It used to be that the different parts of the NHS looked after the data of the patients they treated, and talked to each other when they needed to know something.
Of course that model doesn’t work if you are NHS England, with its egomaniacal urge to micromanage and control everything. From that perspective, NHS England and other bodies each collecting every bulk personal dataset they can, from anywhere in the system is essential – even if the result starts to look like the ‘shadow’ monitoring and embedded political control structures of the Communist Party of China being imposed on the NHS.
From a patient perspective, rather than being ‘confidential’, this starts to feel deeply invasive – and the secretive manner in which some of these bodies expect to be able to act could be considered downright nasty.
From the perspective of NHS staff, it could be the final nail in the coffin of trust.
In the simplest terms, the level of access NHS England is mandating (with Government backing) boils down to managers, commissioners, policy makers and even commercial “re-users” being able to reach into your individual medical record – right down to the level of specific, dated events – and, as we now learn, to check every appointment.
“Collect it all” is the digital approach of the intelligence and security services – the agencies tasked with the prevention of “never events”; those things that must never occur.
“Bulk Personal Datasets” have been defined by Parliament as “large databases containing personal information about a wide range of people”. Parliament’s Intelligence and Security Committee in its 2015 report, ‘Privacy and Security: A modern and transparent legal framework‘, also concluded that as a Dataset of this type “may be highly intrusive and impacts upon large numbers of people, it is essential that it is tightly regulated”.
“Tightly regulated” is clearly not a term that applies to initiatives such as the Prime Minister’s Challenge Fund or toxic schemes like care.data, with its still-missing legal safeguards, ever-diminishing consent options and the “promotion of health” loophole that has legalised the ongoing sale of patient data to commercial re-users – including the data of over a million people who’ve already opted out. Whatever the claimed justification, the collected medical records of every man, woman and child in the country certainly meet every other criteria.
In the NHS, bulk personal datasets that were and are being collected for one purpose – the provision of health care – can now be interrogated for other reasons. These other purposes, all lumped together under the deceptively anodyne term “secondary use”, cover such distinct and broad categories of activity as research (both medical and market), NHS commissioning and “health intelligence”, and include servicing the data demands of commercial third parties. Every single one of these uses being derived from data which had a single primary purpose: the treatment and health of NHS patients.
If other bodies want to extract and use bulk personal datasets for purposes beyond patient care, then the whole process must be consensual, safe, transparent and – most important of all – grounded in trust. However trust, as Baroness Onora O’Neill argues, cannot merely be asserted (“trust us”) nor, as the care.data debacle continues to demonstrate, can it be presumed.
To be trusted, these users of our data must demonstrate they are trustworthy:
“[Those] who want others’ trust have to do two things. First, they have to be trustworthy, which requires competence, honesty and reliability. Second, they have to provide intelligible evidence that they are trustworthy, enabling others to judge intelligently where they should place or refuse their trust.” – Baroness Onora O’Neill
Evidence shows, if given a choice and clear information on what it’ll be used for and by whom, a large majority of patients are quite happy for their medical information to be used for public good purposes, such as ethically-approved research. Limit the choice or information, or re-use the data for something else, and opinion flips – and the majority are not happy at all.
The sale of ‘Hospital Episode Statistics’ (not actually statistics but rather linked, patient-level hospital events) which caused so much public outrage last year, is a case in point. As it turned out, the basis for public confidence amounted to little more than the fact the data had been collected “for years”. When the sale of billions of linked, dated health events – the very definition of a bulk personal dataset – came to people’s attention in 2014, it quickly became apparent that public acceptance was lacking.
The lesson here? Just because you happened to get away with something in 1988 doesn’t make it a good idea.
In a digital world, it is all too easy for bulk personal datasets to be copied and re-used outside of the understood framework, leading to loss of trust (what the Royal Statistical Society calls the “data trust deficit”) in not only the end users, but the original data ‘collectors’ themselves; doctors, nurses and other front-line NHS staff for whom trust is absolutely essential. For if people cannot trust that what they tell their doctor will be kept in confidence, some will simply not say anything – putting their own health, and in some cases the public health, at risk.
There are many predictable, if unintended, consequences of a “Collect it all” strategy; consequences that agencies and institutions which have followed one have now discovered. Public outcry over the secretive extraction and misuse of patients’ medical records and NHS information should be seen as a cautionary tale. Not a guide book.