There is little sign this inequity will be addressed under current structures or priorities, but as Government thinking evolves around the structure of the new Information Commissioner, CDEI should also be fundamentally restructured so as to receive and consolidate a much wider range of inputs – including lay members (DHSC’s former National Information Board had six, for example). Without wide-ranging input, data in Government shall continue to make rookie mistakes such as those of the ONS / GDS Data Standards Authority.
There are alternatives to creating many ‘pools’ of data around Whitehall and simply hoping no-one makes a mistake. Built for the pandemic, and with appropriate governance within and beyond it, the model of openSAFELY could apply across the rest of Government – especially for monumental failures like the National Pupil Database at DfE.
While it is self-evident that the vision of the forthcoming National Health Data Strategy should be to maximise the health of patients within the NHS, the vision of a National Care Data Strategy is less clear. Is it only to maximise the health and health outcomes of those to whom care is provided, or do quality of care and quality of life have other dimensions? Whatever is decided, as the Health and Care systems move towards integration, those two goals must align – but it shows how far apart things are that to talk of (the state of) Health and Care data as if they are even remotely equivalent is quite clearly nonsense.
As the pandemic has brutally illustrated, there is no data strategy for social care – and no evident plan to move towards one. Given every journey must begin with a single step, something like this might work.
Health and Care ‘moving parts’
Whenever NHS legislation is next put to Parliament, the National Data Opt-out should be placed on a statutory footing. Aside from guaranteeing patient choice and underpinning trust, this will provide proper democratic scrutiny of official choices such as the one which the National Data Guardian highlighted in her recent annual report – page 11, right column – where NHS Digital, NHSX, and DHSC decided it wasn’t in their interests for patients to see how data about them is used. Should government attempt to defend that position, when the push-poll and focus group used to come up with it are more widely known, the u-turn will be more embarrassing than fixing it now.
In a similar vein, transparency on access to patients’ details via APIs (whether new ones for COVID-19 or pre-existing ones, such as for the Summary Care Record) would also begin to address the ‘creepy single doctors’ problem that has been exacerbated by the widening of access in a time of reduced oversight. And that some in Government still wish to use patient records for funding and “decommissioning” decisions (para 2) is unlikely to be wise.
Government argues that new business models are the way the NHS and the Life Sciences Industrial Strategy will get them out of the hole they’ve created. Trillion-dollar tech fantasies abound. But while the conflicts of interest amongst advocates of this strategy are clear, whether it will work is not.
National Data Strategy (outside of health)
The NDS is a “pro-growth” data strategy, which is an entirely appropriate mission for DCMS – but it creates a fundamental conflict of interest in its sponsorship of the ICO as regulator, and its role in choosing the replacement for the current Information Commissioner. For this if not other reasons as well, the ICO should move back to being Departmentally sponsored by the Ministry of Justice, to underline the fundamental importance of following the law and to ensure the principles of justice apply to all data use, as well as to quasi-judicial decision making by the regulator.
A data strategy for the UK should first and foremost respect the rights and freedoms of every data subject, and aim to provide the greatest net-benefit to the whole of the UK – yet there is no compelling vision in the strategy; no clarion call. There is also no testable hypothesis in the strategy, by which its success (or otherwise) can be known. It is likely no single vision acceptable to all stakeholders could have got through write-round – not least because the unreformed, institutionally-ignorant Home Office will not accept a nuance that is in the public’s interest (for example, PHE / Test&Trace / police data sharing).
As written, there is no explicit difference in the National Data Strategy between personal data and data about objects. Lacking specificity, much of the strategy that is intended for one could be used for the other, thereby creating effects entirely unintended by the authors. A recent misstep by the new “Data Standards Authority” illustrates the sort of harm that can be caused when ‘generic intent’ overrides substantive nuance.
After a summer tainted by “mutant algorithms” in education, nothing would say understanding data less than NHS England agreeing to run the COVID-19 vaccination database off a 66 million row Excel spreadsheet. (While a single worksheet can have a million rows, losing 65 million people should be relatively noticeable – plus they know to look… now.)
- Dear Prime Minister
- Social care
- National Data Strategy response – top sheet
- Offline harms 2
- PHE letter
- Net Assessment of pre-Covid analysis, which predates openSAFELY