Category Archives: Bulletin

medConfidential Bulletin, 24th March 2017

It has been a while since we last sent a newsletter. Our apologies for that, but we have been kept busy!

We are entering a period where a lot of things are happening – and are likely to happen – in quick succession, so we wanted to provide a perspective and some context that we hope will help explain at least some of what is going on.

For patients whose practices use TPP SystmOne

You may have seen the note on our website last week about TPP SystmOne. TPP has now updated its system with the capacity to allow your GP tell you how your GP-held data has been accessed. However, busy GPs won’t yet know how to turn that function on, as the documentation has not yet appeared (and we’ve not been told either).

If your practice uses TPP SystmOne, also branded SystmOnline, and you are able to log into your GP practice online (i.e. if you have a username/password for online access) then you may be able to see this option – to review the organisations which have accessed your GP data – right now. If not, check back in a week or two. It is coming.

This ability to see who has accessed your GP data matters, as the the hard part of informed consent is actually being informed about how your medical records are used. As the NHS evolves over time, and while you have a range of consent choices, you need to have accurate information to be able to make those choices for yourself and your family; in your situation, according to your concerns.

Problems tend to arise when people other than those directly affected take decisions that do not – indeed, cannot – account for many millions of people’s individual circumstances.

Google Artificial Intelligence (AI) subsidiary DeepMind

When in a hole, it seems some AIs will keep digging.

medConfidential’s complaint against Google DeepMind’s use of 1.2 million patients’ hospital data continues to be investigated. The National Data Guardian appears to have come to a view some time ago – which suggests the question currently under consideration is how badly Google broke the rules.

A long analysis from the University of Cambridge was published last week, which goes through the entire sorry story in a great deal of detail.

We do not know when the Information Commissioner and National Data Guardian will publish their findings, but fully expect Google DeepMind to leak some parts of those findings to sycophantic outlets the day before…

We shall respond, as we always do.

What’s next?  An NHS reorganisation that really matters

Has your area announced the reorganisation of your NHS yet? For several big cities of the North, and some other parts of the country, the picture is getting clearer. The ‘STP shuffle’ will put your local council in partial control of where your medical records get copied – including whether they end up being dumped into a “data lake”.

In hidden meetings, proposals for a “national data lake” continue to be discussed. While NHS England denies it is their current plan, they continue to write regular drafts of an updated document, which they’re sharing with no-one beyond those people who thought a ‘National Data Lake’ was a good idea in the first place…

In our next Bulletin,  we hope to have something for you to do to help your community, and may also give an update on the continuing failures around data at Public Health England.

As ever, we are grateful for your donations. Especially as, right now, we’re being legally threatened (we’re in ‘letters before action’ stage of an attempt to sue us for defamation) for expressing our concerns about a data breach reported as affecting 26 million patients – that’s a lot of new badges.

(We’re aware that, as badges, our button badges in two new designs are ridiculously overpriced. The price point is deliberately chosen so that a donation of £20 to us gets you one, automatically. Or set up a regular subscription for any amount – and we’ll post it to you.)

Thank you.

Phil Booth & Sam Smith
24th March 2017

 

Jeremy Hunt has changed his mind

Welcome to another newsletter from medConfidential.

Jeremy Hunt changed his mind and is still selling your medical records

If you opted out of your hospital records being sold, Jeremy Hunt has changed his mind about your choice.

At the time, he said in Parliament (emphasis added):

“…this Government decided that people should be able to opt out from having their anonymised data used for the purposes of scientific research, which the previous Labour Government refused to do? When they extended the programme to out-patient data in 2003 and to A and E data in 2008, at no point did they give people the right to opt out. We have introduced that right

The right Jeremy Hunt was so publicly proud of introducing, he has secretly taken away again. He was right to give it you – his election manifesto promised it would be there.

Over 1.2 million people, just like you, opted out of their hospital records being sold. The opt out has begun to work, but NHS confirms hospital records are still being sold.

The opt out process you followed in 2014 was the easiest way to opt out, but was not the only way. It was what the Government said would work. They have now changed their minds. We complained to the ICO, and they agreed with the Government.

As a result, we will have more details on what you can do to protect yourself in the new year. The Government had to perform a pirouette to pull this off, and may still have fallen flat on their face.

For now, you may wish to write to your MP and ask about this change. Ask your MP why the Government has gone back on its manifesto promise to let you opt out. Tell them why confidence in the privacy of your medical records matters to you.  More details of the change are on our website.

Other steps you may wish to take to protect your medical records will become clear in the new year. If you are in immediate distress, our website contains a longer route to doing so now if necessary. If that is not the case for you, we’d suggest you wait until our full response is available. There is more to come on this, and the shabby secret is now out.

Jeremy Hunt offered you a convenient route which didn’t place an undue burden on your the NHS. If you took him up on that, he should keep his word. He retracted it in secret, and it took 6 months of work to find out what had actually happened. The opt out you took up for hospital has begun to be implemented, but is not yet fully in place. The opt out of your GP data, which is a separate tick box on the form you used, is not affected. The GP opt out is working, as it has been since you handed in your form.

Where does data go?

NHS Digital publishes details of where they send data each month, and why. Now they publish detailed official spreadsheets, we turn it into simple webpages. They are at https://dataregister.medconfidential.org

That gives a list of which projects honoured your opt out, and which companies got data on you anyway.

Merry Christmas

2017 is looking busy. The Government will announce what it is going to do. We hope they will do the right thing and honour your opt out (even if they try to do everything else first).

We rely on donations for some of our work, and anything you wish to offer in support will be put to good use. We have some fun plans for ensuring your choice is respected, and donations help them happen.

We will still be here. The Government know we will still be here, and know we will do what we say we will do. We work to ensure that your medical records are only used in a way which is consensual, safe, and transparent.

You can help make that happen.

We wish you and your loved ones a Merry Christmas, and we’ll have more in the New Year. The next newsletter will have better news than this one. We hope.


Thanks for helping

Best wishes, for a Merry Christmas, and a consensual, safe, and transparent New Year.

From Phil, Sam, and all at MedConfidential.

medConfidential statement on continued sale of hospital records

During the failed Care.Data project, NHS England and the Department of Health said “patients have a choice” about how their data is used – they could opt out if they wished.

NHS Digital, the bit of the Department of Health that sells data to companies, has gone back on the Secretary of State’s word on a critical detail, and Jeremy Hunt has given up. To the Information Commissioner, they now say: there is no choice about whether your hospital data is sold. NHS Digital admit and demonstrate that it continues to be sold.

The opt out was the gift of the Secretary of State, and he has taken part of it away again. Merry Christmas everyone.

On that basis, other legal options remain open to patients. This is not the end, but it is the end of the beginning.

The opt out has begun to be implemented – it does do some things – but the main purpose of opting out of your hospital data being sold, is that your hospital data doesn’t get sold. That is the part that continues to happen in spite of the NHS promise to you as a patient.

We are obviously disappointed that Jeremy Hunt has chosen to go back on his word, and continue selling the nation’s private hospital history to anyone who fills in a form correctly, after he offered patients a choice to opt out of that.

The ICO has ruled that it was the Secretary of State’s choice, and he was entitled to make it. This does not affect rights available to patients under the Data Protection Act.

If patients are concerned, we suggest they join our newsletter at www.medConfidential.org, and we will provide a detailed update shortly – it is likely to involve a trip to the post box.

We will have a more detailed analysis of the contradictory parts of the ICO response in due course.

medConfidential

Notes to Editors

    1. Care.data was the extension of GP data to link it with Hospital data, and continue the practices used in ongoing releases of hospital data. The Government was very clear that if patients didn’t want their hospital data used, they could opt out:
      Parliament: https://www.theyworkforyou.com/whall/?id=2014-03-25a.49.0#g56.7
      NHS England: https://www.dropbox.com/s/qaax5zj77zxddwz/leaflet-manchester.jpg?dl=0 
    2. NHS Digital’s convoluted policy statement is the 5th bullet point here: http://content.digital.nhs.uk/article/7092/Information-on-type-2-opt-out 
    3. For alternate approaches, we note s10 of the Data Protection Act allows a person to dissent from processing, and purposes beyond direct care are subject to legal dissent. The opt out was supposed to be the convenient way of expressing dissent; it is not the only way. 
    4. This decision is about data flows as they exist today. Looking forwards to future changes, NHS Digital argue that this implementation is entirely consistent with the future Caldicott Consent Choice under review by the Government following a public consultation. That is in the hands of the Government. 
    5. The NHS Digital Privacy Impact Assessment for the Hospital Episode Statistics shows that reidentification from this data could happen: http://content.digital.nhs.uk/article/7116/Consultation-on-the-Hospital-Episode-Statistics-Privacy-Impact-Assessment-Report
    6. The recipients of data releases, which includes releases containing data on patients who had opted out, can be seen here: https://dataregister.medconfidential.org
    7. For what patients can do about this change, see: https://medconfidential.org/2016/opt-out-process-update-december-2016/ 

-ends-

NHS England wants to hear from you — MedConfidential Update – 21 September 2016

 

NHS England wants to hear from you…

The Department of Health’s consultation on the future of secrecy of your medical record closed 2 weeks ago. Thank you for your help and comments on why the privacy of your medical records matter to you.

After that, NHS England has announced public meetings to hear your views on what should happen next.

There are “discussion events” in London, Southampton, and Leeds. If you’re nearby, you might want to go along. They start on Monday afternoon in London.

The Government will respond in around 6 weeks

The Department of Health has said that they will respond to the Caldicott Consultation in about 6 weeks.

Will you be able to see that your wishes have been honoured? Or will there be more secrets?

Meanwhile in the rest of Government…

Meanwhile, the Cabinet Office is passing a new law to share any other data with whoever it wants. The scrutiny of the MPs will be rushed through in 6 days of sessions. The bill has no provisions requiring transparency of data flows – again it can be all secret.

The justifications are few. One is the case of an alcoholic who was given social housing above an off licence. A problem for that person to be sure; but there will be far more problems caused by routinely sharing information with landlords before tenants move in. With the privatisation of most council housing (certainly outside London), the flaws of this should be obvious.

You should decide who can see data about you, rather than decisions being imposed by a guy called Paul sitting in Whitehall.

We’ll have more next time…

MedConfidential Bulletin – August 2016: Do you want your GP records shared, even if you’ve opted out?

MedConfidential newsletter – Do you want your GP records shared, even if you’ve opted out?

Care.data may be gone, but Jeremy Hunt is asking whether you want to keep your opt out of your medical records leaving your GP’s practice. Will you tell him what you think?

There’s a government consultation going on on into the future sharing of your medical records. It doesn’t say it clearly, but what they are asking is do you want your GP to keep your medical history private?

If you do, please respond to the consultation, and tell your friends:

You can respond to the consultation online. You don’t need to answer every question, and can only answer question 15 if you wish.

You might want to mention some of these points in your own words:

  • Why is what you tell your GP private for you?
  • Why must doctors and the NHS keep the promises they make to you?
  • Is this promise clear: “information about me can only be used by the people directly providing my care”?
    • Do you want that promise to be given and kept?

Previously, those questions have been ignored in private. Now they’re public, you get your say. The people who want to use your health data will reply, will you?

For our longer analysis of the Caldicott Review that led into the consultation, it’s online in 4 parts.

(You may have noticed the new format and process for our newsletter – it hopefully works out far cheaper. It’s still the same information you subscribed to about keeping your NHS records confidential. We won’t pass on your email address. If you no longer wish to hear from us, just email unsubscribe@medconfidential.org or click the link below)

Bulletin – July 2016

A New Government…

We wait to see what will happen with Theresa May as Prime Minister, and her appointment of Ministers. The Home Secretary focuses on national security – the Prime Minister will focus on what is in the wider national interest.

The Conservative Manifesto said: “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically”.

Will this be done, and will this be seen to be done?

 

…but the spirit of care.data continues?

In the overview of her recent report, Dame Fiona Caldicott quoted the (then) Health Secretary saying: “Exciting though this all is, we will throw away these opportunities if the public do not believe they can trust us to look after their personal medical data securely. The NHS has not yet won the public’s trust in an area that is vital for the future of patient care’”.

As such, we’re disappointed in the “keep going” approach of the Department of Health. These are issues covered in the current public consultation, so aren’t on the immediate in tray of new Ministers. We’ll cover details next time.

Care.data was the spark that created widespread interest, but the fuel for the fire was the surprising data uses much more widely. Adding a care.data nameplate just showed that the data governance emperor was naked – with the health data of everyone on display.

Snuck out in a long announcement, the care.data name has gone, but the plans continue as they were originally designed back in 2013.

A simple name swap for the same goal might have worked with the last Prime Minister; we’re not sure it will work for this one.

Patients should not be surprised by what happened with data about them. Will the surprises continue?

What’s next?

If, as Recommendation 11 says, that “There should be a new consent/ opt-out model to allow people to opt out of their personal confidential data being used for purposes beyond their direct care. This would apply unless there is a mandatory legal requirement or an overriding public interest.” – then that must be true.

The new focus on the use of doctors and trusted individuals to explain the arrangements to patients are important. As care.data showed, what they say has to be true to avoid great harm to those relationship. The researcher community was burnt supporting care.data, hopefully they will not do the same thing twice.

Government promises being explained by your doctor will mean those who make the promises will have no ability to ensure they are kept.

We’ll cover the details of the consultation in the next newsletter, and how you can respond to say why promises made to you should be kept.

Government may want doctors to make promises to patients, but it will remain politicians and accountants breaking them.

We’ll be here.

medConfidential – mid June update

We’ll have more on implementation of the hospital data opt-outs when the dust has settled after the referendum.

“Intelligent Transparency”

According to a letter from a Minister, “Intelligent Transparency” is the new goal. We hope that all Department of Health decisions will prove “intelligent” from a patient view, and not just the political priorities of their desk in Whitehall.

Will transparency extend to telling you how your data has been used?  Or is that the sort of intelligence they don’t want you to have?

Tech startups are no magic bullet

We’re waiting for a response from the Regulators about DeepMind’s project at the Royal Free Hospital Trust. Whatever they say, we note that Google has now made public commitments to move towards the transparency expected of them. Regulators are still investigating, and given the contradictory statements, it may take some time.

We look forward to seeing what they will tell the public about their experiments to replace doctors.

What can you do: The Hospital Episode Statistics consultation

The Hospital Episode Statistics cover data from the nation’s hospitals for over 25 years. The HSCIC is looking for everyone’s views on privacy in the data. We’ll have a long response in a few weeks, but you can quickly complete their survey (or just email enquiries@hscic.gov.uk with a subject of “HES PIA consultation”). You don’t need to answer all the questions – you can just say why it matters to you that your privacy and opt out applies to hospital data. 

MedConfidential Update – Opt outs being honoured

If you have opted out, recently or before, your choices are now being honoured.

Thanks to all those who helped make this happen – especially you, our supporters, donors and friends.

The institutions involved did the right thing in the end, even if they tried all the other things first.

 

What just happened? Your opt out honoured

On Wednesday, the HSCIC announced that they had received permission from the Secretary of State to finally honour his promise to you. You can opt out of data leaving the HSCIC for purposes beyond your direct care, and that is what happens. When he created the opt out that you took up, NHS England, who was then responsible for it, didn’t think it would matter.

The tickbox that you and 1.2 million other people filled in is now being honoured. The announcement says it must be done by this time next week; in practice, we are happy that this is effective with immediate effect.

Until the public consultation on the Caldicott Review, there are a small number of narrow temporary exceptions (3), and some temporary gray areas (5). But in the main, it is now done. If any of those concerns are particularly concerning to you, please let us know. We’ll be writing to HSCIC with some clarification questions next week.

The next hospital dataset to be released will be the cleaned up “full year” data, which replaces past each month parts for April 2015 to March 2016. This is the critical release which really matters. Consent will be respected for this release, and data about those who have opted out will not be included.

The HSCIC has also undertaken with the Information Commissioner to reissue the 2014 – 2015 data to those who already received it. By contract, they are required to replace old data with new.  That undertaking is the direct result of a medConfidential complaint to the ICO.

GPs have been able to honour their part since you gave them the form.

In effect, for current and future projects, as much as it could have been, it is as if your opt out, for data leaving HSCIC for purposes beyond your direct care, was honoured in April 2014.

What’s next?

The announcements this week are not the end of this process – there is a great deal left to do.

The Caldicott Review of Consent is going to propose a comprehensive and permanent solution. That solution should satisfy concerned patients into the long term, resolve the grey areas and simplifies the whole thing. It will be the subject of a public consultation, and then legislation.

But as of Wednesday, the current state is now consensual, increasingly safe, and somewhat transparent. Reducing the number of copies of data that are made will reduce the number that can be lost or stolen. More transparency will mean that you will know that your wishes have been honoured – you wont have to trust they have.

What else?

If you’ve previously had a discussion with your MP on this topic, you may wish to get back in touch with them and thank them for their help, now that the Department of Health has done the right thing, and your wishes are being respected.

MPs often hear about problems, and less often hear about what happened as a result of their help, especially in a long term project like this has been. (You should probably make clear that this is a thank you note – it might confuse their busy offices if it’s unclear…) Also, there was an election in the interim, and some MPs will have changed.

For us, it’s not getting any quieter. There are other organisations that don’t wish to act as if their world has changed. Most seriously, there are a few other projects that see the style-first approach of care.data as a handbook, not a cautionary tale…

It never ends. But this week, a lot got better as a result of our work and your help. Thank you for your support until now, and hopefully into the future.

 

 

PS – our especially deep gratitude to all those who donations also helped. We couldn’t have done this without you.

Newsletter: Care.Data’s suspension enters the terrible twos

It’s 2 years to the day since Care.Data was suspended amongst public outrage. The failed programme is showing no signs of restarting, as NHS England and the Department of Health continue to sift through old pampers, and keep finding yet more problems.

The Caldicott Review of Consent, which began after NHS England lied to the Care.Data Advisory Group, should report soon, if those who want to water it down to avoid having to make uncomfortable decisions. Why might they do that? Well…

 

Another Jeremy Hunt promise is broken – Your Hospital Data is still being sold

Before their January deadline, HSCIC finished the testing needed to implement the hospital data consent promise that Jeremy Hunt made to every patient – which 1 million patients who opted out took him up on. The final step was for Jeremy Hunt to give the go ahead to keep his promise. He didn’t.

Let us be clear: Jeremy Hunt made the patient promise 2 years ago, and it appears in the 2015 conservative manifesto (pg 38) “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically.” Only he can break his promise, and he has chosen to do so.

So when will the opt outs be implemented? We look forward to hearing any answer the ICO receive shortly on exactly that question, as they respond to our complaint. The Department of Health are refusing to answer questions – which is understandable as they don’t have any answers.

Your GP will honour your request for data not to leave your GP practice, both because of medical ethics and because of their direct connection to you. Who is Jeremy Hunt connected to?

The interim-type-2 opt out can be implemented tomorrow if Jeremy Hunt tells HSCIC to do it. Why hasn’t he?

You may wish to write to your MP, and ask the question, “when will the Secretary of State for Health implement patients’ choices to prevent data about them leaving the HSCIC for purposes beyond direct care?” – please also say why this matters to you. (and sorry the question is a bit of a mouthful)

This can be fixed. The Health Secretary just has to take the single action necessary to fix it, permanently.

A perfect overarching consent flag is something we support; but at best, it is a year away from being something a patient can ask their GP to do. No scenario, other than immediate implementation of the interim-type-2s, addresses the gap between now and then. A long-term maybe-mythical “perfect” solution is currently the weapon of choice of those who want to prevent any patient choice over data usage at all: that change being the consent choice (aka “interim-type-2”) which 1 million patients have requested be actioned, and that they are all waiting patiently for. When the first step down the path to consent has been taken for national datasets, there can be confidence that subsequent steps will be taken. If not, and the Department of Health breaks Jeremy Hunt’s promise this time, why should anyone believe them next time?

What’s next: Care.Data Everywhere?

On Friday, we’re expecting that Cabinet Office to launch their data copying consultation, which probably won’t have the subheading “care.data everywhere”, but unless they’ve fixed their compulsion to copy, it probably should have. It’s not all terrible news; the worst projects (probably) didn’t get this far – what the consultation will show is the stuff that they don’t think is terrible (that’s probably not reassuring).

Every project involved has had to explain how “it’s not like care.data because…”, but the Cabinet Office has seemingly learnt only the lessons convenient for them to learn. It’s hard to all learn the right lesson when institutional incentives encourage people to learn easier ones.

The lack of critical thought across the programme appears in Parliament’s report on the “Big Data Dilemma”, which says the NHS could save £66bn from more data copying. Saving about two thirds of the NHS budget (equivalent to getting rid of all staff from the NHS) seems… unlikely.

We’ll see what the Cabinet Office consultation says over the weekend, and any health implications will appear in the next newsletter. The Caldicott Review is also due to be consulted on, if it ever gets published.

What’s Next: Saatchi Bill returns to the Lords

With the most problematic bits of the bill removed by MPs, the Saatchi Bill on “medical innovation” is now a mechanism to create new databases, and do so only with the approval of Parliament.  How is this different to care.data, which Tim Kelsey repeatedly said was “the will of Parliament”?

That’s a very good question. The main difference is whether Parliament says yes, or whether it chooses not to say anything. Currently, silence means support, which was the approach that failed catastrophically with care.data.

We’ll be looking to have conversations with their Lordships about an amendment to require Parliament to approve any plans, rather than simply not objecting. Especially as this Government is looking to remove the ability for the Lords to object to anything…

More soon, and we especially thank all those who have made donations.