For context, see our press release, HSCIC’s lack of transparency is not so “innocent” after all, and HSCIC’s follow-up ‘clarification’, Publication of HSCIC register of approved data releases: clarification on points of public interest.
Despite both the Under-Secretary of State for Health, Dr Daniel Poulter, telling Parliament that “a report detailing all data released by the HSCIC from April 2013” would be published and the Chair of HSCIC, Kingsley Manning, saying at the HC2014 conference on 20th March that “we will be publishing the details of all the data releases we have made since we were formed“, HSCIC is trying to limit the scope of its register to just those releases “under agreement” initiated or renewed during the last year.
This is patently ridiculous, as there are organisations and companies to which data has been released during the past year that (a) were not and never will be “under agreement”, e.g. the police, (b) had received data and are still able to use it under an active licence during the past year, e.g. PA Consulting, and (c) continue to receive monthly updates, e.g. of HES data, under licences that may not have been issued or renewed since April 2013 but that are still active.
Without the publication of all active licences and agreements – which should include any ‘Memoranda of Understanding’ – the public simply won’t know who is receiving their information under circumstances (b) or (c). And any reasonable human being would consider (a) to be a release of data, whether it is “under agreement” or not.
Further analysis of the register suggests a number of ‘approved’ releases recorded in other registers seem to be missing as well.
With reference to HSCIC’s ‘clarification’:
Does HSCIC deny that PA Consulting has an active contract for the use of HES until 2015?
No – in fact it confirms it. Again. We accept that the use of data already released under continuing licence may not be ‘a new release’, but for a register that is supposed to be the model for a new era of transparency it is a pretty poor showing to exclude any organisation or company that HSCIC well knows is holding and can process patient data under an active contract.
We understand that Sir Nick Partridge’s report is to be a retrospective audit. The HSCIC register doesn’t show active contracts / agreements or any start or end dates, so how is the public supposed to know who has their information at any point in time?
Does HSCIC deny that it has provided data to the police in the last year?
No – it confirms that it has done so. That it has previously admitted this “in a Freedom of Information request and in statements to the media” makes it no less a release of data than any other during this period. Will HSCIC exclude other releases of data from the register if someone has asked about them in a Freedom of Information request? We sincerely hope not.
That HSCIC seems to be trying to wriggle out of publishing releases made under other laws, such as the Data Protection Act, or indeed any release not made “under agreement” is extremely worrying indeed. And the vagueness of the legal basis given – often nothing more than “Health and Social Care Act 2012”, with no section or clause – suggests an attitude that really hasn’t shifted all that much from the ‘bad old days’… before April 1st 2013.
If they really want to earn the trust of patients, professionals and the public at large, we suggest that HSCIC officials stop making up lame excuses that only add to the suspicion they have something to hide, and publish every release of data – with full details – so that people can know exactly who has their medical data at any point, why and what for.
And rather than quarterly, the register should be updated monthly – as any number of other government bodies who do a far better job of being transparent seem to manage.
If this register represents HSCIC’s answer to revelations of its past misbehaviour, then it is inadequate and dangerously patronising – especially given the trust that it and NHS England are haemorrhaging right now over the care.data scheme.