medConfidential Response to the Government’s Caldicott 3 Response

The foundations on which you build anything are critical. The more complex and interdependent the system, the more vital it is to firmly establish its fundamental principles. As we saw with, when eroded, the whole endeavour can collapse.

The Government’s commitment to transparency is therefore significant. The pressing question is, when it will be delivered – we’ve now been told when it should be delivered, but that’s not quite the same thing. This is important because it is transparency measures that provide the basis for informed consent, a theme we’ll return to at the conclusion.

Regarding each patient opt-out, to prevent data leaving GPs’ systems:

“…we will honour these until 2020 to allow the new national opt-out to be implemented, and for full engagement with primary care professionals and the public.”

Whatever happens in the interim, full engagement has to mean a formal public consultation in 2020, based on the facts as they are known to the public at that point. Anything less would be to break the confidence that the public are being asked to give.


The implications of consent

The National Data Guardian, the Department of Health, and NHS Digital have all committed to telling patients how their data is used – both for direct care, and for purposes beyond direct care. This is good. But this is a commitment that must be delivered, consistently and without compromise.

If various dark corners want to continue to grab data in secret, the public will be far less forgiving. may have had a pass, because there was no way for individual patients to know how their data has been used. Under this commitment, they will be able to.

It is doubtful that patients will look kindly on being lied to, again – even if attempts to do so are masked by dodgy definitions of the fence line between one bit of DH and another.

As the NHS begins to understand the implications of confidentiality and consent, medConfidential will be here.


Will NHS England and PHE follow the consent model?

In a blatant example of self-important special pleading, page 35 of the Response quotes PHE telling DH and the NDG what they must do, at a point where PHE also refuse to be a part of the solution. (We note also a passive-aggressive defence of Windows XP on page 17.) PHE has repeatedly refused to honour opt outs, dissents, or any other form of objection. The Government has proposed no change to this – why not?

The Government’s Response indicates that, rather than resolve the problem of invoice reconciliation – which has been discussed repeatedly – NHS England has stubbornly dug in its heels, and refused to consider it a problem. So accountants are still to take copies of patients’ identifiable records to check companies aren’t ripping the NHS off – despite there being other, safer, better ways to protect the NHS against fraud. Yet again, NHS England is both part of the problem, and an impediment to the solution – its officials refusing to consider change because they don’t want the effort of having to change the way that CCGs operate.

In a stark illustration of attitudes that still prevail, the day after the Government’s Response was published, the Chief Information Officer of NHS England stood up at a conference and said, “Let’s get away from this distinction between primary and secondary uses of data – it’s just data, let’s start using it”. It appears not only did Mr Smart (like his predecessor) ‘skip medical school’ – he also seems to have skipped reading anything written by the National Data Guardian. Not entirely the lesson you’d hope was understood at the Royal Free…

If the online opt-out process from NHS Digital is discredited from the start by not taking account of PHE’s continued data grab of cancer patients’ records without their consent, medConfidential will run an online opt out process that does.

Of course, Dr Rashbass might continue to ignore those requests too – in the mistaken assumption that just because he thinks of every person who has ever had cancer as his patient, those patients have any idea of who he is or why he’s grabbing their medical history. Clearly, some have yet to learn the important lesson that believing you are a good person, doing a good thing – or even being a good person – is not the same as doing the right thing.

Hopefully the McNeil Review will resolve this outstanding issue, whenever it is published and commenced. However, given the lack of critical engagement, there is still a strong risk that choices may turn out to be a ‘cargo cult’ copy of consensual, safe, and transparent – rather than anything effective. A digital form of the worst of homeopathic quackery.

Whatever U-turns and failures lie ahead, medConfidential will be here.


Assuming everybody manages to get this right…

In September 2014 we had a meeting with NHS England, in which the question was asked: “What happens after the problems are resolved?” This was the result (which also looked at backdoor data changes) – at a point where there had already been a commitment that would only be available within a safe setting. Will that commitment be honoured for any and every future dataset?

The principles of that post are sound, and still apply. We don’t yet know what promises will be made about the Data Lake today, only to be broken tomorrow. But what was clear from the Expert Reference Group process was that the data collected will include everything over time – sexual health records, mental health records, abuse records, genomics.

A safe setting means legitimate projects can access the data they need by minimising side effects.

If we were writing on “backdoor changes” today, we’d add PHE and the cancer registry – plus Genomics England, and similarly for other sources of data – but the principles we outline for change remain sound.

Caldicott 3 has delivered something for everyone: whether you wish your data to be used or not, you will be able to see how your wishes have been honoured – and, as the Secretary of State has said: if you don’t want your medical records to be used, they won’t be. All this is capable of being delivered with the Caldicott Consent Choice, implemented properly.

If and when this is delivered, or those patients who are content for their data to be used, the question is what the commitment to transparency will cover. At present, the Hospital Episode Statistics are sent to ~400 different places around the country each month, and NHS Digital hopes none of them has a cyber security accident. It’s only a matter of time.

A safe setting moves data use from “should usually follow” the rules, to “demonstrably always followed” the rules.

The proposed ‘Data Lake’ repeats NHS England’s near-sociopathic disregard of the central fact that in health and care you are  dealing with human beings; people who are usually sick, and often worried. Data is not “the new oil”, nor is it water – and there’s no such thing as a ‘Lake’ of it; there is the collected care episode history of every patient in every UK hospital, for approaching 30 years.

If the current HES are replaced with a more detailed, and even more sensitive, ‘Care Episode Histories’ dataset, that dataset should only ever be available in a safe setting, and all projects – whether for direct care or secondary uses – must be logged for the patient to see. With greater detail, comes some security. It is self-evident that NHS Digital cannot know how data is used once it has left its control, and yet it distributes hundreds of copies of huge numbers of individual-level medical histories that are identifiable (pretending the birth dates of your children are a secret from everyone you know – and others besides…).

Patients will look at accountability trails especially when contentious decisions are made.


If Will Smart’s expensive consultants wish to consider themselves as providing Direct Care, then they must appear in the (non-local) direct care – i.e. SCR – access logs made available to patients. The principle of “Hello… my name is…” must apply to all direct care – for, just as a doctor should take the time to explain themselves, real transparency means that NHS England’s micromanagers will be expected to do so as well. When they operate on perverse incentives in a crisis, patients will have the information as to how interventions were handled – which will rarely make a crisis less contentious. It’s not hard to see this won’t end well.

Secondary users, by definition, cannot be expected to introduce themselves to patients – so this applies as much to PHE as it does to NHS England. We assume this separation is why NHS Digital will have two lists of data accesses; the split may  appear odd at first glance, but it is likely better for patients.

If Mr Smart still wants to play about with big databases, with scant regard for human suffering or people’s privacy and dignity, then the Home Office is hiring. But he chose to work in the NHS, which has fundamental values.

Those fundamental values include both confidentiality, and using the data of consenting patients to help other people. Replacing the sale dissemination of data with a better dataset in a safe setting has always been part of the solution the NHS needs. It was deficits in thinking and leadership that led to – and it seems the administrators of NHS England may yet have to learn that in return for changing what they take from us, they may have to change what they themselves do.

Accountability removes possible unwelcome contingencies – which in turn will allow more complex research, in an environment of reduced risk and concern.

A consolidated collection of care episode histories, that are treated as such, could be the basis for a stable data infrastructure in the NHS. A Data Lake cannot.

Whatever promises may be made in order to get hold of the data, it is transparency and accountability to properly-engaged and interested patients that will keep the system honest in the long term. And there will always be competing pressures.

Local councils, for example, will keep funding reports that say local councils should have access to any and all medical records they wish. So we repeat: the Government’s commitment to transparency is significant, for it is transparency that provides accountability in even untrusted systems.

As NHS England moves towards a new, transparent data collection – whatever the plan, and whether it chooses to share it or not – medConfidential will be here.