Author Archives: Phil

Is Jeremy Hunt serious about shutting down insurers’ access to your medical records?

The Secretary of State for Health has repeatedly promised that the government will legislate to prohibit people’s medical records being used for the purpose of “commercial insurance”. This may have been prompted by the sale of HES data to insurers, but it is not the only way that insurers get their hands on your medical records.

Press reports have revealed a massive increase in an insidious practice in the insurance and mortgage industries; pressuring applicants for insurance or loans to consent to a Subject Access Request (SAR) of their whole GP record – minus a few redactions, such as HIV status or sexually transmitted infections.

The practice of ‘enforced Subject Access Requests’ happens in other sectors as well, such as background checks by employers, where a prospective employee or volunteer is required to give consent for a SAR of their local police force as a proxy for a Disclosure and Barring Service check – what was formerly known as a CRB check.

The increase in enforced Subject Access Requests appears to be financially motivated. SAR charges are capped at £10 if the information requested is held on computer or £50 if some or all of it is held on paper, whereas an official DBS check costs £26 or £44 – depending on how wide a search has to be made – and a General Practitioners Report (GPR) may cost around £100, as opposed to the maximum of £50 for a Subject Access Request for your complete medical record.

Yet again, insurers are getting your medical information on the cheap.

Setting aside the issue of duress, demanding a copy of someone’s entire medical record rather than a report declaring just those details that may be relevant is self-evidently excessive and therefore in breach of the Third Principle of the Data Protection Act. One might also question what is done with the information gathered unlawfully from people’s medical records after the application process – especially given insurers’ notoriety for finding reasons not to pay out on claims.

And if patients are not fully aware of what they are consenting to, or are not giving their consent freely – which is arguably difficult to do if their application may otherwise be delayed or turned down – then fair processing is brought into question, and the First Data Protection Principle may have been breached as well.

With thanks to Tony Collins at Campaign4Change and a GP who would rather remain anonymous, via Pulse, we provide a template letter for GPs (not patients) to send to commercial third parties who have got their patients to consent to a Subject Access Request of their medical record:

Letter declining an enforced Subject Access Request – editable MS Word (.doc) format

Letter declining an enforced Subject Access Request – editable Rich Text Format (.rtf)

To comply with such requests is not safe; it’s not safe for patients, nor is it safe for a GP practice to hand over excessive amounts of sensitive personal information to commercial third parties. Legal liability in case of breach would rest with the data controller.

There is a lawful mechanism – the General Practitioners Report – so GPs should make sure that insurers, mortgage providers and all other such companies use it. And patients should insist upon it as well; don’t be fooled or pressured into signing away access to your whole medical record.

But should this just be down to individual patients and GPs to deal with?

Amendments to the Care Act, which received Royal Assent last month, left a mile-wide loophole – the McDonald’s amendment, “for the promotion of health” – for commercial access to NHS patients’ information collected under care.data and other programmes, and industry practices such as enforced Subject Access Requests continue to put many thousands of patients’ medical confidentiality at risk.

If Jeremy Hunt is serious about shutting down commercial access to and exploitation of NHS patients’ medical records, when will he take action that genuinely protects patient data rather than allowing it to be sold to the lowest bidder?

GPs vote overwhelmingly for care.data opt-in

At the BMA’s Local Medical Committee’s conference in York today, 23 May, each part of the following (composite) motion was carried overwhelmingly:

That conference believes the introduction of care.data has been nothing short of a disaster and:

(i) approves the decision of NHS England to put its roll out on hold until the autumn

(ii) believes that GPs have been placed in a difficult position in respect of the demands of the Health and Social Care Act and the Data Protection Act

(iii) asserts that data should be pseudonymised or anonymised before it leaves the practice

(iv) asserts that extraction should only take place with the explicit and informed consent of patients opting-in

(v) insists that it should only be used for its stated purpose of improving health care delivery, and not sold for profit.

So much for Tim Kelsey’s bald assertion that “Changes to the NHS data-sharing scheme now make it fit for purpose” in GP magazine, Pulse, yesterday. Given the opportunity to democratically express their opinion, the vast majority of GP representatives at LMC conference simply weren’t buying it.

Crucially, the LMC vote puts consent front and centre. In a move which again starts to look like serious political miscalculation, the Secretary of State’s promise to put patient opt-out onto a statutory footing is to be executed in tertiary legislation*. So GPs – who are after all the ‘gatekeepers’ to the patient data held on their IT systems, the ones who’ll be held liable in the unresolved conflict between the Health and Social Care Act and their duty of confidence, professional ethics and duties as data controllers, and the ones who best understand the risks if trust between them and their patients is broken – have put opt-in on the table.

In reality, the amendments to the Care Bill – now the Care Act 2014 – fail to address very real concerns that NHS patients’ medical information will continue to be sold and exploited. By rejecting definitions that would have limited data use to (improving) the delivery of care and legitimate research and by instead adding a “promotion of health” loophole that would allow fast food chains or tobacco manufacturers to make a justifiable case for access, the Government has seriously underestimated the strength of public and professional opinion.

What’s more, those driving forward the care.data scheme have clearly failed to make the case for masses of identifiable patient data to be extracted from GP records. And they continue to make sweeping, emotive appeals based on speculative research outcomes without addressing far more controversial uses such as commissioning, for which the Caldicott2 report said consent could not be presumed.

As chuffed as Mr Kelsey clearly is, now he believes he’s cracked it, getting Dame Fiona Caldicott’s panel to “advise” or “evaluate” care.data is not the sort of robust oversight required to inspire public confidence. The problem is already much bigger than one programme in any case. Overarching, independent information governance oversight for the entire health and care system, fully independent, properly resourced and with real teeth – statutory and enforced – might convince the public that the government and its arms-length bodies can be trusted. There’s only so much moral authority you can ‘borrow’.

It remains to be seen if the BMA’s General Practioners Committee and Annual Representatives Meeting will follow the lead of the LMC:

“extraction should only take place with the explicit and informed consent of patients opting-in”

If Mr Kelsey and Mr Hunt believed their fiddlings round the edges had put care.data back on the rails, this afternoon’s vote shows them the scale of the task – and the battle – that is to come.

*The intended statutory basis for patient opt out would be in Directions to HSCIC under the Health and Social Care Act – the very same sort of legal instrument that, as currently issued, would have authorised the extraction of the clinical data of patients who had opted out.

Opt-out or opt-in?

In our earliest communications in March and April of 2013, when even the most basic details about care.data were unclear, medConfidential urged the Secretary of State, Jeremy Hunt, “to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care” [1] but, if he would not, to ensure there was at the very least a properly-managed opt-out process.

The Secretary of State effectively took opt-in off the table when he announced the ‘no-quibble’ patient opt-out at the launch of the Caldicott2 report. And no-one is in any doubt as to how badly NHS England has mismanaged the public communication of care.data and the opt-out process – both last summer and during the early months of 2014.

We have made it clear that, were opt-in to be put on the table at any point, medConfidential would reconsider its position – but that while the scope and definition of the system is so uncertain, both now and for the future, we would need to be reassured that processes were in place to ensure that any consent so given could be considered properly informed, and that consent would be ‘refreshed’ on a regular basis.

medConfidential has worked consistently since the Secretary of State’s decision to ensure that the opt-out works as any normal person would understand, i.e. that if a patient opts out, their data does not flow. This was not the way that HSCIC was directed by NHS England to establish the system, despite Jeremy Hunt’s clear assurance to the public.

Though our proposed amendments to the Care Bill were rejected, in debate Earl Howe confirmed that new Directions will be issued to HSCIC – i.e. the opt out will finally be properly fixed. But despite saying it was “sympathetic to the desire to see the oversight panel placed on a statutory footing” and undertaking to “explore with Dame Fiona Caldicott and all interested parties how best to achieve [a robust and coherent system of oversight, scrutiny and advice], which may include using existing legal powers to establish an independent committee able to advise on data-sharing matters”, the government is still ducking what we believe are critical measures if public trust is to be regained.

We await the detail of these new Directions and the result of these ‘explorations’, but meanwhile medConfidential’s basic position remains unchanged; patients must be given the means to definitively exclude themselves and their dependents from secondary use and sale of their medical information, and this should be a statutory right – not just at the gift of the Secretary of State.

Opt-in is now being proposed in motions to be debated at the BMA’s Local Medical Committees (LMCs) conference this month and the BMA Annual Representative Meeting in June. To help inform debate, medConfidential has written a note laying out medConfidential’s consideration of some of the principles around consent processes. We will of course comment in detail on any specific opt-in proposals that are made.


[1] Extract from letter to Secretary of State, 5th April 2013:

“We strongly urge you to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care. Asking permission to share someone’s private information is the foundation of medical confidentiality…

…If you will not or cannot mandate an opt in approach, the clear precedent and only remaining way to ensure that consent and patient choice is respected is to provide a simple and straightforward opt out – not an “objection” process – and to inform people properly.”

 

[PRESS RELEASE] Care Bill: Government rejects statutory ‘Caldicott Guardian for England’

For immediate release – Thursday 8 May 2014

Government rejects statutory ‘Caldicott Guardian for England’

Last night in the House of Lords, Government peers voted to reject an amendment to the Care Bill that would have put independent oversight over the handling of patient information across the entire NHS and care system onto a statutory basis.

Despite assurances that the Government was “sympathetic to the desire to put the Oversight Panel on a statutory basis”, Lord Owen’s amendment [1] was voted down 259 to 165. An amendment by Lord Turnberg that would have limited secondary use of patient data to the provision of care and “biomedical and health research” was similarly defeated.

The Government’s own ‘McDonald’s clause’ – “for the promotion of health” – will continue to permit access by pharmaceutical marketers, information intermediaries such as Harvey Walsh – which boasts of holding over a billion NHS patient hospital records [2] – and other commercial re-use licensees, as probed by the Health Select Committee in April. [3]

Phil Booth, coordinator of medConfidential [4], said:

“Rather than legislating to restore public confidence, the government has opened a loophole a mile wide through which to keep selling NHS patient data.

“It doesn’t matter how ‘sympathetic’ ministers are to public concerns. The fact is the government has ducked the only sort of independent scrutiny that might help convince both patients and professionals to trust or have confidence in what it and its arms-length bodies want to do with the medical records of every man, woman and child in the country.

“Rather than putting in place a statutory Caldicott Guardian for England, with the independence and authority to command real respect and trust, the government are all hiding behind trees. Again.” [5]

Notes for editors

1) Briefing on the care.data amendments: http://medconfidential.org/2014/lords-care-bill/ including links to Lord Owen’s and Lord Turnberg’s amendments.

2) ‘NHS sells a billion patient records’, Sunday Times, 16/3/14: http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece and the sort of thing pharmaceutical marketers are doing with it, reported in the Guardian, 17/3/14: http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care. Neither Harvey Walsh nor OmegaSolver will be prevented from buying NHS patient data under the Government’s ‘McDonald’s clause’.

3) Oral evidence to Health Select Committee in Handling of NHS patient data inquiry, 8/4/14: http://data.parliament.uk/writtenevidence/WrittenEvidence.svc/EvidenceHtml/8416

Q272 Barbara Keeley MP: For all those 249 organisations with a commercial reuse licence, can we know who all the end users of our data are?

Kingsley Manning, Chair HSCIC: No, because they are using it and putting it into additional services.

While commercial re-use licences remain in operation, even HSCIC admits it can’t know who has access to what patient data, or what it is being used for.

4) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

5) Quote from “Tim Kelsey discovers that care.data is in trouble” YouTube video, 25/2/14:  http://www.youtube.com/watch?v=SgrZ9ZlTTIc

For further information or for immediate or future interview, please contact Sam Smith of medConfidential on 07890 210 746 or sam@medconfidential.org

– ends –

Care Bill in the Lords

medConfidential respectfully urges members of the House to support the amendment tabled by Lord Owen to put the Independent Information Governance Oversight Panel onto a statutory footing, and also the amendment tabled by Lord Turnberg on the definition of research use, rather than the “promotion of health”.

*LATEST* Care Bill ping-pong on May 7th

The Government brought forward amendments that would expand the advisory role of the Confidentiality Advisory Group (CAG) based at the Health Research Authority, over a wider range of data releases by the Health and Social Care Information Centre (HSCIC) than those for which it is currently responsible.

While we welcome the recognition that information governance at HSCIC and its precursor body the NHS Information Centre is and has been utterly inadequate, revelations about NHS England’s deeply-flawed care.data programme – now on ‘pause’ – multiple instances of the mishandling and misuse of NHS patient data and an evident lack of consulation and coordination between the arms-length bodies, NHS England and HSCIC, the Department of Health and others on the use of patients’ data for purposes other than their direct care show the problem is not limited to HSCIC alone.

The abolition of the National Information Governance Board (NIGB) on April 1st 2013 created a critical governance gap, the consequences of which are now all too obvious. medConfidential believes that independent information governance oversight for the entire health and social care system on a statutory basis is an absolute necessity if public trust and confidence is to be regained and rebuilt.

For that reason medConfidential respectfully urges members of the House to support the following amendment:

The amendment includes Explanatory notes but the following briefing lays out our concerns and some specific issues in more detail:

We also provide background briefings on particular points of information:

Who are medConfidential?

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent.

Founded in January 2013 and incorporated as a company limited by guarantee with charitable objects, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals, and drawing advice from a network of experts in the fields of health informatics, computer security, law/ethics and privacy. We believe that there need be no conflict between good research, good ethics and good medical care.

[PRESS RELEASE] Care Bill care.data amendment: no public confidence without Caldicott

For immediate release – Tuesday 6 May 2014

Care Bill care.data amendment: no public confidence without Caldicott

An amendment to the Care Bill [1] tabled today by Lord David Owen for ping-pong tomorrow, would, if adopted, put on a statutory footing an independent oversight body led by Dame Fiona Caldicott, the single person with the moral authority required to restore public trust and confidence in the handling of NHS patient information.

NHS England’s flagship new programme, care.data, was put on hold after a series of revelations about mishandling and sale of patient data to insurers and for commercial re-use, back in February. Since then, wider problems have been revealed, including lack of consultation and coordination between the new arms-length bodies, NHS England and HSCIC, and the Department of Health on the use of NHS patients’ medical information for purposes other than their direct care.

The new amendment would put the Independent Information Governance Oversight Panel (IIGOP) that the Secretary of State asked Dame Fiona Caldicott to establish [2] onto a statutory footing, establishing a single independent body with information governance oversight of the entire health and social care system.

Phil Booth, coordinator of medConfidential [3], said:

“The government has not only failed to act on many of the recommendations in Dame Fiona’s review, it is pushing ahead with initiatives like care.data that contradict some of the core principles she laid out.

“Not only this, but in its single-minded pursuit of an unprecedented data grab from patients’ GP records, NHS England has repeatedly ignored or avoided the very Panel set up to provide advice and challenge on these issues.

“Right now, Dame Fiona is the only person with the moral authority to restore public confidence in the handling of NHS patient information. If it truly wants to regain the trust of both patients and professionals, the government will accept this amendment.”

Notes for editors

1) A copy of the amendment is available here: https://medconfidential.org/wp-content/uploads/2014/05/Oversight-Panel-amendment.pdf and associated briefings are available online at: http://medconfidential.org/2014/lords-care-bill/

Some background to the amendment:

  • Attendees included Lord David Owen, Professor Sir Simon Wessely and other prominent doctors including Dr Joanne Bailey (BMA General Practitioners Committee), plus representatives of statistical bodies, health professionals, NHS campaigners, concerned patients and a representative of NHS England.
  • The amendment has wide-ranging support, including the Wellcome Trust, the Association of Medical Research Charities, the Faculty of Public Health and others, and has evolved out of a weeks-long process that demonstrated readiness to engage across the political spectrum.

2) The IIGOP was established at the request of the Secretary of State to oversee the implementation of the recommendations from Dame Fiona’s review, ‘Information: to share or not to share’ (https://www.gov.uk/government/publications/the-information-governance-review, commonly known as Caldicott2) and to “advise, challenge and report on the state of information governance across the health and care system in England”:https://www.gov.uk/government/groups/independent-information-governance-oversight-panel

3) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

Open letter to NHS England and care.data Advisory Group

The following is the text of an open letter we wrote to NHS England and the care.data Advisory Group in reply to Tim Kelsey’s letter to stakeholders of 14/4/14:


Dear NHS England and care.data Advisory Group colleagues,

As you know, medConfidential believes there need be no conflict between good research, good ethics and good medical care and that – taken as a whole, in balance – every data flow in the NHS is capable of being consensual, safe and transparent. We welcome indications in Tim Kelsey’s letter to stakeholders[1] that NHS England appears to be moving towards accepting the implications of this principle, even if it is not yet clearly articulating the principle itself.

“Phased roll out”

Given the absence of information regarding the “early adopter” pilots last year[2] and the self-evident failure to learn sufficient lessons from them, we would appreciate much greater clarity and transparency regarding the scope and nature of the pilots scheduled for this autumn.

For example, “between 100 and 500 GP practices” is a very wide range and, depending on list size, could affect millions of patients. We look forward to publication of the criteria that will be used to determine the size and composition of the cohort, and details of the process and communications by which practices are recruited.

Other questions to be addressed as early as possible:

  • Will some or all of the GP practices recruited for the initial pilots[3] be included?
  • Will every patient in the initial cohort of practices – and the national roll out – now be written to directly, including a consent form with the letter?
  • Over what period will the trial, test, evaluation and refinement process take place?
  • What are the criteria for success, and on what basis would NHS England move to a national roll out?

These are by no means an exhaustive list, but rather indicate the sort of detail that will be required to engender public trust in the process.

Patient communications

On the specific point of an official “optional template letter to patients”, and in light of its belated attempt at a template form for patients this January[4], we are concerned that NHS England still has not understood what it must do to communicate adequately with patients. A letter is not “optional”. After the debacle of the junk mail leaflet, it should be clear that  – whatever the anticipated response rate – failure to send a letter to each patient, enclosing a consent form, is unacceptable.

And if NHS England is now to adopt a phased roll out, then a letter is a self-evident necessity. There is no other reasonable way to inform individuals within an area or several areas of the country, some of whom may be registered with pilot practices and some not, of the action they should take by a certain date if they wish to opt out.

Regarding “ways of making opting out more straightforward”, medConfidential’s experience suggests that an officially-sanctioned online opt out process would be of great public utility. While this is no doubt bureaucratically complicated for NHS England, it should be considered a high priority task for the new Health and Social Care Digital Service. If NHS England choose not to offer and support online opt out, others will do so[5].

For full transparency and to build trust, we welcome the fact that NHS England has committed to all materials being available, and all processes being in place, before any patient-visible pilot begins. This must, of course, include the full awareness of GPs and practice staff, to the satisfaction of the practices themselves as well as relevant medical bodies. Failure to do this previously caused unnecessary patient distress and confusion. It should not happen again.

On a point of detail, regarding the communication materials being developed, examples of benefits must be substantive examples that cannot be achieved by other means. A persistent problem in past communications exercises has been the overly emotional phrasing of benefits, and ‘double-claiming’ of benefits achieved by other initiatives or research that either was or could be done without care.data.

Consultation

We were deeply concerned to hear on BBC Radio 4’s PM programme on Good Friday, in an interview with Dame Fiona Caldicott[6], that the Independent Information Governance Oversight Panel (IIGOP) had not been meaningfully consulted by NHS England, with IIGOP only being notified of the junk mail leaflet after the printing process had already begun. We would have deep concerns were that lack of consultation to be repeated, and would appreciate assurances that those aspects of consultation and independent oversight absent in NHS England’s last attempt will be fully respected in all future communications.

Health Research Remote Data Laboratory (HRRDL)

While the choice of imagery is unfortunate, medConfidential generally welcomes the proposal of a data “fume-cupboard”. We believe a strictly controlled ‘Health Research Remote Data Laboratory’ of the type we indicated in our evidence to the Health Select Committee in February[7], could act as a safe setting for patient level data research. Such a facility, run within HSCIC, using only data for which consent for secondary uses has not been withdrawn (e.g. via 9Nu4), could permit bona fide research on linked data for projects that have met rigorous, openly agreed ethical criteria.

A facility based on existing Government Statistical Service facilities, such as the Virtual Microdata Laboratory[8] run by ONS, and replicating their multiple levels of process, protection, oversight, governance and approval should help rebuild trust in the processes of HSCIC while satisfying the needs of research.

As an initial step, HSCIC should adopt the ONS Data Access Policy, and commit to a system that can use (potentially) identifiable data safely; producing safe statistical outputs, using safe researchers from safe organisations, working in safe settings inside safe hosts.

Each part of those must be suitably accredited, based on existing standards from other existing safe settings. HSCIC’s scale will require safe settings in safe hosts, which ONS is only currently deploying with support from the ESRC’s Administrative Data Liaison Service. HSCIC has the opportunity to build this into the design from the beginning, learning from others who have had to retrofit it in at a later date. We appreciate that HSCIC is only in the early stages of this process, and look forward to detailed engagement on the topic.

Changes to the law

Given the Secretary of State’s assurance that the government would legislate to prohibit the sale of patient data to insurers or for commercial purposes, we are deeply concerned at the flawed drafting of the so-called “McDonalds’ amendment” – the government clause on the dissemination of information for the purposes of “the promotion of health” – which would provide a statutory basis for ‘research’ driven by or for the primary benefit of private interests. As currently drafted, this clause would give fast food chains or supermarkets legal grounds to gain access to obesity data as part of “healthy eating promotions”, or tobacco companies to access the finely gradated, date stamped, smoking data to promote, e.g. “health benefits of e-cigarettes”.

Whatever new structures and processes for approval of data releases are put in place – as they certainly must be, given the complete inadequacy of existing procedures at HSCIC and its precursor body – it must be made very clear that just because an organisation may be legally entitled to access data does not mean that it must necessarily receive it. The best defence on this point is for lines to be drawn clearly in legislation. The “promotion of health” amendment not only fails to do this, it provides a legal basis for the very activities it was supposed to prohibit.

Given errors in briefings given to Ministers throughout this process, meaning they have (inadvertently) misled Parliament at least twice on different topics,[9] [10] we also remain deeply concerned that Ministers may not have been made fully aware of the mechanics and implications of amendments, or how they will be implemented in practice . That Lord Howe’s recent letter to Peers mis-states the operation of the patient opt-out – if a patient opts out, it is not just their identifiable data that will not flow; none of their data will flow – is just one example of the continued inconsistency that has been so corrosive of public trust.

While we appreciate the intention, we are also concerned with the government’s amendments to enhance the role of the Confidentiality Advisory Group (CAG) and extend its remit over more of HSCIC’s activities. Quite clearly something had to be done about HSCIC’s handling of NHS patients’ information, but the amendments relating to CAG fall far short of addressing issues and systemic failures beyond HSCIC – which handles only a fraction of the data collections and audits of the whole health and social care system.

On a purely practical point, we are concerned that stretching a body designed to deal with very specific cases – the use of identifiable patient information without consent under s.251 – over a whole range of other other purposes and activities could in fact dilute and possibly compromise CAG’s utility.

What we believe is required to restore public faith in the system is demonstrably independent, overarching oversight – not a narrowly-defined intervention that is in effect limited to improving the  advice given to a single arms-length body. The most appropriate body for such a task would be the Independent Information Governance Oversight Panel, chaired by Dame Fiona Caldicott on the request of the Secretary of State, which should be put onto a statutory footing and which already has a remit that spans the entire health and social care system.

Given the circumstances that have led to the need for public assurances, to put patients’ right to opt out onto a statutory footing using only Directions – tertiary legislation which can be varied by NHS England or the Secretary of State without Parliamentary debate – is unlikely to reassure everyone that their right to opt out will always be respected. Under Directions, patients who opt out could find that their decision is rendered meaningless by the stroke of a pen that would never be reviewed by Parliament.

“6 months”

We wholeheartedly agree with NHS England’s new Chief Executive, Simon Stevens’ statement to the Health Select Committee in the Commons yesterday that he doesn’t think there should be “an artificial time scale” to when the care.data programme ‘re-starts’. There are clearly some complex and significant issues still to be worked through; many of them fundamental to public trust. Putting an arbitrary deadline on this would be foolhardy. If this is to be done right, it cannot be rushed.

We hope to continue in a process of constructive engagement. We are encouraged by at least some of what we are hearing. The acid test will be when see exactly how these words are put into action.

Kind regards,

Phil Booth & Sam Smith
medConfidential

30 April 2014


ODI Lunchtime Lecture, “Why selling people’s medical/tax/school records isn’t open data” – Friday 6/6/14,13:00-13:50

Open Data Institute Friday lunchtime lecture:

Why selling people’s medical/tax/school records isn’t open data

Friday 6 June 2014, 1:00pm – 1:50pm

Venue: Open Data Institute, 65 Clifton Street, London EC2A 4JE [map]

The care.data programme in the NHS came off the rails, despite – or possibly because – officials tried presenting it as an ‘open data’ initiative. It isn’t. But this conflation of ‘data sharing’ with open data is far from unique; from the National Pupil Database to your tax records and Cabinet Office’s resurrection of plans for mass sharing of citizen data that last surfaced in an obscure clause in the 2009 Coroners and Justice Bill, the government has designs on your data.

More information and to book your place

Public meeting in St Albans, “care.data – transfer of GP medical records” – Wednesday 28/5/14 from 19:00

Public Meeting:

‘care.data – Transfer of GP Medical Records
Understand the Benefits – and the Risks’

Organised by St Albans & Harpenden Patient Group (SAPG)

Wednesday, 28 May 2014

The public meeting will be held at 19:00 at the
Council Chamber, St Albans District Council
Civic Close, St. Peter’s Street, St. Albans AL1 3JE [map]

Speakers:

Dr Ros Taylor MBE speaking in favour
Phil Booth speaking against 

“Can we know who all the end users of our data are?”

A commentable YouTube version of the Health Select Committee’s evidence session on the ‘Handling of NHS patient data‘ from Tuesday 8th April is now available online.

In the official transcript of the session, a quite extraordinary exchange occurred at Question 272:

Q272 Barbara Keeley: So have you got the information because I have asked for it twice, but not been given it? For all those 249 organisations with a commercial reuse licence, can we know who all the end users of our data are?

Kingsley Manning: No, because they are using it and putting it into additional services. So, for example, a company such as McKinsey or KPMG would have used it to support Monitor or the NHS TDA in advising on the transformation of health care services.

And there you have it.

The Chair of the Heath and Social Care Information Centre openly admits it doesn’t know who has your medical data or what they are doing with it. The examples given are clearly a distraction, as they name some (less controversial) end users. What about the ones that HSCIC not only won’t, but can’t name?

Don’t forget, this is the body that we are supposed to trust to look after our medical information; the body which in fact intends to suck up even more – much, much more – from the GP records of every man, woman and child in England.

Now its Chair baldly admits they don’t know who got hold of the data HSCIC has already sold and passed on. And he doesn’t even seem to care!

You can read the written transcript of the entire evidence session from Tuesday, and a copy of the letter HSCIC sent to the Select Committee, following the car crash evidence session by officials and the Minister on care.data on 25th February.

If you missed it, you can still view a YouTube video of that first session, featuring HSCIC’s Max Jones, NHS England’s Tim Kelsey and Under-Secretary of State for Health, Dr Dan Poulter in the second half. Or read the official transcript.