It has become increasingly clear in recent weeks that patients have been kept in the dark about where their data has been going, in what form and what is being done with it.

Well now for the first time, we can show you a picture:

Click on the image to show full size.
For obvious reasons, we have redacted the day element of every date.

Please note that we are not suggesting the following is unlawful or that patient confidentiality has been deliberately breached.

The image above comes from a company called OmegaSolver Ltd, formed in March 2013, which sells a product called HALO Patient Analyser, which it describes thus:

Patient Treatment Analyser is a unique dataset solution provided to pharmaceutical companies and trusts, who want to analyse and understand the treatment given to patients suffering from a specific disease…

The patient Analyser provides a robust query engine where users can query based on a large number of fields such as –

Gender
Age
First Diagnosis
Period (Years)
Hospital Visit Frequency
Hospital Stays
Procedures
Diagnosis
CCG / TRUST / Hospitals
Treatment Specialist
Planned / Unplanned Admissions and many more

The Patient summary report gives a summarised report of the queried data for new and overlapping patients, Gender split with age range distribution over a three year period. Patient Analyser is a one of its kind analytical tool with a simple yet understandable data visualization tool, which is currently a unique offering.

The image, a screenshot looking at five out of 163,316 patients’ data, shows detailed information about each individual patient including their medical diagnoses ordered by actual dates of each hospital visit, tracking episode to episode – the detailed state of each individual patient’s health as he or she passes through hospital care.

For example, patient OS060900 (the ‘pseudonym’) is aged 81-85 and had 5 conditions diagnosed in October 2010. She has visited hospital 257 times, mostly as outpatient visits, but spent 5 days in hospital at which point 8 conditions were diagnosed, then 6 days later the incidents scroll off the screen.

Patient OS084761, also 81-85 years old, was in hospital in April 2010 and he was still there with the same diagnoses 3 days later, though it looks like he left a day later with at least one additional diagnosis.

We are not certain that the codes in the screenshot are the same as the ones used by GPs, but if they are then some of the events and/or diagnoses referenced in the screenshot would include:

• Posterior fixation of rectum
• Removal of left breast
• Suberosis (cork-handlers’ lung)
• Explosive personality disorder
• Bilateral mastectomy or mammoplasty
• Removal of left fallopian tube
• Removal of left ovary

What this illustrates quite starkly about pseudonyms is just how irrelevant they are when there is so much other identifiable data in the rest of the row. ‘Pseudonymised’ data may obscure some of the most obvious pieces of identifying information, such as your NHS number, but it clearly doesn’t hide rich detail about a person’s life and health that could just as easily be used to identify them.

Given that companies are already combining health data with social media data, you can see the ever-growing risk of re-identification from simply having tweeted about having had an accident on a certain date, or having posted a Facebook update about a relative going into hospital.

N.B. We sincerely hope this screenshot was taken from a set of mock data, not the actual HES data of 163,316 NHS patients. We look forward to clarification from OmegaSolver in due course.

—

We have noticed in recent days that some of the “information intermediaries” supplied with data by the Health and Social Care Information Centre under “commercial re-use licenses” are pulling web pages when contacted by the press about what they are doing.

Last Monday the Guardian, Wired and others reported on a company called Earthware with a ‘Hopsital [sic] Episodes Map’ on its website, which it described thus:

Healthcare companies and the NHS use Hospital Episode Statistics (HES) data to understand the flow of patients through the healthcare system. HES is a dataset containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England.

The map appeared to be making Hospital Episodes Statistics (HES) data available for arbitrary queries on a public web page without any form of password protection. The company pulled the map, but later put out a statement saying:

The third party, which cannot be named at this point, has since removed all the text from pages on its website that mentioned HES data.

Another information intermediary which last week was happy to declare it held “over 900 million linked patient HES records” and “patient level linked HES data”, has updated its site and now claims to hold “over 1 billion linked patient HES records dating back 10 years” but adds the qualification, “this data is non identifiable and non sensitive”. The company’s website also clearly states, “HES data provided by the Health & Social Care Information Centre under Commercial Re-use licence 2013.”

We suspect HSCIC and its information intermediaries’ definition of “non sensitive” may be somewhat different from the patients whose hospital details are being sold.

And in the light of the OmegaSolver image, the bald assertion that vast quantities of information-rich patient-level health data are completely “non identifiable” simply will not wash.

On 7th February, GP magazine Pulse reported that “Patients who have opted out of the [care.data] scheme will still have their records sent to the HSCIC stripped of identifiers” – see 4th paragraph from bottom of this article. This confirmed something buried on page 9 of NHS England’s care.data Privacy Impact Assessment [PDF], which states:

Where patients have objected to the flow of their personal confidential data from the general practice record, the HSCIC will receive clinical data without any identifiers attached (i.e. anonymised data).

So the intention was to extract information from the medical records of people who had opted out, just without their NHS number, postcode, date of birth and gender attached.

This is not what any reasonable person would understand by opt out – if you opt out, no information from your medical record should leave your GP practice.

We immediately got to work, engaging with the Secretary of State and Department of Health and HSCIC amongst others. By the middle of the following week it was clear that the opt outs were going to have to be fixed, in ways we were invited to put to the Secretary of State for Health in a letter. By Friday 14th we were pretty sure that they would be fixed, but no-one seemed willing to confirm this – maybe because to do so would confirm that NHS England had been caught misleading the public.

Things moved on rapidly the following Monday with the launch of the first online opt out, faxyourgp.com, following on from critical statements by the Royal College of General Practitioners, British Medical Association and the Information Commissioner’s Office, clear signals that 38Degrees and SumOfUs supporters might opt out en masse – not to mention the fact that medConfidential had over the previous 4 weeks served out over 300,000 opt out forms and letters. And we instructed Leigh Day Solicitors to write a ‘letter before action’ to NHS England, i.e. we began a legal challenge based on misleading information in its junk mail leaflet.

On Tuesday 18th we received a letter from Dr Mark Davies, the outgoing Director of Clinical and Public Assurance at HSCIC, confirming the way in which the opt out codes would work. His letter ended: “This proposal will be considered by the GPES Independent Advisory Group (IAG) in February for their confirmation” – thus confirming that the opt outs had changed. This wasn’t an outright admission that the public had been deceived, but it clearly shows that the opt outs were not set up to work as patients would expect at the point we intervened.

And then later that afternoon, bowing to serious pressure, NHS England announced a second six month delay – while allowing themselves the possibility of uploading patient data from some ‘pilot’ practices before September.

Without fanfare that same afternoon, a new web page was published on the HSCIC website. You will probably want to read this – it’s a public document, clearly explaining the operation of the opt out codes:

http://www.hscic.gov.uk/article/3915/what-we-will-collect-from-gp-records-under-caredata

Hopefully from this point on, this page will be where any further changes to the process are published.

BUT…

You will note that the HSCIC page says, “Currently, no other data relating to those who have made this objection will be extracted from their GP record in relation to care.data”

“Currently”? Are they intending to change how the opt out codes work all over again? We sincerely hope not!

Following yesterday’s evidence session on care.data before the Health Select Committee we shall be writing to the Committee to ask that they (i.e. Parliament) ensure that the final few loose ends are tied up.

So our advice remains as follows; if you have any concerns – and the performance of Tim Kelsey (NHS England), Max Jones (HSCIC) and the Under-Secretary of State for Health in front of the Committee yesterday was less than confidence-inspiring – then opt out now. And don’t forget your kids!

If NHS England manages to convince you that they’ve got things right by September, you can always opt back in. But if you’re in one of the proposed ‘pilot’ practices (no, we don’t know where they are yet) and you don’t find out that you are until after your data has been uploaded, you may regret delaying taking action.

A short film to make you think:

It’s not right to take things without permission.

So why does the government think it’s OK to suck up confidential information to a giant new central database from the medical records of every man, woman and child in England? Or to sell our data to private companies or maybe even let the police have access?

And why does the arms-length body in charge of the NHS in England think a junk mail leaflet is sufficient ‘notice’ to start extracting 50 million people’s most private information from their GP? That’s not permission.

Opt out NOW… and don’t forget your children!

Video produced by WPL
Thanks to Martin Gibbs (teacher) and the girls of Torquay Girls’ Grammar School
Simon Lambros ‘Journeying’ from Audio Network with permission

[This blog post now has its own page in the ‘For patients’ section.]

While brave GPs are being bullied into handing over your family’s medical records, we’re hearing from a growing stream of people that their GP practice hasn’t even known what to do when they asked or went in to opt out of care.data.

We’ve been sent scans and photos of Summary Care Record opt out forms that people have been given, forms for opting out of local data sharing arrangements, and who knows what. We can point individual patients who contact us at the right form, but that doesn’t help everyone else in the practice.

If you have gone to your GP practice and they haven’t clearly understood and acted upon your request to opt out of care.data, you can let us know which practice it was through our new tool:

http://formFix.medConfidential.org

Just enter your postcode, tell us which surgery, and we’ll send them some details.

The formFix site is not for you to opt out online, but it lets us know where the confusion is and helps us to help GPs avoid breaching the Data Protection Act because of the impossible position NHS England has put them in.

NHS England has no way of knowing this information, so blithely continues assuring people that everything is fine. This should provide some data on how badly their communications campaign is actually going on the ground, for the next time Tim Kelsey joins us on the radio.

It would really help if you told friends and family who live in different parts of England – care.data does not affect Scotland, Wales or Northern Ireland – about this; send them the link, Tweet it, post it on Facebook.

Spread the word.

The Board of the Health and Social Care Information Centre (HSCIC) rather unhelpfully publishes all of its documents within a single zip file, which makes them very hard to google. From November 2014, original documents are available on gov.UK. For your convenience and to assist HSCIC in its drive to become transparent, here is a copy of all of the Board papers, expanded:

June 2015 papers are provided as a published PDF (not zipped)

April 2015

• 20150429_BoardAgenda_Part1_Final.pdf
• HSCIC150102a_BoardRegisterofInterests.pdf
• HSCIC150102b_20150331_BoardPart1Minutes_DRAFT.pdf
• HSCIC150102c_ActionUpdateSummary_Part1.pdf
• HSCIC150103b_Annual Accounts v0 1.pdf
• HSCIC150103b_Annual Governance Statement 2014-15 v0 8.pdf
• HSCIC150103b_Annual Report and Accounts 2014-15_production plan_21 04 15.pdf
• HSCIC150103b_Board meeting paper_Annual Report and Accounts update_29 04 15.pdf
• HSCIC150103c_BoardFwdBusSchedule_2015_16.pdf
• HSCIC150103c_ForwardBusinessSchedule_2015_16_CS.pdf
• HSCIC150104a_Board Performance Pack (public)- March data.pdf
• HSCIC150104a_Performance Pack_Part 1_CS.pdf
• HSCIC150105a_150402 Data Sharing Legal Direction to HSCIC.pdf
• HSCIC150105a_Visitors and Immigration Health Charge Direction_CS.pdf
• HSCIC150105b_CYPHS Directions Board Paper 29_4_15.pdf
• HSCIC150105c_LetRP_GPESIAG_19apr2015v1.pdf
• HSCIC150105c_StreamliningImprovingIGadvice_Board_20apr2015final.pdf
• HSCIC150106_Appendix A – PoSA between HSCIC and the Department of Health.pdf
• HSCIC150106_PoSA Board Paper v1 2.pdf

March 2015:

• 20150331_BoardAgenda_Part1_FINAL.pdf
• HSCIC150902a_BoardRegisterofInterests.pdf
• HSCIC150902b_20150128_BoardPart1Minutes_DRAFT.pdf
• HSCIC150902c_Part1_ActionUpdateSummary.pdf
• HSCIC150903b_Board Review of IG Activity v 1.pdf
• HSCIC150903b_IG Annual report_CS.pdf
• HSCIC150903c_Delegated Authorities Board v1 0_CS.pdf
• HSCIC150903c_Delegated Authorities Update – Board Note March 2015 v1 0.pdf
• HSCIC150903c_HSCIC Levels of Delegated Authority March 2015 v1 10.pdf
• HSCIC150903c_HSCIC Levels of Delegated Authority March 2015 v1 9.pdf
• HSCIC150903d_BoardEffectivenessGovReview.pdf
• HSCIC150903d_IACoverSheet.pdf
• HSCIC150903e_BoardFwdBusSchedule_2015_16.pdf
• HSCIC150903e_ForwardBusinessSchedule_2015-2016_CS.pdf
• HSCIC150904a_Board Performance Pack (public) – February Data.pdf
• HSCIC150904a_Performance Pack_Part 1_CS.pdf
• HSCIC150904b_Progress on Implementing Data Release Review_CS.pdf
• HSCIC150904b_Progress_on_implementing_data_release_review_rec_Mar15v05.pdf
• HSCIC150904c_Appendix A People Vision deliverables and indicators 1516 v1 0.pdf
• HSCIC150904c_Transformation Approach 1516_March 2015_Board Cover Sheet.pdf
• HSCIC150904c_Transformation Approach 1516_March 2015v1 0.pdf
• HSCIC150905a_FINAL – The HSCIC’s role on adult social care March 2015.pdf
• HSCIC150905a_HSCIC role Adult Social Care_Board Cover Sheet.pdf
• HSCIC150905b_150324 FGM Directions V9 clean.pdf
• HSCIC150905b_BoardPaper Direction to support FGM data collection_JH.pdf
• HSCIC150905b_signed direction for FGM Enhanced Dataset.pdf
• HSCIC150906a_HSCIC Strategy CS.pdf
• HSCIC150906a_HSCIC’s strategy-Information and technology for better care – 18032015.pdf
• HSCIC150906a_Strat-on-page-A3-V1a.pdf
• HSCIC150906a_Strategy_2015-2020-FINAL-DRAFT-240315a.pdf
• HSCIC150906b_BoardPaper – POSA Update 20-3-15.pdf
• HSCIC150906b_POSA Update Board paper cover page.pdf
• HSCIC150908a_Forthcoming Statistical Publications_CS.pdf
• HSCIC150908a_Forthcoming Statistical Publications_March2015.pdf
• HSCIC150908b_GPESIAG_FIpaper_170315v2.pdf
• HSCIC150908b_GPESIAG_coversheet.pdf
• HSCIC150908c_Programme Definitions_CS.pdf
• HSCIC150908c_Project and Programme Definitions.pdf

28 January 2015:

• 20150128_BoardAgenda_Part1_FINAL.pdf
• HSCIC150802a_BoardRegisterInterests.pdf
• HSCIC150802b_20141126_BoardPart1Minutes_DRAFT.pdf
• HSCIC150802c_BoardPart1ActionSummary.pdf
• HSCIC150803b_BoardFwdBusSchedule_2014_15.pdf
• HSCIC150803b_BoardFwdBusSchedule_2015_16.pdf
• HSCIC150803b_ForwardBusinessSchedule_Cover.pdf
• HSCIC150804b_Board 280115 – Business Planning 2015-16 – David O’Brien.pdf
• HSCIC150804b_Board cover sheet public session – Busines Planning 2015-16.pdf
• HSCIC150804b_Corporate Business Plan – First Draft 0.3.pdf
• HSCIC150804c_BoardPaper_ Data Releases Register Update Jan 15.pdf
• HSCIC150804c_Data_Releases_Update_board_cover_sheet_public_January_2015.pdf
• HSCIC150804d_Data_Access_Request_Backlog_board_cover_sheet_public_January_2015.pdf
• HSCIC150804d_Data_Access_request_backlog_Jan15_Board.pdf
• HSCIC150804e_Progress_on_implementing_data_release_review_rec_Jan15.pdf
• HSCIC150804e_Progress_on_implementing_data_release_review_rec_board_cover_sheet_January_2014.pdf
• HSCIC150805a_Cover_Sheet_DCA-JanBoard.pdf
• HSCIC150805a_DCA – primary-secondarylinkeddata – FINAL CLEAN.pdf
• HSCIC150805b_FINAL DRAFT Spine (No 2) Directions.pdf
• HSCIC150805c_BoardPaper 280115 AT Directions v0 2.pdf
• HSCIC150805c_FINAL Assuring Transformation Directions HSCIC Issue 1 20141223 signed.pdf
• HSCIC150805c_board-cover-sheet-for ratification of Assuring Transformation Directions.pdf
• HSCIC150806a_Board cover sheet public session – HSCIC strategy 2015.pdf
• HSCIC150806a_DRAFTv01_15012015_public Board_28012015 – The HSCIC’s strategy.pdf
• HSCIC150808a_Board Cover Sheet Public SG January 2015.pdf
• HSCIC150808a_BoardPaperJanuary2015.pdf
• HSCIC150808b_Project and Programme Definitions.pdf
• HSCIC150808b_Project and Programme Defintions (coversheet).pdf

27 November 2014

From November 2014 onwards, it seems the interesting material is all in “part 2” of the meeting,  in secret.

• 20141126_BoardAgenda_Part1.pdf
• HSCIC140702a_BoardRegisterInterests.pdf
• HSCIC140702b_20140903_BoardPart1Minutes_DRAFT.pdf
• HSCIC140702c_BoardPart1ActionSummary.pdf
• HSCIC140703b_BoardForwardBussSched_AnnexA.pdf
• HSCIC140703b_BoardFwdBusSchedule_2014_15.pdf
• HSCIC140703b_ForwardBusinessSchedule_Cover.pdf
• HSCIC140703c_ChangeTopLevelStructure_BoardPaper.pdf
• HSCIC140703c_ChangeTopLevelStructure_CoverSheet.pdf
• HSCIC140703d_BoardAppointments_BoardPaper.pdf
• HSCIC140703d_BoardAppointments_CoverSheet.pdf
• HSCIC140703f_CS_Data Access Request Backlog.pdf
• HSCIC140703f_Data Access request backlogv03.pdf
• HSCIC140704(a)_Board Performance Pack (Public) October 2014 data (coversheet).pdf
• HSCIC140704a_Board Pack (public) – October 2014 data.pdf
• HSCIC140704bi_Board – 2611014 – Business Plan Q2 Progress Review.pdf
• HSCIC140704bi_board-cover-sheet-public-april-2014.pdf
• HSCIC140704bii_Board mid-year finance review paper.pdf
• HSCIC140704bii_Public Cover sheet Mid year review 2014 15 HSCIC Budget.pdf
• HSCIC140705_HSCIC’s role on adult social care 20112014.pdf
• HSCIC140705a_Board cover sheet November 26 2014.pdf
• HSCIC140705a_Board paper – code of practice – 26 November 2014.pdf
• HSCIC140705a_Draft Code of Practice.pdf
• HSCIC140705c_CS_Improving the HSCIC’s offer to adult social care.pdf
• HSCIC140706a_Board cover sheet public session National Information Board November 2014 (2).pdf
• HSCIC140706a_Board paper – The NIB Framework for Action v 0 1.pdf
• HSCIC140706a_Personalised Health and Care for All 2020 – Final Version.pdf
• HSCIC140708a_HSCIC_publication_strategy.pdf
• HSCIC140708a_board-cover-sheet-public-publication_strategy.pdf
• HSCIC140708b_BoardPaperNovember2014.pdf
• HSCIC140708b_SGNovember2014_Cover.pdf
• HSCIC140708c_20140924 – SoS to Rob Shaw.pdf

3rd September 2014

• Agenda
• HSCIC140602a_BoardRegisterInterests.pdf
• HSCIC140602b_20140702_Board Public Minutes_DRAFT.pdf
• HSCIC140602c_BoardPublicActionSummary.pdf
• HSCIC140603ai_HSCIC Corporate Governance Manual 2014-15.pdf
• HSCIC140603ai_aii_CGMandToR_Cover.pdf
• HSCIC140603aii_HSCICARCToR _FINAL.pdf
• HSCIC140603aii_HSCICBoardToR _FINAL.pdf
• HSCIC140603aii_HSCICRemCoToR_FINAL.pdf
• HSCIC140603aiii_BoardFutureDatesProposal_Cover.pdf
• HSCIC140603aiii_BoardFutureDatesProposal_Paper.pdf
• HSCIC140603aiv_BoardForwardBussSched_AnnexA.pdf
• HSCIC140603aiv_ForwardBusinessSchedule_Cover.pdf
• HSCIC140603aiv__BoardFwdBusSchedule_2014_15.pdf
• HSCIC140604a_Board Performance Pack (Public) July 2014 data (coversheet).pdf
• HSCIC140604a_Board Performance Pack – July 2014 (Public).pdf
• HSCIC140604b_Board Report – 03 September – Corporate Performance Management – Appendix B.pdf
• HSCIC140604b_Board Report – 03 September – Corporate Performance Management – Cover Sheet.pdf
• HSCIC140604b_Board Report – 03 September – Corporate Performance Management – Report including Appendices A and C.pdf
• HSCIC140604c_Board Risk Paper – Risk Mapping to KPIs.pdf
• HSCIC140604c_Board Risk Paper Risk Mapping – Appendix A.pdf
• HSCIC140604c_Board_Risk Paper CoverSheet.pdf
• HSCIC140604di_Partridge recommendations board-cover-sheet-public.pdf
• HSCIC140604di_Progress_on_Partridge_review.pdf
• HSCIC140604dii_BoardCoverSheet_Public_Data_Releases_approved.pdf
• HSCIC140604dii_BoardPaper_ Data Releases Predecessor organisation update.pdf
• HSCIC140604dii_Data Release Process board-cover-sheet-public-September-2014.pdf
• HSCIC140604dii_Update on Data releases_Process Board_Overview.pdf
• HSCIC140605a_Board paper – code of practice – Cover sheet.pdf
• HSCIC140605a_Board paper – code of practice.pdf
• HSCIC140605b_Cyber Security Programme Update – Board Cover Paper.pdf
• HSCIC140605b_Cyber Security Programme Update.pdf
• HSCIC140605c_BoardPaper public session September 2014 – HSCIC and adult social care.pdf
• HSCIC140605c_board-cover-sheet-public-september-2014 HSCIC adult social care.pdf
• HSCIC140606a_Transformation Programme Report cover-sheet-public.pdf
• HSCIC140606a_Transformation Programme Report paper.pdf
• HSCIC140606b_Directions for Spine Services.pdf
• HSCIC140608a_Board Paper Directions.pdf
• HSCIC140608a_Board cover sheet – care data directions.pdf
• HSCIC140608b_Letter from Kingsley Manning to Una O’Brien re Statutory Obligations 13.8.14.pdf
• HSCIC140608b_StatutoryObligations_coversheet.pdf
• HSCIC140608c_BoardPaperSeptember2014.pdf
• HSCIC140608c_SGSeptember2014_Cover.pdf
• HSCIC140608d_BoardPaper public session September 2014 – Refreshing the HSCIC strategy.pdf
• HSCIC140608d_board-cover-sheet-public-september-2014 updating strategy.pdf
• HSCIC140608e_Programme Definitions.pdf
• HSCIC140608e_Programme Defintions (coversheet).pdf

There was no August 2014 meeting

2 July 2014

• HSCIC140502a_BoardRegisterInterests.pdf
• HSCIC140502b_20140617_Board Public Minutes_DRAFT.pdf
• HSCIC140502c_BoardPublicActionSummary.pdf
• HSCIC140503ai_BoardForwardBussSched_AnnexA.pdf
• HSCIC140503ai_BoardFwdBusSchedule_2014_15.pdf
• HSCIC140503ai_ForwardBusinessSchedule_Cover.pdf
• HSCIC140503aii_BoardFutureFormat.pdf
• HSCIC140503aii_BoardFutureFormat_Cover.pdf
• HSCIC140503c_NHS IC letter.pdf
• HSCIC140503c_NHSICletter_Cover.pdf
• HSCIC140504a_Board Performance Pack (Public) May 2014 data (coversheet).pdf
• HSCIC140504a_Board Performance Pack (public) – May 2014.pdf
• HSCIC140504b_Board Cover Sheet – risk management update.pdf
• HSCIC140504b_Board report – risk management update.pdf
• HSCIC140504c_BoardPaper 2014 Staff Survey.pdf
• HSCIC140504c_Staff-survey-cover-sheet-July-2014.pdf
• HSCIC140505a_Progress_on_Partridge_review_rec_02_07_14.pdf
• HSCIC140505a_board-cover-sheet-public-april-2014.pdf
• HSCIC140505b_Board_DQ_Update_201407_FINAL_v1.0.pdf
• HSCIC140505b_board-cover-sheet-public-april-2014.pdf
• HSCIC140505c_HSCIC_BoardCoverSheet_Public for Cyber Security update 020714.pdf
• HSCIC140505c_PUBLIC Cyber Security update 020714.pdf
• HSCIC140506a__BoardPaper 190614 Final.pdf
• HSCIC140506a_board-cover-sheet-public-april-2014.pdf
• HSCIC140508a_SGJuly2014_Cover.pdf
• HSCIC140508a_SG_BoardPaperJuly2014.pdf
• HSCIC140508b_Etape de Yorkshire Cover Sheet 02Jul14 v2.pdf
• HSCIC140508b_Etape de Yorkshire_HSCIC Board_02Jul14.pdf
• HSCIC_20140702_BoardPublicSessionAgenda.pdf

4 June 2014

• HSCIC140302a_BoardRegisterInterests.pdf
• HSCIC140302b_20140514_Board Public Minutes_DRAFT.pdf
• HSCIC140302c_BoardPublicActionSummary.pdf
• HSCIC140304a_BoardForwardBussSched_AnnexA.pdf
• HSCIC140304a_BoardFwdBusSchedule_2014_15.pdf
• HSCIC140304a_ForwardBusinessSchedule_Cover.pdf
• HSCIC_20140604_Board Public Session Agenda.pdf

14 May 2014

• HSCIC_20140514_Board Public Session Agenda.pdf
• 02 a_BoardRegisterInterests.pdf
• 02 b_Board Public Minutes DRAFT.pdf
• 02 c_BoardPublicActionSummary.pdf
• 03 a_Board_CoverSheet May 2014 – Annual Report and accounts.pdf
• 03 a_Public Board 14th May.pdf
• 03 b_HEE-NEDalignment_BoardPaper.pdf
• 03 b_HEE-NEDalignment_CoverSheet.pdf
• 03 c_BoardForwardBussSched_AnnexA.pdf
• 03 c_BoardFwdBusSchedule_2014_15.pdf
• 03 c_ForwardBusinessSchedule_Cover.pdf
• 04 ai_Board Performance Pack (Public) Mar 2014 data (coversheet).pdf
• 04 ai_Board Performance Pack (public) – March 2014.pdf
• 04 aii_Proposed Review of Performance Packs v2.1.pdf
• 04 aii_board-cover-sheet-public-april-2014 – Review of Performance Packs 2.0.pdf
• 04 b_May BoardCoverSheet_Public_care data.pdf
• 04 b_MayBoard_care data_DRAFT 04.pdf
• 04 c_ signed SLA.pdf
• 04 c_Board Paper re Audit Arrangements May 2014 v0 2.pdf
• 04 c_Cover Sheet. Internal audit Arrangments2014-15.pdf
• 05 a_Annex 1 Transformation end of year 1314 report v1.0 FINAL.pdf
• 05 a_Transformation Update_140514.pdf
• 05 a_Transformation Update_BoardCoverSheet_Public 140514.pdf
• 05 b_HSCIC IT Hosting Strategy v1.7.pdf
• 05 b_Hosting Strategy – Board Cover Paper.pdf
• 05 c_PUBLIC HSCIC Security Operations Proposal (coversheet).pdf
• 05 c_PUBLIC HSCIC Security Operations Proposal – Board Brief v1 0.pdf
• 05 c_PUBLIC HSCIC_Paper SIAM Information Assurance v 0 5.pdf
• 05 d_role of HSCIC in system wide IG matters 140430 v0 8.pdf
• 07 a_SGMay2014_Cover.pdf
• 07 a_SG_BoardPaperMay2014.pdf

 

03 April 2014

• HSCIC140102_GovernanceAppointments_BoardPaper.pdf
• HSCIC140102_GovernanceAppointments_CoverSheet.pdf
• HSCIC140103a_BoardRegisterInterests.pdf
• HSCIC140103b_20140305_Board Public Minutes DRAFT.pdf
• HSCIC140103c_BoardPublicActionSummary.pdf
• HSCIC140104a_BoardForwardBussSched_AnnexA.pdf
• HSCIC140104a_BoardFwdBusSchedule_2014_15.pdf
• HSCIC140104a__ForwardBusinessSchedule_Cover.pdf
• HSCIC140106a_Board Performance Pack (Public) Feb 2014 data (coversheet).pdf
• HSCIC140106a_Board Performance Pack (public) – February 2014.pdf
• HSCIC140106b_ Risk Management_Cover.pdf
• HSCIC140106bi_Risk Management_Paper.pdf
• HSCIC140106bii_Board Risk Management_Strategic risks mapped to Executive.pdf
• HSCIC140106c_AprBoard_care data_FINAL1.0.pdf
• HSCIC140106c_BoardCoverSheet_Public_care.data_update.pdf
• HSCIC140107a_BoardCoverSheet_Public for IACSC.pdf
• HSCIC140107a_ii IACSC Proposal.pdf
• HSCIC140107a_iii HSCIC IACSC ToR.pdf
• HSCIC140107b_AprBoard_SofSMeasures_FINAL1.0.pdf
• HSCIC140107b_BoardCoverSheet_Public_SofSMeasures.pdf
• HSCIC140109a_SG_April2014_Cover.pdf
• HSCIC140109a_SG_BoardPaperApril2014.pdf
• HSCIC14_20140402 Board Public Session Agenda.pdf

05 March 2014

• 20140205_Board Public Minutes DRAFT.pdf
• 20140305 Board Public Session Agenda.pdf
• HSCIC131402(a)_BoardRegisterInterests.pdf
• HSCIC131402(c)_BoardPublicActionSummary.pdf
• HSCIC131404(a)_Board Performance Pack (Public) – January 2014.pdf
• HSCIC131404(a)_Board Performance Pack (Public) Jan 2014 data (coversheet).pdf
• HSCIC131404(b)_BoardPaper IA Role Post IGAR v 1.0 with cover sheet.pdf
• HSCIC131404(b)_BoardPaper IGSA Role Post IGAR v 1 0.pdf
• HSCIC131404(d)_BoardCoverSheet_Public_FinReporting_Mar’14.pdf
• HSCIC131404(d)_Reporting Board Paper_feb 14_cv.pdf
• HSCIC131404(f)_HSE16-19_FutureApprval_BoardPaper_Final.pdf
• HSCIC131404(f)_HSE_BoardCoverSheet_Public – MarchBoardMeeting.pdf
• HSCIC131405(a)_BoardCoverSheet_Corp Business Plan.pdf
• HSCIC131405(a)_Corporate Business Plan_v0 9eii-for 5 Mar Board.pdf
• HSCIC131405(b)_Workforce Strategy v1.0.pdf
• HSCIC131405(b)_Workforce Strategy_BoardCoverSheet_Public 050314.pdf
• HSCIC131405(c)_BoardCoverSheet_Public_NHS_Direct_Mar14_v0 1.pdf
• HSCIC131405(c)_BoardPaper_NHS_Direct_Mar14_v0 4.pdf
• HSCIC131406(a)_Delegated Authorities Board Paper.pdf
• HSCIC131406(a)_Delegated Authorities_Cover.pdf
• HSCIC131406(a)_Levels of Delegated Authority_Annex.pdf
• HSCIC131406(b)_BoardEffectivenessEvaluation_AnnexB.pdf
• HSCIC131406(b)_BoardEffectivenessQuestionnaire2013_14_AnnexA.pdf
• HSCIC131406(b)_BoardEffectivessEvaluation_Cover.pdf
• HSCIC131406(b)_BoardEffectivessEvaluation_Paper.pdf
• HSCIC131406(c)_BoardForwardBussSched_AnnexA.pdf
• HSCIC131406(c)_BoardFwdBusSchedule_2014_15.pdf
• HSCIC131406(c)_ForwardBusinessSchedule_Cover.pdf
• HSCIC131408(a)_February 2014 Care Bill Cover paper.pdf
• HSCIC131408(a)_HSCIC Board paper – Support for the Care Bill 24022014.pdf
• HSCIC131408(b)_BoardPaperUKSAReportMarch2014CoverSheet.pdf
• HSCIC131408(b)_BoardPaperUKSAReportMarch2014Paperv4.pdf
• HSCIC131408(c)_SGMarch2014_Cover.pdf
• HSCIC131408(c)_SG_BoardPaperMarch2014.pdf

 

05 February 2014

• 0. Agenda (Public).pdf
• 2a. Board Register of Interests.pdf
• 2b. Draft Minutes – 15 January 2014.pdf
• 2c. Board Public Action Summary.pdf
• 3a. Board Performance Pack(coversheet).pdf
• 3a. Board Performance Pack.pdf
• 3b (i) Corporate Risk and Issues Register.pdf
• 3b (i) Risk Register v0.2 (coversheet).pdf
• 3b. (i) Risk Register.pdf
• 3b. (ii) Risk Management (coversheet).pdf
• 3b. (ii) Risk Management.pdf
• 3c. care.data (coversheet).pdf
• 3c. care.data.pdf
• 3d. Health Survey for England (coversheet).pdf
• 3d. Health Survey for England 16-19_= Future Approval.pdf
• 4a. Corporate Business Plan (coversheet).pdf
• 4a. Corporate Business Plan.pdf
• 4b. NHS Direct (coversheet).pdf
• 4b. NHS Direct.pdf
• 4c. Statistical Publications Strategy – timetable-principles.pdf
• 4c. Statistical Publications Strategy – timetable-principles (coversheet).pdf
• 4d. IGAR (coversheet).pdf
• 4d. IGAR summary – Final.pdf
• 5a. Board Forward Business Schedule 2013_14.pdf
• 5a. Board Forward Business Schedule 2014_15.pdf
• 5a. Forward Business Schedule (coversheet).pdf
• 5b. Board Business (coversheet).pdf
• 5b. Board Business Diagram_Appendix A.pdf
• 5b. Board Forward Business Schedule_AppendixB.pdf
• 5b. Board Business.pdf
• 7a. Forthcoming Statistical Publications_February 2014 (coversheet).pdf
• 7a. Forthcoming Statistical Publications_February 2014.pdf

15 January 2014

• 0. Agenda.pdf
• 2a. Board Register of Interests.pdf
• 2b. Board Public Minutes DRAFT.pdf
• 2c. Board Public Action Summary.pdf
• 3a Board Performance Pack (Public) Nov 2013 (coversheet).pdf
• 3a. Board Performance Pack (Public) – November 2013.pdf
• 3bi. Directions (coversheet).pdf
• 3bi. Directions HSCIC primary care data FINAL SIGNED VERSION.pdf
• 3bi. Directions HSCIC primary care data issue letter FINAL VERSION.pdf
• 3ci. Appendix A – Data services for commissioners Directions.pdf
• 3ci. Appendix B – HSCIC consultation activities DSfC.pdf
• 3ci. Appendix C – High level overview of HSCIC deliverables_DSfC Local Data.pdf
• 3ci. Board Briefing on Directions for Commissioning Data.pdf
• 3ci. DSfC Local Data Directions (coversheet).pdf
• 4a. Corporate Business Plan (coversheet).pdf
• 4a. Draft Corporate Business Plan.pdf
• 4c. NHS Direct (coversheet).pdf
• 4c. NHS Direct.pdf
• 4d. Final MoU -US-NHSE-HSCIC Consolidated V0 8.pdf
• 4d. MoU Approval (coversheet).pdf
• 4d. MoU Approval Paper.pdf
• 5a. Corporate Governance Manual 2013-14[1].pdf
• 5a. Framework Agreement (16 December version Draft).pdf
• 5a. Framework Agreement (coversheet).pdf
• 5a. Framework Agreement Corp Governance.pdf
• 5b. Senior Information Risk Owner.pdf
• 5b. SIRO (Coversheet).pdf
• 5c. Board Forward Business Schedule2 014_15.pdf
• 5c. Board Forward BusinessSchedule 2013_14.pdf
• 5c. Forward Business Schedule (coversheet).pdf
• 7a. Briefing on the Care Bill_paper.pdf
• 7b. Statistical Publications (coversheet).pdf
• 7b. Statistical Publications.pdf

4 December 2013

• HSCIC 131100 Board Public Session Agenda.pdf
• HSCIC 131102(a) Board Register of Interests.pdf
• HSCIC 131102(b) Board Public Minutes DRAFT.pdf
• HSCIC 131102(c) Board Public Action Summary.pdf
• HSCIC 131104(a) Board Performance Pack (public) October 2013 (coversheet).pdf
• HSCIC 131104(a) Board Performance Pack – October 2013.pdf
• HSCIC 131104(b) High level Transformation Plan – Appendix D.pdf
• HSCIC 131104(b) Transformation Programme (coversheet).pdf
• HSCIC 131104(b) Transformation Programme.pdf
• HSCIC 131104(c) Data Controllership Letter.pdf
• HSCIC 131104(c) Review IG Activity (coversheet).pdf
• HSCIC 131104(c) Review IG Activity.pdf
• HSCIC 131104(d) Programme Update – care.data (coversheet).pdf
• HSCIC 131104(d) Programme Update – care.data.pdf
• HSCIC 131104(e) Accredited Safe Haven Arrangements (coversheet).pdf
• HSCIC 131104(e) Accredited Safe Haven Arrangements.pdf
• HSCIC 131105(a) HSCIC strategy update.pdf
• HSCIC 131105(b) Workforce Response to HSCIC Strategy (coversheet).pdf
• HSCIC 131105(b) Workforce Response to HSCIC Strategy.pdf
• HSCIC 131106(a) Corporate Governance Manual 2013-14.pdf
• HSCIC 131106(a) Framework Agreement&Corp Goverance Manual (coversheet).pdf
• HSCIC 131106(a) Framework Agreement&Corp Governance Manual 2013-14.pdf
• HSCIC 131106(b) Forward Business Schedule (coversheet).pdf
• HSCIC 131106(b) Forward Business Schedule.pdf
• HSCIC 131108(a) Statistical Publications (coversheet).pdf
• HSCIC 131108(a) Statistical Publications.pdf

23 October 2013

• 0. Agenda.pdf
• 23_October_board_papers.zip
• 2a. Register of Interests 2013-14.pdf
• 2b. Minutes – 18 September 2013.pdf
• 2c. Action Points Summary.pdf
• 3a. Performance Pack (coversheet).pdf
• 3a. Performance Pack.pdf
• 3b. Interim Cyber Security Review Brief (coversheet).pdf
• 3b. Interim Cyber Security Review Brief.pdf
• 4a. FINAL For Board meeting HSCIC strategy.pdf
• 4a. HSCIC Strategy (coversheet).pdf
• 4b. Update HSCIC’s Business Plan 2013-14.pdf
• 4b. Mid Year Review Business Plan 2013-14 (Annex).pdf
• 4b. Mid-Year Review Busines Plan2013-14.pdf
• 4c. Business Plan 2014-15 (coversheet).pdf
• 4c. Business Planning 2014-15.pdf
• 4d. Accredited Safe Havens (coversheet).pdf
• 4d. Accredited Safe Havens.pdf
• 5a Forward Business Schedule (coversheet).pdf
• 5a. Forward Business Schedule.pdf
• 7a. Statistical Publications (coversheet).pdf
• 7a. Statistical Publications (October 2013).pdf

September 2013

• 0. Agenda.pdf
• 2a. Register of Interests.pdf
• 2b. Minutes 12 June (Public).pdf
• 2b. Minutes 19 June (Public).pdf
• 2b. Minutes 29 August – draft.pdf
• 2c. Action Summary.pdf
• 4a CEO Update.pdf
• 4ci. Performance Pack (coversheet).pdf
• 4ci. September Performance Pack.pdf
• 4cii. Finance Report.pdf
• 5a. Forms of Business Approach (coversheet).pdf
• 5a. Forms of Business Approach.pdf
• 5b. Delegated Authorities (coversheet).pdf
• 5b. Levels of Delegated Authority Amendments (September 2013).pdf
• 5b. Revisions Delegated Limits.pdf
• 6a. Board Forward Business Schedule (coversheet).pdf
• 6a. Board Forward Business Schedule.pdf
• 8a. Staff Survey (coversheet).pdf
• 8a. Staff Survey.pdf
• 8b. Forthcoming Statistical Publications.pdf

29 August 2013

• 0. Agenda (Public).pdf
• 6a. Levels of Delegated Authority (coversheet).pdf
• 6b. Levels of Delegated Authority.pdf
• 6c. Levels of Delegated Authority Annex1.pdf
• 29th_August_2013.zip

19 June 2013

• 0. Agenda Public Session 19 June 2013.pdf
• 19-june-2013-papers.zip
• 2b. Minutes 30 May 2013.pdf
• 2c. Progress on Action Points.pdf
• 3a. CEO Update.pdf
• 3b. PAC into NPfIT and implications for HSCIC.pdf
• 4a. Forward Business Schedule (coversheet).pdf
• 4a. Forward Business Schedule.pdf
• 6a. Statistical Publications.pdf

30 May 2013

• 0. Agenda – 30 May 2013.pdf
• 2b. Minutes (26 April 2013).pdf
• 2c. Progress on Action Points.pdf
• 3a. CEO Update.pdf
• 3b. Performance Pack (coversheet).pdf
• 4. Patient Public Involvement.pdf
• 5c. Forward Business Schedule (coversheet).pdf
• 5c. Forward Business Schedule.pdf
• 7. Statistical Publications.pdf
• HSCIC Performance Pack.pdf

26 April 2013

• 0. Agenda – 26 April 2013.pdf
• 2b. Minutes 3 April 2013.pdf
• 2c Progress on Action Points.pdf
• 3a CEO update.pdf
• 3b Development of Board Performance Pack.pdf
• 4a Cover Sheet Purpose Vision Values v0 2.pdf
• 4a HSCIC Purpose Vision Values v1 0.pptx
• 4b HSCIC Response to Francis report.pdf
• 5b Caldicott Guardian & Senior Info Risk Officer appointments.pdf
• 5c Board Forward Business Schedule.pdf
• 5c Cover sheet Forward Business Schedule.pdf
• 7a Forthcoming Statistical Publications.pdf

3 April 2013

• 0. Agenda – 3 April 2013.pdf
• 3b Appointment of Exec Directors.pdf
• 3c Assurance and Risk Terms of Reference.pdf
• 3c Corp Govanance Manual v07 (cover sheet).pdf
• 3c hscic Board Terms of Reference & Code of Practice.pdf
• 3c Remuneration Committee Terms of Reference.pdf
• 4a Business Plan (cover sheet).pdf
• 4a HSCIC Summary Business Plan v 4.pdf

 

Buried deep in the new Care Bill is the first amendment we recall seeing to what is commonly referred to as ‘Section 251’ – the power of the Secretary of State to set aside the common law duty of confidentiality in order that identifiable patient information can be passed on without individuals’ consent.

The history is hellishly convoluted but Section 251 of the NHS Act 2006 re-enacted Section 60 of the Health and Social Care Act 2001, drawing on powers in the Health Service (Control of Patient Information) Regulations 2002. Officials now seem to want to drop “Section 251” and use “Regulation 5” instead, but they are basically referring to the same thing.

The restructuring of the NHS under the Health and Social Care Act 2012 has already caused quite a few problems, for which Section 251 exemptions were used to paper over the cracks.

But now we see in Clause 115 of the Care Bill 2013-14, entitled ‘Approval for processing confidential patient information’, amendments to Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 which would make it read as follows: [changes in red]

Approval for processing information [why drop the words “confidential” and “patient” from the title of the Regulation?]

5. (1)  Subject to regulation 7, confidential patient information may be processed for medical purposes in the circumstances set out in the Schedule to these Regulations provided that the processing has been approved—

(a)    in the case of medical research, by the Health Research Authority, and

(b)   in any other case, by the Secretary of State.

(2) The Health Research Authority may not give an approval under paragraph (1)(a) unless a research ethics committee has approved the medical research concerned.

(3) The Health Research Authority shall put in place and operate a system for reviewing decisions it makes under paragraph (1)(a).

And Regulation 6 would change as follows:

Registration

6.  (1)  Where an approval granted by the Health Research Authority or the Secretary of State under regulation 5 permits the transfer of confidential patient information between persons who may determine the purposes for which, and the manner in which, the information may be processed, it or he shall record in a register the name and address of each of those persons together with the particulars specified in paragraph (2).

(2) The following particulars are specified for inclusion in each entry in the register—

(a)    a description of the confidential patient information to which the approval relates;

(b)   the medical purposes for which the information may be processed;

(c)    the provisions in the Schedule to these Regulations under which the information may be processed; and

(d)   such other particulars as the Health Research Authority or (as the case may be) the Secretary of State may consider appropriate to enter in the register.

(3) The Health Research Authority shall retain the particulars of each entry it records in the register, and the Secretary of State shall retain the particulars of each entry he records in the register, for so long as confidential patient information may be processed under an approval and for not less than 12 months after the termination of an approval.

(4) The Health Research Authority shall, in such manner and to such extent as it considers appropriate, publish entries it records in the register; and the Secretary of State shall, in such manner and to such extent as he considers appropriate, publish entries he records in the register.

While paragraph 6(4) may represent a relatively minor change from the old wording, which was “in such manner and to the extent to which he considers it appropriate”, both wordings mean that the register(s) will not necessarily be published in full. This means that in some instances – how many we would never know – there may be no public record of the setting aside of the common law duty of confidentiality for identifiable patient data to be used.

The main effect of clause 155 of the Care Bill is that approval for research access to patient confidential data – i.e. identifiable information about patients or from patients’ medical records – will essentially be made arms-length, a role of the Health Research Authority (HRA).

The Secretary of State meanwhile splits off a separate register of non-research ‘customers’ for patient data, which he may or may not decide to publish in full. (N.B. The Confidentiality Advisory Group (CAG) at HRA split the register of approved applications into research and non-research categories at its latest publication.)

Paragraph 5(2) of the amended Regulations may tend to weaken ethical approval with regard to confidentiality: as drafted, any HRA-recognised research ethics committee would suffice for approval, so HRA CAG could be cut out of the equation altogether.

For example, an potential customer could come to the HRA and say, “Our own ethics committee that has been recognised by you [under clause 112 of the Care Bill] has passed this already. Under Regulation 5(2) this doesn’t need to go past CAG – they’re busy enough already with all those other care.data related applications. All we need is the green light from you, as we’ve fulfilled the requirements.”

Unfortunately history has shown that if something can happen, it almost certainly will.

The amendments to Regulations 5 and 6 in clause 115 also highlight that it is the Secretary of State alone who approves the release of patient confidential data for uses other than research. It is therefore vital to keep an eye out for any amendments that replace or remove the word “medical” in 5(1) and/or 6(2)(b) and/or the Schedule.

As this is a Care Bill, not a Health Bill, it may appear strange that the Secretary of State’s powers should remain limited to medical purposes. Is all of social care to be redefined as a “medical purpose”?

Assuming some sort of last minute amendment were to be laid in order to ‘fix’ this, then depending on the exact wording used, the last constraint could be removed from preventing any use of confidential patient data [1].

There are amendments that might look relatively benign, e.g. adding “and care” to “health professional” in Regulation 7(2) or a consequential amendment to DPA 69(1), adding a list of others – but anything that changed or removed “medical” or “medical purposes” should be scrutinised very carefully.

As the merging of health and social care systems continues, we feel these words are almost certain to be changed at some point – with intended and unintended consequences, and some potentially devastating effects – not least the corrosion of trust in NHS confidentiality.