care.data is the name of NHS England’s programme to extract information from GP surgery systems and from health and social care providers, and to link it all together. It is a massive undertaking. At the moment we are concentrating on the first stage of this programme – collecting patient data from GPs – but ultimately all health and social care will be drawn into the system. Hospitals have been told to be ready by 2014; social care will join in by 2015. We’ll talk about that later on.

The first care.data request has now been agreed. This is a set of coded instructions that tells each GP system what information should be uploaded. The full specification for the first upload of care.data can be seen in Appendix A (p.22) of this document.

Here’s how it works:

• NHS England applies to the HSCIC to have the information (care.data) extracted from GP systems.
• HSCIC puts the application through the ‘customer’ procedure that we will outline in blog #8. It then actions the request and instructs GPES  to go ahead and take the information from each surgery system
• The collected data is passed on to a regional Data Management and Integration Centre (DMIC) which sends it to a number of places – like a giant traffic-direction system.

For now, we’re going to focus on just one of these traffic flows: the data that goes back to the HSCIC.

The information is stored on the HSCIC system, still in identifiable form – ie with NHS number, date of birth and the other identifying details attached to the diagnoses and treatments. It is used to create regular reports but ‘customers’ can also request linked data. In the words of the HSCIC  this ‘often contains patient level information‘ and ‘When stringent Information Governance controls allow‘ they can ‘provide extracts of linked data sets in an identifiable form’.

Tomorrow we will look at those ‘stringent’ controls in more detail.

We have already touched on the issue of ‘anonymisation’, but that isn’t the only problem. Confidential information that identifies an individual can be processed – gathered, stored and passed on – without any consent at all if there is a lawful provision for doing so.

Section 251 of the NHS Act 2006 is just such a provision. It: ‘…was established to enable the common law duty of confidentiality to be overridden to enable disclosure of confidential patient information for medical purposes, where it was not possible to use anonymised information and where seeking consent was not practicable, having regard to the cost and technology available.’  (Health Research Authority)

To put it simply, if an organisation has been granted a s251 exemption by the Secretary of State, they don’t need to worry about getting patient consent to use identifiable information.

The GPES FAQs say that: ‘Normally, data extracted will be anonymised, however where data that could identify patient is requested, it will only be released where a legal basis for disclosure exists (e.g. explicit patient consent)’ …but another example that hasn’t been given in the FAQs would be where an organisation has that vital s251 exemption.

Although NHS England is the ‘boss’ of HSCIC, insofar as it can direct it to do pretty much what it wants, it is also a ‘customer’ of HSCIC. Because of this, NHS England needs a legal basis for processing and passing on information gathered via the care.data extraction without seeking patients’ consent.  In May, NHS England’s application for s251 exemption (or ‘support’) was approved, initially for six months: ‘The approval has been given subject to conditions until October 2013 at which point NHS England can provide a report for consideration to CAG to identify the requirements for continuing and or amended support.‘

This means that identifiable data gathered under NHS England’s ‘care.data’ request – the extraction of identifiable patient information from all GP surgery records – can be passed on to a range of bodies without patients’ knowledge or consent.

Tomorrow we’ll look at the process of becoming a customer of HSCIC.

The first step is to complete an application form here BUT, as the HSCIC information tells you: ‘If you wish to apply for personal confidential data you will need one of the following:

• The consent of the individuals to whom the data relates. In this case you will need to provide evidence of the consent of the individuals concerned, i.e. the consent form and consent information literature. These will be reviewed by the HSCIC to ensure they are appropriate and, where necessary, approval will be sought from the Data Access Advisory Group (DAAG).
• Approval under section 251 of the NHS Act 2006  In this case you will need to provide evidence of approval under section 251, i.e. a letter from the Health Research Authority Confidentiality Advisory Group (HRA CAG).Or,
• The appropriate statutory regulation covering your organisation for the work required. In this case you will need to provide evidence of the statutory regulation concerned. This will be reviewed by the HSCIC to ensure it is appropriate.

…and now it becomes rather Byzantine. We’re reasonably certain this is how it works, but if you think we’re wrong, please explain it to us and we’ll correct it. We are quoting throughout from the descriptions of each group’s function that appear on their official web pages.

If you apply for a ‘bespoke’ set of data, i.e. information that isn’t contained in the regular statistical bulletins, HSCIC forwards your application to its ‘Independent Advisory Group’ (IAG)

‘Acting as an advisory group to the GPES Business Unit, the IAG will consider requests for information from customers that could be collected and provided by GPES and recommend an appropriate course of action to the Information Centre.’

If you are applying for patient confidential data and you have each patient’s consent, or if there are reasons to believe that individual patients can be identified from the apparently ‘anonymised’ information you are requesting, your application will be passed to the Data Access Advisory Group (DAAG) – also hosted within the HSCIC.

‘The Data Access Advisory Group (DAAG) is an independent group hosted by the Health and Social Care Information Centre that considers applications for sensitive data.
This ensures that the use of patient data for research purposes and for improving patient care is done in a controlled environment where the risk of disclosure is minimised.’

If you are relying on s251 ‘support’, i.e. you have an exemption from seeking patients’ consent (see yesterday’s blog #7), or if DAAG believes the information you are seeking might identify individual patients, your application will go to the Confidentiality Advisory Group (CAG) of the Health Research Authority.

‘CAG has been established to provide independent expert advice to the Health Research Authority (for research applications) and the Secretary of State for Health (for non-research applications) on whether applications to access patient information without consent should or should not be approved’

What this all amounts to is a number of ways in which massively increased amounts of information from your medical record can be accessed by a range of organisations, including private companies.

One stated intention of GPES is to “drive economic growth through the effective use of linked data” [PDF, p6] with which researchers, public bodies and commercial organisations could match records at patient level, based on information they already hold. And NHS England’s chief data officer has revealed plans to reduce the cost of access to the ‘pipeline’ of pseudonymised patient data to just £1!

This on top of the register of customers already approved by the DAAG http://www.hscic.gov.uk/daag, including companies like Dr Foster and BUPA, who may pay a fee for direct access to “sensitive or identifiable” patient data.

Under the new arrangements a whole host of new commissioning-related organisations will be also able to access what is now being called personal confidential data (PCD).

While information from your medical record may initially go to HSCIC or one of the regional Data Management Integration Centres, it doesn’t stop there. As we mentioned before, NHS England has been given a Section 251 exemption to pass identifiable – not just anonymised – data on to its Area Teams, to Clinical Commissioning Groups and Commissioning Support Units. This, despite the conclusion of the Caldicott2 report that anonymised data should generally be sufficient for commissioning.

‘Commissioning’ itself covers a wide range of purposes – e.g. monitoring, surveillance and service planning, targeting treatment, even invoice reconciliation – not only expanding the number of people with access at local, regional and national level but creating a market for analysis and consultancy companies to sell services to the commissioners and their support organisations.

This commodification of your medical records means the default is to make them accessible to more and more people less and less directly related to your medical care, constrained not by the professional duty of confidentiality that most patients presume but by data protection compliance or contract terms and conditions.

And, of course, the merging of health and social care means ever more sharing between healthcare providers, social services and education. Following the abolition of the PCTs, local authority Public Health Teams have now taken on regulated public health functions such as the weighing and measuring of schoolchildren and providing some sexual health services, and may use data to target and drive additional discretionary services such as tobacco cessation, obesity initiatives, etc.

While it makes sense to integrate care delivery around those with particular needs, the direction of travel is towards a culture of universal health surveillance and ‘integrated’ records – whether you choose them or not.