Author Archives: medcon

MedConfidential Update – Opt outs being honoured

If you have opted out, recently or before, your choices are now being honoured.

Thanks to all those who helped make this happen – especially you, our supporters, donors and friends.

The institutions involved did the right thing in the end, even if they tried all the other things first.

 

What just happened? Your opt out honoured

On Wednesday, the HSCIC announced that they had received permission from the Secretary of State to finally honour his promise to you. You can opt out of data leaving the HSCIC for purposes beyond your direct care, and that is what happens. When he created the opt out that you took up, NHS England, who was then responsible for it, didn’t think it would matter.

The tickbox that you and 1.2 million other people filled in is now being honoured. The announcement says it must be done by this time next week; in practice, we are happy that this is effective with immediate effect.

Until the public consultation on the Caldicott Review, there are a small number of narrow temporary exceptions (3), and some temporary gray areas (5). But in the main, it is now done. If any of those concerns are particularly concerning to you, please let us know. We’ll be writing to HSCIC with some clarification questions next week.

The next hospital dataset to be released will be the cleaned up “full year” data, which replaces past each month parts for April 2015 to March 2016. This is the critical release which really matters. Consent will be respected for this release, and data about those who have opted out will not be included.

The HSCIC has also undertaken with the Information Commissioner to reissue the 2014 – 2015 data to those who already received it. By contract, they are required to replace old data with new.  That undertaking is the direct result of a medConfidential complaint to the ICO.

GPs have been able to honour their part since you gave them the form.

In effect, for current and future projects, as much as it could have been, it is as if your opt out, for data leaving HSCIC for purposes beyond your direct care, was honoured in April 2014.

What’s next?

The announcements this week are not the end of this process – there is a great deal left to do.

The Caldicott Review of Consent is going to propose a comprehensive and permanent solution. That solution should satisfy concerned patients into the long term, resolve the grey areas and simplifies the whole thing. It will be the subject of a public consultation, and then legislation.

But as of Wednesday, the current state is now consensual, increasingly safe, and somewhat transparent. Reducing the number of copies of data that are made will reduce the number that can be lost or stolen. More transparency will mean that you will know that your wishes have been honoured – you wont have to trust they have.

What else?

If you’ve previously had a discussion with your MP on this topic, you may wish to get back in touch with them and thank them for their help, now that the Department of Health has done the right thing, and your wishes are being respected.

MPs often hear about problems, and less often hear about what happened as a result of their help, especially in a long term project like this has been. (You should probably make clear that this is a thank you note – it might confuse their busy offices if it’s unclear…) Also, there was an election in the interim, and some MPs will have changed.

For us, it’s not getting any quieter. There are other organisations that don’t wish to act as if their world has changed. Most seriously, there are a few other projects that see the style-first approach of care.data as a handbook, not a cautionary tale…

It never ends. But this week, a lot got better as a result of our work and your help. Thank you for your support until now, and hopefully into the future.

 

 

PS – our especially deep gratitude to all those who donations also helped. We couldn’t have done this without you.

MedConfidential comment welcoming the Wellcome Trust’s “One Way Mirror” Report

Today, the Wellcome Trust publish a new report on data sharing.

The name says everything data sharing shouldn’t be – and the report shows why.

We welcome another confirmation that organisations can maintain trust via transparency and shared knowledge.Data projects, including commercial data projects, can be handled safely, if the people in charge choose to do so. When they don’t patients and citizens get nervous and trust collapses.

Care.data and others tried the “One Way Mirror” approach, and this report names “context collapse” as the point of public concern. Patients care what happens to their data and are wary about how it could be used beyond the context of their own healthcare, and so simple, complete, accessible and truthful explanations to patients are necessary. Otherwise, context collapse is certain, and like care.data, confidence collapse is sure to follow.

 

(MedConfidential Coordinator Sam Smith sat on the advisory group for this study)

First Thoughts: Government data: Copies of more than medical records?

The consultation is supposed to be about using data to help citizens; but the proposals and principles are about how Government thinks it can do one thing to help all citizens – that seems unlikely.

Yesterday, the Cabinet Office opened their consultation on copying everything but medical records. It is a consultation, not about data, not about citizens, but about Government. It’s officially about “better” use of data, but “better” in this term seems to mean “more”, not “improved”.

As care.data was about NHS England not patients, the same #datacopying mistake has been made.

In short, this consultation is the latest step in the ongoing data debacle of Government. Rather than suggest learning the lessons of care.data, most of it doubles down on repeating the failures by institutions and their shared worldview of an office near the Thames.

We find out within days what the Caldicott Review will recommend, and see where the NHS thinks this should go. If the Cabinet Office were accurate about having worked closely with DH, then this consultation does not look positive. 

A blog post by the Data Sharing network will appear shortly (we’ll update this post) on how the process reached this point.

The relationship to medical records

At the launch meeting for the consultation, the Cabinet Office said that the lessons of the Caldicott Review of consent had been considered, and this consultation was working with the Department of Health team. I can only hope that Cabinet Office paid as little attention to what DH were saying as they have paid to others.

The NHS number makes an oblique appearance, in part 3 below; although it’s only in the original consultation document if you know that it’s there.

Continue reading

Newsletter: Care.Data’s suspension enters the terrible twos

It’s 2 years to the day since Care.Data was suspended amongst public outrage. The failed programme is showing no signs of restarting, as NHS England and the Department of Health continue to sift through old pampers, and keep finding yet more problems.

The Caldicott Review of Consent, which began after NHS England lied to the Care.Data Advisory Group, should report soon, if those who want to water it down to avoid having to make uncomfortable decisions. Why might they do that? Well…

 

Another Jeremy Hunt promise is broken – Your Hospital Data is still being sold

Before their January deadline, HSCIC finished the testing needed to implement the hospital data consent promise that Jeremy Hunt made to every patient – which 1 million patients who opted out took him up on. The final step was for Jeremy Hunt to give the go ahead to keep his promise. He didn’t.

Let us be clear: Jeremy Hunt made the patient promise 2 years ago, and it appears in the 2015 conservative manifesto (pg 38) “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically.” Only he can break his promise, and he has chosen to do so.

So when will the opt outs be implemented? We look forward to hearing any answer the ICO receive shortly on exactly that question, as they respond to our complaint. The Department of Health are refusing to answer questions – which is understandable as they don’t have any answers.

Your GP will honour your request for data not to leave your GP practice, both because of medical ethics and because of their direct connection to you. Who is Jeremy Hunt connected to?

The interim-type-2 opt out can be implemented tomorrow if Jeremy Hunt tells HSCIC to do it. Why hasn’t he?

You may wish to write to your MP, and ask the question, “when will the Secretary of State for Health implement patients’ choices to prevent data about them leaving the HSCIC for purposes beyond direct care?” – please also say why this matters to you. (and sorry the question is a bit of a mouthful)

This can be fixed. The Health Secretary just has to take the single action necessary to fix it, permanently.

A perfect overarching consent flag is something we support; but at best, it is a year away from being something a patient can ask their GP to do. No scenario, other than immediate implementation of the interim-type-2s, addresses the gap between now and then. A long-term maybe-mythical “perfect” solution is currently the weapon of choice of those who want to prevent any patient choice over data usage at all: that change being the consent choice (aka “interim-type-2”) which 1 million patients have requested be actioned, and that they are all waiting patiently for. When the first step down the path to consent has been taken for national datasets, there can be confidence that subsequent steps will be taken. If not, and the Department of Health breaks Jeremy Hunt’s promise this time, why should anyone believe them next time?

What’s next: Care.Data Everywhere?

On Friday, we’re expecting that Cabinet Office to launch their data copying consultation, which probably won’t have the subheading “care.data everywhere”, but unless they’ve fixed their compulsion to copy, it probably should have. It’s not all terrible news; the worst projects (probably) didn’t get this far – what the consultation will show is the stuff that they don’t think is terrible (that’s probably not reassuring).

Every project involved has had to explain how “it’s not like care.data because…”, but the Cabinet Office has seemingly learnt only the lessons convenient for them to learn. It’s hard to all learn the right lesson when institutional incentives encourage people to learn easier ones.

The lack of critical thought across the programme appears in Parliament’s report on the “Big Data Dilemma”, which says the NHS could save £66bn from more data copying. Saving about two thirds of the NHS budget (equivalent to getting rid of all staff from the NHS) seems… unlikely.

We’ll see what the Cabinet Office consultation says over the weekend, and any health implications will appear in the next newsletter. The Caldicott Review is also due to be consulted on, if it ever gets published.

What’s Next: Saatchi Bill returns to the Lords

With the most problematic bits of the bill removed by MPs, the Saatchi Bill on “medical innovation” is now a mechanism to create new databases, and do so only with the approval of Parliament.  How is this different to care.data, which Tim Kelsey repeatedly said was “the will of Parliament”?

That’s a very good question. The main difference is whether Parliament says yes, or whether it chooses not to say anything. Currently, silence means support, which was the approach that failed catastrophically with care.data.

We’ll be looking to have conversations with their Lordships about an amendment to require Parliament to approve any plans, rather than simply not objecting. Especially as this Government is looking to remove the ability for the Lords to object to anything…

More soon, and we especially thank all those who have made donations.

 

MedConfidential Christmas Bulletin: Freedom, Care.Data and Space

It’s been a busy few weeks, as the Government came back from Conference season, and kicked their various schemes into high gear. In 2016, we’ll see data sharing across the NHS and Government taking up time: care.data may become a ministerial playbook.

Your support is greatly appreciated; and thanks to you and your loved ones at this time of year. But here’s where we are at the moment, if you wish to delay Christmas cheer just a little longer:

Care.Data.

Care.Data’s still suspended while Dame Fiona Caldicott tries to unwrap Tim Kelsey’s leaving present. The programme will enter 2016 as it left 2014: still digging in deeper. A new leadership for care.data was an opportunity to change that approach.

We’ve heard secondhand that the a new Senior Responsible Owner, obliged to hold this poisoned chalice, has been handpicked from the few loyal bag carriers left in the care.data bunker. Which means he’ll have repeatedly made valiant attempts at defending the inept and the ill considered. Indeed, the job description practically required blindly ignoring the fact that the ship was sinking until bailed out by his boss. With the Admiral’s hat his to don, it’s interesting to see if it will be full steam ahead into the iceberg of public rejection, yet again.

Dame Fiona Caldicott’s review of consent reports at the end of January, with Ministerial decisions in the months after that. Past NHS management has been good at persuading ministers to put their reputation behind the publicly indefensible until it becomes evident, even to the Department of Health, that perhaps that was unwise. At the last Care.Data Advisory Committee meeting, it was grudgingly admitted that the September roll out was halted by Jeremy Hunt himself…

Given Cabinet level discussions about data sharing, and the scope of opt-outs and consent, 2016 should be a busy year for data in the NHS and beyond. It seems some see care.data as a model to be copied. As always, the first question is whether the Government or NHS England wishes to constructively engage, or cower in a corner and ignore those who will point out necessary implementation changes. That choice is entirely up to them.

Your Right To Know

The CoverUp Commission has found that the public quite like the ability to request copies of Government documents in acts of citizen driven focussed transparency. Thank you for helping with that…

MedConfidential submitted a brief note of our own experiences of FOI, and also a saveFOI.uk submission of 260 different successful FOI requests (or outcomes from multiple requests), many submitted by you and others. SaveFOI.uk submission asked a simple question: Which of these questions does Lord Burns think shouldn’t have been answered?

Power likes secrecy, and “Burns it” would have been a common refrain in Tim Kelsey’s archipelago of NHS England. Freedom of Information is how the details of care.data were forced to be published. The deep veil of official secrecy continues to hide the bulk of Tim Kelsey’s legacy, which hopefully will start to burn up over time.

Not everyone gets to be an astronaut.

Everyone in the NHS wants to help improve the health of the nation, but that’s not the same thing as giving Direct Care. In the same way, that lots of people helped put a man on the moon, without being an astronaut. Every child eventually learns that not everyone gets to be an astronaut; and sometimes it’s a hard transition.

Tim Kelsey, who wanted all to sell medical records before his term was out, leaves NHS England today to take up a new post in Australia, but assured us he “will be back”.

Transitioning to consensual, safe and transparent data handling practices is as important for a hospital as good cleaning or sterile instruments – and the same thing happens when you disregard it too much. “Sufficient” cleaning is too much of a burden until it’s self-evident that it was too little, and harm occurs. Hopefully, in 2016, NHS England will learn about data hygiene and air quality. The astronaut programme had the literal version of the same problem. Will there be a systematic response to a politically driven digital-MRSA infecting the NHS and beyond? If the problem is left to go away of its own accord, it always comes back.

Consensual, Safe and Transparent Christmas sharing

It’s been a busy few months, but we’re still here, and would like to continue to be. If you wish to support our work, a donation is always greatly appreciated.

With best wishes to and your loved ones for Christmas and for the new year. May 2016 bring consensual, safe and transparent data flows throughout the NHS and beyond.

See you next year – we really couldn’t do this without you. Best wishes to one and all.

Sam and Phil

Implementing Data Usage Reports

We introduced the concept of Data Usage Reports a year ago. Posting prototypes to officials unannounced led to a DH commitment for HSCIC to look at a roadmap for implementation.

3 weeks later, NHS England announced that they had done no work on implementing the care.data consent codes, and so transparency took a back seat to consent for most of the year. Not forgotten, not less important, just less urgent. Given that HSCIC only had 2 full time people working on either issue, this priority was clearly correct (although the hordes of staff digging care.data in deeper suggested a political allocation of resources).

As HSCIC moves towards an announcement on consent implementation in the new year (we have sent them some questions), it’s time to look at what we’ve learnt in a year of discussions about Data Usage Reports. Most of it is relatively dense detail, but the final section is the one missing piece.


It is necessary to close the Data Trust Deficit. The last year of work on Data Usage Reports, looking at all the details, shows this is entirely achievable, where there is political will.

Restating the Principle

You should have a complete knowledge of how individual level data about you has been used or disseminated. Any individual should be able to freely read the outcomes of those projects, the new research, the new knowledge, that they contributed to creating.

It’s that simple.
Continue reading

Electronic Health Records and Sharing along care pathways for direct care

 

The most important aspect of digital medical records is data flows along care pathways.  Despite all the political interest in care.data, and in secondary uses more widely, it is vital that clinically relevant medical information flows along care pathways where patients have not objected. It must be done consensually, safely, and transparently – and while the first two aspects of that considered in current implementations, they generally get stuck because there is no transparency in the system. Individual patient transparency should come via a data usage report, but that does not give the system an overarching view.

A systematic solution to transparency of the use of EHRs

For every organisation (or pathway, as relevant) that makes use of EHRs, there should be two figures added to NHS Choices:

  • % of inbound patients that receive records via EHR
  • % of outbound patients where records are sent via EHR

mockupCreated automatically off care provider systems, this should give a measure of how widely EHR transfer is used, rather than how often it could be used.
While a data usage report will tell an individual patient where their data has been used, this shows patients the level at which organisations are handing data off as patients move along care pathways.

       

medconfidential’s BMJ rapid response to “Slow and costly access to anonymised patient data impedes academic research”

Research is vital, and it is always unfortunate when any research project fails to deliver the promise in the funding proposal, irrespective of the reason. But railing against the custodian of the nation’s medical histories (BMJ 2015;351:h5087), the HSCIC, seems an odd choice if given any consideration.

The author’s institution was unable to give the assurances required that they were capable of looking after the data to the standard that the public expects. The standards have barely changed; what’s changed is that HSCIC has started checking the assurances more carefully – something it should have been doing all along.

Those necessary assurances are steered and delivered by institutions and supervisors on behalf of their students, not individual students themselves. It is not the students’ fault if their institution refuses to assure that it will take due care of 1 billion health events. And it is precisely the lack of verification of such assurances that sent 25 years of medical records to insurers, to marketers, and elsewhere.

Academia emerged with its reputation pretty much unscathed from the data debacles of 2014 and 2015. The high standards legitimate institutions expect of their researchers are one of the factors that justify the access to sensitive medical data, sometimes without consent, that academia is in a position to receive. Complaining that the standards are too high for your institution to agree to meet says more about the institution than the standards.

All research is important, but no single project – and no one institution – is more important than public confidence in all research. That is why a wide range of organisations support the “one strike principle for abuse or misuse of medical records. With the Hospital Episode Statistics, i.e. linked, longitudinal medical records of the population for the past 30 years, every woman with 3 children is uniquely identifiable – and with 2 children that’s about 90% likely (quite literally, a birthday attack).

In the last week, the ICO has fined the UK’s largest internet pharmacy for selling NHS patient and customer details to spammers, quacks and charlatans, pushing “innovative treatments and lottery scams (paragraphs 49, 51, 52). Those participating in the abuse of these records stand to make a great deal of money, and until there is a ban on marketing to patients that leads to jail time for these predators, there will continue to have to be deep scrutiny of every project, and every release.

The “promotion of health”, as undefined in the Care Act 2014, is a loophole so broad you could slip a Saatchi advertising hoarding through it, quacking.

The author’s experience is unfortunate. Both the researcher and their funder deserve a clear answer as to why their institution doesn’t provide them the infrastructure necessary for modern data-driven health research. But corners cannot be cut if patient confidence is to be maintained.

The care.data debacle includes lessons for many. While BMJ readers would always uphold the highest standards of Information Governance, readers may consider (former) colleagues who might – in similar or related circumstances – find themselves with a highly-cited paper, for all the wrong reasons?

HSCIC is the custodian of the nation’s medical histories. In making it available for legitimate research, it simply requires you fill in a form honestly. That shouldn’t be too high a bar*.

* Paragraph 62

-ENDS-

Excerpt from our last newsletter on the Saatchi/CHH bill:

medConfidential had some questions for Mr Heaton-Harris on the content of the draft Bill, and had a meeting with him last week. Our comments and suggestions arising from that meeting covered a ban on marketing to patientsData Usage Reports (including our example of what one might look like) and an alternative approach that might deliver the policy intent of the Bill without creating another new database, or giving DH duplicates of powers it already has.

 

[PRESS RELEASE] UK’s largest online pharmacy fined £130,000 for selling patients’ data to scammers

The Information Commissioner’s Office will this morning issue a £130,000 fine [1] to the UK’s largest NHS-approved online pharmacy, Pharmacy2U, [2] whose senior executives approved the sale of NHS patients’ and P2U customers’ personal data by direct marketers.

The ICO determined that, through a direct marketing company called Alchemy Direct Media (UK) Ltd, Pharmacy2U executives unlawfully and unfairly sold the personal data of over 21,000 NHS patients and P2U customers either directly, or through intermediaries, to:

  • Australian Lottery fraudsters [3] targeting male pensioners who were more likely to have chronic health conditions, or cognitive impairments;
  • a Jersey-based ‘healthcare supplement’ company [4] which the Advertising Standards Authority ruled against for “misleading advertising” and “unauthorised health claims”;
  • and a UK charity which used the details to solicit donations [5] for people with learning disabilities.

The ICO determined that the sale of personal data was “likely to cause substantial damage or substantial distress to the affected individuals”, [6] that the incidents were neither “one-off events or attributable to mere human error” [7] and that Pharmacy2U executives were negligent [8].

Phil Booth, coordinator of medConfidential said:

“When medConfidential made a complaint to the Information Commissioner on behalf of patients who were being marketed, we’d no idea the trade in their data was as murky as this.

“Vulnerable people shouldn’t be exposed to this sort of harm and distress, but what’s doubly appalling is that this was done by the largest NHS-approved online pharmacy in the country, which is part-owned by the company that provides a majority of GPs with their medical records systems.

“The Government has to act decisively. Six-figure fines alone won’t stamp out this poisonous trade; not when there’s so much profit to be made. There must now be a blanket, statutory ban on all marketing to patients.


“Those who profiteer from patients’ data are predators and should face prison when they are caught.”

Notes for editors:

  1. The fine is a ‘Monetary Penalty Notice’; the ICO’s full judgement is published here: https://ico.org.uk/action-weve-taken/enforcement/pharmacy2u-ltd/
  2. Following a Daily Mail investigation, first reported on 31 March 2015: http://www.dailymail.co.uk/news/article-3020480/Your-secrets-sale-NHS-dock-s-revealed-details-patients-bought-prescriptions-online-sold-off.html Pharmacy2U is 20% owned by EMIS, the single largest provider of GP IT systems across England, see p80: https://www.emisgroupplc.com/media/1084/emis-group-plc-annual-report-and-accounts-2014.pdf and EMIS’ current Chief Executive is also a Director of Pharmacy2U: https://www.companiesintheuk.co.uk/director/11692582/christopher-spencer
  3. See paragraphs 24-28 of the ICO’s judgement, which includes: “The National Trading Standards Scams Team has also informed the Commissioner’s office that the lottery company is the subject of an ongoing international criminal investigation into fraud and money laundering, although this wouldn’t have been known to Pharmacy2U.”
  4. See paragraphs 20-23, which includes: “In February 2015, the Advertising Standards Authority (“ASA”) issued an adjudication on Healthy Marketing Ltd in relation to breaches of the CAP Code, although this wouldn’t have been known to Pharmacy2U at the time the order was approved. The breaches related to a press advert which was found to contain misleading advertising and unauthorised health claims.”
  5. Paragraph 29 of the ICO’s judgement.
  6. Paragraph 65 of the ICO’s judgement.
  7. Paragraph 72 of the ICO’s judgement.
  8. Paragraph 63:  “The senior executive of Pharmacy2U must have known that there was a risk that people may object to the sale of data to the lottery company because, when he was asked to approve the order, he replied “OK but let’s use the less spammy creative please, and if we get any complaints I would like to stop this immediately”. However, he still approved the order.”

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

“Fair Processing” and the ICO

In practice, the ICO has a very simple test for fair processing:

Do data subjects know (i.e. have they been they fairly informed) what (processing of their data) you’re intending to do?

That’s it – is the organisation being completely honest?

If yes, that’s fair processing.

If no, that’s not “fair processing”.

It’s that simple. It’s not a high bar, and it’s not a complex bar.

If you end up in trouble, it’s because of surprises – you weren’t completely honest with the data subjects about what you were going to do.

With regard to fair processing, the ICO doesn’t make a distinction as to whether or not you should do something; it solely looks at whether you said you would. The ICO is often seen as facilitating data flows, because this test isn’t what people often seem to think it is.

The ICO considers itself to have one job in this regard, defined by the Data Protection Act, and that human rights are the remit of a Court. If someone is honest and informs you about using your data to breach your human rights, the ICO believes this is not a consideration for the data protection authorities. This may be an incomplete or incorrect reading of the law, but the current ICO has made its consideration.

In many controversial cases, organisations themselves – including the Government, Ministers, the NHS – all add additional requirements. These are not data protection constraints, they are moral constraints, they’re other legal constraints or they’re ‘ministerial gifts’ (e.g. the care.data opt out).

Remember, it’s only fair processing so long as what you tell people you’ll do matches what you actually do. (You can tell them you’ll do something and not do it – that’s still fair processing.)

When you want to do something new with data, if that wasn’t in the old rules, you need to tell people about the new rules. It is here that NHS England’s various data grabs have run into trouble, mainly because they don’t want to tell people quite what it is they want to do.

So in short, be completely honest.

No wonder the political machinations in the Department of Health and NHS England keep screwing it up…

P.S. Complaints about “fair processing” basically boil down to, “we don’t want to be honest with you”. Any fines simply show that you weren’t honest; one reason organisations get fined for losing data is because they’ve said that they won’t. If they didn’t say that, then losing your data mightn’t be a breach in those terms – but then no-one would do business with them. Which is why such promises get made in the first place.