On 7 October, NHS England announced the four areas in which the care.data ‘pathfinders’ (pilots) will go ahead. They are:

• Leeds (3 CCGs: West / North / South and East)
• Blackburn with Darwen CCG
• West Hampshire CCG
• Somerset CCG

The announcement does not say which individual GP practices will be involved, and provides no actual date for when the pathfinders will start.

At this point we still don’t know exactly what GPs and patients in pathfinder practices will be told – or even if every patient will be written to directly with a form. NHS England says practices will send “individual letters, emails or texts” to patients, but that these are amongst “a variety of communications” that will be tested. A text notification is hardly better than a junk mail leaflet.

There are other significant unresolved issues:

1. Given the widespread confusion between care.data – which is for ‘secondary use’ only, i.e. purposes other than the direct care of the patient – and the Summary Care Record (SCR), will people who were confused between SCR, which may be used in direct care, and care.data, which will not, be made very clear about their existing consent settings?
2. What will patients who opted out in January or February, or since, be told? Will NHS England require any patients to visit their GP practice to opt out? Will an online opt out be provided?
3. Patients who opt out should have this respected by the Health and Social Care Information Centre (i.e. no data will be extracted from their GP record) but when will the opt out – currently the gift of the Secretary of State – be put on a statutory basis?
4. The Government claims to have added legal protections but when will the Care Act Regulations detailing crucial definitions such as use “for the promotion of health” and sanctions for misuse be laid before Parliament?
5. Who have the Department of Health consulted on the Care Act Regulations, to be implemented by HSCIC and the Health Research Authority, which are the basis for NHS England’s assurances to patients?
6. Claims to rule out “solely commercial” use look like a loophole; will any company which gets data from the HSCIC still be able to sell it on for ‘re-use’ by third parties? Will “the promotion of health” still permit uses such as marketing?
7. When will the new contracts and agreements be in place? Drafts on the HSCIC website still appear to permit commercial re-use and make no mention of ‘one strike and you’re out’ sanctions or access via safe settings.
8. The planned secure data facility (‘safe setting‘) at HSCIC to hold linked GP and hospital data is not yet built. What will patients be told about the use of their data?
9. Where will NHS patients’ individual-level data go in the longer term? Will their data ever be permitted to leave the secure data facility in any form other than publishable aggregated statistics?
10. As NHS England doesn’t know what will be effective, what principles will be followed to correct deficiencies in communications for any particular trial? medConfidential supports managed testing of processes, but we have seen no commitments to address trials that go less well.
11. What will patients and GPs be told about future changes to the care.data programme?

With so many unanswered questions and no detail at all on some of the most obvious – such as “Is my practice involved?” or “When will this happen?” – patients have every right to feel concerned. Unfortunately it seems the Director of Patients and Information still hasn’t provided patients with all the information they need.

While care.data is still on “pause”, it is clear that NHS England intends to proceed with the programme. Announcement of the ‘pathfinders’ (pilots) in between 100 and 500 GP practices, spread across up to 4 CCGs across England, is expected within the next few weeks.

medConfidential continues to insist that, unlike last time and as an absolute minimum, every patient must be written to and be given an opt out form. It remains to be seen if some practices will run an opt-in, as the BMA voted earlier this summer.

But when patients are written to, what will they be told?

One thing that may have escaped many people’s attention is that the information NHS England intends to extract from the GP records of every man, woman and child in the country is not permanently fixed. It has already been noted that the care.data ‘code set’ [2.3MB Excel spreadsheet] excludes musculoskeletal conditions – a notable absence, given these are amongst the top reasons why people visit their GP.

If care.data (or whatever replaces it) does proceed then, over time, the information it gathers will quite clearly change. This may be to do with ‘missing’ areas such as musculoskeletal conditions, or even new conditions that can be recorded – Read Codes are updated twice annually. And NHS England has already declared in its usual unsubtle fashion that it intends to include “sensitive” conditions in due course.

Setting aside for the moment the inclusion of any particular condition, what is absolutely necessary is that any and all changes to the scope of care.data must have robust and transparent oversight and governance processes, and these processes must be clear before patients are asked for their consent.

Whether patients are asked to opt in or opt out it must be made absolutely clear what data will be used, for what purposes, and the processes by which these decisions can be changed by NHS England.

An open and unambiguous change process is necessary to ensure that NHS England’s promises to patients are meaningful – “We will follow this process” – and that GPs can say to their patients, “We will ensure they do”. To this end, medConfidential has written a short paper outlining the sort of process that we feel would be appropriate.

Any such process must be straightforward and understandable and should not merely be taken on trust, but based on knowledge. Patients or doctors with any concerns should be able to read the document containing the process that NHS England has agreed to follow in advance of them accepting that promise.

If care.data is to proceed, there must be a process in which the public can have confidence – and in which the public can be seen to have confidence – for how the programme changes over the next years, or decades. It’s not just that modifications should not be sneaked through the backdoor; the process must not have a back door.

Despite the name, this consultation has nothing to do with care.data, but has to do with commissioning, care and data, which was allegedly the point of care.data. Yet another example of, when a major problem is confused and fundamentally flawed, those flaws get copied into random other places because of the confusion that assumes that the people running care.data were competent.

Oops.

The DH consultation itself was relatively confusing, and our response was constituted in 5 parts, 2 of which had been published before. We’ve also recently created two supplementary submissions, in response to specific discussions with DH on topics where it wasn’t entirely clear that what academia and we ourselves meant by a term, is what DH considered it to mean. Longitudinal studies form an important part of research, but you can’t just leave some data lying around a safe setting and plead that it’s a longitudinal study.

Special pleading for your medical records

The Nuffield Trust’s submission says: “We strongly support the recognition that appropriately pseudonymised data used for research, service evaluation and other approved purposes are not ‘personal data’ within the meaning of the Data Protection Act.”

It is “recognitions” like that, that led to the debacle of HES being used for purposes that the public disagreed with. We’re not sure that grabbing data at any point and pretending that individual level data is not identifiable is likely to increase public confidence.

Other organisations who don’t gain direct benefit from special pleading, such as the Royal Statistical Society and British Computer Society have made somewhat more balanced submissions.

The BCS submission makes an interesting point, that should any non-public entities to have the ability to become an ASH, or any form of safe setting, BCS would expect them to explicitly agree to the same level of audit that the public sector has: no notice inspections.

Our submission documents, in order for sequential reading:

• Overview
• A substantive proposal for safe settings
• Implementing a safe setting (HRRDL) – ASH version
• Getting to safe settings from the status quo
• Response to the consultation
• Supplementary 1 – Longitudinal Studies
• Supplementary 2 – The Farr Institutes

In recent weeks, we have been asking why NHS England has refused to say whether they have written to all CCGs regarding becoming a care.data pathfinder. We still have no answer.

medConfidential has now written to all CCGs (and their corresponding Healthwatch organisations), raising “a number of issues” beyond just care.data, “which may significantly affect patients and healthcare providers within your Clinical Commissioning Group in coming months. Issues raised include:

• care.data pathfinders
• Storage of patient objections
• Respecting patient dissent
• Coerced ‘consent’

A copy of the letter is available here (footnote listing known research databases now updated, with links).

We look forward to working with CCGs as they consider the questions raised and implications for their CCG and GPs.

Question: Did NHS England contact CCGs inviting them to become care.data pathfinders?

It seems all of the NHS England press office are relaxing under a tree, as they wont answer that question. In two other care.data articles also published yesterday, Pulse reports the ICO’s view that responsiblities are “good customer service” and that doctors are getting closer to opting their patients out.

A quote from a GP in that last article says, “opt outs in her surgery currently stood at 20%”, which is a significant amount of the population in that area, when at best only 50% will likely have heard of it. Tim Kelsey may argue “there is no percentage at which this becomes useful or not”, yet the statisticians may begin to have views as more figures are revealed. We’ve previously posted some thoughts on how NHS England can choose to empower GPs and also allow consensual research. Maybe NHS England can read that on their holidays, while figuring out how to be very clear and transparent with everyone on what they’re doing. Secrecy and confusion benefits no one.

The current level of confusion is highlighted by one GP who says patients initially think it a “good idea if the emergency doctors knew about their medical conditions.”. That of course, is unrelated to of care.data, which has no direct care applications at all, but a feature of an entirely different scheme, with a different set of problems and consent questions, the Summary Care Record (as it was known before being rebranded due to it being “toxic”). We can see why even GPs get confused though.

As NHS England recommunicates with GPs, hopefully they wont continue to cross-sell the benefits of other programmes as benefits of care.data. NHS England have no excuse for confusion remaining, as they near the end of the 6 month pause that was supposedly to solve all the problems

Consultations

As everyone’s on holiday, there are a number of open consultations at the moment that may be of interest:

1. Department of Health on Accredited Safe Havens. We’ve posted our outline replacement proposal here before, and will post a fuller submission when it’s completed. Deadline, this Friday
2. HSCIC Confidentiality Code of Practice. The long awaited HSCIC Confidentiality Code of Practice is out for consultation. Deadline: Next week
3. And a new one, which isn’t so much of a formal consultation as asking a bunch of people who have shown some interest, is on the new HSCIC contracts and agreements for data sharing, including rules for sub-licensing. We’ll have quite a lot of questions about these. If you yourself have any comments on either the drafts or documents, the HSCIC would like to receive your comments by August 29th, marked FAO Simon Gray via <enquiries@hscic.gov.uk>.

Job hunting?

The Department of Health is recruiting 3 lay members, at a day a month, for the “National Information Board”, which was set up in January to try and fix the trainwreck that DH saw coming. This is an important panel with oversight of both DH and NHS England’s overlapping remits and strategies.

[this para added later]: The academicly funded “Administrative Data Research network” is looking for a member of the public willing to give over a day a month, for free, reviewing their applications. The commitment includes relevant reading time, plus a video conference a month, with 4 in person meetings a year. Details now appear here (their website was broken, so here’s the word document they mailed to their existing lists).

NHS England is also trying to hire someone to be Senior Responsible Owner for Care.data, having failed to find an internal candidate — we can’t imagine why. If you’re interested, we put together a list of questions that you may wish to ask at inteview. Apparently the risk that they may have to answer them in a binding way has caused some furrowed brows, as an interview board misleading candidates is considered bad form.

I can’t imagine why.

NHS England are hiring for a new Senior Responsible Owner for Care.Data, having  internally failed to find someone willing to be responsible for fixing the mess.

The Senior Responsible Owner is the individual who must sign off on major decisions, and is responsible for project delivery. Heretofore, Tim Kelsey has been in the role, and we can see why he would like to pass responsibility onto others. Whether he’ll remain pulling the strings behind the scenes, is a different matter. It wouldn’t be the first time that Tim has looked for a human shield for his programme, having tried to persuade Geraint Lewis and more junior staff as a press buffer.

Hopefully a new external owner will accept the state of the mess they inherit, and as that new entrant, they may wish to ask some questions at interview:

1. If individually addressed letters to each patient are sent, will this be financially and politically supported by NHS England?
2. Are forward looking statements re free text true? How will the public position change over the course of my responsibility?
3. Are forward looking statements re DNA true? How will the public position change over the course of my responsibility?
4. What will happen to CPRD, and other research supporting datasets?
5. What is the state of the implementation of the more sensitive parts of the IGAR review?
6. What was the process that led to the BMA rejecting these proposals so emphatically? What concessions have NHS England offered to meet those concerns? Why do NHS England believe they failed?
7. care.data has had many benefits claimed for research, ie beyond the commissioning for which it is currently permitted. What is the current roadmap for consent for those? If they are so vital, why were they dropped in the first instance?

We would hope that any successful applicant understands why people would choose to opt out, and would not demonise them for that choice, nor consider them a “consent fetishist”. We do not believe that the personal choice of any candidate to opt-in or opt-out is relevant to their suitability for the role, but they must be able to demonstrate a human understanding of the range of reasons that an individual may make a different choice to theirs. We hope the interview panel will ensure this is the case.

We look forward to working with the successful applicant for the role when they take office. If you’re interested in applying, details are here, and feel free to ask the the above questions. If you get the job, we’ll be asking you for the answers.

Yesterday, medConfidential and others attended the HSCIC’s “Driving Positive Change” event, to briefly look back at the Partridge Review, and forward to future work of the HSCIC. The two major topics were communications of various types, and the proposed HSCIC “safe setting” where bona fide research could be conducted on data (currently subject to opt-out). Both of these things are welcome areas, and we seek to be closely involved in what happens next with the first public steps in the next week or so.

The Department for Health is running a consultation on “Accredited Safe Havens” for commissioning purposes, or, as they call it slightly less clearly, “Protecting personal health and care data”. The consultation gives NHS England companionship in terms of public engagement quality, and has led to a great number of puzzled looks by area experts. I’m currently attending a variety of meetings with a variety of organisations, and not only is no one really sure what the answers could be, few people agree on what the questions are intending to ask. This seems less than ideal.

Yet, as we are now in week 5 of a 7 week consultation, and no one really has a solid articulation of what the Department of Health are trying to do, I’ve put together this draft of a substantive paper on a way forward: “HRRDL’s for commissioning”. It’s based on previous work which has been adopted by HSCIC but after DH began their consultation drafting, which was as care.data was imploding around NHS England. If you think that the consultation as drafted takes no account of HSCIC’s progress since February, that’s because it mostly doesn’t. Comments by email are very welcome.

What is a safe setting? A safe setting is a physical venue where (usually remote) data can be accessed under tightly controlled and audited conditions. Restrictions are placed on who and what enters the room, what they do when in there, and what they can take out. This allows for research to be conducted on individual level records which have minimal protections (which, for health data, has other problems). They were previously discussed for legitimate research, along existing models. This paper takes the proposal further. We fully expect, and have no reason to disbelieve, that the optout codes for care data (and beyond) would be fully honoured. We intend that this proposal is fully compatible with the consent mechanisms that are in place, and that should be in place, and does not deny screening to those who have opted out of secondary uses. A safe setting can also restrict which individuals can see which data, which has implications for a granular approach to parity-of-esteem questions.

I don’t think that this is currently a final proposal so can evolve, (it’s dated so you can tell, and we’ll put a note here: when we do), and some may need more explanation, but if you’re interested in how we think commissioning data for invoice reconciliation and risk stratification (neither of which are direct care, so all come under the opt out process) could work in a way that is safe, consensual and transparent, I’d like to hear your comments below or to sam@medConfidential.org

Please note that making comments to us is not the same as responding to DH itself, which you can do online. 

The Health and Social Care Information Centre has produced its latest data release register, following the Partridge Review. Two lines and one whole section jump out.

Experian, which most people know as a credit reference agency, sell a product called Mosaic; a database which subdivides your and every other neighbourhood in the country into a variety of categories, which are then used for all sorts of purposes – from selling you burgers to insuring your house or car.

We don’t yet know when, but sometime this year HSCIC approved the sale of 3 datasets of hospital episodes (inpatient, outpatient and A&E) to Experian, to help it produce Mosaic “postal sector level” profiles. In the data released, individuals’ diagnoses are linked, via pseudonyms, across events and the various data sets used.

The stated purpose of Mosaic is commercial. Mosaic is used by marketing firms to target people such as “Vulnerable young parents needing substantial state support” (category O69) and  “Childless new owner occupiers in cramped new homes” (H35). Experian, as elsewhere, may offer a figleaf of fragments for researchers to give a fake appearance of legitimacy but we’re not fooled. Whatever the spin, this is commercial exploitation of NHS patients’ data.

We shall have to wait and see how HSCIC will interpret the new rules in the Care Act, which this particular release may predate. Will such uses by Experian and commercial marketers be classified as “promotion of health”? Public trust hangs in the balance.

Despite ongoing concern about selling data to insurers, we see that “General Reinsurance” also appears in the list – requesting a customised extract of inpatient data for the whole country in aggregated form. If properly aggregated as statistics, such as the ones HSCIC routinely produces and releases as open data, then we would expect to see this published as open data as well, but we’ve not found it yet.

If these are genuine statistics, then publishing them shouldn’t be a problem. Selling custom extracts, however, puts HSCIC in the position of providing data for private commercial advantage rather than for the benefit of all. Given the huge sensitivities around use by insurers, we have suggested this is not such a good idea.

(For the 6 studies mentioned which involve DNA and/or genomic data, we’re working with our friends at GeneWatch UK to examine what is already public knowledge, and where further information must be requested.)

Though still lacking in detail – no mention of dates, nor links to official approvals or audited deletions – at least this release of the register shows that HSCIC is trying to be more transparent in its actions. C+ for effort, but let’s see fewer omissions next time.

‘National Back Office’

After repeated denials about police access, one of the big surprises in the Partridge Review was the discovery of a whole department dealing with ‘trace requests’ from law enforcement agencies and the courts. Such requests, if approved, attempt to track down individuals using the national electronic database of NHS patient demographic details.

The latest register shows there was a large spike in requests from the Home Office in 2013. It’s not clear if the UK Border Agency’s absorption into the Home Office explains some or all of this increase, nor if other subsidiary agencies of the Home Office make requests. Police requests are recorded separately – and are broken down in a bit more detail in the press release – but we do wonder which other agencies are using section 29(3) of the Data Protection Act.

Given the number of bodies and agencies working out of Smedley Hydro, these relationships cannot afford to be murky – absolute clarity is required.

Crashing consultations in the ‘IG universe’?

Also in the last week we’ve seen a new consultation from the Department for Health on, amongst other things, “Accredited Safe Havens” (ASHs) for commissioning.

Individual-level patient data is already being passed around for purposes such as invoice reconciliation, using what was supposed to be ‘emergency’ Section 251 support. This consultation is about doing it slightly less badly. Though clearly desperate to avoid the contamination of any association with the toxic care.data scheme, DH appears to be saying that patient-level data gathered under care.data could be passed around Accredited Safe Havens.

Uh oh.

One thing that had begun to generate confidence was HSCIC’s statement that, under care.data, the only place to which any data extracted from GP systems would go was into a safe setting – what medConfidential calls a Health Research Remote Data Laboratory. (We think ‘HRRDL’ sounds better than ‘fume cupboard’.) This was good news, and a necessary step for public confidence in any extraction of their identifiable data.

But despite HSCIC having said this in public statements and directly to Parliament’s Health Select Committee, the Department of Health clearly hasn’t thought through the implications for this consultation, which is on the flows of data for commissioning – the sole use of care.data for which NHS England has at this point received approval.

This isn’t necessarily a complete contradiction, as patient data will be collected from providers other than GPs and be passed around in other ways – but one might hope that DH would have thought through the implication of its own arms length body’s commitments, rather than taking NHS England’s steamroller approach to governance and schedules.

Another notable feature of the DH consultation is the way it contradicts assumptions made in an NHS England consultation on “Priority Issues in Information Governance“, which opened in February 2014 and should have closed at the end of April. As with much of NHS England’s Information Governance, its ‘Priority Issues’ consultation is an ill-considered mess: surely NHS England has shifted its world view since early February? Given all that has come to light, why has the consultation not been withdrawn or re-issued?

So, other than statements by HSCIC, we’re seeing scant evidence that lessons have been learnt.
HSCIC proposes to limit the number of copies of the nation’s medical records that it hands out for various purposes. This is both welcome and achievable, but it requires both DH and NHS England to accept that business as usual is no longer an option.