Health data, AI, and Google DeepMind
Here is a link to our brief chronology of what happened when Google DeepMind and the Royal Free Hospital in London signed a deal to secretly copy 1.6 million medical records and allow them to be fed to a DeepMind AI.
What happened to make care.data possible?
What actually happened with care.data? (2013-2015; very briefly)
This short history picks up where the previous piece left off, and covers the history of care.data from 2013 to the end of 2015:
The goal was to take GP data, and then the rest of data from across the NHS, and make it available to any organisation that wished to use it. This goal being standard practice for hospital data since the late 90s.
Posters in GP’s surgeries
The original plan, back in summer 2013, was that a poster in a GP surgery would be sufficient to tell patients of the pending extraction of their medical history.
In practice, this worked out as well as any independent party would expect, and so the Information Commissioner said they had not met fair processing.
Junk mail leaflets
Following the failure of the posters, NHS England decided that rather follow the precedent of the Summary Care Record, and write to each patient; they would send an unaddressed leaflet to every house.
The Government claimed that the leaflets would go to every house, but did not invoke the special protocols that they have with the Royal Mail to deliver to every house, and so it only went to those who had not opted out of junk mail.
They were often delivered folded into pizza leaflets, or not delivered at all. Polling after they should have been delivered suggested that only 30% of the public had any idea of the scheme.
As the leaflets were posted out, there was press coverage of the project. This led to scrutiny, discussion, and the problems of the project became self-evidence.
Press coverage was extensive, it was accurate, and it was scathing.
After press coverage and Parliamentary Questions, the Today Programme picked up the question with a head to head between NHS England and medConfidential.
The defence of NHS England was “There have been no data losses in over 25 years.”
Scrutiny continued in the press, with various statements in the documents being shown to be inconsistent.
48 hours after giving the public an assurance that GP data would be as safe as existing hospital data, and would not be used by insurers, a report was published by insurers using data from HSCIC’s predecessor body.
The public, Parliamentary, and professional backlash was significant, and care.data was suspended.
Sir Nick Partridge, a non-executive Director of the HSCIC, was tasked with overseeing a review of releases. It was published a few months later.
A few minutes before the final deadline for amendments, the Government added a restriction to the Care Act that required data be used for “provision of” care or “the promotion of health”. It’s still unclear what promotion of health means in practice.
The Health Select Committee was highly critical of many aspects of what had transpired, and proposed changes into the future.
Care.Data Advisory Group (CDAG)
Reflecting the broad base of concerns about the care.data programme, an “advisory group” was constituted, chaired by a member of the NHS England Board. It met monthly and had a free and frank discussion with a wide range of expert member reflecting a diverse base of views.
Data Release Register
Following the Partridge Review, the HSCIC publishes an irregular register of data releases on a discretionary basis.
After a discussion at the Health Select Committee, the Health and Social Care Information Centre began work on examining and constructing a network of “Safe Settings”, so HSCIC could retain management and audit trails of data usage, but users could still perform their analyses.
NHS England pre-announced that they would write to all CCGs in England and ask them if they wished to become a pathfinder for the care.data programme. This did not happen.
Instead, NHS England selected/dragooned 4 areas for this “honour”. Leeds (a large city, home to HSCIC & NHS England), West Hampshire (which has terrible data processes and needed support), Somerset (home of the programme SRO), and Blackburn with Darwen (we never worked out why they were picked).
National Data Guardian (NDG)
Reacting to ongoing public concern, the Secretary of State appointed a National Data Guardian to oversee data use in Health and Social Care in November 2014. Promised to be a statutory body “at the earliest opportunity”, Dame Fiona Caldicott was appointed the first National Data Guardian.
Letters and Booklets
The Care.data programme continued its work, with various public events to show the booklet that would accompany a letter and opt out form that would go to every patient registered with a GP.
The opt out shown to the public covered both GP and all other data.
In the Summer of 2015, the Senior Responsible Owner at NHS England told the care.data advisory group that the promise to patients that “opting out will not affect the care you receive” had been “vetoed”. It transpired that was false.
The Care.data Advisory Group was abolished in October 2014; to be replaced with a “Strategic Oversight Board” which met only once, without any privacy organisations participating, before it too was abolished.
Announced in September 2015, 2 days after the care.data pathfinders were due to be commence, and due to report in January 2016, the Caldicott Review of Consent was finally published in July 2016 and went to a public consultation.
The “visionary” of care.data, and Senior Responsible Owner, resigned in October 2015 and left NHS England in December, moving to Australia a few weeks later. He did not apologise for his part in the fiasco.
While the care.data programme was finally cancelled in July 2016, the desire for data, and the powers to require it be provided, all remain. Work continues.