medConfidential Bulletin, 23 October 2015

Quite a lot has happened over the past week. Events are still unfolding, but there has been progress in three key areas.

What just happened?

This week saw the UK’s largest online pharmacy, Pharmacy2U, fined £130,000 for concealing its sale of names and addresses of NHS patients to quacks and charlatans. Quite literally – the companies who bought patients details were selling “alternative” treatments and lottery scams.

Not only did they sell the data; Pharmacy2U has been unable to confirm whether the company kept, or can reconstruct, any records as to whose data they sold. Clearly, the private sector has joined NHS England in ignoring HSCIC’s lessons about data releases, following our work over the past two years.

A blanket, criminal ban on marketing to patients is the only way to prevent these predators, quacks and charlatans buying patients’ names and addresses for 8p a time, and scamming them out of money – or health. For, as the ICO’s Penalty Notice points out:

49. It is possible that some customers, who received marketing material from Woods Supplements, after being prescribed medication by a doctor, may have stopped taking their prescribed medication and spent money on products that were subject to the ASA adjudication in relation to misleading advertising and unauthorised health claims.

In light of the ICO’s determination, in regard of serious breaches of the Data Protection Act, medConfidential has written to the relevant medical regulators and professional bodies, asking for them to consider appropriate action within their various remits.

Given the number of patients who contact medConfidential having been marketed about specific conditions and diagnoses, this is clearly not an isolated incident but a systemic problem – and one that must be addressed at all levels.

We believe this underlines the need for all releases of patient data to be covered by personal Data Usage Reports (each and every secondary use being recorded by HSCIC), and highlights the need for a Data Incident Protocol (so that doctors and medical staff can provide the necessary assurance to patients), grounded in medical ethics not mere DPA compliance.

Apps Library

Last week, NHS England announced that its much-vaunted ‘Health Apps Library’ was being shut down, describing it as “a pilot programme”. Since 2013, it has been endorsing hundreds of apps to patients, now replaced by a set of pages on the NHS Choices website which promote a total of seven “online mental health services”.

Not quite what Jeremy Hunt was saying 6 weeks ago when “the Health Secretary stated his ambition to get a quarter of smartphone users – 15% of all NHS patients – routinely accessing NHS advice, services and medical records through apps by the end of the next financial year.”

Serious concerns have been raised over the past year by medConfidential and others with regard to the security, safety and suitability of dozens of apps which were endorsed in the now withdrawn Apps Library.

While we welcome the closure of this sprawling, unaccredited mess of apps and internet quackery, NHS England must now demonstrate how radically it has changed its approach to innovation if it wants to avoid destroying patient trust. Again.

A ban on marketing to patients

Last Friday saw the Second Reading of Chris Heaton-Harris MP’s Access to Medical Treatments (Innovation) Bill – substantively the same Bill as that previously introduced by marketing magnate Lord Saatchi. Alongside many other issues, the question of marketing to patients was raised. When asked: “Will [the database] be used for marketing to patients?” the Minister for Life Sciences, George Freeman answered: “The Government would oppose this being used as a marketing tool.”

Opposing it doesn’t prevent it happening. The ‘McDonald’s amendment’ in the Care Act last year created a loophole allowing data to be used for the purpose of “the promotion of health”, which clearly includes marketing.

medConfidential will continue to ask for a blanket, criminal ban on marketing to patients: explicit, informed prior consent (i.e. opt in) must be the only acceptable consent mechanism, for those who wish to receive marketing – with criminal penalties for those who refuse to comply.

The Government says it opposes marketing to patients, the Saatchi / Heaton-Harris ‘Medical Innovation’ Bill provides the legislative opportunity to implement this, and Pharmacy2U has shown why it is necessary; the remaining question is, will Jeremy Hunt act?

What’s next?

The Saatchi / Heaton-Harris Bill moves now to Committee stage, which we shall of course continue to monitor closely, revisiting as necessary the amendments we proposed prior to Second Reading.

Companies hiding behind the fig leaf of research regularly complain that “slow and costly access to anonymised patient data impedes academic research”. Quite aside from the continued abuse of the term “anonymised”, medConfidential believes that for privileged access to NHS patients’ medical data, filling in a form honestly shouldn’t be too high a bar.

And finally

We remain a tiny organisation, with minimal funding. If you can help us, please do – every penny received will be used on work you’ve just read about in this newsletter.

Please, if you can, make a donation via our PayPal page so that in future every flow of patient data into, within and out of the NHS and social care system can be consensual, safe and transparent.

Phil Booth and Sam Smith

23rd October 2015