Category Archives: News

[PRESS RELEASE] Partridge Review: Patients need proof to restore confidence

For immediate release – Thursday 19 June 2014

In case you missed it, medConfidential’s initial response to the Partridge review is here: https://medconfidential.org/2014/press-release-patching-hscics-holes-medconfidential-initial-response-to-the-partridge-review/

Detailed analysis of the Partridge Review, published earlier this week [1], reveals a more disturbing picture than has yet been reported. While Sir Nick Partridge’s recommendations are to be welcomed and have been accepted, they have yet to be implemented and – more importantly – evidence must be provided that they are working. Such evidence will be essential to public confidence in the handling of NHS patient data.

The fact is that during a period when ministers and officials have been pushing for a massively increased amount of identifiable patient data to be extracted from the GP records of every man, woman and child in England to the Information Centre under the care.data scheme, serious issues at the Centre itself were either unknown or unresolved.

The largest single data breach in NHS history?

One of the more extraordinary revelations is that in at least two instances – as the list of releases cannot be guaranteed complete – the Information Centre cannot say where it sent patient data. Given that the instance involving the release of HES data was in 2010/11, the year after administration of HES releases was taken in-house, the suggestion that this may have been “an internal Northgate request for data” [6] seems inconsistent with the information provided.

Similarly, no evidence is provided to substantiate the assertion that “no identifiable or potentially identifiable data went missing” [7]. Indeed, the PwC report confirms only that the release in question “was not flagged as containing sensitive or identifiable data”; HES data is commonly provided as pseudonymised patient-level information, i.e. in re-identifiable form [8]. As no information has been provided as to the size of each HES release – which could be a partial extract or a year’s-worth of hospital episodes (tens of millions of dated events) – it is impossible to quantify the number of patients’ records involved.

That “no individual ever complained that their confidentiality had been breached as a result of data being shared or lost by the NHS IC” is beside the point. Up until now no-one knew their data had been lost and it is unlikely that most patients could determine the effects of inappropriate sharing or abuse. In fact there are cases, such as that of Helen Wilkinson [9], which show just how difficult it can be to remove stigmatising errors once propagated by central systems.

It is incorrect to state that no complaints have been made to the Information Commissioner’s Office. medConfidential and others made a complaint regarding the inappropriate and possibly unlawful uploading of 10 years’-worth of HES by PA Consulting (entry 1292 in the spreadsheet of 3,059 releases) to Google’s BigQuery servers [10], and a number of other ‘high profile cases’ are currently under investigation.

Insurers / re-insurers and commercial exploitation

The Secretary of State has repeatedly stated that use of NHS patient data “for commercial insurance or other purely commercial purposes” will be prohibited [11]. While it is to be welcomed that the HSCIC’s Chief Executive has written to three of the re-insurers who hold HES data asking them to delete it, we do not know whether those companies have even replied, much less complied with the request.

Assuming that deletion was part of the contract with the five other insurance companies listed [12], and every other release, it is concerning that the Review does not point to a single instance of an audited deletion of data. Specific mention is made of the suspension of research use, but no such action appears to have been taken in the case of commercial users (or re-users) of NHS patient data, which one can only assume still hold and process data [13].

Systemic failure

It has been claimed that failures were “not systemic”, but the evidence suggests otherwise. The clearest example of this is that when one study within the sample tested – 60 out of 591 MRIS releases – proved not to have the required ONS Legal Gateway approval, investigation of the remaining 90% revealed a further eight instances [2]. Sometimes the Information Centre followed policy and procedure, sometimes it didn’t; that is a systemic failing.

PwC confirms it used a “haphazard sampling” methodology [3] and clearly states there are too many “unknowns” to give “formal assurance or opinion” [4]. Because of failures in record keeping, and in some instances destruction of records, it cannot guarantee the “completeness of the data release list” nor whether the data released “has been used for the intended/stated purpose” [5].

We note that other instances of failure identified within chosen samples did not lead to similar investigations as with MRIS releases, or follow-up action. While we accept that time and resources were limited for this Review, it would be unsafe to conclude anything other than in quite a number of cases – certainly more than are listed in the PwC report, possibly ten times more, given the 10% sample – we simply don’t know what has happened to our data.

Phil Booth, coordinator of medConfidential [14], said:

“We welcome Sir Nick Partridge’s recommendations, but patients need to see the evidence that they’ve been acted on. Public confidence depends on actions, not just words.

“If patients are to trust that procedures and audit are working they must be provided proof of who has their own data, what they are using it for and when it has been deleted. If the systems being constructed for a 21st century NHS cannot provide these answers, they are not fit for purpose.

“Research has been a convenient fig leaf for NHS England when proposing the care.data scheme, but a picture is emerging of commercial companies who get preferential treatment at the head of the queue, while academics patiently languish on waiting lists.”

—

Notes for editors

1) Partridge Review documents: http://www.hscic.gov.uk/datareview

2) pp36-39, HSCIC Data Release Review PwC Final Report:http://www.hscic.gov.uk/media/14246/HSCIC-Data-Release-Review-PwC-Final-Report/pdf/HSCIC_Data_Release_Review_PwC_Final_Report.pdf

3) p81, HSCIC Data Release Review PwC Final Report: “Haphazard selection, in which the auditor selects the sample without following a structured technique… Haphazard selection is not appropriate when using statistical sampling.” This is not to suggest that such an approach was inappropriate in the time given for the review, more to indicate that conclusions cannot reliably be drawn since it is not a statistically based sampling methodology. Amongst auditors this form of testing is considered of minimal value since there is no assurance findings are representative.

4) p4, HSCIC Data Release Review PwC Final Report: “Given the number of ‘unknowns’ associated with this review due to the time period in question and the availability of historical records/evidence, no formal assurance or opinion have been provided over the findings that may be used by the HSCIC to publish their overall conclusions.”

5) pp4-5, HSCIC Data Release Review PwC Final Report.

6) p7, HSCIC Data Release Review PwC Final Report: “This left 2 data releases where it was not possible to identify the organisation that received the data based on the information retained by the NHS IC. One release related to HES data post April 2009. Further discussion with Northgate has indicated that this could relate to an internal Northgate request for data; however this could not be confirmed.”

7) Paragraph 15, Sir Nick Partridge’s summary of the Review:http://www.hscic.gov.uk/media/14244/Sir-Nick-Partridges-summary-of-the-review/pdf/Sir_Nick_Partridge%27s_summary_of_the_review.pdf

8) For an illustration of the information contained in HES and what can be done with it, see: https://medconfidential.org/2014/commercial-re-use-licences-for-hes-disappearing-webpages/

9) Helen Wilkinson was stigmatised as an alcoholic due to a coding error:http://www.theguardian.com/society/2006/nov/02/health.epublic And as debated in Parliament: http://www.theyworkforyou.com/debates/?id=2005-06-16b.495.0&s=helen+wilkinson#g495.2

10) medConfidential, FIPR & Big Brother Watch complaint re. upload of HES to Google servers: http://medconfidential.org/wp-content/uploads/2014/03/2014-03-13-ICO-PA-FIPR-complaint.pdf

12) As widely reported in February, e.g. the Guardian on 28/2/14:http://www.theguardian.com/society/2014/feb/28/nhs-data-will-not-be-sold-insurance-companies-jeremy-hunt

11) List of insurers and re-insurers who may still be holding HES and SUS data:

143 Actuarial Profession Critical Illness Working Party – HES, 2011/12;
602 FirstAssist – HES, 2012/13;
603 Foresters Friendly Society – HES, 2007/8;
1293 Pacific Life – HES, 2012/13;
1339-42 RGA UK Services Limited – HES, 2009-2013 (Reinsurance Group of America);
1381 Scottish Re – HES, 2008/9 (re-insurer, headquartered in the Cayman Islands);
1517 Scor Global Life UK – HES, 2012/13 (re-insurer);
2676 Milliman – SUS, 2012/13

13) Many of the websites of the commercial companies listed indicate that they are still offering services based on NHS data, e.g. Beacon Consulting, CHKS, Harvey Walsh, NHiS, etc.

14) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 orphil@medconfidential.org

– ends –

[PRESS RELEASE] Patching HSCIC’s holes: medConfidential initial response to the Partridge Review

For immediate release – Tuesday 17 June 2014

The Partridge review of data releases by the NHS Information Centre, published today, indicates systemic failures in the handling of patient information over a period of 8 years. In the 10% sample chosen for closer examination, multiple breaches of proper procedure were discovered, including:

improper record-keeping
“lack of evidence to support” processes and controls
lack of clarity over contractual agreements; confusion over data sharing vs. re-use
lack of systematically-applied audit; no audited deletion of data

In at least two instances, HSCIC admits it doesn’t even know who patient data was sent to, or how many years of patient treatment data they sent.

Phil Booth, coordinator of medConfidential [1], said:

“The Information Centre would clearly like to draw a line and move on, and Sir Nick’s recommendations are to be welcomed in that regard, but what about consequences?

“Breaches of several thousand patient records have resulted in massive fines and prosecutions [2]; the serious failings discovered within just the sample chosen will involve millions of people’s medical records. And what about the 9 out of 10 releases that weren’t examined?

Regarding gaps in the information:

“It’s bad enough that patient data was being sold to so many private companies and passed to Government departments. Not being able to say who got their hands on patient data in every instance is astounding. Tim Kelsey’s assertion [3] that there have been ‘no breaches in 25 years’ has been blown out of the water.

As to future action:

“Patients have every right to be appalled at this litany of failures. What this demonstrates is that without end-to-end audit and timely feedback, so patients can know who has their data and what they are doing with it, the system will not be fully trusted.

“HSCIC’s new management says it will set the highest bar for transparency and good practice, but who will oversee them? Good intentions are fine, but an independent watchdog with teeth – such as the government just rejected [4] – would provide public confidence.

“If the government and NHS England want to continue to reassure the public that companies won’t be exploiting their data for profit, then HSCIC must find and close down every last commercial re-use licence.

Notes for editors

1) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

2) List of monetary penalty notices and prosecutions issued by the Information Commissioner’s Office: http://ico.org.uk/enforcement/fines and http://ico.org.uk/enforcement/prosecutions Just yesterday, details emerged of breaches involving 10,000 patients’ records: http://www.bbc.co.uk/news/uk-england-27864798 – by comparison, Hospital Episode Statistics (HES) in any one year amounts to around 100 million patient episodes.

3) On BBC Radio 4’s Today programme, 4/2/14: https://www.lightbluetouchpaper.org/2014/02/04/untrue-claims-by-nhs-it-chief/ which we followed up with a FOI request, which revealed breaches in each year from 2009-2012: https://www.whatdotheyknow.com/request/independent_audits_of_hessus_and#incoming-502600

4) An amendment that would have reinstated independent, overarching information governance for the entire health and care system on a statutory basis – abolished under the Health and Social Care Act – was rejected in the final stages of the Care Bill this May. See medConfidential’s briefing for more detail, including the fact that the ‘McDonald’s clause (“the promotion of health”) will still permit commercial exploitation: https://medconfidential.org/wp-content/uploads/2014/05/medConfidential-briefing-for-Care-Bill-ping-pong_07May.pdf

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

Is Jeremy Hunt serious about shutting down insurers’ access to your medical records?

The Secretary of State for Health has repeatedly promised that the government will legislate to prohibit people’s medical records being used for the purpose of “commercial insurance”. This may have been prompted by the sale of HES data to insurers, but it is not the only way that insurers get their hands on your medical records.

Press reports have revealed a massive increase in an insidious practice in the insurance and mortgage industries; pressuring applicants for insurance or loans to consent to a Subject Access Request (SAR) of their whole GP record – minus a few redactions, such as HIV status or sexually transmitted infections.

The practice of ‘enforced Subject Access Requests’ happens in other sectors as well, such as background checks by employers, where a prospective employee or volunteer is required to give consent for a SAR of their local police force as a proxy for a Disclosure and Barring Service check – what was formerly known as a CRB check.

The increase in enforced Subject Access Requests appears to be financially motivated. SAR charges are capped at £10 if the information requested is held on computer or £50 if some or all of it is held on paper, whereas an official DBS check costs £26 or £44 – depending on how wide a search has to be made – and a General Practitioners Report (GPR) may cost around £100, as opposed to the maximum of £50 for a Subject Access Request for your complete medical record.

Yet again, insurers are getting your medical information on the cheap.

Setting aside the issue of duress, demanding a copy of someone’s entire medical record rather than a report declaring just those details that may be relevant is self-evidently excessive and therefore in breach of the Third Principle of the Data Protection Act. One might also question what is done with the information gathered unlawfully from people’s medical records after the application process – especially given insurers’ notoriety for finding reasons not to pay out on claims.

And if patients are not fully aware of what they are consenting to, or are not giving their consent freely – which is arguably difficult to do if their application may otherwise be delayed or turned down – then fair processing is brought into question, and the First Data Protection Principle may have been breached as well.

With thanks to Tony Collins at Campaign4Change and a GP who would rather remain anonymous, via Pulse, we provide a template letter for GPs (not patients) to send to commercial third parties who have got their patients to consent to a Subject Access Request of their medical record:

Letter declining an enforced Subject Access Request – editable MS Word (.doc) format

Letter declining an enforced Subject Access Request – editable Rich Text Format (.rtf)

To comply with such requests is not safe; it’s not safe for patients, nor is it safe for a GP practice to hand over excessive amounts of sensitive personal information to commercial third parties. Legal liability in case of breach would rest with the data controller.

There is a lawful mechanism – the General Practitioners Report – so GPs should make sure that insurers, mortgage providers and all other such companies use it. And patients should insist upon it as well; don’t be fooled or pressured into signing away access to your whole medical record.

But should this just be down to individual patients and GPs to deal with?

Amendments to the Care Act, which received Royal Assent last month, left a mile-wide loophole – the McDonald’s amendment, “for the promotion of health” – for commercial access to NHS patients’ information collected under care.data and other programmes, and industry practices such as enforced Subject Access Requests continue to put many thousands of patients’ medical confidentiality at risk.

If Jeremy Hunt is serious about shutting down commercial access to and exploitation of NHS patients’ medical records, when will he take action that genuinely protects patient data rather than allowing it to be sold to the lowest bidder?

GPs vote overwhelmingly for care.data opt-in

At the BMA’s Local Medical Committee’s conference in York today, 23 May, each part of the following (composite) motion was carried overwhelmingly:

That conference believes the introduction of care.data has been nothing short of a disaster and:

(i) approves the decision of NHS England to put its roll out on hold until the autumn

(ii) believes that GPs have been placed in a difficult position in respect of the demands of the Health and Social Care Act and the Data Protection Act

(iii) asserts that data should be pseudonymised or anonymised before it leaves the practice

(iv) asserts that extraction should only take place with the explicit and informed consent of patients opting-in

(v) insists that it should only be used for its stated purpose of improving health care delivery, and not sold for profit.

So much for Tim Kelsey’s bald assertion that “Changes to the NHS data-sharing scheme now make it fit for purpose” in GP magazine, Pulse, yesterday. Given the opportunity to democratically express their opinion, the vast majority of GP representatives at LMC conference simply weren’t buying it.

Crucially, the LMC vote puts consent front and centre. In a move which again starts to look like serious political miscalculation, the Secretary of State’s promise to put patient opt-out onto a statutory footing is to be executed in tertiary legislation*. So GPs – who are after all the ‘gatekeepers’ to the patient data held on their IT systems, the ones who’ll be held liable in the unresolved conflict between the Health and Social Care Act and their duty of confidence, professional ethics and duties as data controllers, and the ones who best understand the risks if trust between them and their patients is broken – have put opt-in on the table.

In reality, the amendments to the Care Bill – now the Care Act 2014 – fail to address very real concerns that NHS patients’ medical information will continue to be sold and exploited. By rejecting definitions that would have limited data use to (improving) the delivery of care and legitimate research and by instead adding a “promotion of health” loophole that would allow fast food chains or tobacco manufacturers to make a justifiable case for access, the Government has seriously underestimated the strength of public and professional opinion.

What’s more, those driving forward the care.data scheme have clearly failed to make the case for masses of identifiable patient data to be extracted from GP records. And they continue to make sweeping, emotive appeals based on speculative research outcomes without addressing far more controversial uses such as commissioning, for which the Caldicott2 report said consent could not be presumed.

As chuffed as Mr Kelsey clearly is, now he believes he’s cracked it, getting Dame Fiona Caldicott’s panel to “advise” or “evaluate” care.data is not the sort of robust oversight required to inspire public confidence. The problem is already much bigger than one programme in any case. Overarching, independent information governance oversight for the entire health and care system, fully independent, properly resourced and with real teeth – statutory and enforced – might convince the public that the government and its arms-length bodies can be trusted. There’s only so much moral authority you can ‘borrow’.

It remains to be seen if the BMA’s General Practioners Committee and Annual Representatives Meeting will follow the lead of the LMC:

“extraction should only take place with the explicit and informed consent of patients opting-in”

If Mr Kelsey and Mr Hunt believed their fiddlings round the edges had put care.data back on the rails, this afternoon’s vote shows them the scale of the task – and the battle – that is to come.

—

*The intended statutory basis for patient opt out would be in Directions to HSCIC under the Health and Social Care Act – the very same sort of legal instrument that, as currently issued, would have authorised the extraction of the clinical data of patients who had opted out.

Opt-out or opt-in?

In our earliest communications in March and April of 2013, when even the most basic details about care.data were unclear, medConfidential urged the Secretary of State, Jeremy Hunt, “to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care” [1] but, if he would not, to ensure there was at the very least a properly-managed opt-out process.

The Secretary of State effectively took opt-in off the table when he announced the ‘no-quibble’ patient opt-out at the launch of the Caldicott2 report. And no-one is in any doubt as to how badly NHS England has mismanaged the public communication of care.data and the opt-out process – both last summer and during the early months of 2014.

We have made it clear that, were opt-in to be put on the table at any point, medConfidential would reconsider its position – but that while the scope and definition of the system is so uncertain, both now and for the future, we would need to be reassured that processes were in place to ensure that any consent so given could be considered properly informed, and that consent would be ‘refreshed’ on a regular basis.

medConfidential has worked consistently since the Secretary of State’s decision to ensure that the opt-out works as any normal person would understand, i.e. that if a patient opts out, their data does not flow. This was not the way that HSCIC was directed by NHS England to establish the system, despite Jeremy Hunt’s clear assurance to the public.

Though our proposed amendments to the Care Bill were rejected, in debate Earl Howe confirmed that new Directions will be issued to HSCIC – i.e. the opt out will finally be properly fixed. But despite saying it was “sympathetic to the desire to see the oversight panel placed on a statutory footing” and undertaking to “explore with Dame Fiona Caldicott and all interested parties how best to achieve [a robust and coherent system of oversight, scrutiny and advice], which may include using existing legal powers to establish an independent committee able to advise on data-sharing matters”, the government is still ducking what we believe are critical measures if public trust is to be regained.

We await the detail of these new Directions and the result of these ‘explorations’, but meanwhile medConfidential’s basic position remains unchanged; patients must be given the means to definitively exclude themselves and their dependents from secondary use and sale of their medical information, and this should be a statutory right – not just at the gift of the Secretary of State.

Opt-in is now being proposed in motions to be debated at the BMA’s Local Medical Committees (LMCs) conference this month and the BMA Annual Representative Meeting in June. To help inform debate, medConfidential has written a note laying out medConfidential’s consideration of some of the principles around consent processes. We will of course comment in detail on any specific opt-in proposals that are made.

[1] Extract from letter to Secretary of State, 5^th April 2013:

“We strongly urge you to mandate informed consent (i.e. opt in) for any sharing of identifiable data not for a person’s direct medical care. Asking permission to share someone’s private information is the foundation of medical confidentiality…

…If you will not or cannot mandate an opt in approach, the clear precedent and only remaining way to ensure that consent and patient choice is respected is to provide a simple and straightforward opt out – not an “objection” process – and to inform people properly.”

[PRESS RELEASE] Care Bill: Government rejects statutory ‘Caldicott Guardian for England’

For immediate release – Thursday 8 May 2014

Government rejects statutory ‘Caldicott Guardian for England’

Last night in the House of Lords, Government peers voted to reject an amendment to the Care Bill that would have put independent oversight over the handling of patient information across the entire NHS and care system onto a statutory basis.

Despite assurances that the Government was “sympathetic to the desire to put the Oversight Panel on a statutory basis”, Lord Owen’s amendment [1] was voted down 259 to 165. An amendment by Lord Turnberg that would have limited secondary use of patient data to the provision of care and “biomedical and health research” was similarly defeated.

The Government’s own ‘McDonald’s clause’ – “for the promotion of health” – will continue to permit access by pharmaceutical marketers, information intermediaries such as Harvey Walsh – which boasts of holding over a billion NHS patient hospital records [2] – and other commercial re-use licensees, as probed by the Health Select Committee in April. [3]

Phil Booth, coordinator of medConfidential [4], said:

“Rather than legislating to restore public confidence, the government has opened a loophole a mile wide through which to keep selling NHS patient data.

“It doesn’t matter how ‘sympathetic’ ministers are to public concerns. The fact is the government has ducked the only sort of independent scrutiny that might help convince both patients and professionals to trust or have confidence in what it and its arms-length bodies want to do with the medical records of every man, woman and child in the country.

“Rather than putting in place a statutory Caldicott Guardian for England, with the independence and authority to command real respect and trust, the government are all hiding behind trees. Again.” [5]

—

Notes for editors

1) Briefing on the care.data amendments: http://medconfidential.org/2014/lords-care-bill/ including links to Lord Owen’s and Lord Turnberg’s amendments.

2) ‘NHS sells a billion patient records’, Sunday Times, 16/3/14: http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece and the sort of thing pharmaceutical marketers are doing with it, reported in the Guardian, 17/3/14: http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care. Neither Harvey Walsh nor OmegaSolver will be prevented from buying NHS patient data under the Government’s ‘McDonald’s clause’.

3) Oral evidence to Health Select Committee in Handling of NHS patient data inquiry, 8/4/14: http://data.parliament.uk/writtenevidence/WrittenEvidence.svc/EvidenceHtml/8416

Q272 Barbara Keeley MP: For all those 249 organisations with a commercial reuse licence, can we know who all the end users of our data are?

Kingsley Manning, Chair HSCIC: No, because they are using it and putting it into additional services.

While commercial re-use licences remain in operation, even HSCIC admits it can’t know who has access to what patient data, or what it is being used for.

4) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

5) Quote from “Tim Kelsey discovers that care.data is in trouble” YouTube video, 25/2/14: http://www.youtube.com/watch?v=SgrZ9ZlTTIc

For further information or for immediate or future interview, please contact Sam Smith of medConfidential on 07890 210 746 or sam@medconfidential.org

– ends –

Care Bill in the Lords

medConfidential respectfully urges members of the House to support the amendment tabled by Lord Owen to put the Independent Information Governance Oversight Panel onto a statutory footing, and also the amendment tabled by Lord Turnberg on the definition of research use, rather than the “promotion of health”.

LATEST Care Bill ping-pong on May 7th

The Government brought forward amendments that would expand the advisory role of the Confidentiality Advisory Group (CAG) based at the Health Research Authority, over a wider range of data releases by the Health and Social Care Information Centre (HSCIC) than those for which it is currently responsible.

While we welcome the recognition that information governance at HSCIC and its precursor body the NHS Information Centre is and has been utterly inadequate, revelations about NHS England’s deeply-flawed care.data programme – now on ‘pause’ – multiple instances of the mishandling and misuse of NHS patient data and an evident lack of consulation and coordination between the arms-length bodies, NHS England and HSCIC, the Department of Health and others on the use of patients’ data for purposes other than their direct care show the problem is not limited to HSCIC alone.

The abolition of the National Information Governance Board (NIGB) on April 1st 2013 created a critical governance gap, the consequences of which are now all too obvious. medConfidential believes that independent information governance oversight for the entire health and social care system on a statutory basis is an absolute necessity if public trust and confidence is to be regained and rebuilt.

For that reason medConfidential respectfully urges members of the House to support the following amendment:

Oversight Panel amendment, tabled by Lord Owen

The amendment includes Explanatory notes but the following briefing lays out our concerns and some specific issues in more detail:

medConfidential Briefing on amendments for Care Bill ping-pong, May 7th 2014

We also provide background briefings on particular points of information:

Who are medConfidential?

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent.

Founded in January 2013 and incorporated as a company limited by guarantee with charitable objects, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals, and drawing advice from a network of experts in the fields of health informatics, computer security, law/ethics and privacy. We believe that there need be no conflict between good research, good ethics and good medical care.

[PRESS RELEASE] Care Bill care.data amendment: no public confidence without Caldicott

For immediate release – Tuesday 6 May 2014

Care Bill care.data amendment: no public confidence without Caldicott

An amendment to the Care Bill [1] tabled today by Lord David Owen for ping-pong tomorrow, would, if adopted, put on a statutory footing an independent oversight body led by Dame Fiona Caldicott, the single person with the moral authority required to restore public trust and confidence in the handling of NHS patient information.

NHS England’s flagship new programme, care.data, was put on hold after a series of revelations about mishandling and sale of patient data to insurers and for commercial re-use, back in February. Since then, wider problems have been revealed, including lack of consultation and coordination between the new arms-length bodies, NHS England and HSCIC, and the Department of Health on the use of NHS patients’ medical information for purposes other than their direct care.

The new amendment would put the Independent Information Governance Oversight Panel (IIGOP) that the Secretary of State asked Dame Fiona Caldicott to establish [2] onto a statutory footing, establishing a single independent body with information governance oversight of the entire health and social care system.

Phil Booth, coordinator of medConfidential [3], said:

“The government has not only failed to act on many of the recommendations in Dame Fiona’s review, it is pushing ahead with initiatives like care.data that contradict some of the core principles she laid out.

“Not only this, but in its single-minded pursuit of an unprecedented data grab from patients’ GP records, NHS England has repeatedly ignored or avoided the very Panel set up to provide advice and challenge on these issues.

“Right now, Dame Fiona is the only person with the moral authority to restore public confidence in the handling of NHS patient information. If it truly wants to regain the trust of both patients and professionals, the government will accept this amendment.”

—

Notes for editors

1) A copy of the amendment is available here: https://medconfidential.org/wp-content/uploads/2014/05/Oversight-Panel-amendment.pdf and associated briefings are available online at: http://medconfidential.org/2014/lords-care-bill/

Some background to the amendment:

On 5^th April a care.data conference co-organised by Richard Horton, Editor of The Lancet and Allyson Pollock, Professor of Public Health Research and Policy, QMUL, was held at Queen Mary University of London:https://medconfidential.org/2014/care-data-conference-at-qmul-05-04-14/ – includes full list of speakers.

Attendees included Lord David Owen, Professor Sir Simon Wessely and other prominent doctors including Dr Joanne Bailey (BMA General Practitioners Committee), plus representatives of statistical bodies, health professionals, NHS campaigners, concerned patients and a representative of NHS England.

Prof Pollock and Peter Roderick from QMUL and Phil Booth from medConfidential were given a mandate to draw up an amendment designed to be constructive and having the broadest appeal; the amendment tabled by Lord Owen today replaces the one originally drafted for Report and Third Reading in the Commons in March:http://www.opendemocracy.net/ournhs/caroline-molloy/privacy-campaigners-team-up-with-leading-public-health-professor-to-fix-hunts

The amendment has wide-ranging support, including the Wellcome Trust, the Association of Medical Research Charities, the Faculty of Public Health and others, and has evolved out of a weeks-long process that demonstrated readiness to engage across the political spectrum.

2) The IIGOP was established at the request of the Secretary of State to oversee the implementation of the recommendations from Dame Fiona’s review, ‘Information: to share or not to share’ (https://www.gov.uk/government/publications/the-information-governance-review, commonly known as Caldicott2) and to “advise, challenge and report on the state of information governance across the health and care system in England”:https://www.gov.uk/government/groups/independent-information-governance-oversight-panel

3) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

Open letter to NHS England and care.data Advisory Group

Leave a Reply

The following is the text of an open letter we wrote to NHS England and the care.data Advisory Group in reply to Tim Kelsey’s letter to stakeholders of 14/4/14:

Dear NHS England and care.data Advisory Group colleagues,

As you know, medConfidential believes there need be no conflict between good research, good ethics and good medical care and that – taken as a whole, in balance – every data flow in the NHS is capable of being consensual, safe and transparent. We welcome indications in Tim Kelsey’s letter to stakeholders^{^[1]} that NHS England appears to be moving towards accepting the implications of this principle, even if it is not yet clearly articulating the principle itself.

“Phased roll out”

Given the absence of information regarding the “early adopter” pilots last year^{^[2]} and the self-evident failure to learn sufficient lessons from them, we would appreciate much greater clarity and transparency regarding the scope and nature of the pilots scheduled for this autumn.

For example, “between 100 and 500 GP practices” is a very wide range and, depending on list size, could affect millions of patients. We look forward to publication of the criteria that will be used to determine the size and composition of the cohort, and details of the process and communications by which practices are recruited.

Other questions to be addressed as early as possible:

Will some or all of the GP practices recruited for the initial pilots^{^[3]} be included?
Will every patient in the initial cohort of practices – and the national roll out – now be written to directly, including a consent form with the letter?
Over what period will the trial, test, evaluation and refinement process take place?
What are the criteria for success, and on what basis would NHS England move to a national roll out?

These are by no means an exhaustive list, but rather indicate the sort of detail that will be required to engender public trust in the process.

Patient communications

On the specific point of an official “optional template letter to patients”, and in light of its belated attempt at a template form for patients this January^{^[4]}, we are concerned that NHS England still has not understood what it must do to communicate adequately with patients. A letter is not “optional”. After the debacle of the junk mail leaflet, it should be clear that – whatever the anticipated response rate – failure to send a letter to each patient, enclosing a consent form, is unacceptable.

And if NHS England is now to adopt a phased roll out, then a letter is a self-evident necessity. There is no other reasonable way to inform individuals within an area or several areas of the country, some of whom may be registered with pilot practices and some not, of the action they should take by a certain date if they wish to opt out.

Regarding “ways of making opting out more straightforward”, medConfidential’s experience suggests that an officially-sanctioned online opt out process would be of great public utility. While this is no doubt bureaucratically complicated for NHS England, it should be considered a high priority task for the new Health and Social Care Digital Service. If NHS England choose not to offer and support online opt out, others will do so^{^[5]}.

For full transparency and to build trust, we welcome the fact that NHS England has committed to all materials being available, and all processes being in place, before any patient-visible pilot begins. This must, of course, include the full awareness of GPs and practice staff, to the satisfaction of the practices themselves as well as relevant medical bodies. Failure to do this previously caused unnecessary patient distress and confusion. It should not happen again.

On a point of detail, regarding the communication materials being developed, examples of benefits must be substantive examples that cannot be achieved by other means. A persistent problem in past communications exercises has been the overly emotional phrasing of benefits, and ‘double-claiming’ of benefits achieved by other initiatives or research that either was or could be done without care.data.

Consultation

We were deeply concerned to hear on BBC Radio 4’s PM programme on Good Friday, in an interview with Dame Fiona Caldicott^{^[6]}, that the Independent Information Governance Oversight Panel (IIGOP) had not been meaningfully consulted by NHS England, with IIGOP only being notified of the junk mail leaflet after the printing process had already begun. We would have deep concerns were that lack of consultation to be repeated, and would appreciate assurances that those aspects of consultation and independent oversight absent in NHS England’s last attempt will be fully respected in all future communications.

Health Research Remote Data Laboratory (HRRDL)

While the choice of imagery is unfortunate, medConfidential generally welcomes the proposal of a data “fume-cupboard”. We believe a strictly controlled ‘Health Research Remote Data Laboratory’ of the type we indicated in our evidence to the Health Select Committee in February^{^[7]}, could act as a safe setting for patient level data research. Such a facility, run within HSCIC, using only data for which consent for secondary uses has not been withdrawn (e.g. via 9Nu4), could permit bona fide research on linked data for projects that have met rigorous, openly agreed ethical criteria.

A facility based on existing Government Statistical Service facilities, such as the Virtual Microdata Laboratory^{^[8]} run by ONS, and replicating their multiple levels of process, protection, oversight, governance and approval should help rebuild trust in the processes of HSCIC while satisfying the needs of research.

As an initial step, HSCIC should adopt the ONS Data Access Policy, and commit to a system that can use (potentially) identifiable data safely; producing safe statistical outputs, using safe researchers from safe organisations, working in safe settings inside safe hosts.

Each part of those must be suitably accredited, based on existing standards from other existing safe settings. HSCIC’s scale will require safe settings in safe hosts, which ONS is only currently deploying with support from the ESRC’s Administrative Data Liaison Service. HSCIC has the opportunity to build this into the design from the beginning, learning from others who have had to retrofit it in at a later date. We appreciate that HSCIC is only in the early stages of this process, and look forward to detailed engagement on the topic.

Changes to the law

Given the Secretary of State’s assurance that the government would legislate to prohibit the sale of patient data to insurers or for commercial purposes, we are deeply concerned at the flawed drafting of the so-called “McDonalds’ amendment” – the government clause on the dissemination of information for the purposes of “the promotion of health” – which would provide a statutory basis for ‘research’ driven by or for the primary benefit of private interests. As currently drafted, this clause would give fast food chains or supermarkets legal grounds to gain access to obesity data as part of “healthy eating promotions”, or tobacco companies to access the finely gradated, date stamped, smoking data to promote, e.g. “health benefits of e-cigarettes”.

Whatever new structures and processes for approval of data releases are put in place – as they certainly must be, given the complete inadequacy of existing procedures at HSCIC and its precursor body – it must be made very clear that just because an organisation may be legally entitled to access data does not mean that it must necessarily receive it. The best defence on this point is for lines to be drawn clearly in legislation. The “promotion of health” amendment not only fails to do this, it provides a legal basis for the very activities it was supposed to prohibit.

Given errors in briefings given to Ministers throughout this process, meaning they have (inadvertently) misled Parliament at least twice on different topics,^{^[9]} ^{^[10]} we also remain deeply concerned that Ministers may not have been made fully aware of the mechanics and implications of amendments, or how they will be implemented in practice . That Lord Howe’s recent letter to Peers mis-states the operation of the patient opt-out – if a patient opts out, it is not just their identifiable data that will not flow; none of their data will flow – is just one example of the continued inconsistency that has been so corrosive of public trust.

While we appreciate the intention, we are also concerned with the government’s amendments to enhance the role of the Confidentiality Advisory Group (CAG) and extend its remit over more of HSCIC’s activities. Quite clearly something had to be done about HSCIC’s handling of NHS patients’ information, but the amendments relating to CAG fall far short of addressing issues and systemic failures beyond HSCIC – which handles only a fraction of the data collections and audits of the whole health and social care system.

On a purely practical point, we are concerned that stretching a body designed to deal with very specific cases – the use of identifiable patient information without consent under s.251 – over a whole range of other other purposes and activities could in fact dilute and possibly compromise CAG’s utility.

What we believe is required to restore public faith in the system is demonstrably independent, overarching oversight – not a narrowly-defined intervention that is in effect limited to improving the advice given to a single arms-length body. The most appropriate body for such a task would be the Independent Information Governance Oversight Panel, chaired by Dame Fiona Caldicott on the request of the Secretary of State, which should be put onto a statutory footing and which already has a remit that spans the entire health and social care system.

Given the circumstances that have led to the need for public assurances, to put patients’ right to opt out onto a statutory footing using only Directions – tertiary legislation which can be varied by NHS England or the Secretary of State without Parliamentary debate – is unlikely to reassure everyone that their right to opt out will always be respected. Under Directions, patients who opt out could find that their decision is rendered meaningless by the stroke of a pen that would never be reviewed by Parliament.

“6 months”

We wholeheartedly agree with NHS England’s new Chief Executive, Simon Stevens’ statement to the Health Select Committee in the Commons yesterday that he doesn’t think there should be “an artificial time scale” to when the care.data programme ‘re-starts’. There are clearly some complex and significant issues still to be worked through; many of them fundamental to public trust. Putting an arbitrary deadline on this would be foolhardy. If this is to be done right, it cannot be rushed.

We hope to continue in a process of constructive engagement. We are encouraged by at least some of what we are hearing. The acid test will be when see exactly how these words are put into action.

Kind regards,

Phil Booth & Sam Smith
medConfidential

30 April 2014

^{^[1]} http://www.england.nhs.uk/wp-content/uploads/2014/04/cd-stakeholder-lett.pdf

^{^[2]} http://www.pulsetoday.co.uk/home/finance-and-practice-life-news/patient-identifiable-data-to-be-extracted-from-gp-records-in-early-implementer-practices/20003841.article#.U1uUS1cVdiQ

^{^[3]} http://www.england.nhs.uk/wp-content/uploads/2013/09/cd-pilot-pract.pdf

^{^[4]} https://medconfidential.org/wp-content/uploads/2014/04/2014-01-16-NHS-England-opt-out-form.pdf

^{^[5]} https://www.faxyourgp.com

^{^[6]} https://audioboo.fm/boos/2088283-key-government-adviser-on-nhs-data-tells-pm-the-care-data-scheme-was-mishandled

^{^[7]} Q18 & 19: http://data.parliament.uk/writtenevidence/WrittenEvidence.svc/EvidenceHtml/6788

^{^[8]} http://www.ons.gov.uk/ons/about-ons/business-transparency/freedom-of-information/what-can-i-request/virtual-microdata-laboratory–vml-/index.html

^{^[9]} http://www.theyworkforyou.com/wrans/?id=2014-02-11a.186539.h