Author Archives: sam

Everyone’s experience in AI decision-making

Institutions that include everyone understand that great benefit comes from seeing complex issues in many different ways.

The most life-changing, rapid, and one-off decisions people must make are those to do with their health, and the health of their loved ones. Here too, the benefits of diversity are well understood. In medicine, there is a culture of “second opinions” – you can always ask another doctor for their opinion on a choice. This is acknowledged as a great strength of the medical community; indeed, the seeking of diverse (even possibly contradictory) opinions is actively supported by professionals realistic and humble enough to accept that there may not be one single right answer.

So why, as technology progresses, should we choose a lower standard for AIs offering diagnostic assistance to doctors?

Necessary variation in clinical Artifical Intelligence ‘opinion’ will arise only from open competition amongst providers, all respecting the consensual, safe, and transparent use of patients’ data, underpinned by medical ethics.

When you are ill and have a care team today, the decision process available to clinicians deciding your treatment comes not from a single view, but from a comprehensive assessment considering diverse perspectives.

The same should apply when AIs join a care team, which could mean one AI’s analysis spotting something another has assessed as less significant – it should only take one finding to prompt a new consideration. And should we not meet the urgent demand for more doctors, it may be appropriately diverse, ‘always on’, clinical AI assistance tools that could help recast the mix of experience required. (Or perhaps, in a future AI world, patients will be sick of experts…)

Diversity in the medical AI ecosystem will result from the choice of different modelling approaches and the use of different training data, the variation in outcomes (i.e. advice) will come about for similar reasons as today: differing opinions arising from different choices made by different ‘cultures’. No training dataset that systematically excludes some or any community should be acceptable, but different datasets in different models will result in different suggestions – reflecting the humanity of everyone.

The consultation of multiple clinical support systems should be as straightforward as the consultation of any single system in every hospital that meets modern standards for interoperability (FHIR, or the NHS goal of being paperless by 2020). Therefore, when requesting an assessment from an AI clinical support system, it will be just as easy to ask three – unless a monopolistic supplier limits your care to that provided by their models.

Diversity has sound economic reasons too: a mandate for multiple opinions would ensure a healthy, competitive market in AIs for clinical support. Such a mandate wouldn’t raise costs, as it would triple the market size – and it would ensure a continual process of innovation. Over time, as AI improves, there would be minimal risks in moving to newer systems; during the testing phase, four opinions are as easy to consolidate as three.

Also, where patients consent to research, over time, the health outcomes of those patients can become a measure of the different approaches. In that way, if AIs’ outputs are measured on their clinical benefit, “best” can become a clinical outcome – not a marketing claim. Which also delivers on the Government’s commitment that patients should know how their records have been used, and what was learnt from those projects.

In short, a mandate for progress through safe innovation is deliverable today, in line with professional practice and medical ethics, if that is what we want.

 

A National Health Service

Markets around the NHS must themselves be sustainable, and the NHS is in a position – as a research and development institution, and as the data controller in multiple clinical environments – to manage rapid development and testing of AI in a way that a recent flagship project did unlawfully.

It is clear, however, that some institutions within the NHS feel they are required to give up their patients’ data to avoid “falling behind”. All they are demonstrating is their own lack of awareness.

Every AI company is dependent upon masses of data; some may try to ‘free ride’ off the NHS infrastructure, hoping to copy some of the patients’ data that flows through it for profit, without even paying the taxes that fund the NHS. Whatever the case, in every ‘deal’ that is made, the original data controller remains the data controller – and there is no result that cannot be replicated (more cheaply) by another hospital with a similar dataset later, building on shared experience and published results.

Simply believing ‘the smartest guys in the room’ is neither wise, nor the only choice. Novelty can indeed be part of the legitimate research and care process, but the sort of innovations we need cannot involve the secret testing of AIs on humans without their knowledge or consent.

Great risk to the NHS comes only from the perverse incentives of commercial monopoly, grounded in the belief that there should be just a few data silos. (Guess whose?)

Google DeepMind’s Health division might be entirely dependent upon a continued supply of NHS data, but the NHS is not dependent upon Google unless it chooses to be; other AI developers – and search engines – are available. The NHS is not in a position to ensure an effective market in search engines, but just as it already does for health information, it has the authority to do so for clinical assistance; assuming there is the political desire to have a functional and sustainable system.


This will form the basis of Part II of medConfidential’s submission the House of Lords Inquiry on AI.  We’d welcome your thoughts at sam@medconfidential.org / @smithsam

Newsletter: medConfidential Summer Roundup, 21 July 2017

Before everyone starts their summer, here are a few ‘tied-up loose ends’ that had previously been left dangling.

Your GP records: If your GP uses TPP or EMIS, you can today begin to see how your data has been accessed. Neither TPP nor EMIS yet cover their research databases, but they will have to shortly because of the findings of the Caldicott Review.

 

Caldicott Review: The Government has finally responded to Dame Fiona Caldicott’s 2016 Review. It has committed that you will be able to see how your records have been used, both for direct care and all other uses. This will be phased in “by 2020”, mostly (we hope) in 2018. If you have opted out, you will be written to about any changes before they happen. Our longer response is now up.

 

Google DeepMind broke the law by copying 1.6 million medical records, according to the Information Commissioner – and the company was rebuked by its own Reviewers. medConfidential’s complaint was found to be true; Google’s statements, not so much.

 

Your DNA: The Chief Medical Officer has opened a “national conversation” about the future of genomics. This starts with patients who have unknown cancers or rare diseases, who may see significant benefits from genomics. But it involves two questions, which boil down to: “Can we do this for your care?” and “If we don’t get an answer now, do you want us to keep your details in a research project which might give you an answer sooner? If not, we’ll run the test again in a year or two.”

There should be no difference to the person’s immediate care, and each patient is given a reasonable choice. If this can be done for cancer genomics, it can clearly be done elsewhere. We would have included a link on how to feed back your thoughts on the CMO’s Report and next steps, but there isn’t one.

 

Patient views on Research: The “Understanding Patient Data” project has run some workshops looking at privacy or research. The blatantly faulty premise of this work is exposed by the Information Commissioner, who has stated: “It’s not privacy or innovation – it’s privacy and innovation.” Had UPD included us in any of their planning, we’d have pointed that out.

 

The GP IT provider TPP: The trial of functionality to allow GPs using TPP’s systems to properly execute their responsibilities to patients should conclude shortly, and – assuming no major problems are found – be rolled out to every GP that uses TPP. With other changes eventually being correctly implemented, this should reassure all sides.

As part of this process, TPP’s notoriously litigious founder instructed lawyers to send us a “reputation management” (defamation) letter, which also said that TPP had no desire to respond to medConfidential.

 

Public Health England is still in denial about its data and consent troubles. Its officials consider themselves part of your cancer care team, despite very few patients having any idea who they are, or why this should be. Beyond the institutional desire to ignore and distrust the Caldicott Consent Choice, what will change?

PHE’s problems are far wider than just consent, but it is a good place to start. Yet another Review is due to be published soon. Will the disease registries move under the NHS umbrella, or will PHE continue to refuse reform – and if so, will you know how your data gets used? Transparency is not the same as respect for confidentiality, but it does make ignoring confidentiality only possible by being dishonest.

 

Funding: We are very grateful indeed to the Joseph Rowntree Reform Trust Ltd for awarding us a further year’s grant, covering 80% of our core funding, that will enable us to continue working towards consensual, safe, and transparent data flows in the NHS – and to defend human rights in the face of your data being copied without your knowledge or approval.

 

Brexit: As Brexit Britain draws closer, and having already introduced measures that try to make NHS staff hassle brown people for documentation, the NHS now faces a three-way stand-off – a ‘Brexit Triangle’: does the Department of Health now direct NHS staff to hassle everyone who looks or sounds ‘foreign, or to hassle absolutely everyone, or do we give in and issue everyone with ID cards?

We may not know the outcome – but we do know that, armed with facts, every patient can speak with the authority of their own lived experience of the NHS. Please do keep informing yourselves, and informing others. Maybe you could share this newsletter with them?

 

What’s next? We hope you enjoy your summer. We have quite a lot to do, getting ready for when Civil Servants and Parliament return in September. Our NHS friends are, of course, working all through the summer. We wish them, and you, well

medConfidential Response to the Government’s Caldicott 3 Response

The foundations on which you build anything are critical. The more complex and interdependent the system, the more vital it is to firmly establish its fundamental principles. As we saw with care.data, when eroded, the whole endeavour can collapse.

The Government’s commitment to transparency is therefore significant. The pressing question is, when it will be delivered – we’ve now been told when it should be delivered, but that’s not quite the same thing. This is important because it is transparency measures that provide the basis for informed consent, a theme we’ll return to at the conclusion.

Regarding each patient opt-out, to prevent data leaving GPs’ systems:

“…we will honour these until 2020 to allow the new national opt-out to be implemented, and for full engagement with primary care professionals and the public.”

Whatever happens in the interim, full engagement has to mean a formal public consultation in 2020, based on the facts as they are known to the public at that point. Anything less would be to break the confidence that the public are being asked to give.

 

The implications of consent

The National Data Guardian, the Department of Health, and NHS Digital have all committed to telling patients how their data is used – both for direct care, and for purposes beyond direct care. This is good. But this is a commitment that must be delivered, consistently and without compromise.

If various dark corners want to continue to grab data in secret, the public will be far less forgiving. care.data may have had a pass, because there was no way for individual patients to know how their data has been used. Under this commitment, they will be able to.

It is doubtful that patients will look kindly on being lied to, again – even if attempts to do so are masked by dodgy definitions of the fence line between one bit of DH and another.

As the NHS begins to understand the implications of confidentiality and consent, medConfidential will be here.

 

Will NHS England and PHE follow the consent model?

In a blatant example of self-important special pleading, page 35 of the Response quotes PHE telling DH and the NDG what they must do, at a point where PHE also refuse to be a part of the solution. (We note also a passive-aggressive defence of Windows XP on page 17.) PHE has repeatedly refused to honour opt outs, dissents, or any other form of objection. The Government has proposed no change to this – why not?

The Government’s Response indicates that, rather than resolve the problem of invoice reconciliation – which has been discussed repeatedly – NHS England has stubbornly dug in its heels, and refused to consider it a problem. So accountants are still to take copies of patients’ identifiable records to check companies aren’t ripping the NHS off – despite there being other, safer, better ways to protect the NHS against fraud. Yet again, NHS England is both part of the problem, and an impediment to the solution – its officials refusing to consider change because they don’t want the effort of having to change the way that CCGs operate.

In a stark illustration of attitudes that still prevail, the day after the Government’s Response was published, the Chief Information Officer of NHS England stood up at a conference and said, “Let’s get away from this distinction between primary and secondary uses of data – it’s just data, let’s start using it”. It appears not only did Mr Smart (like his predecessor) ‘skip medical school’ – he also seems to have skipped reading anything written by the National Data Guardian. Not entirely the lesson you’d hope was understood at the Royal Free…

If the online opt-out process from NHS Digital is discredited from the start by not taking account of PHE’s continued data grab of cancer patients’ records without their consent, medConfidential will run an online opt out process that does.

Of course, Dr Rashbass might continue to ignore those requests too – in the mistaken assumption that just because he thinks of every person who has ever had cancer as his patient, those patients have any idea of who he is or why he’s grabbing their medical history. Clearly, some have yet to learn the important lesson that believing you are a good person, doing a good thing – or even being a good person – is not the same as doing the right thing.

Hopefully the McNeil Review will resolve this outstanding issue, whenever it is published and commenced. However, given the lack of critical engagement, there is still a strong risk that choices may turn out to be a ‘cargo cult’ copy of consensual, safe, and transparent – rather than anything effective. A digital form of the worst of homeopathic quackery.

Whatever U-turns and failures lie ahead, medConfidential will be here.

 

Assuming everybody manages to get this right…

In September 2014 we had a meeting with NHS England, in which the question was asked: “What happens after the care.data problems are resolved?” This was the result (which also looked at backdoor data changes) – at a point where there had already been a commitment that care.data would only be available within a safe setting. Will that commitment be honoured for any and every future dataset?

The principles of that post are sound, and still apply. We don’t yet know what promises will be made about the Data Lake today, only to be broken tomorrow. But what was clear from the Expert Reference Group process was that the data collected will include everything over time – sexual health records, mental health records, abuse records, genomics.

A safe setting means legitimate projects can access the data they need by minimising side effects.

If we were writing on “backdoor changes” today, we’d add PHE and the cancer registry – plus Genomics England, and similarly for other sources of data – but the principles we outline for change remain sound.

Caldicott 3 has delivered something for everyone: whether you wish your data to be used or not, you will be able to see how your wishes have been honoured – and, as the Secretary of State has said: if you don’t want your medical records to be used, they won’t be. All this is capable of being delivered with the Caldicott Consent Choice, implemented properly.

If and when this is delivered, or those patients who are content for their data to be used, the question is what the commitment to transparency will cover. At present, the Hospital Episode Statistics are sent to ~400 different places around the country each month, and NHS Digital hopes none of them has a cyber security accident. It’s only a matter of time.

A safe setting moves data use from “should usually follow” the rules, to “demonstrably always followed” the rules.

The proposed ‘Data Lake’ repeats NHS England’s near-sociopathic disregard of the central fact that in health and care you are  dealing with human beings; people who are usually sick, and often worried. Data is not “the new oil”, nor is it water – and there’s no such thing as a ‘Lake’ of it; there is the collected care episode history of every patient in every UK hospital, for approaching 30 years.

If the current HES are replaced with a more detailed, and even more sensitive, ‘Care Episode Histories’ dataset, that dataset should only ever be available in a safe setting, and all projects – whether for direct care or secondary uses – must be logged for the patient to see. With greater detail, comes some security. It is self-evident that NHS Digital cannot know how data is used once it has left its control, and yet it distributes hundreds of copies of huge numbers of individual-level medical histories that are identifiable (pretending the birth dates of your children are a secret from everyone you know – and others besides…).

Patients will look at accountability trails especially when contentious decisions are made.

 

If Will Smart’s expensive consultants wish to consider themselves as providing Direct Care, then they must appear in the (non-local) direct care – i.e. SCR – access logs made available to patients. The principle of “Hello… my name is…” must apply to all direct care – for, just as a doctor should take the time to explain themselves, real transparency means that NHS England’s micromanagers will be expected to do so as well. When they operate on perverse incentives in a crisis, patients will have the information as to how interventions were handled – which will rarely make a crisis less contentious. It’s not hard to see this won’t end well.

Secondary users, by definition, cannot be expected to introduce themselves to patients – so this applies as much to PHE as it does to NHS England. We assume this separation is why NHS Digital will have two lists of data accesses; the split may  appear odd at first glance, but it is likely better for patients.

If Mr Smart still wants to play about with big databases, with scant regard for human suffering or people’s privacy and dignity, then the Home Office is hiring. But he chose to work in the NHS, which has fundamental values.

Those fundamental values include both confidentiality, and using the data of consenting patients to help other people. Replacing the sale dissemination of data with a better dataset in a safe setting has always been part of the solution the NHS needs. It was deficits in thinking and leadership that led to care.data – and it seems the administrators of NHS England may yet have to learn that in return for changing what they take from us, they may have to change what they themselves do.

Accountability removes possible unwelcome contingencies – which in turn will allow more complex research, in an environment of reduced risk and concern.

A consolidated collection of care episode histories, that are treated as such, could be the basis for a stable data infrastructure in the NHS. A Data Lake cannot.

Whatever promises may be made in order to get hold of the data, it is transparency and accountability to properly-engaged and interested patients that will keep the system honest in the long term. And there will always be competing pressures.

Local councils, for example, will keep funding reports that say local councils should have access to any and all medical records they wish. So we repeat: the Government’s commitment to transparency is significant, for it is transparency that provides accountability in even untrusted systems.

As NHS England moves towards a new, transparent data collection – whatever the plan, and whether it chooses to share it or not – medConfidential will be here.

You shouldn’t pay that – a better approach to invoice reconciliation

Yet again, the Government’s response to Caldicott 3 has decided to ignore the problem of accountants getting masses of identifiable patient information in order to pay some invoices.

A CCG receiving an invoice needs to answer four questions:

  1. Is this a patient we pay for?
  2. Was this care provided to this patient?
  3. Have we already paid for that care?
  4. Has someone else already paid for that care?

The current system ignores question number 4.

As a result of question 2, CCGs expect to get copies of all records on all patients – taking on the burden of keeping them safe – just so as to be able to check anything that they may wish to. The inherent dangers in this are clear, and to do it requires a perpetual ‘temporary’ exception that is only lawful if “necessary or expedient”, and it is unclear whether GDPR will end this in 2018.

All 4 questions, for any particular invoice, are quite straightforward to answer. Given an invoice, the category, and some form of patient identifier, does the data show that there are (some form of) medical records for that treatment, and are those records marked as having been paid by a previous invoice?

Each of the 4 questions needs only a yes or no answer – an answer that won’t reveal any of the contents of the medical records to the accountant doing the check.

The CCG’s accounting needs only the data that is on the invoice (question 2). And even that can be minimised, over time, using the pseudonym system that the Government’s response to Caldicott 3 requires NHS Digital to create for internal use.

While ‘the system’ knows who the patients are, accountants handling bills don’t have to. For corner cases – where there is a question or query – NHS England can adjudicate, based on a “necessary” rather than “expedient” existing process. This also means that any systemic failures or fraud perpetrated against a number of CCGs would be immediately visible, and could then be investigated at a national level. Against one CCG might be a mistake; against many looks criminal.

Even HMRC understands that giving its staff access to the (tax) records of their neighbours will end badly in the public view. Yet NHS England believes the current invoice reconciliation system should continue.

In its reading of Caldicott 3, NHS England would rather remain part of the problem than become part of the solution. Its officials’ flawed obsession with a Data Lake means they cannot politically support anything that doesn’t involve more copying of data.

Whether that approach meets the lawful test of expediency, and GDPR, remains to be seen.

NHS England wants to hear from you — MedConfidential Update – 21 September 2016

 

NHS England wants to hear from you…

The Department of Health’s consultation on the future of secrecy of your medical record closed 2 weeks ago. Thank you for your help and comments on why the privacy of your medical records matter to you.

After that, NHS England has announced public meetings to hear your views on what should happen next.

There are “discussion events” in London, Southampton, and Leeds. If you’re nearby, you might want to go along. They start on Monday afternoon in London.

The Government will respond in around 6 weeks

The Department of Health has said that they will respond to the Caldicott Consultation in about 6 weeks.

Will you be able to see that your wishes have been honoured? Or will there be more secrets?

Meanwhile in the rest of Government…

Meanwhile, the Cabinet Office is passing a new law to share any other data with whoever it wants. The scrutiny of the MPs will be rushed through in 6 days of sessions. The bill has no provisions requiring transparency of data flows – again it can be all secret.

The justifications are few. One is the case of an alcoholic who was given social housing above an off licence. A problem for that person to be sure; but there will be far more problems caused by routinely sharing information with landlords before tenants move in. With the privatisation of most council housing (certainly outside London), the flaws of this should be obvious.

You should decide who can see data about you, rather than decisions being imposed by a guy called Paul sitting in Whitehall.

We’ll have more next time…

“NHS England is closing the much criticised care.data programme”.

According to the Health Service Journal, “NHS England is closing the much criticised care.data programme”.

(Update: A written ministerial statement has now appeared on Parliament’s site)

Responding to the news, Phil Booth, Coordinator of medConfidential said:

Responding to the news, Phil Booth, Coordinator of medConfidential said:

“One toxic brand may have ended, but Government policy continues to be the widest sharing of every patient’s most private data.

“Launched this morning, the Government’s consultation on consent asks the public to comment on how Government should go about ignoring the opt outs that patients requested.

“The programme did exist, and whatever data the Government may wish to continue to sell to their commercial friends, patients dissented from data about them being shared. Their wishes must be honoured.

Notes to editors

q15 of the Consultation on New data security standards for health and social care puts the onus on consultation respondents to work out how Government could implement the policy they wish to follow, irrespective of the consultation:

 

[Press Release] The National Data Guardian for Health and Care Review of Data Security, Consent and Opt-Outs was published this morning.

“The NHS has not yet won the public’s trust in an area that is vital for the future of patient care” — Secretary of State Jeremy Hunt quoted in paragraph 1.5

From the report:

“4.2.1 This has been a report about trust. It is hard for people to trust what they do not understand, and the Review found that people do not generally understand how their information is used by health and social care organisations.”

About the existing opt outs that patients have expressed:

“the Review recommends that, in due course, the opt-out should not apply to any flows of information into the HSCIC. ”  (p31, 3.2.31 second column)

About the 25+ years of hospital data that continues to be sold:

“The Review recognises that the new opt-out should not cover HSCIC’s already mandated data collections, such as Hospital Episode Statistics (HES) data. The Review believes it is important that there is consistency and therefore where there is a mandatory legal requirement for data in place, opt-outs would not apply.” (p34, 3.2.41, bottom right)

 

We entirely agree with the Association of Medical Research Charities when they say:

“People need to feel that they can trust the system to handle their information with care and competence, and respect their wishes. If the public do not trust the system, they will be unwilling to share health information for medical research and this will seriously hinder progress on new treatments and cures of diseases such as cancer, dementia, rare conditions and many more.” http://www.amrc.org.uk/news/amrc-statement-on-the-caldicott-review

 

Phil Booth, coordinator of medConfidential said:

“Patient trust is vital. The NHS should win the publics trust by being seen to follow each patient’s wishes. However, yet again, the existing commercial entities demand leadership from others so they can continue feeding on patient data, despite the wishes of patients.

“The last data release register from HSCIC contains continued release to commercial companies. One, Beacon Consulting, on their homepage, advertise “we help our pharmaceutical clients solve difficult commercial problems”. Their commerical access was renewed in the most recent HSCIC data release register.”

“It seems the Department of Health is trying to have it both ways – tell patients one thing and commercial entities the other. When the consultation comes out, the public can have their say and the Department of Health will have to finally decide.”

There has to be a better way to find out how your data has been used than reading google’s press releases.”

Notes

The Hospital episode statistics now contain 1.5 billion patient hospital events, linked to each patient across a lifetime. According to the review, the 1.2 million patients who have opted out of their data being included in the hospital episode statistics, continue to have their data included in the hospital episode statistics – their choice has been ignored.

 

Caldicott Review and Government Consultation – 1st thoughts

This post will continue to be updated.

medConfidential welcomes the publication of the National Data Guaridan Review of Data Security, Consent, and Opt-Outs and the Government consultation on the findings.

  1. In practice, it matters most what the Government response and consultation says. Dame Fiona’s Review, while vital, may in practice end up as disregarded as the recommendations of her previous review.
  2. What is the change patients will see?  Will each patient know how their consent choice has been honoured? Will “make informed choices about how their data is used” be made real?  “The public is increasingly interested in what is happening to their information” (video 4)
  3. Being published in weeks where political promises have barely lasted hours after people resigned, and with the current opt out being the gift of the Secretary of State, what basis will the new consent language have? Is it comprehensive?
  4. “There has been little positive change in the use of data across health and social care since the 2013 Review and this has been frustrating to see.” — Dame Fiona Caldicott
  5. “The NHS has not yet won the public’s trust in an area that is vital for the future of patient care” – Secretary of State
  6. Will the National Data Guardian be put on a statutory footing? It was due to happen in the Digital Economy Bill, but the Bill has been published, and it’s not there. Another broken promise from the Secretary of State? The National Data Guardian consultation response is out, again promising legislation.
  7. If there are two opt outs, the “NHS” and “research” boxes may be overly confusing. Dodgy commercial projects will find an NHS figleaf to sneak in the “NHS” preference, while legitimate and bona fide academics will be left in the “research” box with it’s potentially radioactive commercial examples — this is the opposite of what a quick read by a busy citizen would expect. (page 39 – top right for the commercial project on radiation)
  8. MedConfidential welcomes the proposal that the opt out will be comprehensive across the NHS. This is an important simplification for patients, unless it is badly mishandled.
  9. Recommendation 18: “The Health and Social Care Information Centre (HSCIC) should develop a tool to help people understand how sharing their data has benefited other people. This tool should show when personal confidential data collected by HSCIC has been used and for what purposes.”
  10. Paragraph 1.35  “the opt-out should not apply to all flows of information into the HSCIC” — that’s GP data
  11. “The Review recognises that the new opt-out should not cover HSCIC’s already mandated data collections, such as Hospital Episode Statistics (HES) data. The Review believes it is important that there is consistency and therefore where there is a mandatory legal requirement for data in place, opt-outs would not apply.” – that’s all data going to most commercial entities.
  12. Video 4 is of most interest

first press comment now up.

With a pending consultation, it matters that the people who wish their data is used, and those who wish it not to be used, can both know, based on evidence, that their wishes were each honoured.

There has to be a better way to find out how your data has been used than reading google’s press releases.

2016 Digital Economy Bill

On the day that Tory MPs vote on a new leader, with the Home Secretary who tore up an ID card on her first day in office in the lead, the Government has introduced legislation to bring the database state back via the side door.

s38 of the Digital Economy Bill may require sharing of births, marriages, and deaths across the public sector in bulk without individual consent.

s29 as written allows sharing of medical information to anywhere in the public sector, or commercial companies providing public services, if it may increase “contribution to society”.

The National Data Guardian is not placed on a statutory footing.

As the Conservative leadership election moves forward, it seems to be that the database state is back.

 


 

update: The Cabinet Office have been in touch to say:

Para 18 of the government response clearly states:
18.       The Government acknowledges the importance of health and social care data in multi-agency preventative approaches and early intervention to prevent harm. We will do further work with the National Data Guardian following the publication of her review/report to consider how health data is best shared in line with her recommendations.

As a result health bodies are out of scope of the powers in the draft regulations.

The Bill itself contains no such exclusion, and many local authorities have been lobbying for precisely that access. We will look to clarify with a probing amendment at committee stage, but appreciate the press office getting in touch.

Data Usage Reports: Data derivation receipts from data processors

[this post will be amended slightly following the release of the Caldicott Review]

Some data processors wish to start getting ready for the introduction of Data Usage Reports. Data controllers will be the subject of a future post. For reporting of new knowledge created, existing reporting processes should be used.

For data processors that make data copying decisions based on instructions, the relevant component is simply the creation of an electronic receipt confirming the instructions, and the individuals whose data was copied.

It should be entirely derivable from audit materials, and require no ongoing extra work where there are audit systems. Below, we show the output manually, via a spreadsheet (excel) and, for the technical implementators, structured form.

The details

There are two parts of the receipt:

  1. The details of the data flow: the what, where, when, why. (these probably don’t change often, so regular updates may omit them)
    Organisation: “recipient organisation”
    Date: 2016-04-01
    Project title: “one line name” optional
    Description: “3 sentences about what/why” optional
    URL: a web link for more information optional
    legal basis for flow: optional
    postcode: (if relevant, for consented direct care access) optional
  2. The individual level identifiers for those individuals (the who). These being the identifiers that the processor was provided with (which in all likelihood should have been changed before the data was passed on)

    Identifiers as received by this processor
    785481E8-0BC1-4641-8ED7-D4D8D22C8AF2
    9B4E89F4-46E1-4D2B-8390-BBC728ABDA8D
    096E8894-1F69-45C3-AAF1-FBF4CF0E8313
    DFCF3B06-901C-407D-AB69-63E6D706C14A
    C39B1756-26A7-4200-96F4-284924AFE6E3
    B0F0A37A-CABD-404E-9256-796A69CD179D
    CE83E652-C44E-4D4F-86E0-2C9CBC49EB4D
    DBFB867B-08F9-4AD0-B05E-B947E39E31FF
    A947B578-A51F-464A-BD49-41C7956F2F8C
    08A015FA-D9A5-4FE8-BAAF-879FA84F50D8
    653ba56b1f21ad8bf7d4e30cc2fa4b1a10e4603c
    25fd81548b61dc0e0abf19c1809c7941a8ac15fc
    81811f9e9c698d5320f9069c35550e783c28806d
    726fe5e2f816c879169b38fe9cef944bcf898d10
    63c18e85a12dccc5304c88c847e3b85a33cd44ff
    39b17ecdab874579538afa2ebb3b333e63b08846
    2fc47b8ca79e381e598adfc5ef956b3596ff5853
    a85c70ebf68bda26df3088eee4fb890a7b2443e2
    b8feb487d136d1bce44e263f970a182b07061fc8
    d8045b84bc64d6f8a93b6820bfdecce9e1c980c7


Phrased like that, you can see it’s not particularly complicated.


Production of a data usage report is simply the information from receipts, with the existing information on release decisions and publications, transformed for the citizen.

If you’re interested, we’re happy to also talk to you about how to use data usage reporting.