In a couple of hundred words on the last Friday before Christmas, a short piece talked about what the recent HDR/Sudlow Review means for you and how the Government thinks it will use your medical history and your medical notes in ways you may not entirely like. This blog post is a little longer than that – we look at what they’re already doing and how.

Wes Streeting wrote that patients should be given weight loss drugs because they’re “holding back our economy”. Afterwards, he went into damage control mode. His original quote cut through so far that his response saying “Jabbing unemployed people who are overweight – that is not the agenda”  has made it into the BBC Newscast podcast opening credits. Jabbing unemployed people who are overweight is exactly what he announced. Streeting doesn’t want to be dystopian, but perhaps the important thing is the outcome not his personal intent. 

The Treasury’s instruction to Departments was “stop non-priority spending” and then the Department of Health in England then gladly put out press release how they were complying:

“NHS England is working with the Office for National Statistics to assess the economic benefits of several health interventions including talking therapies, bariatric surgery, treatment for endometriosis, and the NHS Type 2 Diabetes Prevention Programme.

The analysis will also cover the impact on waiting times, employment rates and earnings while feeding into work by the Office for Budget Responsibility and the government on labour market effects.”

DH/E and HMT refuse to say whether the instruction to prioritise public funds for economic growth, and the instruction “not doing things” that don’t grow the economy, apply to the NHS. NHS England clearly thinks they do. When reviewing the project, NHS England’s Independent Advisory Group on Data (AGD) asked if HM Treasury should be named as a joint data controller for this project (section 5.1.10). In order to prioritise treatments that assist the economy in a fixed NHS budget, the Government will also have to deprioritise treatments that help patients but don’t measure as helping the economy. 

Your health records linked to your tax records is how that is measured, and they’ve already started. The HDR/Sudlow Review covers their perspective on how that should be done and what the Office of National Statistics should do with data. ONS convened the review because ONS has a major problem – they culturally insist they have the support of the public for what they do with data, but they measure that support by response rates to their surveys, and public support has collapsed to only 20% and falling. 

In response, like other abusers of power who want to feel they were thinking like Obi Wan, ONS found it easiest to act like Vader. 

The context: All your medical history and medical notes all in one place to be used however the Governments wants

The proposal for a Single Central Care Record has been announced and re-announced several times now as Wes Streeting’s “big idea” to help the NHS. It will put your entire medical history inside Palantir/FDP where DH/E can run AIs over it to do “population health management” and where access can be offered to your medical notes anywhere the NHS logo is seen – not just any doctor you see, but any doctor you could see (including private doctors and hospitals). Will any creepy single doctor anywhere in the NHS be able to look up your full medical history including all medical notes? Probably.

At this time we don’t know whether you will be forced to have one of these records, or what transparency will be around where your record is accessed. Given how DH/E are talking about the record, you are likely to be forced to have one as it is for direct care but it is replacing existing systems which do have an opt out, so who knows. The Department of Health in England has repeatedly sided with creeps over their victims.

When thinking what data the HDR/Sudlow Review covers, it is not just your hospital records, but all your GP records and all your written notes, and anything any other part of government (DWP, HMRC, DfE, etc) may know about you, all linked together and available to civil servants with no obligation to disclose what it’s used for unless someone in Parliament asks.

One argument made throughout is that data is only used for “public good”. There is a vast difference between what the Government of the day thinks of as “public good” and what is good for you. Austerity was a public good according to the Government of the day.

When a pregnant woman shares her heart rate readings 24/7 with her doctor for her health, it is the position of HDR/Sudlow that the Department of Health in England should be able to sell those data so they can be mined by anyone who pays the access fee. It is the position of DH/E that there is no opt out for you from the sale of that data – the choice is literally your data or your life… 

HDR/Sudlow in brief: Clubcard Culture sends more data to more places more recklessly

As described on page 167, Biobank wants the Department of Health in England to reuse data that was collected with the promise of “pandemic only”, and give it away to Biobank and others to hand out like any other NHS data. Buried on pg 102 is the desire to collect and share data from your smartwatch and on pg 103 your loyalty card. In practice, that would be the NHS collecting your smartwatch and loyalty card transactions and placing them in Palantir for Biobank and others to copy and rifle through.

One slide from the launch sums it up – it shows Clubcard data and smart watch data being copied to the NHS and onwards to research and commercial use – but that slide doesn’t mention the very controversial HMRC tax data that ONS and NHS are using to change waiting list priorities. Funny that…

Recent research shows that the smartwatch on your write can help diagnose a range of conditions earlier, but that level of detail can also be used to 

HDR/Sudlow: Biobank as the role model for more recklessness

Proposing that more data goes to Biobank to go to racists doesn’t grow the economy for everyone, it just grows some bank balances. Biobank believes that’s ok (still) because they pay Biobank’s fees.

Speaking at the launch, the report author said the goal was applicants getting data in “days” and proclaimed Biobank have “one of the best systems” for giving data out rapidly (without sufficient checks on who they gave it to).

We must note the Review author’s previous job from 2011-2019 which was getting more data for the disgraced regime at the UK Biobank during the period that the rules were watered down which meant Biobank handed the genetic data of the Biobank cohort to eugenicists, then moved to the mess that is HDR (the two organisations share a culture).  

Biobank continue to angrily deny that people connected to the organisation Biobank gave data to, including the EIDs field, have access to the EIDs field that Biobank gave them (the full investigation)

The Department of Health in England are auditing Biobank, but it’s unclear whether that audit will cover Biobank processes which led to the coverage in 2024, or whether the audit will be narrow and restricted only to questions around insurer access by the Guardian in 2023, possibly also excluding the story from 2022 about Biobank selling data to China (nothing seems to be happening about our 2024 followup to that – Biobank ignored our questions). Biobank’s main concern seems to be whether they have received money from applicants, only checking that the applicant isn’t on Biobank’s list of known racists to reject – a list that will always be incomplete.

The NHS application form is 30 pages, the Biobank version is only three pages. Biobank continue to insist that nothing in those 27 pages matters (and nothing in their contract with NHS England requires them to ask anything in those pages), but the checks are so laxthat Biobank didn’t spot an applicant was a bunch of eugenicists operating out of the same fake office as QAnon sites and other scams. That’s the approach HDR/Sudlow and ONS wants to all public sector data.

Biobank repeatedly argues that eugenicists keep trying to get Biobank data, and when Biobank catches them they’ll say no (pity about the cases they’ve said yes to). Biobank claim not to understand the approach of making multiple requests until it works, yet Biobank keep repeating their demands that data they should get Biobank think they deserve without following the rules, and will keep stomping their little feet (and getting meetings with Ministers) until they get what they want – the ripping up of promises to patients.

HDR/Sudlow’s friends shouldn’t have to keep their promises?

Unless patients can see how data is used, the government will get lobbied to break every promise they’ve ever made to patients whenever the day ends in “y”, because no patient can tell the difference. This report is another example of that – HDR/Sudlow Review agrees with Sudlow’s previous lobbying job that their friends should get a free pass out of their obligations.

Following the Review’s recommendation, DH have announced that they’re going to give the “pandemic only” GP data to Biobank and others under terms that are not limited to the Covid19 but will be for whatever Biobank, Our Future Health (and others) think they can do usefully with the data in future (and only they get to decide that, no one else has a say) 

HDR/Sudlow: only HDR’s Sockpuppets should be listened to

The Review says some things about consultation and engagement, picking winners from amongst consultation respondents by choosing those deemed a “good” consultee because they agree with what HDR/Sudlow wants to hear. HDR has form for this in designing an supposedly “open” call for applications in which UKRI will channel public funds to the “single collaborative bid” HDR chooses to support (the bid of their friends)

Unfortunately and embarrassingly for the authors, the HDR/Sudlow Review was so distracted by ensuring the Review only included the views of HDR that it forgot to suggest anyone else be invited to the group that supposedly should write the rules. The Review was so far in an echo chamber it forgot all it was listening to was itself.

According to HDR/Sudlow (pg 163), those that “would be well positioned to lead on SDE standards” is only “HDR UK [legal entity: HDR], ADR UK (partner with HDR but legally part of UKRI who fund HDR), the UK Health Data Research Alliance [legal entity: HDR], and UKRI’s Data and Analytics Research Environments UK (DARE UK) programme[legal entity: HDR]” and no one else. We have covered at length the ongoing subversion of safeguards by HDR as they continue their cash to cronies grants process and closed shop.

DH/E may be told they’re hearing from four organisations, but all bar one are sockpuppets controlled (in the data controller sense and in the practical sense) and owned by HDR where all the people in the room report up to HDR’s leader Andrew Morris and follow his party line.

Similarly, many of the public engagement groups of which HDR/Sudlow speaks supportively –  PEDRI [legal entity: HDR], DAREUK [legal entity: HDR], etc are again simply HDR hiding behind another logo. The one exception (UseMyData) have staff funded by HDR and other staff paid by NHS England to do engagement work – entirely legitimate but difficult to be considered independent from HDR’s desires around NHS data. 

Biobank and HDR want all data the NHS has, and they act as useful idiots for others who want that data for their own gain, including the Secretary of State who has an idea…

The Review was written to justify what was already being done

The NHS England announcement gives four examples where DH/E knows that there is a clear investment case to be made for funds, which is good for the bits of DH/E managing those waiting lists, but in a fixed budget imposed by HMT, that takes cash away from other treatments. 

Focussing on economic benefits means “economic growth” supplants clinical decision making and prioritisation. The more say HMT has, and the more control the Department of Health in England takes, the less choice your doctors have. 

The obesity work has already been done in the pilot, and now will be repeated with the other three areas (the work is being done by statisticians who like comparability). Ian Diamond talked about the work at the launch of the Sudlow Review where he disclosed that the existing work was done by ONS linking together taxpayer records with their health data, something the HDR/Sudlow review seems to have obfuscated in the Review itself.

All your health records and all your tax records linked, for departments to do with whatever they see fit. Once they’ve done these four areas, it is bureaucratically indefensible for not comparing all treatments across all of the NHS – what happens if there’s one that offers more benefit? But it will also show all treatments that have patient benefit but not measurable economic benefit. According to ONS (item 5.1 in April), the organisation making these decisions should be ONS, not the NHS. ONS makes decisions about the value of a statistical analysis, without any regard for the impact on patients or health.

ONS can do this because when NHS England gave them data for statistics purposes, NHS England chose not to respect the National Data Opt Out because it wasn’t identifiable data that would be linked onto your tax records (supposedly). Once ONS got the data for something, it can reuse it for  anything. The NHS England Advisory Group on Data was not entirely happy (section 5.1 in October) but NHS England doesn’t appear to care.

Despite the use of tax records being discussed at the launch of the Sudlow Review, the diagram on page 123 of the report notably omits HMRC taxpayer data being in the plans outlined by the Sudlow Review. The mention on page 90 is so opaque you could be entirely forgiven for missing that your tax records are being linked to your health records and data mined in ways you have no awareness of (while academic projects are publicly disclosed, projects internal to government are kept secret as clubcard culture has taken over the “digital centre of government”).

The HMRC/health data linkage is not used to give or refuse care – it is a model used to say what types of treatments help economic growth (and so should be treated faster), and which don’t (and so people can wait longer), in general terms, for people like you.

Simultaneously, DH/E is centralising waiting list cleansing and prioritisation in Palantir means DH/E will be centrally setting the criteria for who gets the limited resource of an operating theatre or specialist care, replacing centrally what is currently done by the doctors in your hospital making decisions based on clinical need.

Like equivalent analysts at US health insurers, ONS will claim their findings don’t affect your care, but it is intended to affect the priorities of care provided to people like you for care you may need in future. If the care you need doesn’t promote economic growth then being rich won’t help you, and if you happen to have a disease of the rich then your poverty doesn’t matter. It’s all about “in general” not you specifically. But, diseases of London have a bigger impact on the economy than diseases of Blackpool or the North, so waiting lists in London should be prioritised according to the logic that the previous government used to start the NHS down this analysis path.

The Everyone Database: names, addresses, dates of birth, and all the identifiers used for you across Government linking all the data government has

I’ve previously sat in a UKRI meeting where a Professor spoke at length that he was not suggesting creating a population index or population register, while his slide behind him said he was, and he wanted it to be based on the NHS patient register. They had invited no one from the NHS to that meeting – they weren’t aware (until we told them). “Population Research UK” (another HDR sockpuppet) seems to have got them to do it anyway.  If the meetings of that have started, has anyone from ONS noticed that everyone they’re talking to is basically Andrew Morris in a disguise?

On page 123 the Review discloses what the Database is, and at the review launch, National Statistician Ian Diamond disclosed ONS had already built the “demographic index” and are using it as the link between tax and health records in order to do the analysis of which care to prioritise and which to deprioritise (ie cut).

The inclusion of justice data is particularly troubling – given it is a database of the victims of crime, not just perpetrators, mostly because HDR/Sudlow didn’t bother to think of those in any database as people with rights or concerns (or think of them as people at all).

The National Statistician has a choice

Speaking in 2021, Sir Ian Diamond, National Statistician said:

“There’s no god given right for us to have data. There needs to be a really sound public good reason for collecting data, and using data, and people need to feel absolutely comfortable that their data are being used properly and kept securely and in a way that satisfies all forms of privacy”

Does the National Statistician still believe that? If someone isn’t comfortable with that, for demonstrably good reasons, does the National Statistician want to use their data anyway? How does someone opt out?

At the HDR/Sudlow Review launch, he repeatedly talked about data being “used properly”.

Does “used properly” include the economic analyses that DH/E have announced being done on the data of people who have opted out of their data being used for purposes beyond direct care?

Does “used properly” include using the tax records of people who are given no choice about that at all?

As currently built, the ONS Population Index includes the NHS identifiers of everyone, but could easily have a second field which is only the NHS identifiers of people who have not got a national data opt out, and it is that second field which is used for research purposes. Until DSIT gives a “rest of government opt out” the “NHS national data opt out” is available, especially for NHS uses. The existence and scope for abuse of the Population Index is an entirely different problem (noting also that the spooks want access to everything any entity in the UK uses for anything). What happens when Home Office staff walk across the corridor from their open plan office into the ONS open plan office in the same building and want special access to data?

Some of the other simpler issues can resolve themselves – transparency will come to ONS either voluntarily or from outside. ONS can request a second dataset to which the National Data Opt Out has been respected, which is used for all research proposals (as AGD recommended); or as the HDR/Sudlow Review suggested for Biobank and the Department of Health in England, do promises only apply when it’s easier to keep them than not? Will ONS treat the census the same way?

ONS claims some abstract sense of “public support” for what they do, but they want data this way because public support for their work, in the very real measure of response rates to their flagship survey, is only 20% and falling. ONS claims of public support do not stand up against their own response rates.

== 

(some of these issues might come up at the UK Statistics Assembly in a few days. If you’re reading this after that event, medConfidential’s remarks in the breakout session should have appeared here by now)

For those who have followed medConfidential’s team since the 2000s, the institutional funders who focussed on these topics under the previous labour government seem to have moved on to other areas. We remain grateful for individual donations.

The reasoning in our short note on business models for data from 2019 holds up pretty well. Policy was a mess then and it’s a mess now as nothing substantial has changed. The re-announcement of existing work provides an opportunity to look at what happened to the examples we cited in 2019. Then it was speculation, but it played out in ways that were predictable in 2019:

What failed:

Deepmind/RFH is a mostly-forgotten debacle buried in the vaults of denial at Google Health (which no longer exists either).

Kuvan came off patent and became widely available as a commodity priced generic so it became available to everyone who needs it.

Sensyne went bust, and the NHS equity stakes got wiped out – “diluted to oblivion” as Lord Drayson put it (after he left) still insisting (Q24) his model worked (the company went bust).

TheySoldItAnyway.com – cash for access continues.

Whatsapp/Facebook – continue as AI enshittification continues to play out.

Orth.AI has rebooted as “nAItive” with the son of a Oxford Professor still in charge, denying any wrongdoing/nepotism and not explaining who didn’t know what when about the deals which resulted in the company having a copy of hospital records it tried to train models on.

Dr Foster ended their deal with Imperial and went their own way having been eaten by Telstra.

Orkambi is now permanently available in in the UK (not in poorer countries) but remains very expensive until it can be bought generically (legally here, at least). 

The Theranos founders are in jail.

Babylon and GP at Hand ditched the NHS as it ran low on money, then ran out of money and collapsed.

The harms of the consolidation of supply chains became evident during covid.

What worked:

In 2019 we said: 

• “Rather than focusing on speculative business models, OLS should be attempting to deliver commodity pricing for all innovations, as fast as possible.”
• “The primary measure of success should be net cost to the entire NHS and Social Care, rather than to any individual budgetary silo.”
• “All uses of data controlled by NHS bodies should be made available to the patients involved, via NHS.UK”

Successes listed have come from rapid competition to allow a diverse and commoditized supply chain. Where monopoly or profiteering were supported, temporary success was temporary and then they failed.

In the US, “Cost Plus Drugs” is the radical pharmacy undermining US problems of price gouging, but that generic-replica approach can be applied to algorithms and diagnosis tools using AI which may become available worldwide. When companies think they can make profits off a published algorithm, their profit is a negative elsewhere

The interesting case of the Deepmind/Moorfields project – 5 years on

The Deepmind/Moorfields project is the most interesting case study as it went both ways. DeepMind published their discoveries openly and freely in Nature, to wide acclaim and understanding, a model repeated in other projects that got recognition.The publication of that research means that it was available for anyone else to copy and build upon at will – the substantive knowledge was public and free for all.

Today, if you walk into an opticians, they’ll have new and better machines that can have incorporated that research to do more and tell if your sight is at risk and help you take early preventative steps, or emergency measures, to avoid going blind. There are people walking around today who would be blind without those innovations published freely and openly by DeepMind/Moorfields. This is an unalloyed good for which the benefits can be calculated (but as far as we are aware, this hasn’t been done).

However, to someone sitting in an office in Moorfields, they are disappointed that none of that benefit to people’s sight is attributed to Moorfields. Moorfields themselves have spent the intervening years trying to figure out how to charge exactly the right amount of money across different NHS balance sheets to satisfy DHSC guidance, and those other trusts have been careful to make sure they didn’t get charged too much, so nothing happened. People can see, but Moorfields (and Wes Streeting’s reannounced approach) want some cast to drop into a Moofields bucket every single time. Moorfields spent the time since 2018 arguing with others about how much that should be, and got precisely nowhere. How much is it worth to save your sight? Are you willing to pay that much to save someone else’s sight? Moorfields can’t agree with anyone else what those two numbers should be. The benefits to the public purse are massive, but Moorfields entirely disregard that and look only at their own accounting. The good thing is that the research was open and so no one had to pay Moorfields anything and people’s sight got saved anyway. That’s how progress should work.

The DeepMind/Moorfields project is how benefits can be demonstrated and realised, and simultaneously demonstrates why all too often they aren’t.

“Pharma Bro” 5 years on

We illustrated page 1 of our 2019 piece with the classic picture of the “Pharma Bro” who made money hiking the costs of non-generic drugs simply because he could, and then went to jail for fraud. He’s now out of jail but remains banned for life from the pharmaceutical industry (at the time of writing – he may get that restriction quashed by Trump2).

Seeing that as a constraint, he pays for AI compute time to build models of novel pharmaceuticals and releases them onto the internet for free, undermining the industry he’s banned from. If the drugs work in testing, there is prior art to undermine a profiteering patent (in his theory, in practice, who knows?)…

The same approach can be taken to get commodity pricing for algorithms. If one bit of the NHS thinks it will make money from selling what is publicly available, there should be a small prize fund to reward bored PhD students who replicate it and give it for free to all the other NHS Trusts and healthcare organisations for them to test internally and use internally. The US model is how to scale that.

In the NHS, any money one organisation makes from selling innovations will largely come from the budgets of other NHS entities and so the “innovation” income lauded by Streeting is simply taking money out of other NHS budgets. It is not quite a zero sum game, it is worse than that as overheads (tax, transactions, admin, interest, VC payback, etc) will eat some at every stage. If you get £1 profit into an NHS budget, it’s probably £3 or more cost to later NHS budgets.

2019+5: Still “Between Goat Rodeo and Black Elephant”

Five years after our original draft, there are a few new examples, but the thesis from then held. While the examples of barriers and profiteering lauded in 2019 have largely collapsed, as those who profited from the collapse remain in denial (Q24, theranos). Those who offered commodity pricing all survive.

The Office of Life Sciences and Department of Health in England thinking on business models continues to bounce “Between Goat Rodeo and Black Elephant” based on the interests of the day, while DeepMind/Moorfields deserve recognition (and calculation) of how many people’s sight was saved as a result. Just because it doesn’t appear on an NHS balance sheet doesn’t mean it wasn’t a benefit.

Done responsibly, correctly, without profiteering, diagnostic algorithms may be one day seen like vaccines, which are currently the only “prevention” that is so effective many forget what has been successfully prevented by innovation.

Enc:

• Innovation Part A
• Submission to the spending review
• Submission to OfCom on their research plans

As Labour discovered, the Department of Health in England will conjure reasons to reject something they don’t want to do by only speaking to those who will agree with them.  

Buried in the National Data Guardian annual report is the outcome of some work by the Department of Health in England on whether to tell users when their GP records accessed for direct care from hospitals and other care settings – they’ve decided not to do it. DH/E never talked to us about this work on a topic we’ve been working on for the last decade. 

If you listened to Wes Streeting’s speeches, you’d be forgiven for hearing that anyone reading your GP record from outside your GP was impossible. In practice, it’s routine.

Summary Care Records, Shared Care Records, and GP Connect all already exist, and are used to help people most of the time, but are also abused by creepy single doctors to look up the records of women they want to go on dates with, or used by stalkers to read what their victims told their doctors about their fears and health conditions – that last link being the first time we’ve seen a disciplinary hearing cover these topics. The doctor was struck off. 

Item 6.7.4 of the NDG annual report tells you why the Department of Health in England chose to do nothing – it shows DH/E looked at telling users when/where their GP records are accessed for direct care today, and decided protecting patients from creeps employed in the NHS is too “technically and legally” complex. What that means in practice is DH/E would have to cooperate with GPs to show patients where/when DH/E had facilitated abusive access to GP records, and DH/E has decided it doesn’t want to. DH/E has legal responsibility for those abusive access, and has decided that the best way to behave is to keep secret from you the evidence of how your record has been abused, so you can’t complain because you don’t know, and GPs can’t hold DH/E to their agreement because they don’t know. The NDG says her “observations” are that it’s humans using systems in ways they can and which no patient can easily detect.

You can carry on reading into section 6.8 and mentally substitute the various NHS bodies/roles with “Met Police” equivalents from the Sarah Everard case, or the many many other cases where institution denial reigned supreme and innocent women paid the price. How many ghouls have looked up the GP records of victims of crime? No one will ever know because, like the police (until recently?), DH/E has sided with the perpetrators they employ against the victims.

The Department of Health in England is aware of the benefits (to them) of sustaining that ignorance, as item 6.8 of the NDG annual report says the view of DH/E and the NDG on how to resolve it is that: “the public need to be assured that deterrents and sanctions against improper use are meaningful and effective to deter such abuses occurring” (but when they do occur they’ll be covered up so occurrences can be dismissed as rare – which makes the defence rather pathetic). Most victims do not have the evidence to make a legal complaint, and without prior police involvement that evidence will not be made available to them.

The Department of Health in England insists on marking its own homework on access by creeps, but it has so little confidence in its own efforts it will never tell you the truth about the results. As NDG says “bad actors can and do significantly undermine public trust”, but it is the facilitation of the coverup that is the systemic flaw that undermines all honest police officers NHS staff. Individual bad actors will always try to undermine trust, but when guardians institutionalise a conspiracy of silence over bad actions, then the bad actors are seen to embody bad institutions.

In other entirely expected acts of duplicity and secrecy, while NHS England has previously said it would publish the Data Protection Impact Assessments for all parts of the Palantir procurement and all the “use cases” in the Federated Data Platform, they haven’t. The “Privacy Enhancing Technologies” contract has no published DPIA, and the use cases are all being withheld so the Department of Health in England doesn’t have to explain why what they do is different to what they said they would do – coverup is the norm.

DH/E sides with creeps and abusers because that gives them a quiet life, not hearing from anyone that might challenge their decisions to do nothing. (That culture repeats with the proposed reuse of “pandemic only” data governance for non-pandemic uses merely because DH/E don’t want to have the short conversation about doing it properly when they think they can just do whatever they dictate instead).

The new government’s “vision” for their time in Government is to take ownership of all your medical records, including all your written notes, make them all available to creepy single doctors anywhere the NHS logo is seen, to feed them to AIs, and to sell them for economic growth. Inspired by the chatGPT output of the Blair Institute, Wes Streeting’s position is you’ll have no choices in any part of that, and they might even keep secret from you whether it’s happening.

Merry Christmas from medConfidential and best wishes for 2025. We’ll be here.

Update January 2025: Government has now answered a written question on this topic which suggests that if you want to know who has accessed your GP records, NHS England and NDG believe you should do a Subject Access Request to NHS England (for Summary Care Records), to your GP (for some of GP Connect), your local ICB (for your Shared Care Record) and every hospital and care provider in the country who may have creeped on your records. It seems both the Department of Health in England and NDG have sided with creeps against victims. The NDG annual report says “trust can only be maintained if health and care organisations, professional regulators, the ICO, and potentially the police respond seriously and comprehensively to breaches of confidentiality by staff” which are fine words unfortunately disconnected to the actions of those bodies.

The Guardian has written about the Prevention of Future Deaths reports that politicians were citing as reason to do their central care record. 

Many of the cases say doctors didn’t know about a condition that would be clearly recorded in the Summary Care Record, or Shared Care Record, or in GP Connect, or any of the data systems designed to share data around the NHS. These existing systems are already there. But the response of DH is to say a new system might be ready by the mid-2030s – which is entirely disconnected from preventing deaths.

The list of PFDs is very long, there were 11 new ones in one day last week, so the lists you see are cherry-picked as well as being terrible experiences. Because someone died, these are the cases that get investigated. How many other cases are there where no one died so no coroner looked?

If missing access to records were really the life-saving priority claimed, a 3 months away solution is to tell all patients where/when their record was accessed via the national systems. So all the routine cases of non-access, the many more that don’t end with a coroner, can see when their record was not accessed when they believe it should have been. The living can ask why the frontline didn’t check these systems; the dead need coroners.

Your case shouldn’t have to be in front of a coroner to know whether your records weren’t read – by then it’s too late for you. We focus on scope for abuse of Wes’s plans, seeing where and when your records were accessed by creeps and stalkers, but it will be far more common to see that you interacted with the health system and your records from elsewhere were never checked.

If NHS England continues to refuse to tell patients – as they have refused for a decade, perhaps the GP Profession can have their IT providers do it instead, with a monthly audit automatically going into your documents via prospective access.

A central care record is not a necessary prerequisite to preventing future deaths, but it does offer an excuse for the Department of Health in England to do nothing for another decade, while the PFD reports keep rolling in.

Data and Digital in the Rest of A New Government

To government, data and digital are increasingly intertwined. There are separate silos for the “the digital centre of government”, the “national data library”, the UKSA Assembly, and ”smarter data”, but they all need tying together:

Just as tiktok and instagram use data to drive you to watch more and buy things, government wants to use data analysis to change services according to the political priorities of the day, which now includes injecting people with desire altering drugs to increase economic growth, just as Our Future Health founder Sir John Bell CH outlined last year.

Web and apps

There is vast scope to use digital to do good – progress by HMRC since our 2022 paper on the paperwork of new parenthood has removed some of the barriers we outlined (some remain), but DWP still prosecutes people for the consequences of DWP’s own service design failings, and other parts of the state prosecute for information not disclosed to citizens at all. DWP now wants access to medical records to measure and justify their own policy positions (item 6.3.4). 

The “tell us once” service has long been constrained by shifting political priorities. Carers allowance was redesigned by DWP but the new processes didn’t account for consequences that could lead to prosecution. Did anyone go to prison because a 2011-2015 flagship changed only the easy parts of a service? Service design can ignore edge cases or complexity in order to meet a HMT business case or a Ministerial announcement that will move fast and break people. So a summary of our questions:

1. What input will the review of the carers allowance announced by HMG have into the Panel? 
2. Which other parts of partly digitised public services are prosecuting honest and blameless citizens for institutional failures of service design?
3. Who in the hierarchy should bear responsibility for the failures that resulted in honest people receiving criminal records? Does the board feel no one should?
4. What happens when a “tell us once” style service conflicts with the  primary legislation?

In northern Rail or elsewhere, a lawyer will have said the self-serving change was fine as it satisfied some “user need” – and like others we deal with, the consequences on people were never considered simply because the action is in line with “policy”. “🎼That’s not my department says Werner Von Braun🎶”

Data and UKSA Statistics Assembly

There are few limits on data analyses in Government, and fewer limits on what public services can do with digital dark patterns. Some civil servants believe they deserve more attention than citizens, and civil servants can be sent to endless meetings: the suggestion of “User Needs*” aren’t enough, promises have to be kept if they are to mean something. One of the first actions of this government was to tear up promises made about pandemic data.

Against this backdrop, the UK Statistics Authority are running a statistics assembly and asking for submissions about “user needs” (no asterisk). We said:

1. Every project should be transparent
2. Surveys and Admin Data are not similar
3. A Data Preference Service, because data mining is the new junk calls

While ONS and the statistical system assume that statistical data for policy making and raw data being made for decisions are entirely separate functions, and they are in government, to the citizen the effect is indistinguishable.  The research paper advocating cuts in benefits can have a direct impact on their reduction, even if authors hide behind the comfort blanket of “policy” and “research”. 

DSIT’s role model

Government often assumes that its data is perfect and accurate, treating it as an “official truth” regardless of actual reality. In this context, data serves only to reinforce institutional fictions, perpetuating a narrative among civil servants. The consequences can be severe: if you’re just £1 over or under a limit you are a criminal. This mentality has its roots in the Home Office’s hostile environment towards migrants and continues to spread to other areas of citizen interaction with government. 

Data isn’t enough – an essential component of the system must be digital services and digital service design. Governments prosecute people for what they type into forms and apps, yet changes to those forms can occur as unpredictably as a developer’s whim on any given day. 

“Imitate Tesco” might be the personalisation vision from some within DSIT, but when the Tesco app decides it should recommend something to you, there’s no way to tell it not to – if the reason you regularly buy a product leaves your life, Tesco will keep reminding you they are gone indefinitely, with no way to tell it you no longer need mandatory and intrusive reminders to buy senior cat food, or baby food, or your ex-partners favourite treat. Your only option is to shop elsewhere. Various silos in DSIT see that as their role model.

Tesco will share data with Governments if required or encouraged (or Tesco gets a better deal on something as a result), and citizens have no choice. If you shop at Tesco, having a Clubcard is decreasingly a “choice” because of the price differences. Clubcard culture was brought into Government by the CDEI (as was –  while everyone welcomes Responsible Technology Adoption, it is the Irresponsible Technology Adoption that causes the problem; and all adopters believe, of course, that they are ‘being responsible’). 

The same way more facts turbocharge racism, smarter data risks turbocharging institutional intransigence.

Data silos in government affect each other

The “digital discovery”, the “National Data Library” and the “UKSA Assembly” are each silos with narrow remits. Government operates outside of them and will do whatever it wants with data and digital.

Institutions extend “counter fraud” activities irrespective of outcome. Failure does not deter as more intrusive searches are justified under the guise that fraud hasn’t been found; and finding fraud also justifies expanding the powers.  Ultimately, such activities can become overly focused on speculative pursuits rather than concrete results, devolving to little more than ghost hunting and unicorn farming.

When a hospital makes a decision that it’s not in the public interest for the hospital to try to recoup costs from someone nominally “chargeable” for that care, then the hospital will tell her, but the Department of Health in England wants to copy the data so it can later make a decision to reclaim the money anyway, even if the patient was told that they were not liable for it. The first that anyone would hear about it might be when the Home Office rejects them at a border decision because the data goes from one bit of Government to the other without any knowledge of the patient – because the Department of Health in England doesn’t have an easy way to talk to individual patients to talk about charging. 

That’s the sharp end of digital and data in government, but no one sees it as their responsibility. 

ONS say they want to demonstrate good practice, but instead the Integrated Data Service perpetuates the secrecy by hiding how data is used from those to whom ONS at one time felt they were accountable: the public. Parliament suggested they change it (paras 100/102), the new government may well decide to double down on secrecy.

The signs are not promising; the new data bill was laid in Parliament with a press embargo 9 hours later…

---

Various silos:

• [to come in November] Response to the unpublished HDR/Sudlow Review (chatter suggests it will argue in favour of the lead author’s prior job of getting more data for biobank to give to racists, and the desire of HDRUK’s various sockpuppets to misuse ”smarter data”).
• Initial questions about the DH proposal for a central care record
• The Digital Centre of Government
• National Data Library (and note for the Wellcome/ESRC call)
• Submission to the UKSA Assembly
• ”smarter data”
• Data (Users and Abuses) Bill briefing, Open Banking supplement, Probing Amendments

This link has a summary of what was (re-)announced by Wes Streeting and Keir Starmer on 21 October

The new government is taking “a data-led approach”, and has already announced that it will:

• take Ministerial control of all GP medical notes in a central care record;
• dissolve the distinctions between “NHS” and “Government”;
• genetically sequence every baby in england;
• have DWP give prescription-only desire altering drugs to those on UC to “prevent them holding back our economy”;
• link clubcard data to departmental data for policy making;
• require data from fitbits/smart watches be shared with NHS via the NHS app
• have any data shared via the NHS app go up to Palantir, where it can be fed to AIs, and anything in Palantir can be made available to others for “economic growth”;
• those who refuse permissions to the app will find that their care is impacted and the app may refuse to work until all access and sharing permissions were granted (as the English covid19 app refused);
• give more data to ONS whose transparency remains “we have answered 2 or 3 Parliamentary questions”;
• remove independent transparent oversight of data use in government from the NHS allow ONS to give permission to departments to do whatever they wish for policy purposes;
• support biobank as they defend handing data on their entire cohort to “researchers” that declare their focus as “race science” (aka racism);
• Remove from GPs any input on where/how GP data gets reused, principally to give it to biobank and friends;
• dissolve GP practices to undermine the profession with direct responsibility to patients;
• revoke promises made to GPs and patients during the pandemic about how “pandemic only” data would be used, risking public confidence next time as no promises can be believed;
• replace NHS staff with more chatbots and diagnosing AIs, and replace your GP surgery with 111 (your GP has already lost control of their phone lines, has no influence over the features of the app or the NHS.UK website);
• Streeting’s first act was a political decisions to override any clinical judgement,
• the Tory data bill will return largely unchanged to legalise everything found unlawful over the last decade (the civil service had reused the same briefing notes until we pointed it out)
• Population health management will be the focus of the “neighbourhood health service” strategy [announced tomorrow as we publish this]

These different strands will start to overlap and merge over time – fitbit data provided to care for people will be copied to the Department of Health in England who’ll give a copy to DWP so DWP can design policy and future sanctions regimes. 

Pregnant women will be required to share data with the app if they want NHS care, and that data will then be sold on. In many cases the “choice” in Wes Streeting’s NHS will become “your data or your life”.

Government believes that any data that is available anywhere should be available everywhere, reflecting the turbocharging of the database state using techniques unimaginable when labour last left power, and they will leave a powerful set of tools for the next government. Wes Streeting wants to believe he’ll be Secretary of State forever, neglecting both his own desire for promotion and forgetting that all governments end.

Thu 2pm: We are aware of media reports about an unfolding catastrophe at the UK Biobank, and are awaiting more information to be in the public domain.

Losing the DNA, medical history, and wider contributions would be a catastrophe with existential consequences for any Biobank.

Thu 9pm: Some hours after the Guardian published the above, biobank put out an angry and threatening statement attacking the Guardian (cached here). We’ll update this page on Fri Monday.

We have a new government, which has finally started to say what it wants to do.

Making new promises about your medical records while breaking past promises is a weird way to start governing. In his lust for control Wes Streeting forgets that all governments end and one day soon he’ll have been the future once, and others will have to pick up his pieces. We’ll be here then too.

Ripping up past promises

If Streeting tears up promises made in the last pandemic he will critically undermine any promises that are given by a future Health Sec about the next pandemic. This will come about partly because the Department of Health in England has failed to do the paperwork for normal times in the same way that it did, with consensus, for the pandemic. When Streeting undermines pandemic promises he will render meaningless any promises he makes about the new database he wants to create. The Health Sec should be able to overrule their predecessors. Indeed sometimes that may be wise, but this shouldn’t be mainly due to laziness of his staff.

Biobank have been lobbying hard to get access to data without having to explain themselves to data controllers, and doctors should just defer to the shared culture of Biobank and HDR so they can do whatever they want. A new SecState picked the path of least resistance which caused this Biobank to gloat because they’ve confused the supposed short term bung to them with the bigger long term plan. (We note the science media centre press release had one quote that wasn’t from people associated with Biobank or the GeL CEO – how weak is the supposed “support” for biobank?)

All your medical notes available wherever the NHS logo is seen, and you’ll have no idea who read them

The main announcement was that he’s taking control (video) of your medical notes. Streeting wants politicians, him, not doctors, will decide who can see and read your medical notes for what and where. This isn’t immediate as it’ll take a few years to grab, and then a few years more to close down GP as you know it afterwards, but once he has the data he can do what he likes. And you will not be able to do anything about it

The ability for anyone in the NHS to read any patient’s whole medical history, notes and all, will replace the existing local health and care records, the Shared Care Records scheme, Summary Care Records, and GP Connect. If the Department of Health in England believes this is a real proposal, then we’ll see those systems start to lose budget in the Comprehensive Spending Review. Having a fifth (or more?) way to lookup your GP records will not resolve the issues in the previous four methods. (As an aside, medConfidential has long argued the “regional SDE” programme is pointlessly ineffective, and we welcome secretary of State implying that it’s entirely irrelevant now, because once all data is copied into his national database, there is no need to have the “regional” systems which will have less data. Hopefully the Spending Review will scrap the lot, and it gives UKRI £18.2m back in the process).

Wes Streeting says it’s his 10 year plan, and then some bright spark will say Palantir should be challenged to do it in 4.

We know all the existing methods to lookup and access GP data for care are hidden away from patient view, and hence completely open to abuse when creepy single doctors decide to look up the medical notes of women they go on dates with or their partner’s ex. Streeting and Palantir could immediately solve this problem by saying loudly and clearly that every access to any single care record will be visible to the patient via the NHS app This would to prevent such abuses. instead the government is set to enable them.

If the Department of Health in England wish to build public trust and demonstrate that trust is meaningful, audit trails within the app could start tomorrow with GP Connect and the Summary Care Records – system logs that the NHS already has but hide from you. New systems should demonstrate accountability to the patient and since promises get broken, they should start with the systems that there are today.

As it stands, the new planned database of your medical notes about you and your family will deny you the basic right to know who is accessing your record and why. This plan replicates the recklessness of the previous governments where you have no idea when/where your records are accessed and so you can’t know whether they’ve been misused, or when they should have been checked and weren’t. If that is going to change, it should change today where it already can before promises get made for tomorrow.

Wes’s “innovation” is that the existing GP IT systems all go away to leave only his new record. So Labour are exacting revenge on Frank Hester by destroying his health records business but they are also diminishing the role of GPs who they claim they want to empower.  The Family Doctor will lose control of your personal health record just as they have lost control of their phone lines to NHSE and their appointment book to 111.. Care will get progressively worse as the Department of Health in England rather than your doctor manages demand and waiting lists by gaslighting you. A visit to your GP will increasingly be like going to the job centre. Your GP may want to help you, but their systems wont let them, the same way GPs already have no mechanism to get improvements to the NHS app for GP services.

The oft trialled proposals that you must call 111 (or 999) to ask permission to go to A&E will be extended to calling 111 to get a same-day GP appointment. When the chatbots behind 111 can see your full medical history, you may not even need to have a GP at all, which will be an excuse to close your local GP surgery in the second half of the ten year period because, as Wes said to RCGP “one in every 5 of you are working in buildings older than the NHS itself.”

The details will start to appear around the 10 year plan for Palantir the NHS expected to be published in the new year, and it will be curiously vague about the GP estate in the second half of the time period…

Addendum 30/10 – after the renouncement of the central care record, we’ve outlined some initial thoughts to DHSC on the first questions.

10/12: HSJ has confirmed that the central care record will be used to train chatbots and AIs.

If you’d like the slightly weird audio summary of this blog post from Google’s NotebookLLM, it’s here (it only hallucinates a bit).

The next 10 years of the NHS might include dissolving your GP practice and replacing it with a chatbot, but all of that will depend upon data. To ensure every use of your data is consensual, safe, and transparent for the next decade, we expect it will cost medConfidential about £100k a year to scrutinise these plans and find the gaps. If you can help find that sort of money down the back of the sofa, we’d love to hear from you.

Hello again from medConfidential,

Given the upcoming general election on 4 July, we thought it might be helpful to give an update on what’s happened since our March newsletter, and to give a brief summary of the current ‘state of play’.

What just happened?

NHS England’s “Federated Data Platform” (FDP), running on the half-billion pound Palantir platform, went live with two national ‘dashboards’ in late March. NHSE officials say it is now being used for four such dashboards – none of which use individual-level patient data directly, at present. 

Meanwhile, the Data Protection Impact Assessment for the FDP is being withheld by ‘the Department of Health in England’ (i.e. NHSE) because it is so controversial that its publication could affect the election. Statements made before launch that FDP would be used for direct care omitted to say that it would also be used for anything else…

Around the country, a number of NHS Trusts across England are continuing to use Palantir without telling their staff what to tell patients, or even what they are using it for. According to the Department of Health in England, you should be able to check if your hospital is one of them on this list – but as you will see if you click on the link, they’re keeping the membership of that list secret, so you have no way to know if your hospital is involved. 

The Department of Health in England has also been doing a bunch of ‘public engagement’ work, to try to justify taking your choices away in future. Ignoring the ‘spin’, the first published results are in fact very damning: 21% of patients either strongly or slightly disagreed with the statement, “I trust the NHS to keep my patient data secure” (Table 2), for example – and two thirds said they wouldn’t want anyone who isn’t directly treating them to have access to their medical records (Figure 3). The numbers who are concerned that the NHS may sell their data to companies without their permission speak for themselves.

Digging further into the detail, Table 4 suggests that up to 11% of patients are not happy for the NHS to use their data for purposes beyond their direct care, a proportion which increases to over 25% if that means “work[ing] in partnership with companies” (Table 3). Meanwhile, when the ‘dashboard’ isn’t broken, official figures show that only just over 5% of patients have actually opted out. There’s clearly still a lot to do.

Published days after the election was announced, the Public Administration & Constitutional Affairs Committee’s report on Transforming the UK’s Evidence Base says, on page 35:

101. Although statisticians and researchers publish a wealth of information on which data sources they hold, and how they are used, very little information is made available about how personal data are being used for the purposes of government analysis.

102. We recommend that the analysis function explore options for improving transparency around the use of personal data in official analyses, and that this work be made publicly available.

We agree. And hopefully a new Government will do something about it.

The General Election

The best time to commit to transparency is early in a new Government of a new Party, when the legacy of toxic behaviours all belong to the previous Government.

Public and manifesto statements to date, however, show there is no substantive difference on uses and misuses of your health records between the two major parties. You should of course know how your medical records are used, but the government of the day will always prefer a quiet life…

Behind the scenes, the Conservatives have been lobbied by Palantir – and those lobbyists are led by a Labour Peer. Meanwhile, Labour’s ‘kingmaker’ at the Tony Blair Institute continues to receive funding from the runner-up for the FDP contract, Oracle. So whatever election spin you encounter, whether or not there will be any changes to your rights around confidentiality, consent, and non-care uses of your medical records is not the partisan issue you might think. 

medConfidential will, of course, continue to keep a close eye on whoever wins.

In order of publication, the Liberal Democrat manifesto says they will be “’Protecting patient data and patients’ rights to opt out of data sharing”; the Conservative manifesto means continuing with the Palantir platform while widening (the risks via) ‘Pharmacy First’ and access to GP data; and the Labour manifesto hints at large changes to data policy, but offers no detail as to what they will be – beyond giving children identifiers that ‘follow them for life’ (remember ID cards?). 

On one specific data item, Labour’s “data library” could perpetuate the calamity of contradictions in the outgoing Government’s “Integrated Data Service”, or it could enable commercial exploitation of data in secret, as desired by UK biobank and HDR UK. Or it could be closer to the safe and transparent approach of OpenSAFELY… as ever, the detail and execution matters.

Neither the Green Party nor Reform say anything specific on health data policy that affects the Department of Health in England. And if you would like some longer analyses, others have focused on data and health.

Whoever wins the election, the new Government is going to be doing more on data. Beyond health, and whatever its focus, central Government should copy the model of the NHS National Data Opt-Out – creating something like a ‘Data Preference Service’ for the (non-NHS) rest of Government; a single place to opt out once. (Outside government, that same model – akin to the Telephone Preference Service – would help reign in the secretive companies that make money selling data about you without your knowledge or consent.)

After the election, actions will speak much louder than words.

What’s next

Next comes the voting. We hope all candidates offer clarity on their own views, and we encourage you to vote however you think best for the future of the country. 

We will still be here, whatever the result of the election – and whatever it is that the next Government wants to do to your medical records…

Just to confirm, as of this Bulletin, your current opt-out choices still boil down to this:

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds Redditch for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt-out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt-Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

Please note: in the current situation, your GP Data Opt-Out is just as crucial as your National Data Opt-Out. 

As ever, as we learn more, we will let you know. Thank you for your support.

Phil Booth & Sam Smith

21st June 2024

Everyone deserves privacy, and everyone deserves medical privacy. 

Whomever you are, Princess of Wales or not, you have the right to know where and when your records have been accessed, and in being able to see that those accesses were legitimate – and for action to be taken if they were not. As events have shown, the princess had access to her records monitored for abuses, the NHS won’t let you do that. The ‘Department of Health in England’ (NHS England) could tell you, but they don’t want to; doctors have been struck off for accessing records inappropriately, but abuse is far more common than punishment.

At the start of the 2019-2024 Parliament, we had no idea if mRNA worked at scale, and no real idea how to find out safely. A pandemic intervened, and we figured it out. At the end of the Parliament, trials to detect and cure cancers using mRNA seem promising and could revolutionise treatment (and the NHS budget) over the term of the next Parliament – if done properly. 

The outgoing Government’s choice to implement the recommendations of the Cass Review within hours shows that care choices can and are being politicised, with criminal penalties being created so very quickly. If only the independent Windrush Review, the many safe staffing reports, or conclusions on Grenfell had been so rapidly adopted by Ministers. The Cass Review will now undergo the slow, meticulous process of academic peer review – assessing the choices made, and seeing which parts demonstrate rigour and which show cherry picking, misunderstanding, or simply prior policy beliefs masquerading as independent impartial evidence. 

Whether the HDR / Sudlow Review will ever be published is unclear, but – if it is – any narrow evidence base and distortions that favour HDR UK’s own institutional policies will enter that same process of scrutiny and assessment which HDR does its best to avoid when nudging funding decisions to cronies. It is entirely possible to write a report focussing only on the subset of reality that is convenient to the institutional culture towards which you want to steer cash; permanently attaching your name and reputation to a temporary star is, however, a choice that remains fixed as time moves on, and temporary incongruences have been resolved. Career priorities are political. 

The Department of Health in England would prefer to control a single consolidated record of every health ‘event’ in your entire medical history – including things like copies of readings from the sensors on your smartphone and smartwatch (see Annex 8 of our UC work) – and to make them available not only to anyone in the NHS but to any private provider, to do with as they see fit. 

“Pharmacy First” can diagnose you with a UTI, prescribe accordingly, and then write that to your NHS record; DH policy imperatives show they believe a private GP doing the same thing is no different. But if you receive a diagnosis of ADHD or gender dysphoria that fulfils all NHS criteria, why does that not become an NHS diagnosis in the same way? Why does the system oblige your family doctor to follow some non-NHS diagnoses, but seek to criminally punish them for others?

(As an aside, allowing people to write arbitrary diagnoses into arbitrary records provides a system-wide ability for any rogue doctor to write anything they choose into a record – giving the Minister of the day, for example, SNOMED code 247667002 or 247670003. And of course, once entered into an NHS record, “diagnoses” are supposedly impossible to remove…)

The politicisation of care has become utterly incoherent. Things will eventually be resolved, but the real question is how many serious harms there will be in the interim.

Sustainability of data decisions

Sustainable decision structures are those which can exist for the longer term – and in which any individual decision is secondary to the process continuing. Where organisations aren’t disinvited from the process for giving private critiques or briefing Parliamentary Select Committees. (The culture of Paula Vennells is not unique to the Post Office.) And while imposition of a contract or rules is an emergency act, institutional ignorance is a temporary choice. It may feel easier to engage only with those who agree with you – something the ideologies of the outgoing Government made a policy goal – but what is temporary will eventually end. 

Whatever happens with NHS data it must be stable to survive. Every important stakeholder must have what it needs, which may not be what it wants. NHS England wants to do analyses; GPs need confidence and clarity in their responsibilities to all patients; interested patients need trustworthiness and dissent; researchers need to be able to do research ethically.

OpenSAFELY and Palantir are both tools; how the tech will be used remains unclear.

If the Department of Health in England were being honest, the public narrative of the ‘Federated Data Platform’ in Palantir and the NHS App would be that they are, in their view, the future of NHS care. If an algorithm running in Palantir and displayed in the App says No, then you won’t get NHS care – in exactly the same way as when the A-Level algorithm said No in 2020, students didn’t get their University places.

Culture of Coverups

The internal culture of NHS England has barely changed since the care.data debacle in 2014. That shouldn’t be a surprise, as it’s largely the same people doing the same jobs – and their ongoing actions suggest they have learned very little in the past decade. It is a common argument around Government that the civil service does churn too much, but perhaps lack of churn has harms too…

While the faces remain the same, the culture of the current “new NHS England” (aka the Department of Health in England, as NHSE has de facto seniority over policy staff) has degraded to the level of trustworthiness and integrity demonstrated by the Boris Johnson administration, while the current power structures were last defined by Matt Hancock’s DHSC.

The Department of Health in England takes reckless risks on your behalf without you even knowing. And UK Biobank and Our Future Health have evolved in that culture – the NHS England form to buy patient data is around 30 pages long; the biobank form is less than four pages long. There is no way that could cover everything required, but they have made the calculation that investing in PR and bluster will be more successful with Government and the Department of Health in England than offering real substance and evidence. Indeed, that approach clearly has worked for biobank and HDRUK under the outgoing Government. But all Governments end.

No Privacy, No Transparency, No Trust

Information such as service performance, which NHS Digital (RIP) proudly published proactively, is now routinely covered up and FOI requests are only answered after complaints to the ICO about stonewalling and non-response. “Transparency” may be something the new NHS England says – it is demonstrably not what it does.

Since the absorbtion of NHS Digital, the so-called ‘Privacy, Transparency, and Trust’ group is where NHS England dumps these vital issues in order that the rest of the organisation can ignore them, and so that group can focus on how to avoid them. The only outputs are performative statements – rather than building a trustworthy organisation that is worthy of public confidence, by demonstrating trustworthiness.

That this is the case is best demonstrated by the Department of Health in England’s sustained incoherence around a patient’s legal rights to object to unnecessary data processing. And their complete lack of interest in telling you where and when your medical record has been accessed.

Every NHS GP record is now supposed to be accessible in every pharmacy in the country, via a service called “Pharmacy First”. But you will have no idea if someone has accessed your GP record – let alone if that was a legitimate access, or one where your stalker or creepy bad date was ‘going fishing’ – entirely because the Department of Health in England refuses to tell you. Until recently, pharmacy staff could only read records. Now they can write a diagnosis into your record and, if they do, it’s almost impossible for you to know that it happened, or to challenge or have it removed. MPs (rightly) changed the law to allow the removal of malicious child safety reports, but that’s just the tip of the iceberg.

If your GP uses TPP/SystmOnline you may have access to an “online audit”, but this is not available in the supposedly “main” NHS App. Despite this audit trail being a contractual requirement imposed by NHS England, they never implemented it for you. Its actions demonstrate that the Department of Health in England believes they, not your GP, should decide what your GP can tell you about your health, what medical care they can provide, and which organisations can buy the personal data in your health records.

While patients should be able to see the correspondence about them, the reckless imposition of this by the Department of Health in England pushed all of the risks onto the patient and GP. It may be clinically essential for a letter between clinicians about genomics involving family risk to mention that the patient is adopted; but surprise! An entirely benign letter about a child can disclose that an investigation is underway simply by implicit reference to documents a potential abuser can’t see. The Department of Health in England’s view is that ‘This is not our problem’, and they adopt the same approach and attitude time and again – such as with the form that allows anyone to register with a new GP from anywhere, which can be weaponised by abusers.

As time goes on, various “national services” will interpose “national” goals between you and your family doctor, and the care they provide you. Is this really the NHS you want?

Being seen to Respect Patient Choice 

The opt out for secondary uses of your health data exists; the opt out for Shared Care Records is a ‘postcode lottery’ – making promises to patients that others in the NHS believe don’t apply to them when they copy the data again and again. 

When it comes to data use for purposes beyond your direct care, the Department of Health in England still believes that no opt outs should apply to them, even while saying opt outs that clearly do apply in law are via mechanisms that they simultaneously ignore. No process involving NHS England ‘Privacy, Transparency, and Trust’ (PTT) can be considered trustworthy in the current setup. That’s not to say that every outcome is always wrong – but outcomes are self-evidently incoherent, and disconnected from the processes supposedly creating them.

Even the Tony Blair Institute recognises that the current opt out process is punitive and destructive. medConfidential always said that it should be as easy to opt in as it is to opt out (and vice versa) so we agree on that. While the current process may be used to opt both ways, it’s still punitive – especially if you have dependent children living at home. TBI, however, prefers the intrusive power of the state be used to support its goals – and it is notable that Mr Blair’s proposals for the sale of NHS patients’ data don’t appear to have been implemented in any of the dictatorships he advises.

Claims from TBI and from the Department of Health in England about what Palantir will do for direct care – the care that is delivered by hospitals and GPs, not by centralised computer systems – are completely disconnected from the reality of NHS systems that already exist, and that work, and that are both used well and abused badly. Meanwhile, NHS England has covered up the Data Protection Impact Assessment for its Federated Data Platform, allowing FDP to launch without publication during the (local) election period, because the text says that public claims made previously about FDP being ‘for direct care only’ were abandoned before FDP launch.

The (first) Goldacre Review in 2022 was clear that the risks of the current use and misuse of patient data are an “emergency” – and “not a new emergency” – and yet, as back in the Kelsey years, the Department of Health in England is still hoping things will go wrong on someone else’s watch.

The outgoing Government may have had one success in that Review; the new Government could choose to announce in its first weeks that, retroactive to the date of the election, patients will be able to see in the NHS App – or in the TPP/EMIS apps if NHSE can’t get its act together – a list of when and where every patient’s records have been accessed via all national NHS services.

The list should begin with accesses to your Summary Care Record, your Shared Care Record, to GP Connect, and in FDP – all of which are capable of such audit functions. If it is claimed that any aren’t, then those who commissioned them were either grotequely incompetent or wilfully negligible. The ‘trial period’ could begin with digitally-engaged patients who have prospective access to correspondence enabled already. The new Government could then say that the secrecy ends, and patients would from that point forward have a clear evidence base of how data about them is used, and whether it has been misused.

For a new Government wanting more use of technology and more system access, this would have another significant additional benefit. One of the hardest aspects of such systems is getting clinicians to use them. If every patient can see how data about them has been used, they can also see where these new systems have not been used when they should have been – providing an evidence base and empowering patients to ask why these expensive data systems weren’t used to benefit their care.

Rest of Government: UC, Governments and computers

In the last days of the Parliament, the Administration Committee of the House of Commons said:

“Although statisticians and researchers publish a wealth of information on which data sources they hold, and how they are used, very little information is made available about how personal data are being used for the purposes of government analysis.”

“102. We recommend that the analysis function explore options for improving transparency around the use of personal data in official analyses, and that this work be made publicly available.

(paragraphs 100/102, Public Administration and Constitutional Affairs Committee report on Transforming the UK’s evidence base)

We entirely agree.

If you were to hear the description of a computer system whose users are overpowered by the system designers and operators, which tells users how much money they owe without showing any detail on how that figure was created, where staff working for the system designers can change those figures at will, and when figures change there’s no way for the users to know about it unless they keep their own independent records –and where discrepancies result in prosecutions, sometimes deaths – you might think someone was talking about the Post Office Scandal.

The previous paragraph is also a 100% accurate description of the systems of Universal Credit, about which we recently published Annex 8 and the wrap-up report.

The final section of Annex 8 relates to the rest of Government as much as it does DWP, and we’ve written a short note on what GDS / CDDO / CO should choose to do.

After all, all Governments end.

Enclosed new documents:

• Universal Credit
  • Annex 8: Government ‘Super-Apps’
  • Annex 8B: How digital services and apps get built
  • Related available next steps for CDDO / GDS
  • UC work wrap-up
• Letter to biobank about sending data to hostile states