Ahead of Tuesday afternoon’s Commons Health Select Committee session with Jeremy Hunt, we’ve published a briefing with some current questions for the Secretary of State for Health. Hopefully the Committee will get chance to ask one of them.

As a result of the care.data Advisory Group public meeting in Manchester and recent press coverage, we have also written directly to both the Secretary of State and NHS England Chief Executive, Simon Stevens, about matters of increasing concern in NHS England’s approach to care.data. We look forward to public statements on the substantive issues we have raised, certainly before any ‘pathfinder’ is to proceed.

Last Friday, 5 December, HSCIC held another event as part of their post-Partridge Review process. The Information Centre has made a number of positive changes since the Partridge Review, and we hope this approach continues into the future. Unfortunately, HSCIC is often hampered by the decisions – or lack thereof – of NHS England, which has clearly not gone through the same level of reflection and renewal on consent and data issues since the care.data debacle earlier this year.

It remains to be seen if the Department of Health itself wishes to be more like HSCIC than NHS England. With the Secretary of State’s commitment that the role of National Data Guardian will be made a statutory body “at the earliest opportunity” and an amendment to Jeremy Lefroy’s Private Members’ Bill to do just that, the opportunity is there (see our Bill Committee briefing). Given weasel words that have been used before, it is actions that are required from the Secretary of State to deliver on his promising words.

We have also proposed a second clarification amendment to Jeremy Lefroy’s Bill – for a transparent register of every body authorised to make use of the NHS number – which we hope to see adopted at Committee Stage in the Commons, followed by Third Reading and all of the stages in the Lords before the election. And we note even a draft of the Regulations to define “the promotion of health”, sanctions for misuse and the rules and operation of the Confidentiality Advisory Group have yet to be published. There is a long way to go.

Speaking of a long way to go, we have still heard very little about the Department of Health’s proposed changes around “Accredited Safe Havens”. From what we do hear, we are increasingly concerned that they may allow data to be reused in “misguided, but well-meaning” ways, by entities that would cause significant concern were they to access data they might be a little too eager to get.

This week is the first Leadership Meeting of the Department of Health’s National Information Board (NIB) since the lay members were appointed. The event will be broadcast live on Tuesday morning. While usually paid to be one half of medConfidential, Sam Smith has been appointed by the Department of Health as a lay member – “like a non-executive director” – solely in a personal capacity, and sits on the Board on that basis.

It’s Christmas…

We deeply appreciate every donation you give us and especially the messages you include with them, whatever the amount… £5, £50 or more. We know each donation is an expression of individual support for what we are doing and the good wishes that come along with that.

medConfidential is a tiny organisation, hitting well above its weight, but to keep going we have to find around £60k per year. If you are – or know – someone who could make a substantial contribution towards our operating costs, please get in touch – coordinator@medconfidential.org .

Seasons Greetings to all – there’ll be one more update before the end of the year.

What just happened?

The MP for Stafford, Jeremy Lefroy, has introduced a Private Members’ Bill that would amongst other things mandate the use of NHS numbers as “consistent identifiers” across health and social care.

We have some concerns about potential unintended consequences of the proposed legislation but believe these can be addressed at the upcoming Committee stage, to which the Bill was sent this morning. We’ll be starting to engage with specific MPs on the Committee from next week.

What is in care.data?

As NHS England begins to ramp up again towards the ‘pathfinder’ stage (see our last newsletter) the new narrative seems to be that the data to be extracted from your GP record is only “codes”. Quite aside from the fact that each item will be associated with your NHS number, date of birth, full postcode, gender and ethnicity, these codes are not secret – they are published, and even used in adverts on the sides of trains.

To help you understand the breadth of the information to be extracted under the current version of care.data, we have put together an online tool to let you search and read the diagnoses, treatments and other ‘events’ described by the codes. All the events within the care.data GP dataset will have dates attached and be linked to every other medical diagnosis you have on the dataset, or that can be inferred from your prescriptions.

Click on the link below to search or browse the information that will be extracted from your GP record under care.data:

• codeList tool

N.B. The page may initially take a minute or so to load as it contains a significant amount of information.

Where does your data go, and why?

You should know where your medical records have gone, and why (longer version).

Whether you have opted in or out of care.data, there are a whole host of other data flows that relate both to direct care and to all the other things that happen around the NHS. You may have a Summary Care Record (SCR), and your hospital (HES) records may – or may not – be sent to various places depending on your consent where it is applied, and irrespective of your consent where it isn’t.

If you don’t know where your data has gone, there’s no way to know whether your wishes are being respected. And when there is a problem, there’s no way to know whether you personally were affected. In September, we produced an example of such a personalised data usage report [PDF] that we believe should be available to every patient.

Without a full commitment to individuals knowing where their data goes – and this must be for everyone, not just those who don’t choose to opt out – there will continue to be mistakes caused by secrecy that would be catastrophic to public trust in the handling of NHS patients’ data.

More details on data usage reports.

What next?

Though the care.data ‘pathfinder’ areas have been announced – Leeds (3 CCGs: West / North / South and East), Blackburn with Darwen CCG, West Hampshire CCG and Somerset CCG – we still don’t know which practices will be participating, and are waiting to see exactly what patients and GPs will be told.

With new Regulations and Directions still to be published, including clarification on the definition of “promotion of health” and sanctions for misuse, and with issues such as commercial re-use and access to patient data after the pathfinder stage still to be resolved, a number of crucial concerns must be addressed before the scheme moves forward.

We shall, of course, keep you updated as more information becomes available.

Meanwhile, the next Open Meeting of the care.data Advisory Group, on which medConfidential sits, will be held in central Manchester on 26 November. This will be the third in a series of public events where patients have the chance to ask questions about care.data and hear directly from NHS England. For more details or to register to attend, please visit the Open Meeting webpage.

And finally

Thank you for all your support – to those who have been sending us tip-offs and researching particular issues, to everyone involved in organising meetings and events, and to the volunteers who are helping us handle parts of the enormous workload that comes from tackling care.data and related issues on multiple fronts.

Please do pass this newsletter on to your friends and family. They can receive future editions by joining our mailing list at http://medconfidential.org/contact/

Phil Booth and Sam Smith
Coordinators, medConfidential
7th November 2014

In short, you should know where your medical records have gone, and why.

Whether you have opted in or out of care.data, there are a whole host of other data flows that relate both to direct care and to all the other things that happen around the NHS. You may have a Summary Care Record (SCR), and your hospital (HES) records may – or may not – be sent to various places depending on your consent where it is applied, and irrespective of your consent where it isn’t.

Some of these data flows are routine; for example, the NHS Business Services Authority sorts out paying prescriptions, so it gets a copy of that data so it can do its statutory job. But if you’re treated in a hospital the various organisations, both private and public, who provide services to that hospital may also get a copy of (some of) your medical record for various reasons.

Why does this matter for you?

If you don’t know where your data has gone, there’s no way to know whether your wishes are being respected. And when there is a problem, there’s no way to know whether you personally were affected.

Most SCR records will not be accessed or viewed when they shouldn’t have been, but without you knowing when your SCR was accessed and by which organisation, you have no way to know whether or not your confidential details have been protected. NHS bodies have that information, and can tell the Health and Social Care Information Centre.

Since the debacle in February, the HSCIC has undertaken a process of significant internal procedural change. In March 2014, it couldn’t say to whom it had sent data that month. By February 2015, it should be possible for HSCIC to tell each individual patient exactly where their medical record went, and why – both for their direct care and for the variety of other uses around the system.

There is, for example, a broad base of support for medical research. The UK wins more than its fair share of Nobel prizes and other measures of esteem, not to mention the development of new treatments to help all. As a patient, your medical records will have been used in a variety of these studies for decades, but until things began to change this summer there has been no way for you – as a patient who contributed – to receive the knowledge of the outcome of these research programmes, even though many years may have passed since your records were used.

HSCIC should remember, and can tell you. Academics and researchers are already required to tell their funders (and hence the public) of the outcomes of their research – in academic papers or other published outputs – so if they tell HSCIC, then HSCIC can tell you about the projects in which your data was involved, however small or large its contribution.

A data usage report (that covers all uses) means you won’t merely have to trust that your data was treated properly by the NHS. You can read your report, and know for yourself.

There are some parts of the health and care system that won’t and shouldn’t ask for NHS numbers, so these will not be included in the report – but if your NHS number is used, then it should be included.

If there are good reasons why something shouldn’t be included in the data usage report, then maybe the NHS number shouldn’t be used. If data can be linked then it likely will be linked at some point, and if this shouldn’t happen then there may be better measures that can be used to prevent linkage, such as not using the NHS number.

Why is a data usage report so important?

Data ‘wants’ to be copied. Without a full commitment to individuals knowing where their data goes – and this must be for everyone, not just those who don’t choose to opt out – there will continue to be mistakes caused by secrecy that are catastrophic to public trust in the handling of NHS patients’ data.

What might a data usage report look like?

In September, medConfidential produced an example of a personalised data usage report [278 kB PDF file] (edit – there’s a 2021 updated example now too). We understand that discussions have moved on and that some of the sections may be slightly different, but this is an active discussion we look forward to seeing happen.

Only with a data usage report, available to every patient, can care.data go forwards. With the emerging details of where patients’ data goes, and on what basis, this cannot be mishandled as so much of the care.data programme has been up to now.

This post was written in 2014 – there is an implementation update for 2015 and 2016, 2019, 2020, and 2021.

On 7 October, NHS England announced the four areas in which the care.data ‘pathfinders’ (pilots) will go ahead. They are:

• Leeds (3 CCGs: West / North / South and East)
• Blackburn with Darwen CCG
• West Hampshire CCG
• Somerset CCG

The announcement does not say which individual GP practices will be involved, and provides no actual date for when the pathfinders will start.

At this point we still don’t know exactly what GPs and patients in pathfinder practices will be told – or even if every patient will be written to directly with a form. NHS England says practices will send “individual letters, emails or texts” to patients, but that these are amongst “a variety of communications” that will be tested. A text notification is hardly better than a junk mail leaflet.

There are other significant unresolved issues:

1. Given the widespread confusion between care.data – which is for ‘secondary use’ only, i.e. purposes other than the direct care of the patient – and the Summary Care Record (SCR), will people who were confused between SCR, which may be used in direct care, and care.data, which will not, be made very clear about their existing consent settings?
2. What will patients who opted out in January or February, or since, be told? Will NHS England require any patients to visit their GP practice to opt out? Will an online opt out be provided?
3. Patients who opt out should have this respected by the Health and Social Care Information Centre (i.e. no data will be extracted from their GP record) but when will the opt out – currently the gift of the Secretary of State – be put on a statutory basis?
4. The Government claims to have added legal protections but when will the Care Act Regulations detailing crucial definitions such as use “for the promotion of health” and sanctions for misuse be laid before Parliament?
5. Who have the Department of Health consulted on the Care Act Regulations, to be implemented by HSCIC and the Health Research Authority, which are the basis for NHS England’s assurances to patients?
6. Claims to rule out “solely commercial” use look like a loophole; will any company which gets data from the HSCIC still be able to sell it on for ‘re-use’ by third parties? Will “the promotion of health” still permit uses such as marketing?
7. When will the new contracts and agreements be in place? Drafts on the HSCIC website still appear to permit commercial re-use and make no mention of ‘one strike and you’re out’ sanctions or access via safe settings.
8. The planned secure data facility (‘safe setting‘) at HSCIC to hold linked GP and hospital data is not yet built. What will patients be told about the use of their data?
9. Where will NHS patients’ individual-level data go in the longer term? Will their data ever be permitted to leave the secure data facility in any form other than publishable aggregated statistics?
10. As NHS England doesn’t know what will be effective, what principles will be followed to correct deficiencies in communications for any particular trial? medConfidential supports managed testing of processes, but we have seen no commitments to address trials that go less well.
11. What will patients and GPs be told about future changes to the care.data programme?

With so many unanswered questions and no detail at all on some of the most obvious – such as “Is my practice involved?” or “When will this happen?” – patients have every right to feel concerned. Unfortunately it seems the Director of Patients and Information still hasn’t provided patients with all the information they need.

While care.data is still on “pause”, it is clear that NHS England intends to proceed with the programme. Announcement of the ‘pathfinders’ (pilots) in between 100 and 500 GP practices, spread across up to 4 CCGs across England, is expected within the next few weeks.

medConfidential continues to insist that, unlike last time and as an absolute minimum, every patient must be written to and be given an opt out form. It remains to be seen if some practices will run an opt-in, as the BMA voted earlier this summer.

But when patients are written to, what will they be told?

One thing that may have escaped many people’s attention is that the information NHS England intends to extract from the GP records of every man, woman and child in the country is not permanently fixed. It has already been noted that the care.data ‘code set’ [2.3MB Excel spreadsheet] excludes musculoskeletal conditions – a notable absence, given these are amongst the top reasons why people visit their GP.

If care.data (or whatever replaces it) does proceed then, over time, the information it gathers will quite clearly change. This may be to do with ‘missing’ areas such as musculoskeletal conditions, or even new conditions that can be recorded – Read Codes are updated twice annually. And NHS England has already declared in its usual unsubtle fashion that it intends to include “sensitive” conditions in due course.

Setting aside for the moment the inclusion of any particular condition, what is absolutely necessary is that any and all changes to the scope of care.data must have robust and transparent oversight and governance processes, and these processes must be clear before patients are asked for their consent.

Whether patients are asked to opt in or opt out it must be made absolutely clear what data will be used, for what purposes, and the processes by which these decisions can be changed by NHS England.

An open and unambiguous change process is necessary to ensure that NHS England’s promises to patients are meaningful – “We will follow this process” – and that GPs can say to their patients, “We will ensure they do”. To this end, medConfidential has written a short paper outlining the sort of process that we feel would be appropriate.

Any such process must be straightforward and understandable and should not merely be taken on trust, but based on knowledge. Patients or doctors with any concerns should be able to read the document containing the process that NHS England has agreed to follow in advance of them accepting that promise.

If care.data is to proceed, there must be a process in which the public can have confidence – and in which the public can be seen to have confidence – for how the programme changes over the next years, or decades. It’s not just that modifications should not be sneaked through the backdoor; the process must not have a back door.

Despite the name, this consultation has nothing to do with care.data, but has to do with commissioning, care and data, which was allegedly the point of care.data. Yet another example of, when a major problem is confused and fundamentally flawed, those flaws get copied into random other places because of the confusion that assumes that the people running care.data were competent.

Oops.

The DH consultation itself was relatively confusing, and our response was constituted in 5 parts, 2 of which had been published before. We’ve also recently created two supplementary submissions, in response to specific discussions with DH on topics where it wasn’t entirely clear that what academia and we ourselves meant by a term, is what DH considered it to mean. Longitudinal studies form an important part of research, but you can’t just leave some data lying around a safe setting and plead that it’s a longitudinal study.

Special pleading for your medical records

The Nuffield Trust’s submission says: “We strongly support the recognition that appropriately pseudonymised data used for research, service evaluation and other approved purposes are not ‘personal data’ within the meaning of the Data Protection Act.”

It is “recognitions” like that, that led to the debacle of HES being used for purposes that the public disagreed with. We’re not sure that grabbing data at any point and pretending that individual level data is not identifiable is likely to increase public confidence.

Other organisations who don’t gain direct benefit from special pleading, such as the Royal Statistical Society and British Computer Society have made somewhat more balanced submissions.

The BCS submission makes an interesting point, that should any non-public entities to have the ability to become an ASH, or any form of safe setting, BCS would expect them to explicitly agree to the same level of audit that the public sector has: no notice inspections.

Our submission documents, in order for sequential reading:

• Overview
• A substantive proposal for safe settings
• Implementing a safe setting (HRRDL) – ASH version
• Getting to safe settings from the status quo
• Response to the consultation
• Supplementary 1 – Longitudinal Studies
• Supplementary 2 – The Farr Institutes

In recent weeks, we have been asking why NHS England has refused to say whether they have written to all CCGs regarding becoming a care.data pathfinder. We still have no answer.

medConfidential has now written to all CCGs (and their corresponding Healthwatch organisations), raising “a number of issues” beyond just care.data, “which may significantly affect patients and healthcare providers within your Clinical Commissioning Group in coming months. Issues raised include:

• care.data pathfinders
• Storage of patient objections
• Respecting patient dissent
• Coerced ‘consent’

A copy of the letter is available here (footnote listing known research databases now updated, with links).

We look forward to working with CCGs as they consider the questions raised and implications for their CCG and GPs.