Category Archives: Bulletin

NHS England wants to hear from you — MedConfidential Update – 21 September 2016

 

NHS England wants to hear from you…

The Department of Health’s consultation on the future of secrecy of your medical record closed 2 weeks ago. Thank you for your help and comments on why the privacy of your medical records matter to you.

After that, NHS England has announced public meetings to hear your views on what should happen next.

There are “discussion events” in London, Southampton, and Leeds. If you’re nearby, you might want to go along. They start on Monday afternoon in London.

The Government will respond in around 6 weeks

The Department of Health has said that they will respond to the Caldicott Consultation in about 6 weeks.

Will you be able to see that your wishes have been honoured? Or will there be more secrets?

Meanwhile in the rest of Government…

Meanwhile, the Cabinet Office is passing a new law to share any other data with whoever it wants. The scrutiny of the MPs will be rushed through in 6 days of sessions. The bill has no provisions requiring transparency of data flows – again it can be all secret.

The justifications are few. One is the case of an alcoholic who was given social housing above an off licence. A problem for that person to be sure; but there will be far more problems caused by routinely sharing information with landlords before tenants move in. With the privatisation of most council housing (certainly outside London), the flaws of this should be obvious.

You should decide who can see data about you, rather than decisions being imposed by a guy called Paul sitting in Whitehall.

We’ll have more next time…

MedConfidential Bulletin – August 2016: Do you want your GP records shared, even if you’ve opted out?

MedConfidential newsletter – Do you want your GP records shared, even if you’ve opted out?

Care.data may be gone, but Jeremy Hunt is asking whether you want to keep your opt out of your medical records leaving your GP’s practice. Will you tell him what you think?

There’s a government consultation going on on into the future sharing of your medical records. It doesn’t say it clearly, but what they are asking is do you want your GP to keep your medical history private?

If you do, please respond to the consultation, and tell your friends:

You can respond to the consultation online. You don’t need to answer every question, and can only answer question 15 if you wish.

You might want to mention some of these points in your own words:

  • Why is what you tell your GP private for you?
  • Why must doctors and the NHS keep the promises they make to you?
  • Is this promise clear: “information about me can only be used by the people directly providing my care”?
    • Do you want that promise to be given and kept?

Previously, those questions have been ignored in private. Now they’re public, you get your say. The people who want to use your health data will reply, will you?

For our longer analysis of the Caldicott Review that led into the consultation, it’s online in 4 parts.


(You may have noticed the new format and process for our newsletter – it hopefully works out far cheaper. It’s still the same information you subscribed to about keeping your NHS records confidential. We won’t pass on your email address. If you no longer wish to hear from us, just email unsubscribe@medconfidential.org or click the link below)

Bulletin – July 2016

A New Government…

We wait to see what will happen with Theresa May as Prime Minister, and her appointment of Ministers. The Home Secretary focuses on national security – the Prime Minister will focus on what is in the wider national interest.

The Conservative Manifesto said: “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically”.

Will this be done, and will this be seen to be done?

 

…but the spirit of care.data continues?

In the overview of her recent report, Dame Fiona Caldicott quoted the (then) Health Secretary saying: “Exciting though this all is, we will throw away these opportunities if the public do not believe they can trust us to look after their personal medical data securely. The NHS has not yet won the public’s trust in an area that is vital for the future of patient care’”.

As such, we’re disappointed in the “keep going” approach of the Department of Health. These are issues covered in the current public consultation, so aren’t on the immediate in tray of new Ministers. We’ll cover details next time.

Care.data was the spark that created widespread interest, but the fuel for the fire was the surprising data uses much more widely. Adding a care.data nameplate just showed that the data governance emperor was naked – with the health data of everyone on display.

Snuck out in a long announcement, the care.data name has gone, but the plans continue as they were originally designed back in 2013.

A simple name swap for the same goal might have worked with the last Prime Minister; we’re not sure it will work for this one.

Patients should not be surprised by what happened with data about them. Will the surprises continue?

What’s next?

If, as Recommendation 11 says, that “There should be a new consent/ opt-out model to allow people to opt out of their personal confidential data being used for purposes beyond their direct care. This would apply unless there is a mandatory legal requirement or an overriding public interest.” – then that must be true.

The new focus on the use of doctors and trusted individuals to explain the arrangements to patients are important. As care.data showed, what they say has to be true to avoid great harm to those relationship. The researcher community was burnt supporting care.data, hopefully they will not do the same thing twice.

Government promises being explained by your doctor will mean those who make the promises will have no ability to ensure they are kept.

We’ll cover the details of the consultation in the next newsletter, and how you can respond to say why promises made to you should be kept.

Government may want doctors to make promises to patients, but it will remain politicians and accountants breaking them.

We’ll be here.

medConfidential – mid June update

We’ll have more on implementation of the hospital data opt-outs when the dust has settled after the referendum.

“Intelligent Transparency”

According to a letter from a Minister, “Intelligent Transparency” is the new goal. We hope that all Department of Health decisions will prove “intelligent” from a patient view, and not just the political priorities of their desk in Whitehall.

Will transparency extend to telling you how your data has been used?  Or is that the sort of intelligence they don’t want you to have?

Tech startups are no magic bullet

We’re waiting for a response from the Regulators about DeepMind’s project at the Royal Free Hospital Trust. Whatever they say, we note that Google has now made public commitments to move towards the transparency expected of them. Regulators are still investigating, and given the contradictory statements, it may take some time.

We look forward to seeing what they will tell the public about their experiments to replace doctors.

What can you do: The Hospital Episode Statistics consultation

The Hospital Episode Statistics cover data from the nation’s hospitals for over 25 years. The HSCIC is looking for everyone’s views on privacy in the data. We’ll have a long response in a few weeks, but you can quickly complete their survey (or just email enquiries@hscic.gov.uk with a subject of “HES PIA consultation”). You don’t need to answer all the questions – you can just say why it matters to you that your privacy and opt out applies to hospital data. 

MedConfidential Update – Opt outs being honoured

If you have opted out, recently or before, your choices are now being honoured.

Thanks to all those who helped make this happen – especially you, our supporters, donors and friends.

The institutions involved did the right thing in the end, even if they tried all the other things first.

 

What just happened? Your opt out honoured

On Wednesday, the HSCIC announced that they had received permission from the Secretary of State to finally honour his promise to you. You can opt out of data leaving the HSCIC for purposes beyond your direct care, and that is what happens. When he created the opt out that you took up, NHS England, who was then responsible for it, didn’t think it would matter.

The tickbox that you and 1.2 million other people filled in is now being honoured. The announcement says it must be done by this time next week; in practice, we are happy that this is effective with immediate effect.

Until the public consultation on the Caldicott Review, there are a small number of narrow temporary exceptions (3), and some temporary gray areas (5). But in the main, it is now done. If any of those concerns are particularly concerning to you, please let us know. We’ll be writing to HSCIC with some clarification questions next week.

The next hospital dataset to be released will be the cleaned up “full year” data, which replaces past each month parts for April 2015 to March 2016. This is the critical release which really matters. Consent will be respected for this release, and data about those who have opted out will not be included.

The HSCIC has also undertaken with the Information Commissioner to reissue the 2014 – 2015 data to those who already received it. By contract, they are required to replace old data with new.  That undertaking is the direct result of a medConfidential complaint to the ICO.

GPs have been able to honour their part since you gave them the form.

In effect, for current and future projects, as much as it could have been, it is as if your opt out, for data leaving HSCIC for purposes beyond your direct care, was honoured in April 2014.

What’s next?

The announcements this week are not the end of this process – there is a great deal left to do.

The Caldicott Review of Consent is going to propose a comprehensive and permanent solution. That solution should satisfy concerned patients into the long term, resolve the grey areas and simplifies the whole thing. It will be the subject of a public consultation, and then legislation.

But as of Wednesday, the current state is now consensual, increasingly safe, and somewhat transparent. Reducing the number of copies of data that are made will reduce the number that can be lost or stolen. More transparency will mean that you will know that your wishes have been honoured – you wont have to trust they have.

What else?

If you’ve previously had a discussion with your MP on this topic, you may wish to get back in touch with them and thank them for their help, now that the Department of Health has done the right thing, and your wishes are being respected.

MPs often hear about problems, and less often hear about what happened as a result of their help, especially in a long term project like this has been. (You should probably make clear that this is a thank you note – it might confuse their busy offices if it’s unclear…) Also, there was an election in the interim, and some MPs will have changed.

For us, it’s not getting any quieter. There are other organisations that don’t wish to act as if their world has changed. Most seriously, there are a few other projects that see the style-first approach of care.data as a handbook, not a cautionary tale…

It never ends. But this week, a lot got better as a result of our work and your help. Thank you for your support until now, and hopefully into the future.

 

 

PS – our especially deep gratitude to all those who donations also helped. We couldn’t have done this without you.

Newsletter: Care.Data’s suspension enters the terrible twos

It’s 2 years to the day since Care.Data was suspended amongst public outrage. The failed programme is showing no signs of restarting, as NHS England and the Department of Health continue to sift through old pampers, and keep finding yet more problems.

The Caldicott Review of Consent, which began after NHS England lied to the Care.Data Advisory Group, should report soon, if those who want to water it down to avoid having to make uncomfortable decisions. Why might they do that? Well…

 

Another Jeremy Hunt promise is broken – Your Hospital Data is still being sold

Before their January deadline, HSCIC finished the testing needed to implement the hospital data consent promise that Jeremy Hunt made to every patient – which 1 million patients who opted out took him up on. The final step was for Jeremy Hunt to give the go ahead to keep his promise. He didn’t.

Let us be clear: Jeremy Hunt made the patient promise 2 years ago, and it appears in the 2015 conservative manifesto (pg 38) “We will give you full access to your own electronic health records, while retaining your right to opt-out of your records being shared electronically.” Only he can break his promise, and he has chosen to do so.

So when will the opt outs be implemented? We look forward to hearing any answer the ICO receive shortly on exactly that question, as they respond to our complaint. The Department of Health are refusing to answer questions – which is understandable as they don’t have any answers.

Your GP will honour your request for data not to leave your GP practice, both because of medical ethics and because of their direct connection to you. Who is Jeremy Hunt connected to?

The interim-type-2 opt out can be implemented tomorrow if Jeremy Hunt tells HSCIC to do it. Why hasn’t he?

You may wish to write to your MP, and ask the question, “when will the Secretary of State for Health implement patients’ choices to prevent data about them leaving the HSCIC for purposes beyond direct care?” – please also say why this matters to you. (and sorry the question is a bit of a mouthful)

This can be fixed. The Health Secretary just has to take the single action necessary to fix it, permanently.

A perfect overarching consent flag is something we support; but at best, it is a year away from being something a patient can ask their GP to do. No scenario, other than immediate implementation of the interim-type-2s, addresses the gap between now and then. A long-term maybe-mythical “perfect” solution is currently the weapon of choice of those who want to prevent any patient choice over data usage at all: that change being the consent choice (aka “interim-type-2”) which 1 million patients have requested be actioned, and that they are all waiting patiently for. When the first step down the path to consent has been taken for national datasets, there can be confidence that subsequent steps will be taken. If not, and the Department of Health breaks Jeremy Hunt’s promise this time, why should anyone believe them next time?

What’s next: Care.Data Everywhere?

On Friday, we’re expecting that Cabinet Office to launch their data copying consultation, which probably won’t have the subheading “care.data everywhere”, but unless they’ve fixed their compulsion to copy, it probably should have. It’s not all terrible news; the worst projects (probably) didn’t get this far – what the consultation will show is the stuff that they don’t think is terrible (that’s probably not reassuring).

Every project involved has had to explain how “it’s not like care.data because…”, but the Cabinet Office has seemingly learnt only the lessons convenient for them to learn. It’s hard to all learn the right lesson when institutional incentives encourage people to learn easier ones.

The lack of critical thought across the programme appears in Parliament’s report on the “Big Data Dilemma”, which says the NHS could save £66bn from more data copying. Saving about two thirds of the NHS budget (equivalent to getting rid of all staff from the NHS) seems… unlikely.

We’ll see what the Cabinet Office consultation says over the weekend, and any health implications will appear in the next newsletter. The Caldicott Review is also due to be consulted on, if it ever gets published.

What’s Next: Saatchi Bill returns to the Lords

With the most problematic bits of the bill removed by MPs, the Saatchi Bill on “medical innovation” is now a mechanism to create new databases, and do so only with the approval of Parliament.  How is this different to care.data, which Tim Kelsey repeatedly said was “the will of Parliament”?

That’s a very good question. The main difference is whether Parliament says yes, or whether it chooses not to say anything. Currently, silence means support, which was the approach that failed catastrophically with care.data.

We’ll be looking to have conversations with their Lordships about an amendment to require Parliament to approve any plans, rather than simply not objecting. Especially as this Government is looking to remove the ability for the Lords to object to anything…

More soon, and we especially thank all those who have made donations.

 

MedConfidential Christmas Bulletin: Freedom, Care.Data and Space

It’s been a busy few weeks, as the Government came back from Conference season, and kicked their various schemes into high gear. In 2016, we’ll see data sharing across the NHS and Government taking up time: care.data may become a ministerial playbook.

Your support is greatly appreciated; and thanks to you and your loved ones at this time of year. But here’s where we are at the moment, if you wish to delay Christmas cheer just a little longer:

Care.Data.

Care.Data’s still suspended while Dame Fiona Caldicott tries to unwrap Tim Kelsey’s leaving present. The programme will enter 2016 as it left 2014: still digging in deeper. A new leadership for care.data was an opportunity to change that approach.

We’ve heard secondhand that the a new Senior Responsible Owner, obliged to hold this poisoned chalice, has been handpicked from the few loyal bag carriers left in the care.data bunker. Which means he’ll have repeatedly made valiant attempts at defending the inept and the ill considered. Indeed, the job description practically required blindly ignoring the fact that the ship was sinking until bailed out by his boss. With the Admiral’s hat his to don, it’s interesting to see if it will be full steam ahead into the iceberg of public rejection, yet again.

Dame Fiona Caldicott’s review of consent reports at the end of January, with Ministerial decisions in the months after that. Past NHS management has been good at persuading ministers to put their reputation behind the publicly indefensible until it becomes evident, even to the Department of Health, that perhaps that was unwise. At the last Care.Data Advisory Committee meeting, it was grudgingly admitted that the September roll out was halted by Jeremy Hunt himself…

Given Cabinet level discussions about data sharing, and the scope of opt-outs and consent, 2016 should be a busy year for data in the NHS and beyond. It seems some see care.data as a model to be copied. As always, the first question is whether the Government or NHS England wishes to constructively engage, or cower in a corner and ignore those who will point out necessary implementation changes. That choice is entirely up to them.

Your Right To Know

The CoverUp Commission has found that the public quite like the ability to request copies of Government documents in acts of citizen driven focussed transparency. Thank you for helping with that…

MedConfidential submitted a brief note of our own experiences of FOI, and also a saveFOI.uk submission of 260 different successful FOI requests (or outcomes from multiple requests), many submitted by you and others. SaveFOI.uk submission asked a simple question: Which of these questions does Lord Burns think shouldn’t have been answered?

Power likes secrecy, and “Burns it” would have been a common refrain in Tim Kelsey’s archipelago of NHS England. Freedom of Information is how the details of care.data were forced to be published. The deep veil of official secrecy continues to hide the bulk of Tim Kelsey’s legacy, which hopefully will start to burn up over time.

Not everyone gets to be an astronaut.

Everyone in the NHS wants to help improve the health of the nation, but that’s not the same thing as giving Direct Care. In the same way, that lots of people helped put a man on the moon, without being an astronaut. Every child eventually learns that not everyone gets to be an astronaut; and sometimes it’s a hard transition.

Tim Kelsey, who wanted all to sell medical records before his term was out, leaves NHS England today to take up a new post in Australia, but assured us he “will be back”.

Transitioning to consensual, safe and transparent data handling practices is as important for a hospital as good cleaning or sterile instruments – and the same thing happens when you disregard it too much. “Sufficient” cleaning is too much of a burden until it’s self-evident that it was too little, and harm occurs. Hopefully, in 2016, NHS England will learn about data hygiene and air quality. The astronaut programme had the literal version of the same problem. Will there be a systematic response to a politically driven digital-MRSA infecting the NHS and beyond? If the problem is left to go away of its own accord, it always comes back.

Consensual, Safe and Transparent Christmas sharing

It’s been a busy few months, but we’re still here, and would like to continue to be. If you wish to support our work, a donation is always greatly appreciated.

With best wishes to and your loved ones for Christmas and for the new year. May 2016 bring consensual, safe and transparent data flows throughout the NHS and beyond.

See you next year – we really couldn’t do this without you. Best wishes to one and all.

Sam and Phil

medConfidential Bulletin, 23 October 2015

Quite a lot has happened over the past week. Events are still unfolding, but there has been progress in three key areas.

What just happened?

This week saw the UK’s largest online pharmacy, Pharmacy2U, fined £130,000 for concealing its sale of names and addresses of NHS patients to quacks and charlatans. Quite literally – the companies who bought patients details were selling “alternative” treatments and lottery scams.

Not only did they sell the data; Pharmacy2U has been unable to confirm whether the company kept, or can reconstruct, any records as to whose data they sold. Clearly, the private sector has joined NHS England in ignoring HSCIC’s lessons about data releases, following our work over the past two years.

A blanket, criminal ban on marketing to patients is the only way to prevent these predators, quacks and charlatans buying patients’ names and addresses for 8p a time, and scamming them out of money – or health. For, as the ICO’s Penalty Notice points out:

49. It is possible that some customers, who received marketing material from Woods Supplements, after being prescribed medication by a doctor, may have stopped taking their prescribed medication and spent money on products that were subject to the ASA adjudication in relation to misleading advertising and unauthorised health claims.

In light of the ICO’s determination, in regard of serious breaches of the Data Protection Act, medConfidential has written to the relevant medical regulators and professional bodies, asking for them to consider appropriate action within their various remits.

Given the number of patients who contact medConfidential having been marketed about specific conditions and diagnoses, this is clearly not an isolated incident but a systemic problem – and one that must be addressed at all levels.

We believe this underlines the need for all releases of patient data to be covered by personal Data Usage Reports (each and every secondary use being recorded by HSCIC), and highlights the need for a Data Incident Protocol (so that doctors and medical staff can provide the necessary assurance to patients), grounded in medical ethics not mere DPA compliance.

Apps Library

Last week, NHS England announced that its much-vaunted ‘Health Apps Library’ was being shut down, describing it as “a pilot programme”. Since 2013, it has been endorsing hundreds of apps to patients, now replaced by a set of pages on the NHS Choices website which promote a total of seven “online mental health services”.

Not quite what Jeremy Hunt was saying 6 weeks ago when “the Health Secretary stated his ambition to get a quarter of smartphone users – 15% of all NHS patients – routinely accessing NHS advice, services and medical records through apps by the end of the next financial year.”

Serious concerns have been raised over the past year by medConfidential and others with regard to the security, safety and suitability of dozens of apps which were endorsed in the now withdrawn Apps Library.

While we welcome the closure of this sprawling, unaccredited mess of apps and internet quackery, NHS England must now demonstrate how radically it has changed its approach to innovation if it wants to avoid destroying patient trust. Again.

A ban on marketing to patients

Last Friday saw the Second Reading of Chris Heaton-Harris MP’s Access to Medical Treatments (Innovation) Bill – substantively the same Bill as that previously introduced by marketing magnate Lord Saatchi. Alongside many other issues, the question of marketing to patients was raised. When asked: “Will [the database] be used for marketing to patients?” the Minister for Life Sciences, George Freeman answered: “The Government would oppose this being used as a marketing tool.”

Opposing it doesn’t prevent it happening. The ‘McDonald’s amendment’ in the Care Act last year created a loophole allowing data to be used for the purpose of “the promotion of health”, which clearly includes marketing.

medConfidential will continue to ask for a blanket, criminal ban on marketing to patients: explicit, informed prior consent (i.e. opt in) must be the only acceptable consent mechanism, for those who wish to receive marketing – with criminal penalties for those who refuse to comply.

The Government says it opposes marketing to patients, the Saatchi / Heaton-Harris ‘Medical Innovation’ Bill provides the legislative opportunity to implement this, and Pharmacy2U has shown why it is necessary; the remaining question is, will Jeremy Hunt act?

What’s next?

The Saatchi / Heaton-Harris Bill moves now to Committee stage, which we shall of course continue to monitor closely, revisiting as necessary the amendments we proposed prior to Second Reading.

Companies hiding behind the fig leaf of research regularly complain that “slow and costly access to anonymised patient data impedes academic research”. Quite aside from the continued abuse of the term “anonymised”, medConfidential believes that for privileged access to NHS patients’ medical data, filling in a form honestly shouldn’t be too high a bar.

And finally

We remain a tiny organisation, with minimal funding. If you can help us, please do – every penny received will be used on work you’ve just read about in this newsletter.

Please, if you can, make a donation via our PayPal page so that in future every flow of patient data into, within and out of the NHS and social care system can be consensual, safe and transparent.

Phil Booth and Sam Smith
medConfidential

23rd October 2015

medConfidential Bulletin, 11 October 2015

We hope you had a good summer. Ours was interesting, to say the least.

Parliament begins sitting again on Monday, and people will wake up to the stack of things we’ve got ready for them. But in the meanwhile, quite a lot has happened:

care.data “paused” yet again

Despite NHS England’s announcement in June that the care.data pathfinders would be starting at “the beginning of September”, the Secretary of State on 2 September effectively pushed back the restart to at least the end of January 2016.

The announcement (originally) said:

The National Data Guardian for health and care, Dame Fiona Caldicott, will… provide advice on the wording for a new model of consents and opt-outs to be used by the care.data programme that is so vital for the future of the NHS. The work will be completed in January…

A later “clarification” omits to mention care.data, but confirms that the National Data Guardian will develop “clear guidelines for the protection of personal data against which every NHS and care organisation will be held to account. She will provide advice on the wording for a new model of consents and opt-outs, to enable patients to make an informed decision about how their data will be shared.”

This work – a task NHS England singularly failed to complete in 3 years! – is to be completed in January, “…with recommendations on how the new guidelines can be assured through CQC inspections and NHS England commissioning processes.”  Apparently “no arbitrary deadlines” only applies to NHS England.

Where does this leave the care.data programme itself? Well, for starters…

Tim Kelsey ‘opts out’ of care.data

On 17 September, care.data mastermind Tim Kelsey announced his resignation as National Director for Patients and Information at NHS England. He has taken a job as commercial director for Telstra Health, a division of Australian telecomms provider Telstra Corp, to which in March this year DH sold Dr Foster Intelligence, the company Kelsey co-founded in 2000.

Tim Kelsey leaves the UK for Australia in December – an antipodean departure emulating that of the former NHS Director General of Information and head of Connecting for Health, Richard Granger, some years back – but his departure leaves a number of important issues unresolved.

As we learned from care.data Programme Board papers that were finally published in August, and from subsequent Board meetings of both NHS England (video) and HSCIC (cf. minutes on p10), the care.data Directions still aren’t finalised. Indeed, in responding to the Directions sent by NHS England, HSCIC’s Board identified five key unaddressed issues in addition to matters medConfidential had raised.

There’s also no sign of the CAG Regulations, due since the passage of the Care Act 2014 last summer. This means that promised safeguards such as “one strike and you’re out” sanctions for data abuse or misuse and, crucially, the closure of the commercial re-use loophole – persisted by the over-broad definition, “the promotion of health” – have still not been enacted.

What next?

Dame Fiona Caldicott is rewriting the language on consent for patients, which NHS England previously said was ‘ready to go’; HSCIC appears close to being able to ‘fix’ the 9Nu4 opt-out problem, currently affecting over a million patients, that NHS England dumped on it; and DH is finally drafting the Directions on Patient Objections, required to deliver on the Secretary of State’s 2013 promise to respect patient opt-outs.

Assuming the decision is to replace him, whoever replaces Mr Kelsey has a tough task and problems much wider than just care.data to resolve – the digital public health disaster that is the NHS Health Apps Library, to mention but one.

Patients and Registered Medical Professionals must be fairly represented throughout these processes and on all relevant bodies (the care.data Programme Board, for example, still has no public and patient representative) and both NHS England and DH must ensure that the new ‘worldview’ – drawing on lessons learned the hard way – is consistently applied across the health and care system.

medConfidential believes it is still possible to preserve confidentiality and consent in health and social care, and will continue to work to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. If they want to regain public confidence, it is up to the Government, DH and its arm’s-length bodies to now show they can do so, in a trustworthy way.

Statutory National Data Guardian

The Government has now published its consultation on the remit and functions of the National Data Guardian – the role currently fulfilled by Dame Fiona Caldicott. medConfidential welcomes this consultation, available here, which should lead to legislation that will ensure the strength and the remit of the National Data Guardian into the future.

medConfidential will be responding formally in due course, and we have published some initial observations on some of the significant questions raised.  We strongly encourage anyone with views on this vital statutory reinstatement of overarching, independent governance oversight to make a submission of their own before the 17 December deadline.

Another new database?

The ‘Medical Innovation Bill’, first proposed by advertising magnate Lord Saatchi, will shortly return in the form of a Private Members’ Bill by Chris Heaton-Harris MP, entitled the ‘Access to Medical Treatments (Innovation) Bill 2015-16’ (draft Bill here). The new Bill has its Second Reading in the Commons on 16 October.

medConfidential had some questions for Mr Heaton-Harris on the content of the draft Bill, and had a meeting with him last week. Our comments and suggestions arising from that meeting covered a ban on marketing to patients, Data Usage Reports (including our example of what one might look like) and an alternative approach that might deliver the policy intent of the Bill without creating another new database, or giving DH duplicates of powers it already has.

We shall watch the progress of the Bill with interest.

In other news…

medConfidential continues to draw attention to matters of importance to patients and – in our continued membership of the up-to-now somewhat ignored care.data Advisory Group and engagement with other groups, Boards, panels and processes – providing robust but constructive criticism to those who need it.

However, issues sometimes come up that have a wider impact than in just health and care. (You may remember All But Names, a few months back.) One such issue is Freedom of Information; a vital tool for all those who seek to hold the powerful to account. Sam and Phil have joined with others in the FOI community, including journalists, campaigners and citizens across the country in a project to #saveFOI.

The purpose of #saveFOI is to defend against threatened restrictions to Freedom of Information, proposed in the Terms of Reference for the FOI Commission – and by fees proposed in an earlier consultation affecting FOI appeals, that could mean charges of up to £600 to get information released.

The FOI Commission, already half-way through its appointed time scale, has only just put out a public call for evidence – and #saveFOI needs your help:

  • If you have used FOI to help change the world for better, let us know. #saveFOI is assembling a dossier of FOI requests which led to improvements in the world (precisely which of these is the Government seeking to prevent?) and also examples of the broad and/or eccentric interpretation of the exemptions currently in the Freedom of Information Act. We need YOUR stories.
  • Spread the word – on Twitter, on Facebook, on your blog and wherever else you can; the hashtag is in the name, #saveFOI, and the more people who speak up on the positive effects of FOI the harder it will be for the Government to restrict the transparency that is so vital to public trust.

Apologies for the length of this Bulletin. As we said at the top, a great deal has happened since our last newsletter – keeping us very busy.

We remain hugely grateful for the continuing support you and our other supporters provide, most especially the actions you take when we need you.

Phil Booth and Sam Smith
medConfidential

11th October 2015

medConfidential Bulletin, 18 July 2015

Are YOU their guinea-pig?

NHS England has finally allowed the lists of chaos.data pathfinder practices to be published. We are unsurprised that in one of the Leeds CCGs, only two GP practices have signed up.

medConfidential has been asking since last October for this information to be published, so that people can know if they and their family are to be guinea-pigs for ‘care.data round 3’. Some patients may also have questions as to why they have been volunteered in this way – so might some GPs – and we hope those supporting this mess have some sensible answers. (The boilerplate from NHS England hasn’t changed much, and isn’t very convincing.)

Now at least, patients who do have concerns can know that they need to make a choice very shortly about whether they trust a scheme that, 18 months after its last attempt, has still not honoured the opt-outs of over a million patients – a fact that NHS England is wilfully ignoring as it tries to push ahead with its still-flawed Directions for the care.data ‘pathfinder phase’.

HSCIC upgrades DAAG

As the now-statutory Confidentiality Advisory Group at the HRA is recruiting new experts, meanwhile, at the Information Centre (HSCIC), there have also been some changes.

HSCIC has listened hard, and apparently learned, and is currently consulting on a replacement for the Data Access Advisory Group (DAAG) which performed so poorly in previous years. The interim DAAG, which is operating at present, foreshadows a much more transparent, independent advisory group for the “release” of data which will be called IGARD.

You can check for yourself what the interim DAAG is doing as – unlike, for example, the care.data Programme Board – they publish their minutes and recommendations in a timely fashion on their webpage. The IGARD proposal is by no means perfect, so we have published medConfidential’s response to the consultation so you can see what we think – and maybe respond yourself. For your information, audits of commercial re-users of your medical records have begun to be published as well.

However the new IGARD will only consider dissemination of patient data, i.e. who gets to use it. The body that will now decide what data is extracted or ‘collected’ from your GP record – and the systems of every other care provider across the NHS – is a sub-committee of the National Information Board; a group called the Standardisation Committee for Care Information (SCCI).

But Who Collects What?

As you will see if you click on the link above, there’s a BIG problem with this; SCCI is not independent. Indeed, it is comprised of the very bodies that are some of the biggest ‘customers’ for data – and it has no equivalent properly transparent, independent advisory function to replace what GPES IAG, the Independent Advisory Group for the GP Extraction Service, used to do.

We say “used to do” because GPES IAG was abolished on 30 June. The one single body that stood up to care.data; the single independent group that pointed out serious problems with the multiple applications that NHS England submitted on care.data. Gone.

So the decision to suck up your data will from now on be taken by a sub-committee of the National Information Board (NIB, chaired by Tim Kelsey) which has just published a slew of ‘roadmaps’ for what it wants to do with your data in the coming years.

There is no sign of a consultation on SCCI, matching the current one for IGARD, and we strongly suspect we won’t see one – because Mr Kelsey and NHS England would far rather keep what they are doing with your data hidden from view.

Southend: “pioneering” intrusion & ignoring consent?

Elsewhere in the country, we are tracking and taking action on a number of ‘mini-care.datas’ – most urgently one in Southend, which we were compelled to report to the Information Commissioner’s Office (ICO) when a patient informed us that their GP had said that their existing opt-out would be ignored by Southend’s new “pioneer” scheme. The scheme apparently aims to use identifiable data from people’s GP-held medical records and other places to identify “high cost” patients, amongst other things.

NHS England is keeping the ICO busy with all its shenanigans; we have outstanding complaints on the million people’s (‘Type 2’ / 9Nu4) opt-outs from 2014 that have yet to be honoured, and have asked for a number of investigations – including flows of data that should be prevented by the ‘Type 1’ / 9Nu0 opt-out, but which don’t appear to be. And, of course, our Pharmacy2U complaint continues to work its way through the process.

What’s next?

Back in April/May, we spotted some serious problems with some of the ‘apps’ in the NHS Health Apps Library. We fed back using the forms provided, but heard nothing until the Major Projects Authority published its Annual Review in late June, which revealed all sorts of problems, and at which point two of the apps were silently removed.

We still have significant concerns about apps that are continuing to be endorsed in the Library right now, and have written to NHS England’s Caldicott Guardian to see what he will do about it.

For the first time, we have had a formal, substantive written reply from NHS England directly addressing concerns we raised in the care.data Advisory Group, on which we sit. We expect the reply to be published shortly. While some of the approaches NHS England has taken are only in its own interests, there is for the first time some extreme clarity and even some seemingly good news in parts.

What you can do?

Following the recent publication of the NIB’s “Personalised Health and Care 2020” Work Streams, a number of public events are being held around the country. medConfidential is attending as many (other) Work Stream meetings as we can cover, so if anyone did feel inclined to go along to one of these – and let us know how it went – we’d be most grateful:

  • MANCHESTER Tuesday, 21 July 2015, 10:00 – 15:30
  • BRISTOL Friday, 24 July 2015, 10:00 – 15:30
  • READING Tuesday, 28 July 2015, 10:00 – 15:30

(The first meeting in Sheffield happened earlier this week.)

In other news, we are very happy to report that medConfidential has been awarded a grant from the Joseph Rowntree Reform Trust Ltd, to help continue our work to defend the confidentiality and rights of the 900,000 – 1,600,000 people who have not had their opt-outs honoured – and, of course, everyone else as well.

We still need your help to ensure that every flow of patient data is made consensual, safe and transparent; it’s a mammoth task, of which care.data is just one component, so your support – including the information that many of you provide to us – is greatly appreciated. Thank you.





It’s shaping up to be a busy September. Phil is trying to persuade Sam to buy some (cheap-ish) ads outside NHS England’s office, but hasn’t had much success. What do you think should be on them?

Enjoy your summer; we’ll still be here.

Phil Booth and Sam Smith
medConfidential

18th July 2015