The Department of Health: Protecting Personal Health and Care Data?

Despite the name, this consultation has nothing to do with, but has to do with commissioning, care and data, which was allegedly the point of Yet another example of, when a major problem is confused and fundamentally flawed, those flaws get copied into random other places because of the confusion that assumes that the people running were competent.


The DH consultation itself was relatively confusing, and our response was constituted in 5 parts, 2 of which had been published before. We’ve also recently created two supplementary submissions, in response to specific discussions with DH on topics where it wasn’t entirely clear that what academia and we ourselves meant by a term, is what DH considered it to mean. Longitudinal studies form an important part of research, but you can’t just leave some data lying around a safe setting and plead that it’s a longitudinal study.

Special pleading for your medical records

The Nuffield Trust’s submission says: “We strongly support the recognition that appropriately pseudonymised data used for research, service evaluation and other approved purposes are not ‘personal data’ within the meaning of the Data Protection Act.”

It is “recognitions” like that, that led to the debacle of HES being used for purposes that the public disagreed with. We’re not sure that grabbing data at any point and pretending that individual level data is not identifiable is likely to increase public confidence.

Other organisations who don’t gain direct benefit from special pleading, such as the Royal Statistical Society and British Computer Society have made somewhat more balanced submissions.

The BCS submission makes an interesting point, that should any non-public entities to have the ability to become an ASH, or any form of safe setting, BCS would expect them to explicitly agree to the same level of audit that the public sector has: no notice inspections.

Our submission documents, in order for sequential reading: