction, but only if its remit is expanded to cover every release of patient-level data. Otherwise, the Information Centre that we now know has been selling patient data for years could still be open for business without effective, independent oversight and transparency [4].”
“Legislating for protections that are already in place, such as requiring “ethical reasons” from researchers who are already bound by strong professional ethical codes, or binding the scheme to ‘anonymisation’ practices that aren’t even as tough as the highest standards used elsewhere in government feels a bit like window dressing. More meaningful would be a move to put the powers that have permitted NHS England to cause this mess back under full, democratic scrutiny.”
—
Notes for editors
1) See, e.g. http://www.telegraph.co.uk/health/10669295/NHS-legally-barred-from-selling-patient-data-for-commercial-use.html
2) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals. Opt out forms and letters available here: www.medconfidential.org/how-to-opt-out/
3) See http://medconfidential.org/2014/opt-out-fixed-for-now/ for an explanation of how the opt-out – which could potentially have been meaningless – had to be fixed over the last fortnight.
4) The Confidentiality Advisory Group (CAG) deals with requests for the use of patient-identifiable data without consent, using what is known as Regulation 5 or Section 251 support. The decision to release sensitive patient-level ‘pseudonymised’ data has been the job of the 4 person, non-independent Data Access Advisory Group (DAAG) at HSCIC. Patient-level data that HSCIC classes as ‘non-sensitive’ – a term many patients may dispute – has in the past been released without submission to any sort of oversight body, and such releases have not been published or reported. This would include the data sold to actuarial companies, as reported in http://www.telegraph.co.uk/health/healthnews/10656893/Hospital-records-of-all-NHS-patients-sold-to-insurers.html
For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org
– ends –