Author Archives: medcon

Overview of Current Data Discussions – October 2017

Two weeks after our annual report and rest of government supplement, there are now a number of data consultations on going. We attempt to summarise them all here.

Data Protection Bill

The Data Protection Bill is passing through the House of Lords. Clause 15 if so significant concern, giving Ministers the ability to carve a hole in the Data Protection Act at will – something this Government claimed it wouldn’t do, as it was key safeguard in the Digital Economy Act earlier this year. As written, it is a dramatic change from the data protection status quo, and gives the Government broad powers to exempt itself from the rule of law.

We have a briefing on the Bill for Second Reading in the Lords.

As the NHS moves towards transparency over medical records, the very information provided via transparency must be subject to the same protections against enforced SAR as the records themselves. It’s unclear whether clause 172(1) does this sufficiently.

Implementing the Digital Economy Act: “Better Use of Data”

To plagiarise Baroness O’Neill, whose approach is very relevant here: better than what?

The Cabinet Office are consulting on the Digital Economy Act Codes of Practice. We have a draft response to that consultation, which goes into more detail on a number of issues raised in our rest of government supplement.

As for how that will be used in practice, the Cabinet Office are having meetings about updating their data science ethics framework, and the ODI is seeking views on their proposed data canvas. The canvas is better, but to qualify as science, it can’t just be some greek on a whiteboard, but must include a notion of accountability for outcomes, and falsifiability of hypotheses.

Otherwise, it’s not science, it’s medieval alchemy – with similar results.

Most interestingly, it appears that despite all it’s flaws, the current “data science ethics framework” is in use by Departments, and they do find it useful for stopping projects that are egregiously terrible. So while the framework allows unlawful and unethical projects through, preventing those was not their goal – the hidden goal was to stop the worst projects where every other “safeguard” has demonstrably failed. This is a good thing; it’s just a pity that the previous team denied it existed. The honesty from the post-reset team is welcome – the previous approach included denying to our face that a meeting like this one was taking place, after someone else had already told us the date.

… part 2 is now here

medConfidential on Life Sciences Strategy

The Government has launched its life sciences strategy.

The operative line which underlies all of this from an NHS perspective is:

“This may require some trade-off between trials infrastructure for nursing and for digital,”

Business want such trade offs, but the NHS and patients will likely have something to say about that. Did DH agree to it?

medConfidential coordinator Phil Booth said:

“The missing piece in here is patient consent. While the strategy mentions Dame Fiona’s Review, it doesn’t actually say whether the human tissue they want to buy will be consented or not” (top of page 8)

“Until we see what the NHS itself is planning, there’s nothing in here that wasn’t on the life sciences wishlist 4 years ago from the flawed care.data scheme; and nothing to suggest they’ve learnt any lessons.

“The Government has confirmed that patients who have opted out will be contacted about the new arrangements; but what will those who trusted the NHS to do the right thing be told?

Any Data Lake will fail; there is an alternative

We’ve added some new words to our front page.

Any attempt to solve problems of records following patients along a care pathway that involves putting all those records into a big pile, will either fail – or first breach the Hippocratic Oath, and then fail.

A Data Lake does not satisfy the need for doctors to reassure their patients (e.g. false positive tests), does not satisfy the need for doctors to hold information confidentially from others (e.g. in the case of Gillick competency, or on the request of a patient), or when institutions cannot tell doctors relevant details, e.g. in situations where there is “too much data, but no clear information”.

From the NHS’ national perspective, micromanagers at NHS England will get to reach into any consultation room and read the notes – especially in the most controversial cases. They might be trying to help, and while members of Jeremy Hunt’s Office itself might not reach in (to be fair, they probably wouldn’t), do you believe the culture at NHS England is such that some NHS middle-manager wouldn’t think that is what they were expected to do, urgently, under the pressure of a crisis?

This is also why any ‘blockchain approach’ to health (specifically) will fail. Such technologies don’t satisfy the clinical and moral need to be opaque – deniability is not a user need of your bank statement.

Just as every civil servant recognises aspects of Sir Humphrey in their colleagues, it is the eternal hope of the administrator – however skilled, and especially when more so – that if a complex system worked just as they think it should, everything would be eternally perfect.

Such a belief, whether held by NHS England, DH, or the Cabinet Office is demonstrable folly. If you build a better mousetrap, the system will evolve a better mouse; everything degrades over time.

It was a President of the Royal Statistical Society who talked about “eternal vigilance”. This is why, and it also provides the solution.

As we’ve outlined before, the alternate approach to a leaky Data Lake is to add accountability to the flow of data along a care pathway.

The system already measures how many patients are at each stage, and their physical transfers; it should give the same scrutiny to measuring how many records follow electronically. Where the patient goes, but their data doesn’t, should be as clear to patients as statistics on clinical outcomes – because access to accurate data is necessary for good clinical outcomes.

Interoperability of systems, in a manner that is monitored, is already being delivered by care providers up and down the country. Creating lakes of records is simply an administrator’s distraction from what we already know works for better care.

medConfidential takes donations

medConfidential comment on DCMS Data Protection “Statement of Intent”

DCMS’s intent is clearly to pay more attention to Civil Service silos than citizens’ data.

Sometimes you reveal as much in what you don’t say, as in what you do. Or in what you pointedly ignore…

The ‘Statement of Intent’ document suggests that the confidential information in your medical records deserves no better protection than your local council’s parking list. This is contradicted by both the Conservative Party Manifesto, and the pre-election commitment around Jo Churchill MP’s Bill in the last Parliament to put the National Data Guardian on a statutory footing. So why is DCMS saying no?

DCMS says it intends this to be a “world leading “ Data Protection regime. Even if this weren’t the UK’s implementation of the General Data Protection Regulation, DCMS would know its intent falls short had its Ministers and officials paid any attention to what’s happening outside their own offices.

Three weeks ago, the Government and the NHS committed to telling data subjects when their NHS medical records have been used, and why; and multinationals such as Telefonica have argued clearly and cogently that full transparency to data subjects is the only way forwards with innovation and privacy, without pitchforks.

The Government, however, is doing the minimum legally necessary – and already failing to meet the promises that it was elected on.

Given the Government’s manifesto and the Government’s commitments elsewhere, it is entirely possible for the UK to use digital tools to implement a world class data transparency and protection framework… So why is DCMS saying no?

Summer reading: Data for Research and Statistics in 2017

We’ve previously published an overview entitled “Governance of a Digital Economy in the medium term: AI, blockchain, genomics, and beyond” and a detailed answer to three questions we get asked. We now add this fourth on current questions around research and statistics (and NHS England).

Those questions are:

  1. Should the UK sequence the full genome of the entire population? (pg 1) (no)
  2. Can there be innovative, speculative analysis of individual-level sensitive data in a way that is Consensual, Safe, and Transparent? (pg 2) (yes)
  3. Is there a need for “AI exceptionalism” in data handling and administrative data? (pg 3) (no)
  4. Implications for research and statistics on extending Secondary Uses to facilitate third party time-sensitive micromanagement of Direct Care.

Also related, is the medConfidential response to the Code of Practice on Statistics consultation from the UK Statistics Authority.

Care Episode Histories: There will be a new dataset that replaces HES. The question is where that dataset will be copied, who will access it and on what terms, and whether dissent will be honoured for secondary uses.

The Government’s response to Caldicott 3 has made very clear: Patients will know about every access to their records, whether for direct care or secondary uses.

NHS England’s non-clinical staff look at it purely in terms of data protection; what about the medical profession’s obligation to confidentiality?

For PHE/CPRD, there remain copying loopholes that may remain in theory, and it’s unclear whether they wish their activities to be consensual, safe, or transparent.

The NHS has said that it will use digital tools to tell individuals how data about them is used, and have a public register of data sharing – both are necessary for trustworthiness. Whereas the Government still hasn’t committed to a Register of where it copies any data, including your medical information, under the Digital Economy Act; let alone mandating that its many digital services tell you how your data gets used.

Given the GDS/DCMS claims of digital leadership, being this far behind the NHS has got to get embarrassing. Given Government manifesto commitments, and the unknown hopes of a “Digital Charter”, we’ll see if anything is implemented

medConfidential comment on the Government’s response to the Caldicott 3 Review

medConfidential’s comment on the Written Ministerial Statement responding to the Caldicott 3 Review

While more details will emerge over the next several weeks, and given this is only a response to Dame Fiona Caldicott’s Review (and not any of the work by NHS England which depends upon it), medConfidential is in the first instance cautiously positive.

Original statement: http://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Lords/2017-07-12/HLWS41/

In summary, the Statement says a number of things:

  • Patients will be offered a digital service through NHS.uk that will enable them to see how their medical records are used: both for direct care, and secondary uses beyond direct care.
  • Existing opt-outs preventing patients’ data being extracted from GP practices are protected until at least 2020.
  • There will be further consultations on the details of any changes.
  • Patients who have opted out will be written to about the Caldicott consent model when implementation is finalised (but before changes take effect).
  • NHS Improvement will begin to take cyber security into account. CQC now do.

Reflecting the very strong response from front-line clinicians and technical staff to the WannaCry ransomware outbreak, the Statement is very strong on cyber-security. Whether the analogue administrators that caused so much unnecessary hassle during that event have learnt lessons will become clear, next time…

With the newly-digital DCMS about to launch the Data Protection Bill, will the Government actually deliver on its commitment to a Statutory National Data Guardian?

Phil Booth, Coordinator of medConfidential said:

“We welcome the clear commitment that patients will know how their medical records have been used, both for direct care and beyond. This commitment means that patients will have an evidence base to reassure them that their wishes have been honoured.

“Some of the details remain to be worked out, but there is a clear commitment from the Secretary of State. The focus on digital tools shows the benefit to the whole NHS of the work towards NHS.uk. It is now up to NHS Digital and NHS England to deliver.

“The wait for consensual, safe, and transparent data flows in the NHS is hopefully almost over, and then new data projects can move forwards to deliver benefits for patients and vital research. Today’s announcement is about fixing what NHS England had already broken. The perils of a National Data Lake may lie ahead, but we hope lessons have been learnt, so we don’t end up back here in another 4 years.”

Google now tries to blames Doctors and Snapchat for its unlawful behaviour

Responding to Google’s claims that doctors “use” Snapchat to send photos for a second opinion, coordinator of medConfidential Phil Booth said: “Had Google managed to buy Snapchat, they wouldn’t have said anything about this. The Report blames doctors for hygiene, and the hospital for it’s IT systems, everyone but Google. Now they’re blaming doctors for their choice of secure messaging apps to care for patients with whom they have a direct care relationship – something Google clearly fails to understand.”

If the assertions are based on evidence acquired in the Review, that should have been reported to CQC – unless there was a see no wrong, hear no wrong policy in place. Google provided no evidence that Doctors actually do this, just that they could install an app. They could also use any google messaging tool (except no one uses any of them). We fully expect DeepMind will “surprisingly” come out with a messaging app for doctors, which will be no better than email, and so solve none of the widely understood problems that mean fax machines are still useful. 

Doctors are responsible for safely caring for their patients, and it’s up to them which safe and lawful tool to use. The only reason DeepMind care is they have an tool to sell; and they’re still in denial that they way they built it was unlawful.

We’re mostly surprised that Google didn’t use this to kick Facebook; but perhaps they didn’t want to criticise another member of the Partnership on AI…

Original press release here: https://medconfidential.org/2017/medconfidential-initial-comment-on-the-google-deepmind-independent-reviewers-report/

medConfidential initial comment on the Google DeepMind Independent Reviewers’ report

UPDATE 2pm: responding to Google’s claims that doctors use secure messaging to send photos, Phil Booth said: “Had Google managed to buy Snapchat, they wouldn’t have said anything about it. The report blames doctors for hygiene, and the hospital for it’s IT systems. Now they’re blaming doctors for their choice of secure messaging apps to care for patients with whom they have a direct care relationship.”

Doctors care for their patients, and it’s up to them which safe and lawful tool to use. The only reason DeepMind care is they have an tool to sell; and they’re still in denial that they way they built it was unlawful.

The report answers none of the obvious questions that a supposedly independent Review of unlawful data copying should have answered.  

The ICO confirmed on Monday that DeepMind Health’s deal with the Royal Free had broken the Data Protection Act in at least 4 ways [1], and they have been given weeks to fix it. There is now a formal undertaking in place for correction of their project’s ongoing breaches of the Data Protection Act [2]. As of this week, DeepMind remains in clear breach of UK privacy laws. (page 7)

The National Data Guardian’s letter, referred to by the Review, shows clearly that DeepMind were aware of the unlawful nature of their processing last December[3] and the Review suggests they chose to do nothing about it.

In addressing “law, regulation and data governance”, the Reviewers say “We believe that there must be a mechanism that allows effective testing without compromising confidential patient information” (page 9, right column). So many people agree that there are already such processes – DeepMind just didn’t use any of them. It is unclear why the “Independent Reviewers” feel this is anyone but Google’s problem. (Here’s the sandbox for Cerner – which the Royal Free uses.)

If, as Prof John Naughton analogises, the Royal Free’s response to the ICO decision was “like a burglar claiming credit for cooperating with the cops and expressing gratitude for their advice on how to break-and-enter legally”, this report is DeepMind saying “It wasn’t me! Ask my mum…” thinking that’s an alibi.

DeepMind accepts no reponsibility [4], and its Reviewers seem happy with that.  Which, given DeepMind’s broad AI ambitions, should frankly be terrifying…

Responding to the Review, medConfidential Coordinator Phil Booth said:

“If Page 7 (right column) is accurate in its description of record handling at the Royal Free, then CQC must conduct an urgent inspection of data hygiene at the hospital; or was this just “independent” hyperbole to make Google look good?”

“The Reviewer’s way to not criticise DeepMind is to avoid looking at all the things where DeepMind did anything wrong. The Reviewers may think “this is fine”, but anyone outside the Google bunker can see that something has gone catastrophically wrong with this project.”

“Google DeepMind continues to receive excessive amounts of data in breach of four principles of the Data Protection Act, and the Independent Reviewers didn’t think this worth a mention. DeepMind did something solely because they thought it might be a good idea, ignorant of the law, and are now incapable of admitting that this project has unresolvable flaws. The ICO has forced both parties to fix them within weeks having ignored them for approaching 2 years.

“DeepMind Health needs real senior management with a experience of caring for patients, i.e. a Regulated Medical Professional, as a Chief Medical Officer. The second paragraph on the inside front cover (which isn’t even a numbered page in the printed document, but page 2 in the PDF) shows how badly they have failed from the start.”

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or coordinator@medconfidential.org

 

Notes to editors:

  1. Information Commissioner’s Office summary of their finding https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/07/royal-free-google-deepmind-trial-failed-to-comply-with-data-protection-law/
  2. The ICO requires that the Royal Free and DeepMind take actions within a month of the undertaking issuance – page 7. https://ico.org.uk/media/action-weve-taken/undertakings/2014352/royal-free-undertaking-03072017.pdfMany of these issues were highlighted to DeepMind by MedConfidential last year, and which they have repeatedly and systemically ignored.
  3. Sky News reported in May that the unlawful nature of the DeepMind data processing was first formally brought to the Royal Free & DeepMind’s attention in December 2016 by the National Data Guardian. http://news.sky.com/story/google-received-16-million-nhs-patients-data-on-an-inappropriate-legal-basis-10879142 Paragraph 4 of the letter from the National Data Guardian to the Hospital clearly shows that they were first formally of their legal failings in December.
  4. Details of medConfidential’s complaint are available here:
  5. This complaint has now been vindicated by the investigation, despite an extremely strong PR response from Google. Contemporary quotes from project advocates, which now ring hollow, include: [all emphasis added]a) Mustafa Suleyman, Co-Founder at DeepMind, has said:

    i) “As Googlers, we have the very best privacy and secure infrastructure for managing the most sensitive data in the world. That’s something we’re able to draw upon as we’re such a core part of Google.” [Guardian, 6/5/16]
    ii) “We have, and will always, hold ourselves to the highest possible standards of patient data protection.” [Daily Mail, 4/5/16]
    iii) How this came about all started with Dr Chris Laing, of the Royal Free Hospital: “We went for coffee and ended up chatting for four hours.” [BBC News Online, 19/7/16]
    iv) More recently, in an interview with Mr Suleyman published on 20/3/17: “When pushed on how the public would be assured that its sensitive data was safe, Suleyman replied, “first there is the law”.” [Digital Health, 20/3/17]

    b) George Freeman MP, at the time a Minister in the Department of Health: “NHS patients need to know their data will be secure and not be sold or used inappropriately, which is why we have introduced tough new measures to ensure patient confidentiality.” [Daily Mail, 4/5/16]

    c) Professor Hugh Montgomery, (consultant for Google’s DeepMind project) said, on Radio 4’s PM programme on 4 May 2016:

    i) “So this is standard business as usual. In this case, it was a standard information data sharing agreement with another supplier, which meets all of those levels of governance. In fact, the agreement there, or the standards of management of those data, meets the very very highest levels. It meets something called HSCIC level 3, which most hospitals trusts don’t even reach.” [Recording of audio available, see link below]
    ii) “So firstly, this isn’t research. Research is governed by an entirely separate process that would require anonymisation of data and all sorts. This is data processing.”
    iii) “It’s fair to say again that not only is this data at the very highest standards, and beats every standard, and more in the United Kingdom. But the data is encrypted end-to-end, and they have to, like everyone else in the health service, stick to the law.”
    iv) Recording of audio available at: https://www.dropbox.com/s/cfimojgec24rlrj/
    20160504­deepmind­radio4­pm.mp3?dl=1
     20160504­deepmind­radio4­pm.mp3?dl=1

    d) Will Cavendish, now Strategy Lead for DeepMind Applied, formerly Informatics Accountable Officer at the Department of Health, said (when IAO):

    …“The vital importance of trust, security, and cyber security.” … “To be honest, it used to be that not a week goes by, now it’s not a day goes by, without stories of hacking, data leaks, inadvertent data sharing. This absolutely erodes the trust that underpins the work that we do.” https://www.youtube.com/watch?v=5Ej3PRF1jUw&t=2h15m5s

    e) Dr Julian Huppert, Chair and “on behalf of the Panel of Independent Reviewers for Google DeepMind Health” said in an e-mail to medConfidential on 6/7/16:

    i) “one of our roles is to look in detail at how DeepMind Health uses patient data, and to confirm that it complies with the highest ethical and regulatory standards.”
    ii) “We believe from what we have seen so far that DeepMind has a clear commitment to the Caldicott Principles, and that they have to date been honest in their public and private comments. We also believe they are willing to work constructively with regulators, and remain within the law.

     

  6. DeepMind’s response to the ICO finding has been to blame everyone but themselves. As they begin to regularly refresh part of their Review board, perhaps Shaun Spicer will be available to help.

 

-ends-

medConfidential Bulletin, 30th June 2017

So, we have a new Government (after a fashion). And, whatever else, there’s some continuity at the Department of Health…

Given this continuity, the completely unambiguous Conservative Manifesto commitment, and cross-party support for the National Data Guardian, it was a bit disappointing that a statutory footing for NDG was absent from the Queen’s Speech.

We can’t help but note – with a Data Protection Bill on its way, arbitrary data-sharing powers available in the Digital Economy Act, and Theresa May threatening to roll back human rights – that it is protections such as these that underpin the privacy of all our medical records.


What just happened?

The election put a lot on hold, but you may remember a dodgy deal with the Royal Free Hospital that got Google DeepMind into a spot of trouble with the ICO and National Data Guardian when we complained about it.

The NDG’s formal view came out during the election period, and we await the ICO’s ruling – due any day now. We are therefore entirely unsurprised that DeepMind’s “Independent” Reviewers’ report is also delayed. One might question “independence” when a whitewash coincidentally comes out a day after the regulator’s critique…

What’s happening next?

We don’t comment on every future project press release from Google DeepMind – their PR flacks cost many times our annual budget. But last week’s announcement that its next project will be to provide a hospital IT system for Taunton is worthy of some attention; the relevant detail is at the bottom of page 2 of this document.

It’s understood that companies will provide the NHS with IT systems – GPs and hospitals buy in systems all the time. But accepting ‘gift horses’ from aggressively data-seeking US info corps already known for not playing by the rules may not necessarily be wise. For one thing, as many have learned, if you’re not a paying customer you tend to end up being the product.

If, however, the decision is that the people of Taunton are most in need of better infrastructure – NHS England certainly felt they were, this area being one of the ‘pathfinders’ for the cancelled care.data scheme (more on its successor below) – then starting in Somerset is as good a place as any.

But this doesn’t mean you can ignore the regulatory implications. Or future cost.

As recently as January, DeepMind assured Regulators that its tools were not used for clinical decision making, yet in June it has signed contracts to run a hospital using it. To be used in direct care, the central IT system of a hospital is a closely regulated system – these are, after all, the systems that run Intensive Care – although Google, chasing the profits rather than patients, probably won’t choose to help those in most acute need.

Has Google started the Regulatory  process to run that system, or is it trying ‘deployment via press release’? Does it want DeepMind to mark its own homework too?

The only way for patients to know if their data was used in such a programme is for everyone to know where, when and why their medical records have been accessed. Google says it won’t use patients’ data for other purposes; our concern is that minds change. After all, the company said it wouldn’t start building this system for 3 years – that was 7 months ago.

For as long as DeepMind Health is led by an entrepreneur – and has no Chief Medical Officer who is bound by the Hippocratic Oath – its position can change, purely for business reasons. Its corporate officers may stand on stage and say they won’t, but they say many things which they change their minds about. One can be an AI visionary, or run a health infrastructure service – but people have every right to be nervous when you try to do both, especially if you claim you aren’t doing so.

It is inevitable that the future model for this service will be ‘AI assistants’ offering hints and references to doctors via the Streams app; the principle of A&E triage, applied hospital-wide.

This being the case, if these AI systems are modular and compartmentalised for the delivery of care, then they can each be regulated separately. If, however, the individual systems are not interoperable and transparent, then the entire infrastructure must be regulated tightly. (Research, i.e. the development of such systems – including the justification, with evidence, of what data they actually need – is already regulated, by MHRA and other bodies.)

Until the situation is clear, questions as to whether DeepMind’s approach to Regulators is the same as Uber’s (they do, after all, share investors) will remain.

We should point out, as DeepMind buried it in the small print, that no money is changing hands here – and neither party is obligated to do anything. This may yet be just another Silicon Valley startup (the TV show, that is – not the place) that puts out a stream of press releases, delivering for investors over patients.

 

What’s happening where you live? And what can you do?

Wherever you live, in England, there are changes coming to your local NHS.

The ever-so-subtly again renamed STPs (now “Sustainability and Transformation Partnerships”, not just Plans) and their further regional reorganisation – over “several years” – into Kaiser Permanente-style Accountable Care Organisations represent the Government’s and NHS England’s view of the future.

Bearing in mind the massive democratic deficit in the NHS, will accountability be to patients or to the analogue administrators?

Given that – most of the time at least – care records follow patients, one of the best ways to see how the NHS works is to look at the data trail that you leave behind you.

So if you have a login for your GP practice’s website, we encourage you to look at the letters that have been scanned into your record, and to simply count the logos. (If you don’t already have a login for online access, here’s how to get one.) Then, as your NHS changes over the next few years, keep count; over time do you see more commercial logos, or fewer?

While you’re at it, you might also want to check who’s accessed your GP record. Both EMIS and TPP have now switched on basic access to your GP record’s ‘audit trail’ – and as more and more people use it, this vital transparency feature should improve over time.

Things are clearly going to stay busy for a good while yet. Four years in, medConfidential exists entirely through your donations and the generosity of the Joseph Rowntree Reform Trust, to whom we are applying for a further grant. We appreciate all donations – and your support helps with other funding.

 

A digital strategy for the NHS: remember Martha’s Talisman

“Apply the following test. Recall the face of the poorest and the weakest, the most digitally-disengaged patient whom you may have seen, and ask yourself if the step you contemplate is going to be of any use to them? Will they gain anything by it? Will it restore them to a control over their own life and destiny? Will they have the information to make an informed decision?

– with apologies to Gandhi and Martha Lane-Fox

Any strategy for a Digital NHS must account for the furthest first. And, while addressing their needs, must also recognise the circumstances and humanity of all those whom the data is about, via user research. Wanting to help people is not the same as actually helping them – as previous recent NHS strategies have demonstrated.

An effective strategy must be short enough that people can both remember what it is, and hold it in their mind while thinking about the challenge in front of them. A 200-page PDF is not only indigestible, it is undeliverable; our attempt above is at a strategy people could remember.

What follows are guidelines on how not to misapply it.

Strategy

The handling of medical records must be underpinned by accountability – whether “handling” means digital services used by clinicians, by patients, or for secondary uses. If built on a basis of pervasive transparency on all data flows, flawed decisions can be identified and corrected, and progress made within an environment characterised by evidence rather than promises.

Some strands of the Five Year Forward View are mired in secrecy and political choices, which – while any one decision may work out well (or otherwise) for patients – is an unsustainable basis for long-term effective and efficient delivery of public health and care services at nation-scale.

High quality digital services are built with humility, by learning from the real world, with meaningful involvement in the process by patients and clinicians – and others who also contribute, e.g. researchers, administrators, and commercial providers.

There may well be an extremely narrow case for sharing a patient’s entire clinical treatment history with the NHS.UK website backend in order to personalise the front page of that website on an initial visit, but the harm of doing so without fully-informed choice and consent is far greater than the harm of not having that feature at all. And with every such decision arises the opportunity cost of those things (whether treatment or prevention) that will not subsequently be possible, due to the impact of such flawed priorities, and/or patient fears.

Only the NHS

Only the NHS connects people through their lives from cradle to grave – and can therefore tell people how they contributed to research, even long after the event.

Unlike, for example, shonky ‘public-private’ initiatives, hiding behind the NHS ‘brand name’, set up to profit from a ‘Bonfire of the Faxes’, the NHS proper doesn’t bodge it and scarper, leaving others to clean up its messes. It is the NHS that cleans up the messes created by others; thousands upon thousands of true public servants caring for people under their shared and lived understanding of the Hippocratic Oath: Do No Harm.

In the digital world, there is a Talisman that can direct every significant choice. It will not stop post-rationalisation or self-justification of pre-conceived ideas – that outcome is outwith any strategy, lying as it does in the hearts and minds of the strategists themselves. But if the Talisman helps, and is respected and used as a touchstone across the entire system, then it should stop incorrect ideas before they can go wrong at scale, and also encourage good work to flourish.

For if nothing else, this must be a fundamental goal of any (digital) strategy: to support and encourage positive innovation in care and prevention, while not killing people through ignorance, oversight or ideology.