As Labour discovered, the Department of Health in England will conjure reasons to reject something they don’t want to do by only speaking to those who will agree with them.  

Buried in the National Data Guardian annual report is the outcome of some work by the Department of Health in England on whether to tell users when their GP records accessed for direct care from hospitals and other care settings – they’ve decided not to do it. DH/E never talked to us about this work on a topic we’ve been working on for the last decade. 

If you listened to Wes Streeting’s speeches, you’d be forgiven for hearing that anyone reading your GP record from outside your GP was impossible. In practice, it’s routine.

Summary Care Records, Shared Care Records, and GP Connect all already exist, and are used to help people most of the time, but are also abused by creepy single doctors to look up the records of women they want to go on dates with, or used by stalkers to read what their victims told their doctors about their fears and health conditions – that last link being the first time we’ve seen a disciplinary hearing cover these topics. The doctor was struck off. 

Item 6.7.4 of the NDG annual report tells you why the Department of Health in England chose to do nothing – it shows DH/E looked at telling users when/where their GP records are accessed for direct care today, and decided protecting patients from creeps employed in the NHS is too “technically and legally” complex. What that means in practice is DH/E would have to cooperate with GPs to show patients where/when DH/E had facilitated abusive access to GP records, and DH/E has decided it doesn’t want to. DH/E has legal responsibility for those abusive access, and has decided that the best way to behave is to keep secret from you the evidence of how your record has been abused, so you can’t complain because you don’t know, and GPs can’t hold DH/E to their agreement because they don’t know. The NDG says her “observations” are that it’s humans using systems in ways they can and which no patient can easily detect.

You can carry on reading into section 6.8 and mentally substitute the various NHS bodies/roles with “Met Police” equivalents from the Sarah Everard case, or the many many other cases where institution denial reigned supreme and innocent women paid the price. How many ghouls have looked up the GP records of victims of crime? No one will ever know because, like the police (until recently?), DH/E has sided with the perpetrators they employ against the victims.

The Department of Health in England is aware of the benefits (to them) of sustaining that ignorance, as item 6.8 of the NDG annual report says the view of DH/E and the NDG on how to resolve it is that: “the public need to be assured that deterrents and sanctions against improper use are meaningful and effective to deter such abuses occurring” (but when they do occur they’ll be covered up so occurrences can be dismissed as rare – which makes the defence rather pathetic). Most victims do not have the evidence to make a legal complaint, and without prior police involvement that evidence will not be made available to them.

The Department of Health in England insists on marking its own homework on access by creeps, but it has so little confidence in its own efforts it will never tell you the truth about the results. As NDG says “bad actors can and do significantly undermine public trust”, but it is the facilitation of the coverup that is the systemic flaw that undermines all honest police officers NHS staff. Individual bad actors will always try to undermine trust, but when guardians institutionalise a conspiracy of silence over bad actions, then the bad actors are seen to embody bad institutions.

In other entirely expected acts of duplicity and secrecy, while NHS England has previously said it would publish the Data Protection Impact Assessments for all parts of the Palantir procurement and all the “use cases” in the Federated Data Platform, they haven’t. The “Privacy Enhancing Technologies” contract has no published DPIA, and the use cases are all being withheld so the Department of Health in England doesn’t have to explain why what they do is different to what they said they would do – coverup is the norm.

DH/E sides with creeps and abusers because that gives them a quiet life, not hearing from anyone that might challenge their decisions to do nothing. (That culture repeats with the proposed reuse of “pandemic only” data governance for non-pandemic uses merely because DH/E don’t want to have the short conversation about doing it properly when they think they can just do whatever they dictate instead).

The new government’s “vision” for their time in Government is to take ownership of all your medical records, including all your written notes, make them all available to creepy single doctors anywhere the NHS logo is seen, to feed them to AIs, and to sell them for economic growth. Inspired by the chatGPT output of the Blair Institute, Wes Streeting’s position is you’ll have no choices in any part of that, and they might even keep secret from you whether it’s happening.

Merry Christmas from medConfidential and best wishes for 2025. We’ll be here.

The Guardian has written about the Prevention of Future Deaths reports that politicians were citing as reason to do their central care record. 

Many of the cases say doctors didn’t know about a condition that would be clearly recorded in the Summary Care Record, or Shared Care Record, or in GP Connect, or any of the data systems designed to share data around the NHS. These existing systems are already there. But the response of DH is to say a new system might be ready by the mid-2030s – which is entirely disconnected from preventing deaths.

The list of PFDs is very long, there were 11 new ones in one day last week, so the lists you see are cherry-picked as well as being terrible experiences. Because someone died, these are the cases that get investigated. How many other cases are there where no one died so no coroner looked?

If missing access to records were really the life-saving priority claimed, a 3 months away solution is to tell all patients where/when their record was accessed via the national systems. So all the routine cases of non-access, the many more that don’t end with a coroner, can see when their record was not accessed when they believe it should have been. The living can ask why the frontline didn’t check these systems; the dead need coroners.

Your case shouldn’t have to be in front of a coroner to know whether your records weren’t read – by then it’s too late for you. We focus on scope for abuse of Wes’s plans, seeing where and when your records were accessed by creeps and stalkers, but it will be far more common to see that you interacted with the health system and your records from elsewhere were never checked.

If NHS England continues to refuse to tell patients – as they have refused for a decade, perhaps the GP Profession can have their IT providers do it instead, with a monthly audit automatically going into your documents via prospective access.

A central care record is not a necessary prerequisite to preventing future deaths, but it does offer an excuse for the Department of Health in England to do nothing for another decade, while the PFD reports keep rolling in.

Data and Digital in the Rest of A New Government

To government, data and digital are increasingly intertwined. There are separate silos for the “the digital centre of government”, the “national data library”, the UKSA Assembly, and ”smarter data”, but they all need tying together:

Just as tiktok and instagram use data to drive you to watch more and buy things, government wants to use data analysis to change services according to the political priorities of the day, which now includes injecting people with desire altering drugs to increase economic growth, just as Our Future Health founder Sir John Bell CH outlined last year.

Web and apps

There is vast scope to use digital to do good – progress by HMRC since our 2022 paper on the paperwork of new parenthood has removed some of the barriers we outlined (some remain), but DWP still prosecutes people for the consequences of DWP’s own service design failings, and other parts of the state prosecute for information not disclosed to citizens at all. DWP now wants access to medical records to measure and justify their own policy positions (item 6.3.4). 

The “tell us once” service has long been constrained by shifting political priorities. Carers allowance was redesigned by DWP but the new processes didn’t account for consequences that could lead to prosecution. Did anyone go to prison because a 2011-2015 flagship changed only the easy parts of a service? Service design can ignore edge cases or complexity in order to meet a HMT business case or a Ministerial announcement that will move fast and break people. So a summary of our questions:

1. What input will the review of the carers allowance announced by HMG have into the Panel? 
2. Which other parts of partly digitised public services are prosecuting honest and blameless citizens for institutional failures of service design?
3. Who in the hierarchy should bear responsibility for the failures that resulted in honest people receiving criminal records? Does the board feel no one should?
4. What happens when a “tell us once” style service conflicts with the  primary legislation?

In northern Rail or elsewhere, a lawyer will have said the self-serving change was fine as it satisfied some “user need” – and like others we deal with, the consequences on people were never considered simply because the action is in line with “policy”. “🎼That’s not my department says Werner Von Braun🎶”

Data and UKSA Statistics Assembly

There are few limits on data analyses in Government, and fewer limits on what public services can do with digital dark patterns. Some civil servants believe they deserve more attention than citizens, and civil servants can be sent to endless meetings: the suggestion of “User Needs*” aren’t enough, promises have to be kept if they are to mean something. One of the first actions of this government was to tear up promises made about pandemic data.

Against this backdrop, the UK Statistics Authority are running a statistics assembly and asking for submissions about “user needs” (no asterisk). We said:

1. Every project should be transparent
2. Surveys and Admin Data are not similar
3. A Data Preference Service, because data mining is the new junk calls

While ONS and the statistical system assume that statistical data for policy making and raw data being made for decisions are entirely separate functions, and they are in government, to the citizen the effect is indistinguishable.  The research paper advocating cuts in benefits can have a direct impact on their reduction, even if authors hide behind the comfort blanket of “policy” and “research”. 

DSIT’s role model

Government often assumes that its data is perfect and accurate, treating it as an “official truth” regardless of actual reality. In this context, data serves only to reinforce institutional fictions, perpetuating a narrative among civil servants. The consequences can be severe: if you’re just £1 over or under a limit you are a criminal. This mentality has its roots in the Home Office’s hostile environment towards migrants and continues to spread to other areas of citizen interaction with government. 

Data isn’t enough – an essential component of the system must be digital services and digital service design. Governments prosecute people for what they type into forms and apps, yet changes to those forms can occur as unpredictably as a developer’s whim on any given day. 

“Imitate Tesco” might be the personalisation vision from some within DSIT, but when the Tesco app decides it should recommend something to you, there’s no way to tell it not to – if the reason you regularly buy a product leaves your life, Tesco will keep reminding you they are gone indefinitely, with no way to tell it you no longer need mandatory and intrusive reminders to buy senior cat food, or baby food, or your ex-partners favourite treat. Your only option is to shop elsewhere. Various silos in DSIT see that as their role model.

Tesco will share data with Governments if required or encouraged (or Tesco gets a better deal on something as a result), and citizens have no choice. If you shop at Tesco, having a Clubcard is decreasingly a “choice” because of the price differences. Clubcard culture was brought into Government by the CDEI (as was –  while everyone welcomes Responsible Technology Adoption, it is the Irresponsible Technology Adoption that causes the problem; and all adopters believe, of course, that they are ‘being responsible’). 

The same way more facts turbocharge racism, smarter data risks turbocharging institutional intransigence.

Data silos in government affect each other

The “digital discovery”, the “National Data Library” and the “UKSA Assembly” are each silos with narrow remits. Government operates outside of them and will do whatever it wants with data and digital.

Institutions extend “counter fraud” activities irrespective of outcome. Failure does not deter as more intrusive searches are justified under the guise that fraud hasn’t been found; and finding fraud also justifies expanding the powers.  Ultimately, such activities can become overly focused on speculative pursuits rather than concrete results, devolving to little more than ghost hunting and unicorn farming.

When a hospital makes a decision that it’s not in the public interest for the hospital to try to recoup costs from someone nominally “chargeable” for that care, then the hospital will tell her, but the Department of Health in England wants to copy the data so it can later make a decision to reclaim the money anyway, even if the patient was told that they were not liable for it. The first that anyone would hear about it might be when the Home Office rejects them at a border decision because the data goes from one bit of Government to the other without any knowledge of the patient – because the Department of Health in England doesn’t have an easy way to talk to individual patients to talk about charging. 

That’s the sharp end of digital and data in government, but no one sees it as their responsibility. 

ONS say they want to demonstrate good practice, but instead the Integrated Data Service perpetuates the secrecy by hiding how data is used from those to whom ONS at one time felt they were accountable: the public. Parliament suggested they change it (paras 100/102), the new government may well decide to double down on secrecy.

The signs are not promising; the new data bill was laid in Parliament with a press embargo 9 hours later…

Various silos:

• [to come in November] Response to the unpublished HDR/Sudlow Review (chatter suggests it will argue in favour of the lead author’s prior job of getting more data for biobank to give to racists, and the desire of HDRUK’s various sockpuppets to misuse ”smarter data”).
• Initial questions about the DH proposal for a central care record
• The Digital Centre of Government
• National Data Library (and note for the Wellcome/ESRC call)
• Submission to the UKSA Assembly
• ”smarter data”
• Data (Users and Abuses) Bill briefing, Open Banking supplement, Probing Amendments

This link has a summary of what was (re-)announced by Wes Streeting and Keir Starmer on 21 October

The new government is taking “a data-led approach”, and has already announced that it will:

• take Ministerial control of all GP medical notes in a central care record;
• dissolve the distinctions between “NHS” and “Government”;
• genetically sequence every baby in england;
• have DWP give prescription-only desire altering drugs to those on UC to “prevent them holding back our economy”;
• link clubcard data to departmental data for policy making;
• require data from fitbits/smart watches be shared with NHS via the NHS app
• have any data shared via the NHS app go up to Palantir, where it can be fed to AIs, and anything in Palantir can be made available to others for “economic growth”;
• those who refuse permissions to the app will find that their care is impacted and the app may refuse to work until all access and sharing permissions were granted (as the English covid19 app refused);
• give more data to ONS whose transparency remains “we have answered 2 or 3 Parliamentary questions”;
• remove independent transparent oversight of data use in government from the NHS allow ONS to give permission to departments to do whatever they wish for policy purposes;
• support biobank as they defend handing data on their entire cohort to “researchers” that declare their focus as “race science” (aka racism);
• Remove from GPs any input on where/how GP data gets reused, principally to give it to biobank and friends;
• dissolve GP practices to undermine the profession with direct responsibility to patients;
• revoke promises made to GPs and patients during the pandemic about how “pandemic only” data would be used, risking public confidence next time as no promises can be believed;
• replace NHS staff with more chatbots and diagnosing AIs, and replace your GP surgery with 111 (your GP has already lost control of their phone lines, has no influence over the features of the app or the NHS.UK website);
• Streeting’s first act was a political decisions to override any clinical judgement,
• the Tory data bill will return largely unchanged to legalise everything found unlawful over the last decade (the civil service had reused the same briefing notes until we pointed it out)
• Population health management will be the focus of the “neighbourhood health service” strategy [announced tomorrow as we publish this]

These different strands will start to overlap and merge over time – fitbit data provided to care for people will be copied to the Department of Health in England who’ll give a copy to DWP so DWP can design policy and future sanctions regimes. 

Pregnant women will be required to share data with the app if they want NHS care, and that data will then be sold on. In many cases the “choice” in Wes Streeting’s NHS will become “your data or your life”.

Government believes that any data that is available anywhere should be available everywhere, reflecting the turbocharging of the database state using techniques unimaginable when labour last left power, and they will leave a powerful set of tools for the next government. Wes Streeting wants to believe he’ll be Secretary of State forever, neglecting both his own desire for promotion and forgetting that all governments end.

Thu 2pm: We are aware of media reports about an unfolding catastrophe at the UK Biobank, and are awaiting more information to be in the public domain.

Losing the DNA, medical history, and wider contributions would be a catastrophe with existential consequences for any Biobank.

Thu 9pm: Some hours after the Guardian published the above, biobank put out an angry and threatening statement attacking the Guardian (cached here). We’ll update this page on Fri Monday.

We have a new government, which has finally started to say what it wants to do.

Making new promises about your medical records while breaking past promises is a weird way to start governing. In his lust for control Wes Streeting forgets that all governments end and one day soon he’ll have been the future once, and others will have to pick up his pieces. We’ll be here then too.

Ripping up past promises

If Streeting tears up promises made in the last pandemic he will critically undermine any promises that are given by a future Health Sec about the next pandemic. This will come about partly because the Department of Health in England has failed to do the paperwork for normal times in the same way that it did, with consensus, for the pandemic. When Streeting undermines pandemic promises he will render meaningless any promises he makes about the new database he wants to create. The Health Sec should be able to overrule their predecessors. Indeed sometimes that may be wise, but this shouldn’t be mainly due to laziness of his staff.

Biobank have been lobbying hard to get access to data without having to explain themselves to data controllers, and doctors should just defer to the shared culture of Biobank and HDR so they can do whatever they want. A new SecState picked the path of least resistance which caused this Biobank to gloat because they’ve confused the supposed short term bung to them with the bigger long term plan. (We note the science media centre press release had one quote that wasn’t from people associated with Biobank or the GeL CEO – how weak is the supposed “support” for biobank?)

All your medical notes available wherever the NHS logo is seen, and you’ll have no idea who read them

The main announcement was that he’s taking control (video) of your medical notes. Streeting wants politicians, him, not doctors, will decide who can see and read your medical notes for what and where. This isn’t immediate as it’ll take a few years to grab, and then a few years more to close down GP as you know it afterwards, but once he has the data he can do what he likes. And you will not be able to do anything about it

The ability for anyone in the NHS to read any patient’s whole medical history, notes and all, will replace the existing local health and care records, the Shared Care Records scheme, Summary Care Records, and GP Connect. If the Department of Health in England believes this is a real proposal, then we’ll see those systems start to lose budget in the Comprehensive Spending Review. Having a fifth (or more?) way to lookup your GP records will not resolve the issues in the previous four methods. (As an aside, medConfidential has long argued the “regional SDE” programme is pointlessly ineffective, and we welcome secretary of State implying that it’s entirely irrelevant now, because once all data is copied into his national database, there is no need to have the “regional” systems which will have less data. Hopefully the Spending Review will scrap the lot, and it gives UKRI £18.2m back in the process).

Wes Streeting says it’s his 10 year plan, and then some bright spark will say Palantir should be challenged to do it in 4.

We know all the existing methods to lookup and access GP data for care are hidden away from patient view, and hence completely open to abuse when creepy single doctors decide to look up the medical notes of women they go on dates with or their partner’s ex. Streeting and Palantir could immediately solve this problem by saying loudly and clearly that every access to any single care record will be visible to the patient via the NHS app This would to prevent such abuses. instead the government is set to enable them.

If the Department of Health in England wish to build public trust and demonstrate that trust is meaningful, audit trails within the app could start tomorrow with GP Connect and the Summary Care Records – system logs that the NHS already has but hide from you. New systems should demonstrate accountability to the patient and since promises get broken, they should start with the systems that there are today.

As it stands, the new planned database of your medical notes about you and your family will deny you the basic right to know who is accessing your record and why. This plan replicates the recklessness of the previous governments where you have no idea when/where your records are accessed and so you can’t know whether they’ve been misused, or when they should have been checked and weren’t. If that is going to change, it should change today where it already can before promises get made for tomorrow.

Wes’s “innovation” is that the existing GP IT systems all go away to leave only his new record. So Labour are exacting revenge on Frank Hester by destroying his health records business but they are also diminishing the role of GPs who they claim they want to empower.  The Family Doctor will lose control of your personal health record just as they have lost control of their phone lines to NHSE and their appointment book to 111.. Care will get progressively worse as the Department of Health in England rather than your doctor manages demand and waiting lists by gaslighting you. A visit to your GP will increasingly be like going to the job centre. Your GP may want to help you, but their systems wont let them, the same way GPs already have no mechanism to get improvements to the NHS app for GP services.

The oft trialled proposals that you must call 111 (or 999) to ask permission to go to A&E will be extended to calling 111 to get a same-day GP appointment. When the chatbots behind 111 can see your full medical history, you may not even need to have a GP at all, which will be an excuse to close your local GP surgery in the second half of the ten year period because, as Wes said to RCGP “one in every 5 of you are working in buildings older than the NHS itself.”

The details will start to appear around the 10 year plan for Palantir the NHS expected to be published in the new year, and it will be curiously vague about the GP estate in the second half of the time period…

Addendum 30/10 – after the renouncement of the central care record, we’ve outlined some initial thoughts to DHSC on the first questions.

10/12: HSJ has confirmed that the central care record will be used to train chatbots and AIs.

If you’d like the slightly weird audio summary of this blog post from Google’s NotebookLLM, it’s here (it only hallucinates a bit).

The next 10 years of the NHS might include dissolving your GP practice and replacing it with a chatbot, but all of that will depend upon data. To ensure every use of your data is consensual, safe, and transparent for the next decade, we expect it will cost medConfidential about £100k a year to scrutinise these plans and find the gaps. If you can help find that sort of money down the back of the sofa, we’d love to hear from you.

Hello again from medConfidential,

Given the upcoming general election on 4 July, we thought it might be helpful to give an update on what’s happened since our March newsletter, and to give a brief summary of the current ‘state of play’.

What just happened?

NHS England’s “Federated Data Platform” (FDP), running on the half-billion pound Palantir platform, went live with two national ‘dashboards’ in late March. NHSE officials say it is now being used for four such dashboards – none of which use individual-level patient data directly, at present. 

Meanwhile, the Data Protection Impact Assessment for the FDP is being withheld by ‘the Department of Health in England’ (i.e. NHSE) because it is so controversial that its publication could affect the election. Statements made before launch that FDP would be used for direct care omitted to say that it would also be used for anything else…

Around the country, a number of NHS Trusts across England are continuing to use Palantir without telling their staff what to tell patients, or even what they are using it for. According to the Department of Health in England, you should be able to check if your hospital is one of them on this list – but as you will see if you click on the link, they’re keeping the membership of that list secret, so you have no way to know if your hospital is involved. 

The Department of Health in England has also been doing a bunch of ‘public engagement’ work, to try to justify taking your choices away in future. Ignoring the ‘spin’, the first published results are in fact very damning: 21% of patients either strongly or slightly disagreed with the statement, “I trust the NHS to keep my patient data secure” (Table 2), for example – and two thirds said they wouldn’t want anyone who isn’t directly treating them to have access to their medical records (Figure 3). The numbers who are concerned that the NHS may sell their data to companies without their permission speak for themselves.

Digging further into the detail, Table 4 suggests that up to 11% of patients are not happy for the NHS to use their data for purposes beyond their direct care, a proportion which increases to over 25% if that means “work[ing] in partnership with companies” (Table 3). Meanwhile, when the ‘dashboard’ isn’t broken, official figures show that only just over 5% of patients have actually opted out. There’s clearly still a lot to do.

Published days after the election was announced, the Public Administration & Constitutional Affairs Committee’s report on Transforming the UK’s Evidence Base says, on page 35:

101. Although statisticians and researchers publish a wealth of information on which data sources they hold, and how they are used, very little information is made available about how personal data are being used for the purposes of government analysis.

102. We recommend that the analysis function explore options for improving transparency around the use of personal data in official analyses, and that this work be made publicly available.

We agree. And hopefully a new Government will do something about it.

The General Election

The best time to commit to transparency is early in a new Government of a new Party, when the legacy of toxic behaviours all belong to the previous Government.

Public and manifesto statements to date, however, show there is no substantive difference on uses and misuses of your health records between the two major parties. You should of course know how your medical records are used, but the government of the day will always prefer a quiet life…

Behind the scenes, the Conservatives have been lobbied by Palantir – and those lobbyists are led by a Labour Peer. Meanwhile, Labour’s ‘kingmaker’ at the Tony Blair Institute continues to receive funding from the runner-up for the FDP contract, Oracle. So whatever election spin you encounter, whether or not there will be any changes to your rights around confidentiality, consent, and non-care uses of your medical records is not the partisan issue you might think. 

medConfidential will, of course, continue to keep a close eye on whoever wins.

In order of publication, the Liberal Democrat manifesto says they will be “’Protecting patient data and patients’ rights to opt out of data sharing”; the Conservative manifesto means continuing with the Palantir platform while widening (the risks via) ‘Pharmacy First’ and access to GP data; and the Labour manifesto hints at large changes to data policy, but offers no detail as to what they will be – beyond giving children identifiers that ‘follow them for life’ (remember ID cards?). 

On one specific data item, Labour’s “data library” could perpetuate the calamity of contradictions in the outgoing Government’s “Integrated Data Service”, or it could enable commercial exploitation of data in secret, as desired by UK biobank and HDR UK. Or it could be closer to the safe and transparent approach of OpenSAFELY… as ever, the detail and execution matters.

Neither the Green Party nor Reform say anything specific on health data policy that affects the Department of Health in England. And if you would like some longer analyses, others have focused on data and health.

Whoever wins the election, the new Government is going to be doing more on data. Beyond health, and whatever its focus, central Government should copy the model of the NHS National Data Opt-Out – creating something like a ‘Data Preference Service’ for the (non-NHS) rest of Government; a single place to opt out once. (Outside government, that same model – akin to the Telephone Preference Service – would help reign in the secretive companies that make money selling data about you without your knowledge or consent.)

After the election, actions will speak much louder than words.

What’s next

Next comes the voting. We hope all candidates offer clarity on their own views, and we encourage you to vote however you think best for the future of the country. 

We will still be here, whatever the result of the election – and whatever it is that the next Government wants to do to your medical records…

Just to confirm, as of this Bulletin, your current opt-out choices still boil down to this:

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds Redditch for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt-out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt-Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

Please note: in the current situation, your GP Data Opt-Out is just as crucial as your National Data Opt-Out. 

As ever, as we learn more, we will let you know. Thank you for your support.

Phil Booth & Sam Smith

21st June 2024

Hello again from medConfidential,

It’s been a while since our last newsletter, and if you signed up to find out if NHS England would provide more details to help you with your choices around its half-billion pound Palantir platform before it “goes live” at the end of March, the answer is now clear. They won’t.

NHS England has said pretty much nothing new in public since before Christmas. The ‘Department of Health in England’ is instead leaving you to puzzle out the process, and to do all the work. As of this newsletter, your choices boil down to this:

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

Please note: in the current situation, your GP Data Opt Out is just as crucial as your National Data Opt Out. 

What’s going on?

Your GP sees you as a whole patient; they know it’s important to maintain trust in your family doctor. The Department of Health in England clearly doesn’t share this concern, and – though they’re not being entirely transparent about them – NHS England’s plans and actions show they intend your GP data to be copied again and again.

For example, the Frequently Asked Questions for the Palantir Project state:

“…if there is data sharing agreement between integrated care system (ICS) and GPs locally to share data for care co-ordination then they can use the local version of FDP for that purpose.”

There are many such agreements across England, and once your data is in Palantir, it can be “federated” – i.e. copied – again and again. 

NHS England’s Board were told in December 2023, “Absolutely, primary care data can go in” [time code 1:43:20] and “For direct care, it’s not in their [patients] interests to opt out, but they can” [time code 1:48:30]. And in February, the Government confirmed that GP data could be “brought in” to Palantir and Ministerial answers show they are content for NHS England to break past promises to be transparent and honest about how they use your data. 

What just happened?

Last week’s Budget effectively mandated Palantir for NHS Trusts and ICSs, even after the public were told it would be ‘optional’. And the public’s views won’t even be listened to until later this year, when it may be too late for many.

Budget week obscured another unauthorised data collection of all GP records across England, which was inadvertently revealed on NHS England’s official GitHub page.

On that page, officials at the Department of Health in England stated in terms that “the aim is to grab the data” from every patient in every GP practice. (This, despite having strenuously complained at medConfidential’s characterisation of its GPDPR programme, less than three years ago, as a “GP data grab”…)

The ultimate intention, as ever, is for the Department of Health in England to sell (access to) patients’ data in one form or another. As with previous attempts, officials didn’t inform GPs, who are responsible for their patients’ data in law. Instead, a team at NHS England wrote code to simply “grab” the data… because they could. 

This story is still emerging, but NHS England’s denials don’t match its actions thus far. And, as with their continued secrecy around Palantir, Department of Health in England officials don’t appear to think alternative perspectives on their intentions are worth considering – or even seeking.

Looking forward, legals and otherwise

Lawyers are lawyering about Palantir – our best advice for most people is to make your own choice for yourself and your family, and to leave the lawyers to do their work. (We’ll continue to help them.)

Legal action involves more than just ensuring government bodies follow their own rules; it’s about ensuring that they follow the law. We’ve never received clear answers from NHS England on this, only statements that they will “comply” with policies that they themselves have written to permit them to pursue their own desired actions.

This is far from reassuring. Whether it is legal or not remains to be determined. 

Decisions made by the Department of Health in England’s “Privacy, Transparency, and Trust Unit” fail to provide patient privacy and professional confidentiality, have self-evidently failed to provide meaningful public transparency, and – combined with the actions of the body it is supposed to ‘challenge’ – critically undermine trust in both the process and the wider NHS. (Legally-speaking, this deficit of robust, coherent internal processes makes it unlikely NHS England will be able to present such things to a court of law.)

The Federated Data Platform was meant to “end the era of chaos” in health data. But while a platform like Palantir could in theory make secrecy much harder, NHS England seems as determined as ever to try to keep its uses of – and ambitions for – your data hidden.

Unfortunately, the next Election won’t protect your NHS data; Opposition statements and actions already show the next Government won’t do any better than the current one.

The culture of data grabs continues spreading all across UK government, fuelled by tech salesmen promoting their platforms, magic thinking about tech not people, and officials (and others) with their own agendas. And even if the companies don’t make a sale, they embolden those who seek to operate without constraints – and who disregard the rules that are there to protect you.

What you can do

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

You may also want to tell your friends and other family members about this, and/or forward this Bulletin to them with a short note of your own.

Finally, if you are in a Patient Advisory Group for a hospital, an ICS or your GP practice, please do ask for official answers on what information patients will receive on the ‘Palantir Platform’ / Federated Data Platform, and what their choices will be about their care and the use of their data as a result. The (lack of) guidance and meaningful options for patients should be on record. 

NHS England’s Board were told that patients would be able to make different choices about their care and their data; NHS England itself is refusing to give guidance on implementing those choices. Should this situation continue, things may come down to NHS doctors being forced to present their patients with the ultimatum, “Your data or your life” – as dictated by Palantir and the Department of Health in England.

The suggestion of using NHS numbers to track children in schools and children’s social care has reappeared again, with labour talking about recreating contactpoint (again).

The arguments in favour haven’t changed, simply using 2023 examples rather than 2003 examples, and the arguments against remain.

Using the NHS number to track children means also tracking adults who were once children, because NHS numbers don’t change.

DfE discloses data on children to anyone who wants it (including the school records of every state educated MP younger than 40). Using the NHS number means the security of the NHS number will be dependent  on DfE’s data handling practices (which do not satisfy the NHS rules, to say the least).

Some council will argue that because your school recorded a problem “managing self” at age 4 (“Manage their own basic hygiene and personal needs, including dressing, going to the toilet…”), adult social care should be reduced and incontinence pants used instead; or the crimes someone fell victim to become their fault in court because of the linked school records of every detail of every day they were in school. 

If you argue they should link health records to school records to support children’s education via the consistent identifier, then you equally believe (in special pleading, or) that they should link school records to others to “support young people affected by crime”. Using the NHS number to track ‘opinion-based’ policing data, or arrest people is a high risk extension of linkage, similar to Tony Blair’s Institute supporting the suggestion that (future) receipt of Universal Credit be dependent upon injecting wegovy (which will also require DWP data to be linked too). 

What gets linked for one reason gets reused by others – health records get linked to “clubcard” spending “for research”, and then pressure to use that data for more things is as “obvious” as the current arguments for more linking and more use. Always more.

The ideas aren’t new; neither are the problems. The only debate is about which victims they are choosing not to care about.

The NHS has spent 25 years getting the NHS number used for direct care. A new government may destroy that in 25 weeks.

It’s been several weeks since our last newsletter, and a few things have happened.

A Good Thing: OpenSAFELY

The GP data analysis environment which is capable of being consensual, safe and transparent – known as OpenSAFELY – has announced that the NHS will continue support for their analytical environment, which does not create any additional copies of the data and which respects patient choices to opt out of data being used in ways they don’t want it to be.

Things of another kind

You may have received some junk mail (with an NHS logo) from a company called Our Future Health which would like to sell access to your DNA and medical history to allow others to find new medicines. We’ll have more on that in the New Year.

Government spending £480m on Palantir

The Department of Health in England announced they will spend £330m on Palantir software and an extra £150m on ‘improving’ Palantir – so it’ll cost more next time – which has proved a little controversial.

Palantir will get one or more copies of all health data used by the national NHS across England, and the Department of Health in England has also bought the software for your local NHS Integrated Care System (ICS), and may impose it on your hospital.  Whether your local hospital or ICS wishes to take up this “offer” from the Department of Health in England is supposedly up to them. Some officials have however said that while using Palantir might not be “mandatory” for other NHS organisations, there are disincentives to spend money on anything else. 

This announcement is a start line, not a finish line. Nothing much changes before March 2024.

The National Data Opt Out exists and works as it always has, although it could always be stronger. The Department of Health in England has not published enough details to know whether patients’ objections will be respected, whether and where it believes your objections don’t apply, and/or whether the Department of Health in England will make everyone opt out again. We have a lot more details here.

As things develop, if you wish to protect your and your family’s medical information, you will likely need to have both an (online) National Data Opt Out and a GP Data Opt out, as your GP data could be used locally in Palantir.

As lawyers continue to pore over the text, if the Department of Health in England does disclose that it has created a new opt out that you have to apply for, we will tell you. To find out, use the box on the right to join our mailing list.

Remember, the announcement of the winner of the contract is the start line for this national data programme. It has to get to March 2024 without collapsing, and there are plenty of precedents for such programmes not managing that.

What you can do

The National Data Opt Out does what it always has. We agree with the Department of Health in England that it could be better – they could do something about that, but they refuse to. 

The Department of Health in England currently only links to the National Data Opt Out, once again neglecting to point out that the GP Data Opt Out exists and works to block secondary uses of your GP data that may be copied into Palantir if it is not applied to your GP record.

Meanwhile, Palantir shareholders want twitter warnings on anything that suggests the opt out works… 

Seasons’ greetings

This is probably our last newsletter before the New Year. We wish you well for the festive season with your loved ones. If you are feeling inclined, medConfidential is always grateful for your support of any kind, and we are grateful that so many of you are on our mailing list. As ever, please do pass this Bulletin on to anyone to whom you think it may be relevant.

Warm wishes,

Phil & Sam