Category Archives: News

medConfidential Bulletin, 7 November 2014

What just happened?

The MP for Stafford, Jeremy Lefroy, has introduced a Private Members’ Bill that would amongst other things mandate the use of NHS numbers as “consistent identifiers” across health and social care.

We have some concerns about potential unintended consequences of the proposed legislation but believe these can be addressed at the upcoming Committee stage, to which the Bill was sent this morning. We’ll be starting to engage with specific MPs on the Committee from next week.

What is in care.data?

As NHS England begins to ramp up again towards the ‘pathfinder’ stage (see our last newsletter) the new narrative seems to be that the data to be extracted from your GP record is only “codes”. Quite aside from the fact that each item will be associated with your NHS number, date of birth, full postcode, gender and ethnicity, these codes are not secret – they are published, and even used in adverts on the sides of trains.

To help you understand the breadth of the information to be extracted under the current version of care.data, we have put together an online tool to let you search and read the diagnoses, treatments and other ‘events’ described by the codes. All the events within the care.data GP dataset will have dates attached and be linked to every other medical diagnosis you have on the dataset, or that can be inferred from your prescriptions.

Click on the link below to search or browse the information that will be extracted from your GP record under care.data:

N.B. The page may initially take a minute or so to load as it contains a significant amount of information.

Where does your data go, and why?

You should know where your medical records have gone, and why (longer version).

Whether you have opted in or out of care.data, there are a whole host of other data flows that relate both to direct care and to all the other things that happen around the NHS. You may have a Summary Care Record (SCR), and your hospital (HES) records may – or may not – be sent to various places depending on your consent where it is applied, and irrespective of your consent where it isn’t.

If you don’t know where your data has gone, there’s no way to know whether your wishes are being respected. And when there is a problem, there’s no way to know whether you personally were affected. In September, we produced an example of such a personalised data usage report [PDF] that we believe should be available to every patient.

Without a full commitment to individuals knowing where their data goes – and this must be for everyone, not just those who don’t choose to opt out – there will continue to be mistakes caused by secrecy that would be catastrophic to public trust in the handling of NHS patients’ data.

More details on data usage reports.

What next?

Though the care.data ‘pathfinder’ areas have been announced – Leeds (3 CCGs: West / North / South and East), Blackburn with Darwen CCG, West Hampshire CCG and Somerset CCG – we still don’t know which practices will be participating, and are waiting to see exactly what patients and GPs will be told.

With new Regulations and Directions still to be published, including clarification on the definition of “promotion of health” and sanctions for misuse, and with issues such as commercial re-use and access to patient data after the pathfinder stage still to be resolved, a number of crucial concerns must be addressed before the scheme moves forward.

We shall, of course, keep you updated as more information becomes available.

Meanwhile, the next Open Meeting of the care.data Advisory Group, on which medConfidential sits, will be held in central Manchester on 26 November. This will be the third in a series of public events where patients have the chance to ask questions about care.data and hear directly from NHS England. For more details or to register to attend, please visit the Open Meeting webpage.

And finally

Thank you for all your support – to those who have been sending us tip-offs and researching particular issues, to everyone involved in organising meetings and events, and to the volunteers who are helping us handle parts of the enormous workload that comes from tackling care.data and related issues on multiple fronts.

Please do pass this newsletter on to your friends and family. They can receive future editions by joining our mailing list at http://medconfidential.org/contact/

Phil Booth and Sam Smith
Coordinators, medConfidential
7th November 2014

What is a data usage report?

In short, you should know where your medical records have gone, and why.

Whether you have opted in or out of care.data, there are a whole host of other data flows that relate both to direct care and to all the other things that happen around the NHS. You may have a Summary Care Record (SCR), and your hospital (HES) records may – or may not – be sent to various places depending on your consent where it is applied, and irrespective of your consent where it isn’t.

Some of these data flows are routine; for example, the NHS Business Services Authority sorts out paying prescriptions, so it gets a copy of that data so it can do its statutory job. But if you’re treated in a hospital the various organisations, both private and public, who provide services to that hospital may also get a copy of (some of) your medical record for various reasons.

Why does this matter for you?

If you don’t know where your data has gone, there’s no way to know whether your wishes are being respected. And when there is a problem, there’s no way to know whether you personally were affected.

Most SCR records will not be accessed or viewed when they shouldn’t have been, but without you knowing when your SCR was accessed and by which organisation, you have no way to know whether or not your confidential details have been protected. NHS bodies have that information, and can tell the Health and Social Care Information Centre.

Since the debacle in February, the HSCIC has undertaken a process of significant internal procedural change. In March 2014, it couldn’t say to whom it had sent data that month. By February 2015, it should be possible for HSCIC to tell each individual patient exactly where their medical record went, and why – both for their direct care and for the variety of other uses around the system.

There is, for example, a broad base of support for medical research. The UK wins more than its fair share of Nobel prizes and other measures of esteem, not to mention the development of new treatments to help all. As a patient, your medical records will have been used in a variety of these studies for decades, but until things began to change this summer there has been no way for you – as a patient who contributed – to receive the knowledge of the outcome of these research programmes, even though many years may have passed since your records were used.

HSCIC should remember, and can tell you. Academics and researchers are already required to tell their funders (and hence the public) of the outcomes of their research – in academic papers or other published outputs – so if they tell HSCIC, then HSCIC can tell you about the projects in which your data was involved, however small or large its contribution.

A data usage report (that covers all uses) means you won’t merely have to trust that your data was treated properly by the NHS. You can read your report, and know for yourself.

There are some parts of the health and care system that won’t and shouldn’t ask for NHS numbers, so these will not be included in the report – but if your NHS number is used, then it should be included.

If there are good reasons why something shouldn’t be included in the data usage report, then maybe the NHS number shouldn’t be used. If data can be linked then it likely will be linked at some point, and if this shouldn’t happen then there may be better measures that can be used to prevent linkage, such as not using the NHS number.

Why is a data usage report so important?

Data ‘wants’ to be copied. Without a full commitment to individuals knowing where their data goes – and this must be for everyone, not just those who don’t choose to opt out – there will continue to be mistakes caused by secrecy that are catastrophic to public trust in the handling of NHS patients’ data.

What might a data usage report look like?

In September, medConfidential produced an example of a personalised data usage report [278 kB PDF file] (edit – there’s a 2021 updated example now too). We understand that discussions have moved on and that some of the sections may be slightly different, but this is an active discussion we look forward to seeing happen.

Only with a data usage report, available to every patient, can care.data go forwards. With the emerging details of where patients’ data goes, and on what basis, this cannot be mishandled as so much of the care.data programme has been up to now.

This post was written in 2014 – there is an implementation update for 2015 and 2016, 2019, 2020, and 2021.

medConfidential Bulletin, 10 October 2014

What just happened?

On Tuesday NHS England announced the care.data ‘pathfinder’ areas, but didn’t provide answers to basic questions like “Is it happening in my practice?” and “When will it start?” We await more details on the pathfinders, including exactly what patients (and GPs) will be told.

The four care.data pathfinder areas are:

  • Leeds (3 CCGs: West / North / South and East)
  • Blackburn with Darwen CCG
  • West Hampshire CCG
  • Somerset CCG

We sent out a background briefing on Monday with a list of questions to which we expected answers, but when none were forthcoming there was a bit of a storm in the media.

Where does your data go?

On Monday HSCIC published its latest quarterly data release register, covering the period April – June 2014. No insurers this time, but at least one recipient (Northgate) declares that its “market may also include commercial organisations” which highlights the dodginess of claims by officials that “solely commercial use” will be prohibited. Information intermediaries that service both NHS and commercial customers aren’t solely commercial, after all.

Worryingly, HSCIC’s new contracts don’t yet exclude commercial re-use. And with the over-broad “promotion of health” clause in the Care Act – the ‘McDonalds amendment’ we pointed out would include promotion through advertising, access by pharmaceutical marketers, etc. – there’s still a long way to go before patients can be satisfied that all the loopholes are closed.

Earlier this month, an updated care.data addendum in which NHS England sought to increase the types of uses to which patient data can be put, and the range of organisations and companies that can access it, was considered by the Independent Advisory Group for GPES (the system by which data is extracted from GP practices).

The addendum was approved, with conditions – including clearer definitions of “research” and “health intelligence”, independent oversight and further consideration of the expansion of purposes once the pathfinders are complete. Like us, IAG have significant concerns about the “lack of clarity about the data disclosure” after the pathfinder stage.

If patients are to be promised that all individual-level data extracted and linked during the pathfinders will be kept in HSCIC’s secure data facility, accessible to a small number of approved analysts, what’s the rush to widen future access now?

Opt-in / opt-out

Earlier in the summer, the BMA’s Annual Representatives Meeting voted that care.data should operate on a patient opt-in basis. While it does not appear that NHS England will be testing opt-in vs. opt-out approaches in the pathfinders, a representative of the Information Commissioner’s Office said at a recent conference that GPs could discharge their obligations under the Data Protection Act if they opt out their patients by default, so long as they put equivalent effort into contacting patients offering them an opt-in as they would have done for an opt-out.

What next?

Now the pathfinder areas have been announced, we are pushing to see exactly what patients (and GPs) will be told. In the meanwhile, if you do have concerns about care.data and if you haven’t done so already, our advice continues to be to opt out now. N.B. If you opted out of care.data earlier this year and had the ‘dissent codes’ added to your GP record, these will still work so you should not have to opt out again.

In the next few weeks, we expect Regulations to the Care Act – including further definition of the “promotion of health” clause, sanctions for data misuse and the operation of the Confidentiality Advisory Group (CAG) – to be laid before Parliament. We’ll publish more information as we have it.

Also coming up in Parliament is the Health and Social Care (Safety and Quality) Bill, Jeremy Lefroy MP’s Private Members’ Bill, scheduled for Second Reading on 7th November. No documents have been published as yet, but we intend to pay close attention to a Bill that intends “to make provision about the integration of information relating to users of health and social care services in England” and “to make provision about the sharing of information relating to an individual for the purposes of providing that individual with health or social care services in England”.

How can you help?

If you are registered with a GP in one of the pathfinder areas, we suggest you e-mail or write to your local HealthWatch and ask when the local public meeting will be held to talk about care.data. Please do let us know how you get on.

We are a tiny under-resourced campaign, but if you would like someone from medConfidential to address a meeting of your patient representative group or local HealthWatch please get in touch via coordinator@medconfidential.org. We’ll do our best to provide a speaker, or slides for you to use.

And finally

There is a great deal of confusion about forms relating to the Summary Care Record, local data sharing and care.data – some patients report having three or even four separate opt outs at their GP practice. One even offered a “Summary Care Data” opt out form. To be very clear, the Summary Care Record (SCR) is entirely separate from care.data:

  • a Summary Care Record contains your last 6 months’ prescriptions, any major allergies or adverse drug reactions you may have and any information you have asked your GP to put on it. It is for access by medical staff providing you with direct care, and they should normally ask your permission before viewing it. The official form to opt out of having an SCR is here.
  • There may also be local data-sharing arrangements in your area, usually for direct care purposes such as sharing information between your GP and a local hospital. Your practice should be able to tell you more about these, and provide an opt out form.
  • care.data is all about ‘secondary use’ of your medical information – it has nothing to do with your direct care. No data has yet been extracted under the care.data scheme, so if you have concerns you can opt out now. You can always opt in later. There is no official opt out form, so we have provided a form or a letter for you to send to your GP.

If in doubt, please do talk to your practice staff but be aware that GPs and practice managers have not been told anything more about care.data since February.

Please do also forward this newsletter to your friends and family. They can receive future editions by joining our mailing list at http://medconfidential.org/contact/

Phil Booth and Sam Smith
Coordinators, medConfidential
10th October 2014

care.data ‘pathfinders’ announced – but what don’t we know?

On 7 October, NHS England announced the four areas in which the care.data ‘pathfinders’ (pilots) will go ahead. They are:

The announcement does not say which individual GP practices will be involved, and provides no actual date for when the pathfinders will start.

At this point we still don’t know exactly what GPs and patients in pathfinder practices will be told – or even if every patient will be written to directly with a form. NHS England says practices will send “individual letters, emails or texts” to patients, but that these are amongst “a variety of communications” that will be tested. A text notification is hardly better than a junk mail leaflet.

There are other significant unresolved issues:

  1. Given the widespread confusion between care.data – which is for ‘secondary use’ only, i.e. purposes other than the direct care of the patient – and the Summary Care Record (SCR), will people who were confused between SCR, which may be used in direct care, and care.data, which will not, be made very clear about their existing consent settings?
  2. What will patients who opted out in January or February, or since, be told? Will NHS England require any patients to visit their GP practice to opt out? Will an online opt out be provided?
  3. Patients who opt out should have this respected by the Health and Social Care Information Centre (i.e. no data will be extracted from their GP record) but when will the opt out – currently the gift of the Secretary of State – be put on a statutory basis?
  4. The Government claims to have added legal protections but when will the Care Act Regulations detailing crucial definitions such as use “for the promotion of health” and sanctions for misuse be laid before Parliament?
  5. Who have the Department of Health consulted on the Care Act Regulations, to be implemented by HSCIC and the Health Research Authority, which are the basis for NHS England’s assurances to patients?
  6. Claims to rule out “solely commercial” use look like a loophole; will any company which gets data from the HSCIC still be able to sell it on for ‘re-use’ by third parties? Will “the promotion of health” still permit uses such as marketing?
  7. When will the new contracts and agreements be in place? Drafts on the HSCIC website still appear to permit commercial re-use and make no mention of ‘one strike and you’re out’ sanctions or access via safe settings.
  8. The planned secure data facility (‘safe setting‘) at HSCIC to hold linked GP and hospital data is not yet built. What will patients be told about the use of their data?
  9. Where will NHS patients’ individual-level data go in the longer term? Will their data ever be permitted to leave the secure data facility in any form other than publishable aggregated statistics?
  10. As NHS England doesn’t know what will be effective, what principles will be followed to correct deficiencies in communications for any particular trial? medConfidential supports managed testing of processes, but we have seen no commitments to address trials that go less well.
  11. What will patients and GPs be told about future changes to the care.data programme?

With so many unanswered questions and no detail at all on some of the most obvious – such as “Is my practice involved?” or “When will this happen?” – patients have every right to feel concerned. Unfortunately it seems the Director of Patients and Information still hasn’t provided patients with all the information they need.

 

Expanding the scope of care.data; no “back door” changes

While care.data is still on “pause”, it is clear that NHS England intends to proceed with the programme. Announcement of the ‘pathfinders’ (pilots) in between 100 and 500 GP practices, spread across up to 4 CCGs across England, is expected within the next few weeks.

medConfidential continues to insist that, unlike last time and as an absolute minimum, every patient must be written to and be given an opt out form. It remains to be seen if some practices will run an opt-in, as the BMA voted earlier this summer.

But when patients are written to, what will they be told?

One thing that may have escaped many people’s attention is that the information NHS England intends to extract from the GP records of every man, woman and child in the country is not permanently fixed. It has already been noted that the care.data ‘code set’ [2.3MB Excel spreadsheet] excludes musculoskeletal conditions – a notable absence, given these are amongst the top reasons why people visit their GP.

If care.data (or whatever replaces it) does proceed then, over time, the information it gathers will quite clearly change. This may be to do with ‘missing’ areas such as musculoskeletal conditions, or even new conditions that can be recorded – Read Codes are updated twice annually. And NHS England has already declared in its usual unsubtle fashion that it intends to include “sensitive” conditions in due course.

Setting aside for the moment the inclusion of any particular condition, what is absolutely necessary is that any and all changes to the scope of care.data must have robust and transparent oversight and governance processes, and these processes must be clear before patients are asked for their consent.

Whether patients are asked to opt in or opt out it must be made absolutely clear what data will be used, for what purposes, and the processes by which these decisions can be changed by NHS England.

An open and unambiguous change process is necessary to ensure that NHS England’s promises to patients are meaningful – “We will follow this process” – and that GPs can say to their patients, “We will ensure they do”. To this end, medConfidential has written a short paper outlining the sort of process that we feel would be appropriate.

Any such process must be straightforward and understandable and should not merely be taken on trust, but based on knowledge. Patients or doctors with any concerns should be able to read the document containing the process that NHS England has agreed to follow in advance of them accepting that promise.

If care.data is to proceed, there must be a process in which the public can have confidence – and in which the public can be seen to have confidence – for how the programme changes over the next years, or decades. It’s not just that modifications should not be sneaked through the backdoor; the process must not have a back door.

medConfidential Bulletin, 5 September 2014

It’s been just over 6 months since NHS England pressed “pause” on care.data, so we thought now would be a good time to provide a round-up of what’s been happening. Some things have changed since you last heard from us, some things unfortunately haven’t.

What just happened?

Minutes published by the revived Data Access Advisory Group (DAAG) at HSCIC earlier this week revealed that an unnamed organisation has been using HES and ONS data “for commercial activity in addition to the purposes they had stated when applying for approval”.

This is deeply concerning, especially given repeated assurances by Ministers and officials that commercial exploitation of NHS patients’ data will not be permitted. We wrote with urgent questions on Tuesday and are waiting for a reply; it seems that while the ‘new world’ detection regime may be beginning to work, we are still stuck with ‘old world’ incident handling.

This is precisely the sort of offence that ‘one strike’ sanctions would address; the perpetrator would have to delete the data, provide proof that it had been deleted, would have their current contract(s) revoked, and would not receive data in future. Merely “asking the data recipient to cease using the data” shows how far we still have to go.

Consensual

A survey by GP magazine Pulse over the summer suggests nearly one third of GPs would opt their patients out of care.data if NHS England ignores the BMA’s vote for the scheme to be opt-in. GPs across the country report that patients are continuing to opt out; one in St Helens confirms that “opt outs in her surgery currently stood at 20%”. And even NHS England’s Deputy Medical Director has called for parts of care.data to be opt-in.

medConfidential proposed a way in which NHS England could empower GPs who want to protect their patients’ confidentiality and also allow consensual research, but it appears the official still pushing the scheme just doesn’t want to.

Safe

We’ve said many times that the nation’s medical records are more valuable than the Crown Jewels; it appears parts of the system have got the message, and the Health Select Committee was given assurances (Q433 & Q504) that – for the ‘pathfinder’ phase at least – care.data extracts will only go into a ‘safe setting’. This is the secure data facility that some have called a “fume cupboard” and which we have previously discussed as ‘HRRDL’, a tightly locked-down Health Remote Research Data Laboratory.

We have to hold them to these assurances, and one of our current tasks is to make all parts of the system understand and respect the promises some parts have now made. Meanwhile, there have been a slew of consultations to respond to – hardly light beach reading! – including the Department of Health’s on ‘Accredited Safe Havens’, HSCIC’s Confidentiality Code of Practice and new data sharing contracts and agreements. And we continue to point out problems and ask difficult questions when attending the care.data advisory group.

Transparent

Unfortunately NHS England’s senior staff are still clueless on this front. They won’t confirm whether every patient will be written to, with an opt out form. We keep asking. They won’t even confirm if they wrote to every Clinical Commissioning Group asking if they’d like to volunteer to be a care.data ‘pathfinder’. So we wrote to the CCGs ourselves, who confirmed that NHS England hadn’t.

Meanwhile, the search for a replacement ‘Senior Responsible Officer’ for care.data continues. It’s the archetypical hot potato. We had some questions for candidates to ask the panel at interview. Things at HSCIC seem a bit more organised, and – with certain unfortunate exceptions – there are real signs they are working to improve their systems and procedures. But ongoing scrutiny is required.

Over the summer, we learnt more about the operations of the ‘National Back Office’ and access by law enforcement agencies – first outed in the Partridge Review, with more detail in July’s Data Release Register. Given the co-location of so much sensitive data at Smedley Hydro, it may be the permanent solution for this would be to move birth, marriage and death registrations out of the Home Office.

Where next?

Details of the care.data ‘pathfinders’ of “between 100 and 500 GP practices in the autumn” are still sketchy. NHS England won’t – or can’t – say where they will be, when they will start, or what exactly they’ll be doing. We’ll update you as soon as we know anything definite.

Meanwhile, Phil will be speaking at a number of events in coming weeks, including:

We are a tiny under-resourced campaign, but if you would like someone from medConfidential to address a meeting of your patient representative group or local HealthWatch please get in touch via coordinator@medconfidential.org. We’ll do our best to provide a speaker.

How can you help?

We still need your help spotting inappropriate consent forms – and this is not just about enforced Subject Access Requests by insurance companies. We’ve seen forms requiring patients to agree to having their data used for purposes other than their medical care or to having their medical information processed overseas. Help us root out these abuses of consent and confidentiality wherever they occur.

And finally

medConfidential’s work continues. For example, we are pushing for patient-level audit trails – not just a quarterly data release register – that would mean you could see exactly how your data, your experiences, your life, had contributed to particular pieces of research, and read the papers from the researchers that advance knowledge.

What we do may not always be headline-hitting, but we believe keeping every use of your medical information consensual, safe and transparent is essential. There are benefits to be had, but only if things are done right.

Please do forward this newsletter to your friends and family. They can receive future editions by joining our mailing list at http://medconfidential.org/contact/

Phil Booth and Sam Smith
Coordinators, medConfidential
5th September 2014

The Department of Health: Protecting Personal Health and Care Data?

Despite the name, this consultation has nothing to do with care.data, but has to do with commissioning, care and data, which was allegedly the point of care.data. Yet another example of, when a major problem is confused and fundamentally flawed, those flaws get copied into random other places because of the confusion that assumes that the people running care.data were competent.

Oops.

The DH consultation itself was relatively confusing, and our response was constituted in 5 parts, 2 of which had been published before. We’ve also recently created two supplementary submissions, in response to specific discussions with DH on topics where it wasn’t entirely clear that what academia and we ourselves meant by a term, is what DH considered it to mean. Longitudinal studies form an important part of research, but you can’t just leave some data lying around a safe setting and plead that it’s a longitudinal study.

Special pleading for your medical records

The Nuffield Trust’s submission says: “We strongly support the recognition that appropriately pseudonymised data used for research, service evaluation and other approved purposes are not ‘personal data’ within the meaning of the Data Protection Act.”

It is “recognitions” like that, that led to the debacle of HES being used for purposes that the public disagreed with. We’re not sure that grabbing data at any point and pretending that individual level data is not identifiable is likely to increase public confidence.

Other organisations who don’t gain direct benefit from special pleading, such as the Royal Statistical Society and British Computer Society have made somewhat more balanced submissions.

The BCS submission makes an interesting point, that should any non-public entities to have the ability to become an ASH, or any form of safe setting, BCS would expect them to explicitly agree to the same level of audit that the public sector has: no notice inspections.

Our submission documents, in order for sequential reading:

Letter from medConfidential to all CCGs and Healthwatches

In recent weeks, we have been asking why NHS England has refused to say whether they have written to all CCGs regarding becoming a care.data pathfinder. We still have no answer.

medConfidential has now written to all CCGs (and their corresponding Healthwatch organisations), raising “a number of issues” beyond just care.data, “which may significantly affect patients and healthcare providers within your Clinical Commissioning Group in coming months. Issues raised include:

  • care.data pathfinders
  • Storage of patient objections
  • Respecting patient dissent
  • Coerced ‘consent’

A copy of the letter is available here (footnote listing known research databases now updated, with links).

We look forward to working with CCGs as they consider the questions raised and implications for their CCG and GPs.

A brief Early August update – things not to read on the beach

Question: Did NHS England contact CCGs inviting them to become care.data pathfinders?

It seems all of the NHS England press office are relaxing under a tree, as they wont answer that question. In two other care.data articles also published yesterday, Pulse reports the ICO’s view that responsiblities are “good customer service” and that doctors are getting closer to opting their patients out.

A quote from a GP in that last article says, “opt outs in her surgery currently stood at 20%”, which is a significant amount of the population in that area, when at best only 50% will likely have heard of it. Tim Kelsey may argue “there is no percentage at which this becomes useful or not”, yet the statisticians may begin to have views as more figures are revealed. We’ve previously posted some thoughts on how NHS England can choose to empower GPs and also allow consensual research. Maybe NHS England can read that on their holidays, while figuring out how to be very clear and transparent with everyone on what they’re doing. Secrecy and confusion benefits no one.

The current level of confusion is highlighted by one GP who says patients initially think it a “good idea if the emergency doctors knew about their medical conditions.”. That of course, is unrelated to of care.data, which has no direct care applications at all, but a feature of an entirely different scheme, with a different set of problems and consent questions, the Summary Care Record (as it was known before being rebranded due to it being “toxic”). We can see why even GPs get confused though.

As NHS England recommunicates with GPs, hopefully they wont continue to cross-sell the benefits of other programmes as benefits of care.data. NHS England have no excuse for confusion remaining, as they near the end of the 6 month pause that was supposedly to solve all the problems

Consultations

As everyone’s on holiday, there are a number of open consultations at the moment that may be of interest:

  1. Department of Health on Accredited Safe Havens. We’ve posted our outline replacement proposal here before, and will post a fuller submission when it’s completed. Deadline, this Friday
  2. HSCIC Confidentiality Code of Practice. The long awaited HSCIC Confidentiality Code of Practice is out for consultation. Deadline: Next week
  3. And a new one, which isn’t so much of a formal consultation as asking a bunch of people who have shown some interest, is on the new HSCIC contracts and agreements for data sharing, including rules for sub-licensing. We’ll have quite a lot of questions about these. If you yourself have any comments on either the drafts or documents, the HSCIC would like to receive your comments by August 29th, marked FAO Simon Gray via <enquiries@hscic.gov.uk>.

Job hunting?

The Department of Health is recruiting 3 lay members, at a day a month, for the “National Information Board”, which was set up in January to try and fix the trainwreck that DH saw coming. This is an important panel with oversight of both DH and NHS England’s overlapping remits and strategies.

[this para added later]: The academicly funded “Administrative Data Research network” is looking for a member of the public willing to give over a day a month, for free, reviewing their applications. The commitment includes relevant reading time, plus a video conference a month, with 4 in person meetings a year. Details now appear here (their website was broken, so here’s the word document they mailed to their existing lists).

NHS England is also trying to hire someone to be Senior Responsible Owner for Care.data, having failed to find an internal candidate — we can’t imagine why. If you’re interested, we put together a list of questions that you may wish to ask at inteview. Apparently the risk that they may have to answer them in a binding way has caused some furrowed brows, as an interview board misleading candidates is considered bad form.

I can’t imagine why.

NHS England hiring someone Responsible for care.data

NHS England are hiring for a new Senior Responsible Owner for Care.Data, having  internally failed to find someone willing to be responsible for fixing the mess.

The Senior Responsible Owner is the individual who must sign off on major decisions, and is responsible for project delivery. Heretofore, Tim Kelsey has been in the role, and we can see why he would like to pass responsibility onto others. Whether he’ll remain pulling the strings behind the scenes, is a different matter. It wouldn’t be the first time that Tim has looked for a human shield for his programme, having tried to persuade Geraint Lewis and more junior staff as a press buffer.

Hopefully a new external owner will accept the state of the mess they inherit, and as that new entrant, they may wish to ask some questions at interview:

  1. If individually addressed letters to each patient are sent, will this be financially and politically supported by NHS England?
  2. Are forward looking statements re free text true? How will the public position change over the course of my responsibility?
  3. Are forward looking statements re DNA true? How will the public position change over the course of my responsibility?
  4. What will happen to CPRD, and other research supporting datasets?
  5. What is the state of the implementation of the more sensitive parts of the IGAR review?
  6. What was the process that led to the BMA rejecting these proposals so emphatically? What concessions have NHS England offered to meet those concerns? Why do NHS England believe they failed?
  7. care.data has had many benefits claimed for research, ie beyond the commissioning for which it is currently permitted. What is the current roadmap for consent for those? If they are so vital, why were they dropped in the first instance?

We would hope that any successful applicant understands why people would choose to opt out, and would not demonise them for that choice, nor consider them a “consent fetishist”. We do not believe that the personal choice of any candidate to opt-in or opt-out is relevant to their suitability for the role, but they must be able to demonstrate a human understanding of the range of reasons that an individual may make a different choice to theirs. We hope the interview panel will ensure this is the case.

We look forward to working with the successful applicant for the role when they take office. If you’re interested in applying, details are here, and feel free to ask the the above questions. If you get the job, we’ll be asking you for the answers.