Category Archives: Bulletin

medConfidential Bulletin, 30th June 2017

So, we have a new Government (after a fashion). And, whatever else, there’s some continuity at the Department of Health…

Given this continuity, the completely unambiguous Conservative Manifesto commitment, and cross-party support for the National Data Guardian, it was a bit disappointing that a statutory footing for NDG was absent from the Queen’s Speech.

We can’t help but note – with a Data Protection Bill on its way, arbitrary data-sharing powers available in the Digital Economy Act, and Theresa May threatening to roll back human rights – that it is protections such as these that underpin the privacy of all our medical records.

What just happened?

The election put a lot on hold, but you may remember a dodgy deal with the Royal Free Hospital that got Google DeepMind into a spot of trouble with the ICO and National Data Guardian when we complained about it.

The NDG’s formal view came out during the election period, and we await the ICO’s ruling – due any day now. We are therefore entirely unsurprised that DeepMind’s “Independent” Reviewers’ report is also delayed. One might question “independence” when a whitewash coincidentally comes out a day after the regulator’s critique…

What’s happening next?

We don’t comment on every future project press release from Google DeepMind – their PR flacks cost many times our annual budget. But last week’s announcement that its next project will be to provide a hospital IT system for Taunton is worthy of some attention; the relevant detail is at the bottom of page 2 of this document.

It’s understood that companies will provide the NHS with IT systems – GPs and hospitals buy in systems all the time. But accepting ‘gift horses’ from aggressively data-seeking US info corps already known for not playing by the rules may not necessarily be wise. For one thing, as many have learned, if you’re not a paying customer you tend to end up being the product.

If, however, the decision is that the people of Taunton are most in need of better infrastructure – NHS England certainly felt they were, this area being one of the ‘pathfinders’ for the cancelled scheme (more on its successor below) – then starting in Somerset is as good a place as any.

But this doesn’t mean you can ignore the regulatory implications. Or future cost.

As recently as January, DeepMind assured Regulators that its tools were not used for clinical decision making, yet in June it has signed contracts to run a hospital using it. To be used in direct care, the central IT system of a hospital is a closely regulated system – these are, after all, the systems that run Intensive Care – although Google, chasing the profits rather than patients, probably won’t choose to help those in most acute need.

Has Google started the Regulatory  process to run that system, or is it trying ‘deployment via press release’? Does it want DeepMind to mark its own homework too?

The only way for patients to know if their data was used in such a programme is for everyone to know where, when and why their medical records have been accessed. Google says it won’t use patients’ data for other purposes; our concern is that minds change. After all, the company said it wouldn’t start building this system for 3 years – that was 7 months ago.

For as long as DeepMind Health is led by an entrepreneur – and has no Chief Medical Officer who is bound by the Hippocratic Oath – its position can change, purely for business reasons. Its corporate officers may stand on stage and say they won’t, but they say many things which they change their minds about. One can be an AI visionary, or run a health infrastructure service – but people have every right to be nervous when you try to do both, especially if you claim you aren’t doing so.

It is inevitable that the future model for this service will be ‘AI assistants’ offering hints and references to doctors via the Streams app; the principle of A&E triage, applied hospital-wide.

This being the case, if these AI systems are modular and compartmentalised for the delivery of care, then they can each be regulated separately. If, however, the individual systems are not interoperable and transparent, then the entire infrastructure must be regulated tightly. (Research, i.e. the development of such systems – including the justification, with evidence, of what data they actually need – is already regulated, by MHRA and other bodies.)

Until the situation is clear, questions as to whether DeepMind’s approach to Regulators is the same as Uber’s (they do, after all, share investors) will remain.

We should point out, as DeepMind buried it in the small print, that no money is changing hands here – and neither party is obligated to do anything. This may yet be just another Silicon Valley startup (the TV show, that is – not the place) that puts out a stream of press releases, delivering for investors over patients.


What’s happening where you live? And what can you do?

Wherever you live, in England, there are changes coming to your local NHS.

The ever-so-subtly again renamed STPs (now “Sustainability and Transformation Partnerships”, not just Plans) and their further regional reorganisation – over “several years” – into Kaiser Permanente-style Accountable Care Organisations represent the Government’s and NHS England’s view of the future.

Bearing in mind the massive democratic deficit in the NHS, will accountability be to patients or to the analogue administrators?

Given that – most of the time at least – care records follow patients, one of the best ways to see how the NHS works is to look at the data trail that you leave behind you.

So if you have a login for your GP practice’s website, we encourage you to look at the letters that have been scanned into your record, and to simply count the logos. (If you don’t already have a login for online access, here’s how to get one.) Then, as your NHS changes over the next few years, keep count; over time do you see more commercial logos, or fewer?

While you’re at it, you might also want to check who’s accessed your GP record. Both EMIS and TPP have now switched on basic access to your GP record’s ‘audit trail’ – and as more and more people use it, this vital transparency feature should improve over time.

Things are clearly going to stay busy for a good while yet. Four years in, medConfidential exists entirely through your donations and the generosity of the Joseph Rowntree Reform Trust, to whom we are applying for a further grant. We appreciate all donations – and your support helps with other funding.


medConfidential Bulletin, 21st April 2017

Though the political focus is on the General Election, the ‘STP shuffle’ remains highly significant. Whatever the result in June, both funding and decision- making for health and care services will be increasingly devolved to local areas.

What’s happened? General Election!

What medConfidential will be looking for in every party’s Manifesto is rather simple:

    Will patients know how their medical records have been used?

A straightforward “Yes, they will” or “No, they will not” will suffice.

Every flow of data into, across and out of the NHS and care system should be consensual, safe, and transparent – there need be no conflict between good research, good ethics and good medical care.

We shall provide more detail on how this relates to current issues like Genomics and AI in due course – but the question to which there must be a clear answer, for whatever the future brings is: Will you know how data about you is used?

Update on DPA Section 10 notices

Last December, NHS Digital and Public Health England (PHE) were sent hundreds of Section 10 Data Protection Act notices by patients who had opted out, insisting that their data should not be sold – even through a loophole.

Though there were some ‘boilerplate’ responses, both bodies effectively ignored every single one of those notices. Patients’ data continues to be sold for commercial re-use, and further problems have emerged:

  • PHE considers itself exempt from existing opt-outs; will it make you opt out again?
  • What about the NHS? Will the Government’s response to Caldicott 3 force yet another opt-out?

It is understood the Caldicott Consent Model should include overrides – and some exceptions, where required by law – but this should not be at the whim of Public Health England, which still copies patient data to companies in secret. PHE said it was becoming transparent, but its own actions give lie to this and still it demands more data.

If you want to know public health information about your area, PHE thinks you should use a site called “fingertips” – which gives you a mountain of statistics, a trowel, and suggests you start digging. If you want to see the biggest public health issues in your area, you may want to try this list instead.

Speaking of digging…

Questions for the elections; what is your lived experience of the NHS?

With STPs and financial devolution on the way, it’s the candidates who are elected in your area who’ll be making decisions that will impact directly on your, your family’s and your community’s health and care services – and the exploitation (or not) of your medical records.

In the run-up to the elections, all you need do is ask the people who canvas you some straightforward questions, share some of what you know from your own experience, and put up a poster to encourage your neighbours to do the same. Here are our suggestions:

  • Does [the candidate] agree that everyone should be told how the council and NHS use their data?
  • Given the political choices that are changing the NHS in your area, how would your own or your family’s past experience of the NHS have been different?
  • What are [the candidate]’s priorities for reducing problems that put a strain on your community’s NHS and care services?

If you get answers, please do post them on facebook and in other appropriate forums, so others can see them too.

Phil Booth & Sam Smith
21st April 2017

medConfidential Bulletin, 9th April 2017

Where does your data go? And do you know? These are questions to which we’ve been getting you answers for three years or so, but now you have an opportunity to ask these questions too… Local elections are coming up, and political parties want your vote…

But first:

What just happened?

In a 280-page PDF from NHS Digital is one item worth noting; “Programme 12: General Practice Data for Secondary Uses” (item C4 on page 56) with a deadline of this Christmas is – as far as medConfidential is aware – the first public sighting of… the return of

So, although the Government has yet to issue the necessary CAG Regulations; or ‘one strike and you’re out’ sanctions for data misuse or abuse; has failed to close the “promotion of health” (i.e. Pharma marketing) and commercial re-use loophole; still hasn’t put the National Data Guardian on a proper statutory footing, let alone responded to the Caldicott 3 review; is mute on whether you will have to opt out again, and whether cancer patients will have their data copied anyway; and wants to copy data to any Government department under the Digital Economy Bill; it seems someone is eager to flood the “National Data Lake” we mentioned in our last bulletin.

What’s happening next?

Unless you pay close attention to NHS internal meetings, you could be forgiven for knowing little about how the NHS talks to itself, but the 44 Sustainability and Transformation Plans (STPs) is the jargon for a new NHS reorganisation that really matters. To you.

The NHS England website describes them as follows:

NHS organisations and local councils are developing shared proposals to improve health and care. Working in 44 geographical areas covering all of England (called ‘footprints’), the plans are led by senior figures from different parts of the local health and care system.

It is this top-down-mandated, bottom-up-driven restructuring into STP “footprints” that has led to the mega-CCG mergers in Manchester, Lancashire, and Liverpool, with more mergers planned in other cities of the North, and across the rest of England (e.g. in Buckinghamshire).

Why you should care is that this ‘STP shuffle’ will put your local council in partial control of where your medical records get copied – including how much of your personal data will end up being dumped into a “national data lake”.

In ducking responsibility, as they have since started, NHS England claim all decisions will get made “locally”, but they can choose to send more cash for more data…

What can you do?

If you have elections in May, some of the candidates will end up choosing who sits on your local Health and Wellbeing Board. That will be the body that chooses how your area’s health budget gets spent – what gets funded, what gets cut, and what medical records they copy to the Data Lake in return for more resources…

Given this, we suggest you ask your council candidates a few questions that might them focus on the issues and evidence, and then help you and your community decide who’s paying proper attention to the impacts on your health and care, and medical confidentiality:

  • Community: Do they agree that you should be told how the council and NHS use your data?
  • Contribution: For the political choices that are changing the NHS in your area, how would your own or your family’s past experience of the NHS have been different??
  • Autonomy: What are their local priorities for reducing problems that put a strain on your local NHS?

If you get answers, please post them on facebook and other appropriate forums, so your neighbours can see them too; here are some ‘localised’ posters you can print out to help you.

If you’d like us to send you some, we’re offering five A3 posters for a £5 donation – when sending us the money, just add a comment with your address and we’ll send you posters for that postcode. (N.B. If you don’t add the comment, we won’t see your address.)

We’re glad to see a number of you are quite happy with our new badges (with text | no text) and are immensely grateful for the £20 donation medConfidential gets every time someone buys one. Thank you.

More next time on who wants to go fishing in the National Data Lake…

Phil Booth & Sam Smith
9th April 2017

medConfidential Bulletin, 24th March 2017

It has been a while since we last sent a newsletter. Our apologies for that, but we have been kept busy!

We are entering a period where a lot of things are happening – and are likely to happen – in quick succession, so we wanted to provide a perspective and some context that we hope will help explain at least some of what is going on.

For patients whose practices use TPP SystmOne

You may have seen the note on our website last week about TPP SystmOne. TPP has now updated its system with the capacity to allow your GP tell you how your GP-held data has been accessed. However, busy GPs won’t yet know how to turn that function on, as the documentation has not yet appeared (and we’ve not been told either).

If your practice uses TPP SystmOne, also branded SystmOnline, and you are able to log into your GP practice online (i.e. if you have a username/password for online access) then you may be able to see this option – to review the organisations which have accessed your GP data – right now. If not, check back in a week or two. It is coming.

This ability to see who has accessed your GP data matters, as the the hard part of informed consent is actually being informed about how your medical records are used. As the NHS evolves over time, and while you have a range of consent choices, you need to have accurate information to be able to make those choices for yourself and your family; in your situation, according to your concerns.

Problems tend to arise when people other than those directly affected take decisions that do not – indeed, cannot – account for many millions of people’s individual circumstances.

Google Artificial Intelligence (AI) subsidiary DeepMind

When in a hole, it seems some AIs will keep digging.

medConfidential’s complaint against Google DeepMind’s use of 1.2 million patients’ hospital data continues to be investigated. The National Data Guardian appears to have come to a view some time ago – which suggests the question currently under consideration is how badly Google broke the rules.

A long analysis from the University of Cambridge was published last week, which goes through the entire sorry story in a great deal of detail.

We do not know when the Information Commissioner and National Data Guardian will publish their findings, but fully expect Google DeepMind to leak some parts of those findings to sycophantic outlets the day before…

We shall respond, as we always do.

What’s next?  An NHS reorganisation that really matters

Has your area announced the reorganisation of your NHS yet? For several big cities of the North, and some other parts of the country, the picture is getting clearer. The ‘STP shuffle’ will put your local council in partial control of where your medical records get copied – including whether they end up being dumped into a “data lake”.

In hidden meetings, proposals for a “national data lake” continue to be discussed. While NHS England denies it is their current plan, they continue to write regular drafts of an updated document, which they’re sharing with no-one beyond those people who thought a ‘National Data Lake’ was a good idea in the first place…

In our next Bulletin,  we hope to have something for you to do to help your community, and may also give an update on the continuing failures around data at Public Health England.

As ever, we are grateful for your donations. Especially as, right now, we’re being legally threatened (we’re in ‘letters before action’ stage of an attempt to sue us for defamation) for expressing our concerns about a data breach reported as affecting 26 million patients – that’s a lot of new badges.

(We’re aware that, as badges, our button badges in two new designs are ridiculously overpriced. The price point is deliberately chosen so that a donation of £20 to us gets you one, automatically. Or set up a regular subscription for any amount – and we’ll post it to you.)

Thank you.

Phil Booth & Sam Smith
24th March 2017


Jeremy Hunt has changed his mind

Welcome to another newsletter from medConfidential.

Jeremy Hunt changed his mind and is still selling your medical records

If you opted out of your hospital records being sold, Jeremy Hunt has changed his mind about your choice.

At the time, he said in Parliament (emphasis added):

“…this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research, which the previous Labour Government refused to do? When they extended the programme to out-patient data in 2003 and to A and E data in 2008, at no point did they give people the right to opt out. We have introduced that right

The right Jeremy Hunt was so publicly proud of introducing, he has secretly taken away again. He was right to give it you – his election manifesto promised it would be there.

Over 1.2 million people, just like you, opted out of their hospital records being sold. The opt out has begun to work, but NHS confirms hospital records are still being sold.

The opt out process you followed in 2014 was the easiest way to opt out, but was not the only way. It was what the Government said would work. They have now changed their minds. We complained to the ICO, and they agreed with the Government.

As a result, we will have more details on what you can do to protect yourself in the new year. The Government had to perform a pirouette to pull this off, and may still have fallen flat on their face.

For now, you may wish to write to your MP and ask about this change. Ask your MP why the Government has gone back on its manifesto promise to let you opt out. Tell them why confidence in the privacy of your medical records matters to you.  More details of the change are on our website.

Other steps you may wish to take to protect your medical records will become clear in the new year. If you are in immediate distress, our website contains a longer route to doing so now if necessary. If that is not the case for you, we’d suggest you wait until our full response is available. There is more to come on this, and the shabby secret is now out.

Jeremy Hunt offered you a convenient route which didn’t place an undue burden on your the NHS. If you took him up on that, he should keep his word. He retracted it in secret, and it took 6 months of work to find out what had actually happened. The opt out you took up for hospital has begun to be implemented, but is not yet fully in place. The opt out of your GP data, which is a separate tick box on the form you used, is not affected. The GP opt out is working, as it has been since you handed in your form.

Where does data go?

NHS Digital publishes details of where they send data each month, and why. Now they publish detailed official spreadsheets, we turn it into simple webpages. They are at

That gives a list of which projects honoured your opt out, and which companies got data on you anyway.

Merry Christmas

2017 is looking busy. The Government will announce what it is going to do. We hope they will do the right thing and honour your opt out (even if they try to do everything else first).

We rely on donations for some of our work, and anything you wish to offer in support will be put to good use. We have some fun plans for ensuring your choice is respected, and donations help them happen.

We will still be here. The Government know we will still be here, and know we will do what we say we will do. We work to ensure that your medical records are only used in a way which is consensual, safe, and transparent.

You can help make that happen.

We wish you and your loved ones a Merry Christmas, and we’ll have more in the New Year. The next newsletter will have better news than this one. We hope.

Thanks for helping

Best wishes, for a Merry Christmas, and a consensual, safe, and transparent New Year.

From Phil, Sam, and all at MedConfidential.

medConfidential statement on continued sale of hospital records

During the failed Care.Data project, NHS England and the Department of Health said “patients have a choice” about how their data is used – they could opt out if they wished.

NHS Digital, the bit of the Department of Health that sells data to companies, has gone back on the Secretary of State’s word on a critical detail, and Jeremy Hunt has given up. To the Information Commissioner, they now say: there is no choice about whether your hospital data is sold. NHS Digital admit and demonstrate that it continues to be sold.

The opt out was the gift of the Secretary of State, and he has taken part of it away again. Merry Christmas everyone.

On that basis, other legal options remain open to patients. This is not the end, but it is the end of the beginning.

The opt out has begun to be implemented – it does do some things – but the main purpose of opting out of your hospital data being sold, is that your hospital data doesn’t get sold. That is the part that continues to happen in spite of the NHS promise to you as a patient.

We are obviously disappointed that Jeremy Hunt has chosen to go back on his word, and continue selling the nation’s private hospital history to anyone who fills in a form correctly, after he offered patients a choice to opt out of that.

The ICO has ruled that it was the Secretary of State’s choice, and he was entitled to make it. This does not affect rights available to patients under the Data Protection Act.

If patients are concerned, we suggest they join our newsletter at, and we will provide a detailed update shortly – it is likely to involve a trip to the post box.

We will have a more detailed analysis of the contradictory parts of the ICO response in due course.


Notes to Editors

    1. was the extension of GP data to link it with Hospital data, and continue the practices used in ongoing releases of hospital data. The Government was very clear that if patients didn’t want their hospital data used, they could opt out:
      NHS England: 
    2. NHS Digital’s convoluted policy statement is the 5th bullet point here: 
    3. For alternate approaches, we note s10 of the Data Protection Act allows a person to dissent from processing, and purposes beyond direct care are subject to legal dissent. The opt out was supposed to be the convenient way of expressing dissent; it is not the only way. 
    4. This decision is about data flows as they exist today. Looking forwards to future changes, NHS Digital argue that this implementation is entirely consistent with the future Caldicott Consent Choice under review by the Government following a public consultation. That is in the hands of the Government. 
    5. The NHS Digital Privacy Impact Assessment for the Hospital Episode Statistics shows that reidentification from this data could happen:
    6. The recipients of data releases, which includes releases containing data on patients who had opted out, can be seen here:
    7. For what patients can do about this change, see: 


NHS England wants to hear from you — MedConfidential Update – 21 September 2016


NHS England wants to hear from you…

The Department of Health’s consultation on the future of secrecy of your medical record closed 2 weeks ago. Thank you for your help and comments on why the privacy of your medical records matter to you.

After that, NHS England has announced public meetings to hear your views on what should happen next.

There are “discussion events” in London, Southampton, and Leeds. If you’re nearby, you might want to go along. They start on Monday afternoon in London.

The Government will respond in around 6 weeks

The Department of Health has said that they will respond to the Caldicott Consultation in about 6 weeks.

Will you be able to see that your wishes have been honoured? Or will there be more secrets?

Meanwhile in the rest of Government…

Meanwhile, the Cabinet Office is passing a new law to share any other data with whoever it wants. The scrutiny of the MPs will be rushed through in 6 days of sessions. The bill has no provisions requiring transparency of data flows – again it can be all secret.

The justifications are few. One is the case of an alcoholic who was given social housing above an off licence. A problem for that person to be sure; but there will be far more problems caused by routinely sharing information with landlords before tenants move in. With the privatisation of most council housing (certainly outside London), the flaws of this should be obvious.

You should decide who can see data about you, rather than decisions being imposed by a guy called Paul sitting in Whitehall.

We’ll have more next time…

MedConfidential Bulletin – August 2016: Do you want your GP records shared, even if you’ve opted out?

MedConfidential newsletter – Do you want your GP records shared, even if you’ve opted out? may be gone, but Jeremy Hunt is asking whether you want to keep your opt out of your medical records leaving your GP’s practice. Will you tell him what you think?

There’s a government consultation going on on into the future sharing of your medical records. It doesn’t say it clearly, but what they are asking is do you want your GP to keep your medical history private?

If you do, please respond to the consultation, and tell your friends:

You can respond to the consultation online. You don’t need to answer every question, and can only answer question 15 if you wish.

You might want to mention some of these points in your own words:

  • Why is what you tell your GP private for you?
  • Why must doctors and the NHS keep the promises they make to you?
  • Is this promise clear: “information about me can only be used by the people directly providing my care”?
    • Do you want that promise to be given and kept?

Previously, those questions have been ignored in private. Now they’re public, you get your say. The people who want to use your health data will reply, will you?

For our longer analysis of the Caldicott Review that led into the consultation, it’s online in 4 parts.

(You may have noticed the new format and process for our newsletter – it hopefully works out far cheaper. It’s still the same information you subscribed to about keeping your NHS records confidential. We won’t pass on your email address. If you no longer wish to hear from us, just email or click the link below)

Bulletin – July 2016

A New Government…

We wait to see what will happen with Theresa May as Prime Minister, and her appointment of Ministers. The Home Secretary focuses on national security – the Prime Minister will focus on what is in the wider national interest.

The Conservative Manifesto said: “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically”.

Will this be done, and will this be seen to be done?


…but the spirit of continues?

In the overview of her recent report, Dame Fiona Caldicott quoted the (then) Health Secretary saying: “Exciting though this all is, we will throw away these opportunities if the public do not believe they can trust us to look after their personal medical data securely. The NHS has not yet won the public’s trust in an area that is vital for the future of patient care’”.

As such, we’re disappointed in the “keep going” approach of the Department of Health. These are issues covered in the current public consultation, so aren’t on the immediate in tray of new Ministers. We’ll cover details next time. was the spark that created widespread interest, but the fuel for the fire was the surprising data uses much more widely. Adding a nameplate just showed that the data governance emperor was naked – with the health data of everyone on display.

Snuck out in a long announcement, the name has gone, but the plans continue as they were originally designed back in 2013.

A simple name swap for the same goal might have worked with the last Prime Minister; we’re not sure it will work for this one.

Patients should not be surprised by what happened with data about them. Will the surprises continue?

What’s next?

If, as Recommendation 11 says, that “There should be a new consent/ opt-out model to allow people to opt out of their personal confidential data being used for purposes beyond their direct care. This would apply unless there is a mandatory legal requirement or an overriding public interest.” – then that must be true.

The new focus on the use of doctors and trusted individuals to explain the arrangements to patients are important. As showed, what they say has to be true to avoid great harm to those relationship. The researcher community was burnt supporting, hopefully they will not do the same thing twice.

Government promises being explained by your doctor will mean those who make the promises will have no ability to ensure they are kept.

We’ll cover the details of the consultation in the next newsletter, and how you can respond to say why promises made to you should be kept.

Government may want doctors to make promises to patients, but it will remain politicians and accountants breaking them.

We’ll be here.