Dear NHS England and care.data Advisory Group colleagues,
As you know, medConfidential believes there need be no conflict between good research, good ethics and good medical care and that – taken as a whole, in balance – every data flow in the NHS is capable of being consensual, safe and transparent. We welcome indications in Tim Kelsey’s letter to stakeholders[1] that NHS England appears to be moving towards accepting the implications of this principle, even if it is not yet clearly articulating the principle itself.
“Phased roll out”
Given the absence of information regarding the “early adopter” pilots last year[2] and the self-evident failure to learn sufficient lessons from them, we would appreciate much greater clarity and transparency regarding the scope and nature of the pilots scheduled for this autumn.
For example, “between 100 and 500 GP practices” is a very wide range and, depending on list size, could affect millions of patients. We look forward to publication of the criteria that will be used to determine the size and composition of the cohort, and details of the process and communications by which practices are recruited.
Other questions to be addressed as early as possible:
- Will some or all of the GP practices recruited for the initial pilots[3] be included?
- Will every patient in the initial cohort of practices – and the national roll out – now be written to directly, including a consent form with the letter?
- Over what period will the trial, test, evaluation and refinement process take place?
- What are the criteria for success, and on what basis would NHS England move to a national roll out?
These are by no means an exhaustive list, but rather indicate the sort of detail that will be required to engender public trust in the process.
Patient communications
On the specific point of an official “optional template letter to patients”, and in light of its belated attempt at a template form for patients this January[4], we are concerned that NHS England still has not understood what it must do to communicate adequately with patients. A letter is not “optional”. After the debacle of the junk mail leaflet, it should be clear that – whatever the anticipated response rate – failure to send a letter to each patient, enclosing a consent form, is unacceptable.
And if NHS England is now to adopt a phased roll out, then a letter is a self-evident necessity. There is no other reasonable way to inform individuals within an area or several areas of the country, some of whom may be registered with pilot practices and some not, of the action they should take by a certain date if they wish to opt out.
Regarding “ways of making opting out more straightforward”, medConfidential’s experience suggests that an officially-sanctioned online opt out process would be of great public utility. While this is no doubt bureaucratically complicated for NHS England, it should be considered a high priority task for the new Health and Social Care Digital Service. If NHS England choose not to offer and support online opt out, others will do so[5].
For full transparency and to build trust, we welcome the fact that NHS England has committed to all materials being available, and all processes being in place, before any patient-visible pilot begins. This must, of course, include the full awareness of GPs and practice staff, to the satisfaction of the practices themselves as well as relevant medical bodies. Failure to do this previously caused unnecessary patient distress and confusion. It should not happen again.
On a point of detail, regarding the communication materials being developed, examples of benefits must be substantive examples that cannot be achieved by other means. A persistent problem in past communications exercises has been the overly emotional phrasing of benefits, and ‘double-claiming’ of benefits achieved by other initiatives or research that either was or could be done without care.data.
Consultation
We were deeply concerned to hear on BBC Radio 4’s PM programme on Good Friday, in an interview with Dame Fiona Caldicott[6], that the Independent Information Governance Oversight Panel (IIGOP) had not been meaningfully consulted by NHS England, with IIGOP only being notified of the junk mail leaflet after the printing process had already begun. We would have deep concerns were that lack of consultation to be repeated, and would appreciate assurances that those aspects of consultation and independent oversight absent in NHS England’s last attempt will be fully respected in all future communications.
Health Research Remote Data Laboratory (HRRDL)
While the choice of imagery is unfortunate, medConfidential generally welcomes the proposal of a data “fume-cupboard”. We believe a strictly controlled ‘Health Research Remote Data Laboratory’ of the type we indicated in our evidence to the Health Select Committee in February[7], could act as a safe setting for patient level data research. Such a facility, run within HSCIC, using only data for which consent for secondary uses has not been withdrawn (e.g. via 9Nu4), could permit bona fide research on linked data for projects that have met rigorous, openly agreed ethical criteria.
A facility based on existing Government Statistical Service facilities, such as the Virtual Microdata Laboratory[8] run by ONS, and replicating their multiple levels of process, protection, oversight, governance and approval should help rebuild trust in the processes of HSCIC while satisfying the needs of research.
As an initial step, HSCIC should adopt the ONS Data Access Policy, and commit to a system that can use (potentially) identifiable data safely; producing safe statistical outputs, using safe researchers from safe organisations, working in safe settings inside safe hosts.
Each part of those must be suitably accredited, based on existing standards from other existing safe settings. HSCIC’s scale will require safe settings in safe hosts, which ONS is only currently deploying with support from the ESRC’s Administrative Data Liaison Service. HSCIC has the opportunity to build this into the design from the beginning, learning from others who have had to retrofit it in at a later date. We appreciate that HSCIC is only in the early stages of this process, and look forward to detailed engagement on the topic.
Changes to the law
Given the Secretary of State’s assurance that the government would legislate to prohibit the sale of patient data to insurers or for commercial purposes, we are deeply concerned at the flawed drafting of the so-called “McDonalds’ amendment” – the government clause on the dissemination of information for the purposes of “the promotion of health” – which would provide a statutory basis for ‘research’ driven by or for the primary benefit of private interests. As currently drafted, this clause would give fast food chains or supermarkets legal grounds to gain access to obesity data as part of “healthy eating promotions”, or tobacco companies to access the finely gradated, date stamped, smoking data to promote, e.g. “health benefits of e-cigarettes”.
Whatever new structures and processes for approval of data releases are put in place – as they certainly must be, given the complete inadequacy of existing procedures at HSCIC and its precursor body – it must be made very clear that just because an organisation may be legally entitled to access data does not mean that it must necessarily receive it. The best defence on this point is for lines to be drawn clearly in legislation. The “promotion of health” amendment not only fails to do this, it provides a legal basis for the very activities it was supposed to prohibit.
Given errors in briefings given to Ministers throughout this process, meaning they have (inadvertently) misled Parliament at least twice on different topics,[9] [10] we also remain deeply concerned that Ministers may not have been made fully aware of the mechanics and implications of amendments, or how they will be implemented in practice . That Lord Howe’s recent letter to Peers mis-states the operation of the patient opt-out – if a patient opts out, it is not just their identifiable data that will not flow; none of their data will flow – is just one example of the continued inconsistency that has been so corrosive of public trust.
While we appreciate the intention, we are also concerned with the government’s amendments to enhance the role of the Confidentiality Advisory Group (CAG) and extend its remit over more of HSCIC’s activities. Quite clearly something had to be done about HSCIC’s handling of NHS patients’ information, but the amendments relating to CAG fall far short of addressing issues and systemic failures beyond HSCIC – which handles only a fraction of the data collections and audits of the whole health and social care system.
On a purely practical point, we are concerned that stretching a body designed to deal with very specific cases – the use of identifiable patient information without consent under s.251 – over a whole range of other other purposes and activities could in fact dilute and possibly compromise CAG’s utility.
What we believe is required to restore public faith in the system is demonstrably independent, overarching oversight – not a narrowly-defined intervention that is in effect limited to improving the advice given to a single arms-length body. The most appropriate body for such a task would be the Independent Information Governance Oversight Panel, chaired by Dame Fiona Caldicott on the request of the Secretary of State, which should be put onto a statutory footing and which already has a remit that spans the entire health and social care system.
Given the circumstances that have led to the need for public assurances, to put patients’ right to opt out onto a statutory footing using only Directions – tertiary legislation which can be varied by NHS England or the Secretary of State without Parliamentary debate – is unlikely to reassure everyone that their right to opt out will always be respected. Under Directions, patients who opt out could find that their decision is rendered meaningless by the stroke of a pen that would never be reviewed by Parliament.
“6 months”
We wholeheartedly agree with NHS England’s new Chief Executive, Simon Stevens’ statement to the Health Select Committee in the Commons yesterday that he doesn’t think there should be “an artificial time scale” to when the care.data programme ‘re-starts’. There are clearly some complex and significant issues still to be worked through; many of them fundamental to public trust. Putting an arbitrary deadline on this would be foolhardy. If this is to be done right, it cannot be rushed.
We hope to continue in a process of constructive engagement. We are encouraged by at least some of what we are hearing. The acid test will be when see exactly how these words are put into action.
Kind regards,
Phil Booth & Sam Smith
medConfidential
30 April 2014
