Author Archives: Phil

HSCIC opt-out form ‘phrased like a threat’

There were some extraordinary revelations at the Health Select Committee’s second evidence session of its (expanded) inquiry into the handling of NHS patient data on Tuesday 8th April.

This post is to draw attention to just one of them: a third opt-out form that the Health and Social Care Information Centre (HSCIC) has produced, on top of the two care.data opt-out codes you need to instruct your GP to add to your record.

The form that HSCIC has produced is dangerous. We don’t propose to link to it in case people download it, fill it in and accidentally de-register themselves from their GP!

In essence, HSCIC completely unnecessarily added a section to its form relating to a system called NHAIS (National Health Applications and Infrastructure Services) which if someone had completed – as many do when filling in complex forms, by signing wherever the form asks for a signature – would have meant they’d be de-registered by their GP and not be called for essential screening.

This exchange between Select Committee member Barbara Keeley MP and HSCIC Chair, Kingsley Manning gives you a sense of how this was viewed by the Committee:

Barbara Keeley MP: But it’s the way its phrased, it just looks like a threat. If you opt out…
Kingsley Manning: No, I agree, I agree…
Barbara Keeley MP: …your GP will drop you, and you’ll never have any screening.
Kingsley Manning: …I entirely agree.

You can download a safe version of the form, from which we have removed the offending section, via either of these links:

Withdrawal of Consent form (Microsoft Word format)

Withdrawal of Consent form (PDF format)

The Withdrawal of Consent form we provide should enable you to opt-out* of any one or more of the following ‘secondary use’ data sets, i.e. data sets that are not used for your direct medical care:

Hospital Episode Statistics (HES) – holds records on hospital episodes of care including inpatient, outpatient and A&E.

Secondary Uses Service (SUS) – the single source of comprehensive data for a range of reporting and analysis.  NHS hospital trusts submit patient activity to SUS for performance monitoring, reconciliation and payments purposes.

Mental Health Minimum Data Set (MHMDS) – contains patient-level data about NHS services delivered to people with severe and enduring mental health problems.

Diagnostic Imaging Dataset (DIDS) – a central collection of detailed information about diagnostic imaging tests carried out on NHS patients, extracted from local radiology information systems.

*In this instance, ‘opt-out’ does not mean that your data will be deleted. Data held about you will instead be ‘anonymised’, i.e. items or links to anything that identifies you will be removed. For statistical audit purposes, NHS systems still require a de-identified record to exist.

Public meeting in Lancaster, Monday 28/4/14, 18:15 – 20:45

*UPDATE* Read a write-up of the meeting on the Living Data Research Group website.

Many thanks to Richard Tutton, Mairi Levitt and Garrath Williams at the Department of Sociology and Centre for Science Studies for organising the event, and to Maggie Mort for chairing such a lively public discussion.

Care about care.data?

Lancaster_poster

VENUE: Banquesting Room, Lancaster Town Hall, Lancaster, Lancashire LA1 1PJ [Map]

DATE & TIME: Monday, April 28, 2014 from 6:15 PM to 8:45 PM

SPEAKERS: Dr David Wrigley, GP based in Carnforth; Phil Booth, medConfidential, Dr Garrath Williams, Senior Lecturer, Lancaster University, others tbc.

The event is free to attend but the organisers ask you to please register at:

https://www.eventbrite.com/e/care-about-sharing-your-medical-records-tickets-11073722803 (tickets closed)

Addendum to Press Release: HSCIC register “inadequate and patronising”

For context, see our press release, HSCIC’s lack of transparency is not so “innocent” after all, and HSCIC’s follow-up ‘clarification’, Publication of HSCIC register of approved data releases: clarification on points of public interest.

Despite both the Under-Secretary of State for Health, Dr Daniel Poulter, telling Parliament that “a report detailing all data released by the HSCIC from April 2013” would be published and the Chair of HSCIC, Kingsley Manning, saying at the HC2014 conference on 20th March that “we will be publishing the details of all the data releases we have made since we were formed“, HSCIC is trying to limit the scope of its register to just those releases “under agreement” initiated or renewed during the last year.

This is patently ridiculous, as there are organisations and companies to which data has been released during the past year that (a) were not and never will be “under agreement”, e.g. the police, (b) had received data and are still able to use it under an active licence during the past year, e.g. PA Consulting, and (c) continue to receive monthly updates, e.g. of HES data, under licences that may not have been issued or renewed since April 2013 but that are still active.

Without the publication of all active licences and agreements  – which should include any ‘Memoranda of Understanding’ – the public simply won’t know who is receiving their information under circumstances (b) or (c). And any reasonable human being would consider (a) to be a release of data, whether it is “under agreement” or not.

Further analysis of the register suggests a number of ‘approved’ releases recorded in other registers seem to be missing as well.

With reference to HSCIC’s ‘clarification’:

Does HSCIC deny that PA Consulting has an active contract for the use of HES until 2015?

No – in fact it confirms it. Again. We accept that the use of data already released under continuing licence may not be ‘a new release’, but for a register that is supposed to be the model for a new era of transparency it is a pretty poor showing to exclude any organisation or company that HSCIC well knows is holding and can process patient data under an active contract.

We understand that Sir Nick Partridge’s report is to be a retrospective audit. The HSCIC register doesn’t show active contracts / agreements or any start or end dates, so how is the public supposed to know who has their information at any point in time?

Does HSCIC deny that it has provided data to the police in the last year?

No – it confirms that it has done so. That it has previously admitted this “in a Freedom of Information request and in statements to the media” makes it no less a release of data than any other during this period. Will HSCIC exclude other releases of data from the register if someone has asked about them in a Freedom of Information request? We sincerely hope not.

That HSCIC seems to be trying to wriggle out of publishing releases made under other laws, such as the Data Protection Act, or indeed any release not made “under agreement” is extremely worrying indeed. And the vagueness of the legal basis given – often nothing more than “Health and Social Care Act 2012”, with no section or clause – suggests an attitude that really hasn’t shifted all that much from the ‘bad old days’… before April 1st 2013.

If they really want to earn the trust of patients, professionals and the public at large, we suggest that HSCIC officials stop making up lame excuses that only add to the suspicion they have something to hide, and publish every release of data – with full details – so that people can know exactly who has their medical data at any point, why and what for.

And rather than quarterly, the register should be updated monthly – as any number of other government bodies who do a far better job of being transparent seem to manage.

If this register represents HSCIC’s answer to revelations of its past misbehaviour, then it is inadequate and dangerously patronising – especially given the trust that it and NHS England are haemorrhaging right now over the care.data scheme.

care.data conference at QMUL, Saturday 5th April 2014

*UPDATE* Read the Conference statement, published 8th April 2014

Many thanks to Richard Horton and Allyson Pollock for organising the conference, and to everyone who made such useful contributions on the day.

Conference co-organised by Richard Horton, Editor of The Lancet and Prof Allyson Pollock, QMUL

Date: Saturday 5th April 2014, 09:30 – 12:45

Venue: Clark-Kennedy Lecture Theater, QMUL Whitechapel Campus, London E1 2AD (Map)

PROGRAMME:

Programme for care.data meeting – Saturday 5th April 2014
ChairpersonRichard Horton, Editor of The Lancet

Time Action
9.30am Coffee
10.00am What are the governance concerns : brief review of HSCIC, CAG and GP data controllers and CSUs – Phil Booth, medConfidential (slides); Ron Singer, GP & MPU
10.10am Concerns about what is happening to public health data: cuts to ONS data collection – Prof Alison McFarlane
10.20am The Faculty of Public Health’s position – Dr John Middleton
10.30am How robust are the current legal protections: DPA and exceptions to patient confidentiality – Peter Roderick
10.40am The Scottish position regarding data sharing – Dr Janet Murray (ISD Scotland)
10.50am                                Discussion and contributions from the floor
11.20am The government’s proposed amendment – Lord David Owen
11.30am Proposals for new legislation – Peter Roderick
11.40 – 12.45pm Proposal for Action: discussion led by Lord David Owen and Peter Roderick
LUNCH PROVIDED

Free text, CPRD and yet another threat to medical confidentiality

Thanks to Professor Julia Hippisley-Cox and Helen Wilkinson for pointing out that the Clinical Practice Research Datalink (CPRD) has extracted highly sensitive ‘free text’ from patients’ GP records without approval or fair processing.

Free text is your GP’s own notes, attached to the codes that are entered onto their computer systems. It can basically contain anything – names, highly sensitive personal details, medical and non-medical information about you or other people. Free text is for your doctor’s own use when providing you care, and to provide context that will help any other doctor you may see in future to provide you care.

See page 15 of CAG meeting minutes 3 October 2013 – 6a. CPRD – processing of free text information [CAG 6-06(a)/2013]

N.B. CAG is the Confidentiality Advisory Group, now based at the Health Research Authority, which advises the Secretary of State on the use of the extraordinary ‘Section 251‘ powers that allow the common law duty of confidence to be set aside so that patient identifiable information may be used without consent.

That free text has been extracted is confirmed by this presentation on Using free text in primary care research, on slide 55, which states:

“We plan to run FMA on free text within +/- 90 days of myocardial infarction [heart attack] for 2000 patients… Software will be run at CPRD without anonymisation”

(N.B. You will need to add .pdf to the filename of the file once downloaded in order to view it in Acrobat Reader.)

And this published study on BioMed Central suggests that GPRD (the General Practice Research Database) the precursor to CPRD, had been collecting free text for years.

Even more worrying is this statement on page 16 of the CAG minutes from 3/10/13:

“It was noted from the discussion that CPRD were seeking to progress solutions and were in discussion with those leading on the care.data mechanism.”

So CPRD had been using an out-of-date leaflet from 2008 to ‘notify’ patients about what it was doing and was in discussion with care.data leaders about using whatever ‘mechanism’ they were going to use to inform the public – which we now know was a junk mail leaflet!

If you even received a junk mail leaflet in January, did you see any mention of CPRD? Or any suggestion that your doctor’s private free text notes about you would be extracted? If you didn’t, why not check the leaflet out now. It says:

“Details that could identify you will be removed before your information is made available to others, such as those planning NHS services and approved researchers.

We sometimes release confidential information to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.”

So, you have been lied to on at least two counts; details that could identify you (i.e. free text) clearly are not always removed before information has been made available to researchers, and confidential information has been ‘released’ unlawfully and without meeting these so-called “strict rules”.

Because, as the CAG minutes clearly state:

“The CAG agreed that the minimum criteria under the Regulations did not currently appear to be met, and therefore advised recommending deferral to the SofS and the Health Research Authority, to enable the following actions to take place to bring the application within the framework of the Regulations:

a. Fair processing actions to be progressed in conjunction with the Information Commissioner’s Office; assurance and approved patient information materials to be provided at the relevant time before any final approval could come into effect.

b. Revision of the application form to fully incorporate responses to the issues set out above. This was to include a cover paper to clearly show which sections reflected these responses within the application.

c. A favourable ethical opinion to be provided from a Research Ethics Committee on the revised application to be considered by the CAG.

d. A satisfactory level to be achieved within the IG Toolkit before any final approval could be provided; this could be carried out in parallel to CAG consideration of the application.”

So there you have it. Yet another way that sensitive patient information has been taken from GP records without consent or proper approval. And care.data leaders knew all about it.

The problems aren’t just limited to HSCIC, folks.

We’re not saying research shouldn’t happen – of course it should – but it must be done with proper consent and/or proper authorisation, e.g. Section 251 support, which CPRD clearly didn’t have and doesn’t have yet.

Please note: we are not suggesting that the researchers referred to in this post are necessarily at fault; they may simply have been using a ‘service’ provided by GPRD / CPRD, without knowing that the free text had not been gathered with consent or proper approval.

[PRESS RELEASE] Patient groups slam head of MRC for “offensive” slur against patients

For immediate release – Friday 21 March 2014

Patient advocacy groups today called on the head of the Medical Research Council, Professor Sir John Savill, to publicly apologise for characterising people who have legitimate concerns about NHS England’s controversial care.data scheme as “consent fetishists”.[1]

Research is just one of several proposed ‘uses’ of patient data – which will by default be extracted in identifiable form from the GP records of every man, woman and child in England this autumn – but patients will be given no option to decide how their information will be used, e.g. you wouldn’t be able to choose for your medical data to be used in research, but not be sold to third parties. The only choice patients will be given to protect their and their family’s medical confidentiality is to opt out.

The care.data scheme conflates research with other ‘secondary uses’ such as commissioning, audit or sale to third parties outside the NHS. Despite research being one of the most common benefits claimed for the scheme, research was not a top priority when NHS England first applied to extract data from GP records and in fact care.data has not yet received approval for research use of patients’ medical information.[2]

Phil Booth, coordinator of medConfidential,[3] said:

“Sir John Savill owes an apology to every patient in the country. His arrogant and offensive remark pooh-poohs the legitimate and serious concerns many people have about this toxic scheme.

“care.data is not just about research. In cheerleading for a scheme the breadth of which he seems not to grasp, and with echoes of the GM debacle,[4] Sir John is putting the MRC’s own particular interests over the right of every NHS patient to expect that their doctor will keep their most intimate and sensitive secrets.”

Roger Goss, co-director of Patient Concern, [5] said:

“We support good medical research involving use of identifiable medical records but only with patients’ properly informed explicit consent. This is common sense – not fetishism. Plenty of people have overwhelmingly good reasons for prioritising their privacy.”

Notes for editors

1) See, e.g. http://www.thetimes.co.uk/tto/health/news/article4040095.ece and http://www.hsj.co.uk/news/mrc-head-brands-caredata-naysayers-consent-fetishists/5069163.article#.Uywru4Xvvcg

2) See pp5-8 of GPES Independent Advisory Group minutes for 12/9/13: http://www.hscic.gov.uk/media/12911/GPES-IAG-Minutes-for-12-September-2013/pdf/GPES_IAG_Minutes_12.09.13.pdf – these relate to the ‘care.data Addendum’, in which NHS England proposed that requests for patient data by all organisations, not just researchers, be considered: http://www.hscic.gov.uk/article/3525/Caredata

3) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

care.data opt out forms and letters available here: www.medconfidential.org/how-to-opt-out/

4) See last paragraph of Nuffield Council on Bioethics blog, 21/3/14: http://blog.nuffieldbioethics.org/?p=1059

5) Patient Concern has campaigned for patient choice and patient empowerment since 1999.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org or Roger Goss, co-director of Patient Concern, on 01903 785 776 or 07946 644 110.

– ends –

Commercial Re-use Licences for HES & disappearing webpages

It has become increasingly clear in recent weeks that patients have been kept in the dark about where their data has been going, in what form and what is being done with it.

Well now for the first time, we can show you a picture:

OmegaSolver HALO Patient Analyser screengrabClick on the image to show full size.
For obvious reasons, we have redacted the day element of every date.

Please note that we are not suggesting the following is unlawful or that patient confidentiality has been deliberately breached.

The image above comes from a company called OmegaSolver Ltd, formed in March 2013, which sells a product called HALO Patient Analyser, which it describes thus:

Patient Treatment Analyser is a unique dataset solution provided to pharmaceutical companies and trusts, who want to analyse and understand the treatment given to patients suffering from a specific disease…

The patient Analyser provides a robust query engine where users can query based on a large number of fields such as –

Gender
Age
First Diagnosis
Period (Years)
Hospital Visit Frequency
Hospital Stays
Procedures
Diagnosis
CCG / TRUST / Hospitals
Treatment Specialist
Planned / Unplanned Admissions and many more

The Patient summary report gives a summarised report of the queried data for new and overlapping patients, Gender split with age range distribution over a three year period. Patient Analyser is a one of its kind analytical tool with a simple yet understandable data visualization tool, which is currently a unique offering.

The image, a screenshot looking at five out of 163,316 patients’ data, shows detailed information about each individual patient including their medical diagnoses ordered by actual dates of each hospital visit, tracking episode to episode – the detailed state of each individual patient’s health as he or she passes through hospital care.

For example, patient OS060900 (the ‘pseudonym’) is aged 81-85 and had 5 conditions diagnosed in October 2010. She has visited hospital 257 times, mostly as outpatient visits, but spent 5 days in hospital at which point 8 conditions were diagnosed, then 6 days later the incidents scroll off the screen.

Patient OS084761, also 81-85 years old, was in hospital in April 2010 and he was still there with the same diagnoses 3 days later, though it looks like he left a day later with at least one additional diagnosis.

We are not certain that the codes in the screenshot are the same as the ones used by GPs, but if they are then some of the events and/or diagnoses referenced in the screenshot would include:

  • Posterior fixation of rectum
  • Removal of left breast
  • Suberosis (cork-handlers’ lung)
  • Explosive personality disorder
  • Bilateral mastectomy or mammoplasty
  • Removal of left fallopian tube
  • Removal of left ovary

What this illustrates quite starkly about pseudonyms is just how irrelevant they are when there is so much other identifiable data in the rest of the row. ‘Pseudonymised’ data may obscure some of the most obvious pieces of identifying information, such as your NHS number, but it clearly doesn’t hide rich detail about a person’s life and health that could just as easily be used to identify them.

Given that companies are already combining health data with social media data, you can see the ever-growing risk of re-identification from simply having tweeted about having had an accident on a certain date, or having posted a Facebook update about a relative going into hospital.

N.B. We sincerely hope this screenshot was taken from a set of mock data, not the actual HES data of 163,316 NHS patients. We look forward to clarification from OmegaSolver in due course.

We have noticed in recent days that some of the “information intermediaries” supplied with data by the Health and Social Care Information Centre under “commercial re-use licenses” are pulling web pages when contacted by the press about what they are doing.

Last Monday the Guardian, Wired and others reported on a company called Earthware with a ‘Hopsital [sic] Episodes Map’ on its website, which it described thus:

Healthcare companies and the NHS use Hospital Episode Statistics (HES) data to understand the flow of patients through the healthcare system. HES is a dataset containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England.

The map appeared to be making Hospital Episodes Statistics (HES) data available for arbitrary queries on a public web page without any form of password protection. The company pulled the map, but later put out a statement saying:

Earthware statement, 3/3/14

The third party, which cannot be named at this point, has since removed all the text from pages on its website that mentioned HES data.

Another information intermediary which last week was happy to declare it held “over 900 million linked patient HES records” and “patient level linked HES data”, has updated its site and now claims to hold “over 1 billion linked patient HES records dating back 10 years” but adds the qualification, “this data is non identifiable and non sensitive”. The company’s website also clearly states, “HES data provided by the Health & Social Care Information Centre under Commercial Re-use licence 2013.”

We suspect HSCIC and its information intermediaries’ definition of “non sensitive” may be somewhat different from the patients whose hospital details are being sold.

And in the light of the OmegaSolver image, the bald assertion that vast quantities of information-rich patient-level health data are completely “non identifiable” simply will not wash.

PRESS RELEASE: Information Commissioner inactive on medical privacy

For immediate release – Monday 3 March 2014

Today, in same the building as the NHS Expo in Manchester, the Information Commissioner, Christopher Graham, is expected to continue to ignore the many breaches of Data Protection law emerging from the NHS Health and Social Care Information Centre (HSCIC). With NHS England claiming that the Data Protection Act will fully protect patients, the DPA’s public guardian is ignoring the tannoy calling him to emergencies.

Full hospital histories – with only some of the most identifying pieces of information swapped with nicknames or pseudonyms – have been sold to and shared with insurers [1] and pharmaceutical company marketers [2] for purposes including social media marketing [3]. There is a clear intention to begin sharing this and other patient data with countries outside the EEA, such as the US [4].

The HSCIC uses the fig leaf of the Information Commissioner’s ‘Anonymisation Code of Practice’ [5] as the only protection for a mandatory, full population dataset [6]; an error the ICO says could cause a “very high” degree of “embarrassment or anxiety”.

medConfidential [7] today called on the Information Commissioner to clarify that his ‘Anonymisation Code of Practice’ cannot apply to patient-level medical records of an entire population.

Phil Booth, coordinator of medConfidential, said:

“47 million people don’t have a clue that their hospital history has been used to target ads on Twitter and Facebook. We have an Information Commissioner struggling with Microsoft Encarta in a Wikipedia world.

“With population scale health data, techniques suggested in the ICO’s Code of Practice would include changing the type of disease that you were diagnosed with, which would obviously make the data meaningless.

“The ICO closed a public consultation on updating the Code in light of how it was being used since it was published last year. We call on the Information Commissioner to reopen the consultation, to give the public a chance to comment now people are beginning to get the picture of how their data has been used.”

Notes for editors

1) See, e.g. ‘Hospital records of all NHS patients sold to insurers’, Telegraph, 23/2/14: http://www.telegraph.co.uk/health/healthnews/10656893/Hospital-records-of-all-NHS-patients-sold-to-insurers.html

2) See http://www.beaconconsulting.co.uk/ which says:

“Because we hold a large set of historic HES data, Beacon is able to:

– Rapidly check patient numbers so clients can assess project feasibility;
– Start data extraction and analysis as soon as a project’s scope is agreed

We have worked with marketers, market researchers, business intelligence professionals, new product planners and market access teams at many leading pharmaceutical companies across a broad range of therapy areas.”

3) See http://www.beacon-dodsworth.co.uk/site/data/hospital-episode-statistics for a description of how HES data may be used by pharmaceutical companies “to improve [their] social marketing / media awareness campaigns”

4) See Professor Ross Anderson’s letter to the Health Select Committee, following up on misleading statements by NHS England and HSCIC to the Committee in last week’s evidence session: http://www.cl.cam.ac.uk/~rja14/Papers/dorrell-caredata.pdf

5) The ICO’s Anonymisation Code of Practice states: “although there may be no obvious motivation for trying to identify the individual that a particular patient ’episode’ relates to, the degree of embarrassment or anxiety that re-identification could cause could be very high. Therefore, the anonymisation techniques used to protect data should reflect this.” – http://ico.org.uk/for_organisations/data_protection/topic_guides/anonymisation

6) Hospital Episode Statistics (HES) http://www.hscic.gov.uk/hes are derived from a mandatory monthly collection of identifiable patient-level data from all NHS hospitals, by something called the Secondary Uses Service (SUS) http://www.hscic.gov.uk/sus

7) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals. Opt out forms and letters available here: www.medconfidential.org/how-to-opt-out/

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

Fleur Fisher, former Head of Ethics for the BMA and member of medConfidential’s Board of Trustees, will be at the ICO conference and available for comment in Manchester today.

– ends –

PRESS RELEASE: What will the raft of new care.data legislation actually achieve?

For immediate release – Saturday 1st March 2014

Responding to the announcement that the Secretary of State for Health is to legislate on the care.data scheme [1] in an attempt to appease some of the concerns that have been raised about it, Phil Booth, coordinator of medConfidential [2], said:

 “medConfidential is glad to see the Secretary of State is taking the care.data debacle seriously. We’ll be watching closely to see if the small print of these legislative measures matches up to the headlines. At this point patient trust really won’t bear any more spin.”

On the statement that NHS data will only be released to organisations which have abided by data protection rules, Phil Booth said:

“A ‘one strike and you’re out’ approach to the abuse and misuse of patient data, if rigorously enforced, could be a game-changer. The fines that the courts and the Information Commissioner can hand out are peanuts in comparison to the turnover of some of the companies that will still be getting access to patient data.”

On the statement that respecting patient opt-outs will be made a statutory requirement, Phil Booth said:

“Jeremy Hunt is absolutely right to put patient opt-outs on a statutory footing, especially after some of the shenanigans that NHS England has tried to pull [3]. But every patient needs to be written to in person about their right to opt out – and be given the form and other easy ways of exercising it, this time.”

On other measures, Phil Booth said:

“We are less convinced by claims that legislation will prevent patient-level data being released when there is “not a clear health or care benefit for people”. The whole care.data scheme is engineered to pass around data for ‘secondary purposes’, not for direct care. We don’t believe it is helpful for the government to continue to conflate the future benefits of research use with things like the administrative and monitoring purposes of commissioning.”

“Putting the Confidentiality Advisory Group on a statutory footing may be a step in the right direction, but only if its remit is expanded to cover every release of patient-level data. Otherwise, the Information Centre that we now know has been selling patient data for years could still be open for business without effective, independent oversight and transparency [4].”

“Legislating for protections that are already in place, such as requiring “ethical reasons” from researchers who are already bound by strong professional ethical codes, or binding the scheme to ‘anonymisation’ practices that aren’t even as tough as the highest standards used elsewhere in government feels a bit like window dressing. More meaningful would be a move to put the powers that have permitted NHS England to cause this mess back under full, democratic scrutiny.”

Notes for editors

1) See, e.g. http://www.telegraph.co.uk/health/10669295/NHS-legally-barred-from-selling-patient-data-for-commercial-use.html

2) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals. Opt out forms and letters available here: www.medconfidential.org/how-to-opt-out/

3) See http://medconfidential.org/2014/opt-out-fixed-for-now/ for an explanation of how the opt-out – which could potentially have been meaningless – had to be fixed over the last fortnight.

4) The Confidentiality Advisory Group (CAG) deals with requests for the use of patient-identifiable data without consent, using what is known as Regulation 5 or Section 251 support. The decision to release sensitive patient-level ‘pseudonymised’ data has been the job of the 4 person, non-independent Data Access Advisory Group (DAAG) at HSCIC. Patient-level data that HSCIC classes as ‘non-sensitive’ – a term many patients may dispute – has in the past been released without submission to any sort of oversight body, and such releases have not been published or reported. This would include the data sold to actuarial companies, as reported in http://www.telegraph.co.uk/health/healthnews/10656893/Hospital-records-of-all-NHS-patients-sold-to-insurers.html

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

Opt out fixed… for now

On 7th February, GP magazine Pulse reported that “Patients who have opted out of the [care.data] scheme will still have their records sent to the HSCIC stripped of identifiers” – see 4th paragraph from bottom of this article. This confirmed something buried on page 9 of NHS England’s care.data Privacy Impact Assessment [PDF], which states:

Where patients have objected to the flow of their personal confidential data from the general practice record, the HSCIC will receive clinical data without any identifiers attached (i.e. anonymised data).

So the intention was to extract information from the medical records of people who had opted out, just without their NHS number, postcode, date of birth and gender attached.

This is not what any reasonable person would understand by opt out – if you opt out, no information from your medical record should leave your GP practice.

We immediately got to work, engaging with the Secretary of State and Department of Health and HSCIC amongst others. By the middle of the following week it was clear that the opt outs were going to have to be fixed, in ways we were invited to put to the Secretary of State for Health in a letter. By Friday 14th we were pretty sure that they would be fixed, but no-one seemed willing to confirm this – maybe because to do so would confirm that NHS England had been caught misleading the public.

Things moved on rapidly the following Monday with the launch of the first online opt out, faxyourgp.com, following on from critical statements by the Royal College of General Practitioners, British Medical Association and the Information Commissioner’s Office, clear signals that 38Degrees and SumOfUs supporters might opt out en masse – not to mention the fact that medConfidential had over the previous 4 weeks served out over 300,000 opt out forms and letters. And we instructed Leigh Day Solicitors to write a ‘letter before action’ to NHS England, i.e. we began a legal challenge based on misleading information in its junk mail leaflet.

On Tuesday 18th we received a letter from Dr Mark Davies, the outgoing Director of Clinical and Public Assurance at HSCIC, confirming the way in which the opt out codes would work. His letter ended: “This proposal will be considered by the GPES Independent Advisory Group (IAG) in February for their confirmation” – thus confirming that the opt outs had changed. This wasn’t an outright admission that the public had been deceived, but it clearly shows that the opt outs were not set up to work as patients would expect at the point we intervened.

And then later that afternoon, bowing to serious pressure, NHS England announced a second six month delay – while allowing themselves the possibility of uploading patient data from some ‘pilot’ practices before September.

Without fanfare that same afternoon, a new web page was published on the HSCIC website. You will probably want to read this – it’s a public document, clearly explaining the operation of the opt out codes:

http://www.hscic.gov.uk/article/3915/what-we-will-collect-from-gp-records-under-caredata

Hopefully from this point on, this page will be where any further changes to the process are published.

BUT…

You will note that the HSCIC page says, Currently, no other data relating to those who have made this objection will be extracted from their GP record in relation to care.data”

“Currently”? Are they intending to change how the opt out codes work all over again? We sincerely hope not!

Following yesterday’s evidence session on care.data before the Health Select Committee we shall be writing to the Committee to ask that they (i.e. Parliament) ensure that the final few loose ends are tied up.

So our advice remains as follows; if you have any concerns – and the performance of Tim Kelsey (NHS England), Max Jones (HSCIC) and the Under-Secretary of State for Health in front of the Committee yesterday was less than confidence-inspiring – then opt out now. And don’t forget your kids!

If NHS England manages to convince you that they’ve got things right by September, you can always opt back in. But if you’re in one of the proposed ‘pilot’ practices (no, we don’t know where they are yet) and you don’t find out that you are until after your data has been uploaded, you may regret delaying taking action.