Any requirement for an in-country COVID passport after a declaration of “freedom” will be an admission of domestic policy failure by the Government; the greater the requirement for COVID passport mandates, the bigger the failure of Government to manage the pandemic well.

If do you need a domestic COVID passport, we recommend the paper documents made available, but you also have to black out unnecessary information (see below):

• Once you have been vaccinated in England, we suggest you use this English online form to get your paper certificate. It should arrive within 5 working days. If you prefer, you can ask for a letter by calling 119.
• In Scotland you can request a copy of your letter online for Scotland here, or you can get a copy of your vaccine status letter by phoning the COVID-19 Status Helpline on 0808 196 8565. NHS Scotland says you should allow at least 14 days for your vaccination status letter to arrive.
• The only Wales online option requires you to have an NHS Login, or you can request a paper NHS COVID certificate by calling 0300 303 5667 – though it can take up to 10 working days for your certificate to arrive.
• To get a certificate for Northern Ireland online (which may take 3 days to process) you must have an nidirect account. Or you can request a paper COVID certificate by telephone on 0300 200 7814, though it will take up to 10 working days to arrive. 

The COVID passport apps in each nation are different; they work differently, and require you to prove your identity in different ways. The paper certificates tend to be valid for a longer time than the app versions, and don’t require you to show your logged-in phone to strangers.

Unfortunately the paper versions being sent out currently include information like your address and date of birth – so if you must use one for domestic purposes, make sure you block out any other personal information on it, leaving only your name and the QR code.

In our responses to Michael Gove’s original consultation on ‘Vaccine Passports’, and to the recent call for evidence on ‘Plan B’ in England, medConfidential pointed out many of the risks of app-based COVID passes. As the schemes roll out, we and others are picking up on additional problems – like people whose medical records are already flagged as sensitive not being able to get a pass.

And, as the introduction of the Scottish ‘COVID Status’ app has already demonstrated, the use of international COVID certificates for domestic purposes is unsafe, unwise and potentially unlawful; the QR codes designed for use at borders can ‘leak’ unnecessary personal information when checked at domestic venues.

medConfidential’s GP data grab Situation Reports are a series of updates sent to stakeholders; this one is public.

The long delay was inevitable

The announcement of the short delay in June to 1st September was largely due to NHSx and DHSC thinking they understood their mistakes; as the GPDPR Data Provision Notice has now been withdrawn, and any new DPN will have process to go through, GP data collection can now begin no earlier than the 2nd September.

The next announcement, of a longer delay, will mark the inevitable realisation of the magnitude of these past mistakes – a delay already referred to by the former Secretary of State in his last speech at the despatch box, where he said:

It will take some time to move over to the new system, hence I have delayed its introduction, but we have also made that delay to ensure that more people can hear about it.

Both the Secretary of State and David Davis MP also entirely agreed in that debate on the risks of dissemination. It is therefore clear that the (very welcome) commitments on the use of Trusted Research Environments must apply to hospital data, e.g. HES, as well as GP data.

This realisation may yet come slowly. On HES, it may take a legal opinion quoting the Secretary of State’s speech, next to the ICO’s guidance on UK GDPR and DPA 2018, next to current DHSC policy that requires NHS Digital to disseminate the sensitive, identifiable personal data of every hospital patient in England – even if they have dissented – thousands of times a month. 

We understand it will be difficult to decide today, that from tomorrow HES is identifiable special category personal data, when the data was disseminated yesterday (and for years before).

The best time to have complied with the UK’s 2018 Data Protection Act was in May 2018; the second best time is now.

Sequencing of Events

While the delay was announced so the Trusted Research Environment (TRE) could be built to the satisfaction of research, there is now time to do everything in the right order. Hopefully.

NHSx may have gotten to choose the starting point but, as the Health and Care Bill demonstrates, it missed the boat. The headline focus of the Bill, Clause 1, formally re-names NHS England, but nowhere in the Bill does NHS Digital get a re-name. Perhaps DHSC expects to use its new powers to abolish NHS Digital – thereby abolishing the statutory safe haven? That is untenable.

There is, however, still time for the proposed legislation to be amended to resolve some critical data trust issues. The Bill should, for example, have a hook to put the National Data Opt-out onto a statutory footing – so patients can know and have confidence in what the rules are, so the profession all know what the rules are, and so the various national bodies know what the rules are – and so that everyone knows how those rules can be changed (in either direction) in future.

As the use of GP data evolves, there should be discussion as to whether the National Data Opt-out (NDOO) should apply to data leaving GP systems and going to NHS Digital, or not. If the conclusion is that it will not, then the Type 1 GP data opt-out must live on. If the NDOO were to be clarified in legislation to have the same effect as the current GP opt-outs, then Type 1s could effectively be deprecated for all but the most critical concerns – for a statutory opt-out is much better than a non-statutory one.

Hospital data

All of the examples given in David Davis MP’s adjournment debate were to do with hospital data, and the Secretary of State agreed on the risks of disseminating patients’ identifiable GP data, explicitly stating his intent that “The dangers that come with the dissemination of pseudonymised data are removed.”

So why is NHS hospital data not also being made ‘TRE-only’ from summer 2021 onwards? 

If NHS Digital and NHSEx wish to demonstrate to the GP profession (and to patients and the public at large) that the TRE-only approach will work, the most straightforward way to do so would be to show it working for the hospital data NHS Digital already collects – with a variety of researchers and, say, NHS England’s ‘Data Services for Commissioners’ Regional Offices (DSCROs) demonstrating good use of it. 

Such a transition should also make the DSCROs and other ‘DHSC / NHS family’ users far happier, as they will be getting both a much better data analysis environment for their ongoing work, while increasing safety as well. 

As the Health and Care Bill puts obligations on Integrated Care Systems to ‘use more data’, such patient-level data usage should also all be in formally NHS-accredited Trusted Research Environments – initially NHS Digital’s, also ONS’s or Genomics England’s. (‘Five Safes’ TREs are entirely achievable, but some will claim they meet the standard when they do not. Hence the need for formal, likely mutual, accreditation; trust in all being dependent on the weakest link in the chain.)

Communications

The need to communicate directly to the entire public actually makes other problems easier to resolve; with the data opt-out definitions written down in legislation, what is left for debate (as was the case in 2014) is exactly what text will fit on two sides of A4 – the text for the opt-out / opt-back-in form being derived from the legislation itself. 

This process could start with the last consensus draft of the care.data Advisory Group letter because, as a public advocate of the programme said, GPDPR is care.data.

NHS Digital, NHSx, and the new power to amend legislation

While NHSx may choose how many (NHSx-liveried, crowd pleasing…) elephants are in the ‘tech vision’ parade, it continues to be NHS Digital that has to follow it around with a shovel. And whoever holds the shovel will forever be in tension with those who want more elephants.

Many of the persistent problems around data are the result of such tensions, not necessarily the organisation itself that is making a decision. The same criticisms of NHS Digital would apply to the cancer registry, which learnt the hard way that giving data to a “causes of cancer study” is not such a good idea when the study is run by a tobacco company.

Someone has to enforce the rules that DHSC advertises as “strict”; that is currently NHS Digital.

It is not NHS Digital that decides what data uses there could be – it responds largely to requests. Sometimes it recognises that a request is valid but that an analysis would be better done by someone else. (A “causes of cancer study” is not inherently a bad thing.) But, as a result, NHS Digital gets a reputation for saying no to people – mostly because few notice the thousands of data file releases it does make every month.

It is, and should be, the job of a statutory safe haven to have a deep understanding of what is possible, what is legal, and of the necessity of keeping promises to patients. (Keeping promises not being a recognised strength of this Government.)

Any body fulfilling the role of safe haven must be transparent about where data goes. NHSEx have been actively dishonest in that regard, and – even if that was initially a mistake – have then explicitly refused to correct the record, and have repeated the dishonesty.

Differing interests may not like individual decisions that NHS Digital takes, medConfidential included – but what must be recognised and emulated is that it tells the public what those decisions are and why they were made, and people can know what we don’t know.

With DHSC and NHSEx, however, the cronyism and corruption of the Government’s approvals processes means not only is there no picture of what we don’t know, there appears to be an explicit desire to make sure no-one knows. 

Perhaps we are being unfair on the ‘organisation’ behind the first version of the NHS COVID-19 app that barely made it to pilot stage; the group which pushed GPDPR forward against expert advice, and which vetoed suggested improvements of GPDPR before it collapsed; the outfit that misleads stakeholders on what it publishes; which simultaneously added domestic vaccine passports for users of the NHS app, and which (still) expects NHS patients to hand an unlocked smartphone to the border guards of a hostile nation,  but we believe one’s actions speak for themselves.

(Of course, the person who signed the GPDPR Direction got promoted shortly thereafter. When NHSx is abolished, NHSx policy functions should really revert to DHSC – not because any particular incumbent has any particular talents, more because officials always move on.)

If NHSx – or any actual NHS bodies, for that matter – wish to be seen as trusted, they must show themselves to be trustworthy. Downgrading the statutory safe haven and/or transferring its statutory powers without reference to Parliament is unlikely to help in this regard.

New Secretary of State and Life Sciences 

To push our earlier analogy, some of Sajid Javid’s team will be retracing the path of Matt Hancock’s elephant – with a shovel to clean up those emissions that still litter the building.

And those whose ‘Vision’ is less rose-tinted will recognise the “alignment” claimed in the restated Life Sciences strategy was prompted more by the overwhelming necessity of combating a common enemy than any real change in institutional politics or public attitudes. It is notable also that the stakeholders on whose data the Vision depends, the public, get short shrift in a document whose focus is to “deepen collaboration and trust between Government, the NHS, and the [Life Sciences] Sector”.

Aspirational statements for “the full support of patients, the public and NHS, and must build trust into [the Vision’s] delivery” are hard to square with the far more clearly-defined intent that: “governance and oversight of NHS health data must be simplified to drive research and innovation”.

We welcome the commitment to consensual, safe, and transparent data infrastructure for a 21st century health and care system; as we have been saying for years, a modern TRE for research and all other secondary uses is inevitable. The best time to have started was in 2013; the second best time is now.

Available next steps:

• Available next steps to safely make GP data available for research and planning 
• Opt out review note (June) and available next steps on opt outs (July)
• Briefing on the Health and Care Bill

Institutions that include everyone understand that great benefit comes from seeing complex issues in many different ways.

The most life-changing, rapid, and one-off decisions people must make are those to do with their health, and the health of their loved ones. Here too, the benefits of diversity are well understood. In medicine, there is a culture of “second opinions” – you can always ask another doctor for their opinion on a choice. This is acknowledged as a great strength of the medical community; indeed, the seeking of diverse (even possibly contradictory) opinions is actively supported by professionals realistic and humble enough to accept that there may not be one single right answer.

So why, as technology progresses, should we choose a lower standard for AIs offering diagnostic assistance to doctors?

Necessary variation in clinical Artifical Intelligence ‘opinion’ will arise only from open competition amongst providers, all respecting the consensual, safe, and transparent use of patients’ data, underpinned by medical ethics.

When you are ill and have a care team today, the decision process available to clinicians deciding your treatment comes not from a single view, but from a comprehensive assessment considering diverse perspectives.

The same should apply when AIs join a care team, which could mean one AI’s analysis spotting something another has assessed as less significant – it should only take one finding to prompt a new consideration. And should we not meet the urgent demand for more doctors, it may be appropriately diverse, ‘always on’, clinical AI assistance tools that could help recast the mix of experience required. (Or perhaps, in a future AI world, patients will be sick of experts…)

Diversity in the medical AI ecosystem will result from the choice of different modelling approaches and the use of different training data, the variation in outcomes (i.e. advice) will come about for similar reasons as today: differing opinions arising from different choices made by different ‘cultures’. No training dataset that systematically excludes some or any community should be acceptable, but different datasets in different models will result in different suggestions – reflecting the humanity of everyone.

The consultation of multiple clinical support systems should be as straightforward as the consultation of any single system in every hospital that meets modern standards for interoperability (FHIR, or the NHS goal of being paperless by 2020). Therefore, when requesting an assessment from an AI clinical support system, it will be just as easy to ask three – unless a monopolistic supplier limits your care to that provided by their models.

Diversity has sound economic reasons too: a mandate for multiple opinions would ensure a healthy, competitive market in AIs for clinical support. Such a mandate wouldn’t raise costs, as it would triple the market size – and it would ensure a continual process of innovation. Over time, as AI improves, there would be minimal risks in moving to newer systems; during the testing phase, four opinions are as easy to consolidate as three.

Also, where patients consent to research, over time, the health outcomes of those patients can become a measure of the different approaches. In that way, if AIs’ outputs are measured on their clinical benefit, “best” can become a clinical outcome – not a marketing claim. Which also delivers on the Government’s commitment that patients should know how their records have been used, and what was learnt from those projects.

In short, a mandate for progress through safe innovation is deliverable today, in line with professional practice and medical ethics, if that is what we want.

 

A National Health Service

Markets around the NHS must themselves be sustainable, and the NHS is in a position – as a research and development institution, and as the data controller in multiple clinical environments – to manage rapid development and testing of AI in a way that a recent flagship project did unlawfully.

It is clear, however, that some institutions within the NHS feel they are required to give up their patients’ data to avoid “falling behind”. All they are demonstrating is their own lack of awareness.

Every AI company is dependent upon masses of data; some may try to ‘free ride’ off the NHS infrastructure, hoping to copy some of the patients’ data that flows through it for profit, without even paying the taxes that fund the NHS. Whatever the case, in every ‘deal’ that is made, the original data controller remains the data controller – and there is no result that cannot be replicated (more cheaply) by another hospital with a similar dataset later, building on shared experience and published results.

Simply believing ‘the smartest guys in the room’ is neither wise, nor the only choice. Novelty can indeed be part of the legitimate research and care process, but the sort of innovations we need cannot involve the secret testing of AIs on humans without their knowledge or consent.

Great risk to the NHS comes only from the perverse incentives of commercial monopoly, grounded in the belief that there should be just a few data silos. (Guess whose?)

Google DeepMind’s Health division might be entirely dependent upon a continued supply of NHS data, but the NHS is not dependent upon Google unless it chooses to be; other AI developers – and search engines – are available. The NHS is not in a position to ensure an effective market in search engines, but just as it already does for health information, it has the authority to do so for clinical assistance; assuming there is the political desire to have a functional and sustainable system.

---

This will form the basis of Part II of medConfidential’s submission the House of Lords Inquiry on AI.  We’d welcome your thoughts at sam@medconfidential.org / @smithsam

Before everyone starts their summer, here are a few ‘tied-up loose ends’ that had previously been left dangling.

Your GP records: If your GP uses TPP or EMIS, you can today begin to see how your data has been accessed. Neither TPP nor EMIS yet cover their research databases, but they will have to shortly because of the findings of the Caldicott Review.

 

Caldicott Review: The Government has finally responded to Dame Fiona Caldicott’s 2016 Review. It has committed that you will be able to see how your records have been used, both for direct care and all other uses. This will be phased in “by 2020”, mostly (we hope) in 2018. If you have opted out, you will be written to about any changes before they happen. Our longer response is now up.

 

Google DeepMind broke the law by copying 1.6 million medical records, according to the Information Commissioner – and the company was rebuked by its own Reviewers. medConfidential’s complaint was found to be true; Google’s statements, not so much.

 

Your DNA: The Chief Medical Officer has opened a “national conversation” about the future of genomics. This starts with patients who have unknown cancers or rare diseases, who may see significant benefits from genomics. But it involves two questions, which boil down to: “Can we do this for your care?” and “If we don’t get an answer now, do you want us to keep your details in a research project which might give you an answer sooner? If not, we’ll run the test again in a year or two.”

There should be no difference to the person’s immediate care, and each patient is given a reasonable choice. If this can be done for cancer genomics, it can clearly be done elsewhere. We would have included a link on how to feed back your thoughts on the CMO’s Report and next steps, but there isn’t one.

 

Patient views on Research: The “Understanding Patient Data” project has run some workshops looking at privacy or research. The blatantly faulty premise of this work is exposed by the Information Commissioner, who has stated: “It’s not privacy or innovation – it’s privacy and innovation.” Had UPD included us in any of their planning, we’d have pointed that out.

 

The GP IT provider TPP: The trial of functionality to allow GPs using TPP’s systems to properly execute their responsibilities to patients should conclude shortly, and – assuming no major problems are found – be rolled out to every GP that uses TPP. With other changes eventually being correctly implemented, this should reassure all sides.

As part of this process, TPP’s notoriously litigious founder instructed lawyers to send us a “reputation management” (defamation) letter, which also said that TPP had no desire to respond to medConfidential.

 

Public Health England is still in denial about its data and consent troubles. Its officials consider themselves part of your cancer care team, despite very few patients having any idea who they are, or why this should be. Beyond the institutional desire to ignore and distrust the Caldicott Consent Choice, what will change?

PHE’s problems are far wider than just consent, but it is a good place to start. Yet another Review is due to be published soon. Will the disease registries move under the NHS umbrella, or will PHE continue to refuse reform – and if so, will you know how your data gets used? Transparency is not the same as respect for confidentiality, but it does make ignoring confidentiality only possible by being dishonest.

 

Funding: We are very grateful indeed to the Joseph Rowntree Reform Trust Ltd for awarding us a further year’s grant, covering 80% of our core funding, that will enable us to continue working towards consensual, safe, and transparent data flows in the NHS – and to defend human rights in the face of your data being copied without your knowledge or approval.

 

Brexit: As Brexit Britain draws closer, and having already introduced measures that try to make NHS staff hassle brown people for documentation, the NHS now faces a three-way stand-off – a ‘Brexit Triangle’: does the Department of Health now direct NHS staff to hassle everyone who looks or sounds ‘foreign’, or to hassle absolutely everyone, or do we give in and issue everyone with ID cards?

We may not know the outcome – but we do know that, armed with facts, every patient can speak with the authority of their own lived experience of the NHS. Please do keep informing yourselves, and informing others. Maybe you could share this newsletter with them?

 

What’s next? We hope you enjoy your summer. We have quite a lot to do, getting ready for when Civil Servants and Parliament return in September. Our NHS friends are, of course, working all through the summer. We wish them, and you, well