Category Archives: Press releases

medConfidential press releases

[PRESS RELEASE] UK’s largest online pharmacy fined £130,000 for selling patients’ data to scammers

The Information Commissioner’s Office will this morning issue a £130,000 fine [1] to the UK’s largest NHS-approved online pharmacy, Pharmacy2U, [2] whose senior executives approved the sale of NHS patients’ and P2U customers’ personal data by direct marketers.

The ICO determined that, through a direct marketing company called Alchemy Direct Media (UK) Ltd, Pharmacy2U executives unlawfully and unfairly sold the personal data of over 21,000 NHS patients and P2U customers either directly, or through intermediaries, to:

Australian Lottery fraudsters [3] targeting male pensioners who were more likely to have chronic health conditions, or cognitive impairments;
a Jersey-based ‘healthcare supplement’ company [4] which the Advertising Standards Authority ruled against for “misleading advertising” and “unauthorised health claims”;
and a UK charity which used the details to solicit donations [5] for people with learning disabilities.

The ICO determined that the sale of personal data was “likely to cause substantial damage or substantial distress to the affected individuals”, [6] that the incidents were neither “one-off events or attributable to mere human error” [7] and that Pharmacy2U executives were negligent [8].

Phil Booth, coordinator of medConfidential said:

“When medConfidential made a complaint to the Information Commissioner on behalf of patients who were being marketed, we’d no idea the trade in their data was as murky as this.

“Vulnerable people shouldn’t be exposed to this sort of harm and distress, but what’s doubly appalling is that this was done by the largest NHS-approved online pharmacy in the country, which is part-owned by the company that provides a majority of GPs with their medical records systems.

“The Government has to act decisively. Six-figure fines alone won’t stamp out this poisonous trade; not when there’s so much profit to be made. There must now be a blanket, statutory ban on all marketing to patients.

“Those who profiteer from patients’ data are predators and should face prison when they are caught.”

—

Notes for editors:

The fine is a ‘Monetary Penalty Notice’; the ICO’s full judgement is published here: https://ico.org.uk/action-weve-taken/enforcement/pharmacy2u-ltd/
Following a Daily Mail investigation, first reported on 31 March 2015: http://www.dailymail.co.uk/news/article-3020480/Your-secrets-sale-NHS-dock-s-revealed-details-patients-bought-prescriptions-online-sold-off.html Pharmacy2U is 20% owned by EMIS, the single largest provider of GP IT systems across England, see p80: https://www.emisgroupplc.com/media/1084/emis-group-plc-annual-report-and-accounts-2014.pdf and EMIS’ current Chief Executive is also a Director of Pharmacy2U: https://www.companiesintheuk.co.uk/director/11692582/christopher-spencer
See paragraphs 24-28 of the ICO’s judgement, which includes: “The National Trading Standards Scams Team has also informed the Commissioner’s office that the lottery company is the subject of an ongoing international criminal investigation into fraud and money laundering, although this wouldn’t have been known to Pharmacy2U.”
See paragraphs 20-23, which includes: “In February 2015, the Advertising Standards Authority (“ASA”) issued an adjudication on Healthy Marketing Ltd in relation to breaches of the CAP Code, although this wouldn’t have been known to Pharmacy2U at the time the order was approved. The breaches related to a press advert which was found to contain misleading advertising and unauthorised health claims.”
Paragraph 29 of the ICO’s judgement.
Paragraph 65 of the ICO’s judgement.
Paragraph 72 of the ICO’s judgement.
Paragraph 63: “The senior executive of Pharmacy2U must have known that there was a risk that people may object to the sale of data to the lottery company because, when he was asked to approve the order, he replied “OK but let’s use the less spammy creative please, and if we get any complaints I would like to stop this immediately”. However, he still approved the order.”

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

[PRESS RELEASE] There’s an app for that? NHS Health Apps Library “pilot” is shut down, but will “medical innovation” include marketing to patients?

This morning, the NHS Health Apps Library – a “pilot programme” that has been endorsing hundreds of apps to patients since 2013 – was finally shut down. It is replaced by a set of pages on the NHS Choices website which promote a total of seven “online mental health services”. [1]

Serious concerns have been raised over the past year by researchers at Imperial College London and Ecole Polytechnique CNRS, France [2] and by medConfidential [3] with regard to the security, safety and suitability of dozens of apps which were endorsed in the Apps Library.

A handful of apps – including Kvetch, Doctoralia and My Sex Doctor [4] – were silently withdrawn following complaints, but it is unclear how NHS England intends to notify patients left hanging now that “innovative” apps it has been promoting for up to two years have had their approval pulled.

The closure of the Apps Library coincides with the Second Reading of the Access to Medical Treatments (Innovation) Bill – a Private Members’ Bill by Chris Heaton-Harris MP, a version of which was introduced previously in the Lords by advertising magnate Lord Saatchi.

Apps fall within the Bill’s definition of “innovative treatments”, opening far wider questions as to the use of the database [5] that would be created under Section 2 of the Bill. Minister for Life Sciences, George Freeman MP, tweeted during the debate [6] that he did not intend for the database to be used for marketing to patients, but the Bill itself and existing legislation [7] provide no legal bar.

All of which further calls into question the stated ambition of Secretary of State for Health, Jeremy Hunt, “to get a quarter of smartphone users – 15% of all NHS patients – routinely accessing NHS advice, services and medical records through apps by the end of the next financial year.” [8]

Phil Booth, coordinator of medConfidential said:

“While we welcome the closure of this sprawling, unaccredited mess of apps and internet quackery, NHS England must now demonstrate how radically it has changed its approach to innovation if it wants to avoid destroying patient trust.

“Promoting predatory ‘bait and switch’ apps targeting teenagers, like My Sex Doctor, was certainly an “innovation” for the NHS. Real doctors would have laughed the charlatans out of the surgery and got back to helping patients, but it seems Tim Kelsey’s team welcomed them with open arms.

“Jeremy Hunt and George Freeman may not intend for any of this to be used for marketing to patients, but there’s no legal bar. And as NHS England’s abortive attempt with apps has shown, not thinking this through properly puts patients at risk.”

—

Notes for editors:

Just three of these “services” are available as apps: http://www.nhs.uk/conditions/online-mental-health-services/Pages/introduction.aspx
http://www.theguardian.com/society/2015/sep/25/nhs-accredited-health-apps-putting-users-privacy-at-risk-study-finds which led to the removal of My Sex Doctor and other apps. Full study published here: http://www.biomedcentral.com/1741-7015/13/214
http://www.computing.co.uk/ctg/news/2415698/caredata-nhs-choices-and-now-apps-could-it-be-three-failures-in-a-row-for-tim-kelsey
Kvetch app was a self-described “experiment” that proposed to “make sickness social”, with a communally-visible “alcoholism” group it encouraged individuals to “check your friends in for a laugh”. Barcelona-based Doctoralia (still available in UK apps stores) failed to correctly list GPs working in UK practices, listing at least one GP who had died tragically, and had complex DPA issues that failed to meet the Apps Library’s own criteria for inclusion. My Sex Doctor (also still available in commercial apps stores, and still claiming NHS endorsement) targets teenagers with sex advice, with a stated business model: “Once gained their trust we can leverage it for commercial purposes” – see slide 11, http://www.slideshare.net/FabrizioDolfi/my-sexdoctor-pitch-deck-43296908
Which Chair of the Health Select Committee, Dr Sarah Wollaston MP, described as “a vast sprawling database of anecdotal treatment for male pattern baldness”. Debate transcript: http://www.parliament.uk/business/publications/hansard/commons/todays-commons-debates/read/unknown/12/
https://twitter.com/Freeman_George/status/654976202810269696
See medConfidential’s briefing, following a meeting with Chris Heaton-Harris on 30 Sept: https://medconfidential.org/wp-content/uploads/2015/10/medconfidential-1-Marketingtopatients.pdf
Official report of Jeremy Hunt’s speech, 2 September 2015: https://www.gov.uk/government/news/health-secretary-outlines-vision-for-use-of-technology-across-nhs – updated on 18 September following the announcement of the consultation on the role and remit of the statutory National Data Guardian, who will produce “clear guidelines for the protection of personal data against which every NHS and care organisation will be held to account.”

– ends –

A first look at the National Data Guardian Consultation

Late last week, the Government published its consultation on the remit of the National Data Guardian. The consultation is available here and closes on the 17th December, just days before Tim Kelsey departs (NHS) England.

We welcome this consultation, which we believe is intended to ensure the strength and the remit of the National Data Guardian into the future, as NHS England reconsiders its failed approach to data, privacy and information governance.

medConfidential will provide a substantive response to the consultation in future weeks, but on first reading, we would make a few initial observations:

1) This is a consultation on the nature of the teeth the NDG will have

It is not consulting on the existence of those teeth, but their shape and constitution, and how they relate to other bodies.

2) There is a question about how the National Data Guardian relates to Non-Medical Professionals

Medical Professionals are regulated by the General Medical Council; however, many decision-makers in the NHS are not Medical Professionals, and hence not subject to GMC rules and sanctions.

care.data and the Prime Minister’s Challenge Fund fiascos, for example, were both conceived and implemented by individuals who are not (Registered Medical) Professionals. There is currently no effective regulation of those individuals. The details of this will matter, and are likely to need multiple diverse discussions which we look forward to having in the coming weeks and months.

3) Covering the use of Health and Social Care Data about Children

Children are a large and vulnerable constituency of the NHS. For the National Data Guardian to lack effective powers in this area would be perverse.

However, Children’s Social Care is entirely separate to Adult Social Care, and so in practice powers will have to be significantly different – if only because the other public bodies are different bodies with different remits.

We greatly welcome the inclusion of this question in the consultation, though we suspect the Government’s response to the consultation will be limited to the principle of whether the NDG should be able to cover all Social Care, with the details of implementing coverage in Child Social Care being covered by a future consultation on that topic.

Since November 2014, the National Data Guardian has interacted with other regulators on the basis of an agreement of standing and respect for overlapping remits. Until the details of similar interactions can be worked out for Children’s Social Care, that is likely to be the way forwards. Any future consultation on this particular matter need not slow down primary legislation to put NDG onto a statutory basis “at the earliest opportunity” – subject to appropriate provision being made for, e.g. (super-)affirmative resolutions mandating the interactions between bodies in an agreed manner.

We will draft and publish a more comprehensive response in due course.

PLEASE NOTE: This consultation is entirely separate and unrelated to the announcement earlier this month that Dame Fiona Caldicott, the National Data Guardian, will review the language around consent for secondary uses of patient data in the NHS. It was that announcement by the Secretary of State that led, yet again, to another suspension of care.data.

NHS England failed to satisfactorily resolve the question of what “opt-out” actually means and does for nearly 3 years – so, as the scheme’s architect and main proponent himself opts out of care.data by leaving the country, those left behind will have to clean up the mess he’s left.

—

Our press release on the NDG consultation follows:

[PRESS RELEASE] Consultation on National Data Guardian: “no public confidence without Caldicott”

medConfidential today welcomed the long-anticipated consultation on the role of the National Data Guardian [1] as a step in the right direction. medConfidential and others have been pushing for the reinstatement of statutory independent oversight on the use of personal data across the health and care system since late spring 2014 [2].

With care.data put on “pause” yet again [3], Jeremy Hunt has asked Dame Fiona Caldicott to sort out the “fiasco” that Tim Kelsey and NHS England have failed to address for the past two years. Given the tight timing of this consultation, medConfidential hopes the Government will publish its response before Dame Fiona is required to offer her suggestions on resolving NHS England’s incompetence.

Issued by the Department of Health hours after NHS England announced Mr Kelsey’s resignation, the consultation is a positive step towards restoring public trust in the NHS’ handling and use of patient data.

As many, including leading research charities [5], have emphasised, “Patient data must be safeguarded… The stakes are too high to risk any further mistakes.”

Responding to the launch of the consultation, Phil Booth, coordinator of medConfidential said:

“We welcome putting the National Data Guardian role, currently held by Dame Fiona Caldicott, onto a statutory footing as a sensible and necessary step towards restoring public confidence.

“As we have pointed out time and again, there can be little public confidence in the handling of sensitive patient information without overarching, independent oversight – with teeth – of every single body involved.

“NHS England’s continued screw-ups and missteps are toxic to trust. They must improve, but that must be overseen by an independent body that can inspire confidence.”

—

Notes for editors:

The consultation was published on the evening of 17 September, just hours after care.data SRO, Tim Kelsey, announced his resignation [6]: https://www.gov.uk/government/consultations/the-role-of-the-national-data-guardian-for-health-and-social-care
See, e.g. medConfidential’s briefing and proposed amendments to the Care Bill 2014: https://medconfidential.org/wp-content/uploads/2014/05/medConfidential-briefing-for-Care-Bill-ping-pong_07May.pdf
See announcement by Somerset CCG (one of the care.data ‘pathfinder’ areas), published by Somerset LMC, 4/9/15: https://www.somersetlmc.co.uk/caredatapaused
“Caldicott to oversee care.data pilot”, EHI, 2/7/14: http://www.digitalhealth.net/news/29382/
Research charities’ letter to the Guardian following PM’s Challenge Fund debacle, 27/7/15: http://www.theguardian.com/society/2015/jul/27/patient-data-must-be-safeguarded
medConfidential Press Release,17/9/15, on Tim Kelsey’s resignation: https://medconfidential.org/2015/press-release-kelsey-leaves-england-for-down-under/

– ends –

[PRESS RELEASE] Kelsey leaves England for down under

medConfidential joins others in recognising the effect Tim Kelsey – Director for Patients and Information at NHS England, Chair of DH’s National Information Board, SRO for care.data and Chair of the care.data Programme Board – has had on the NHS.

Mr Kelsey announced today [1] that he will be resigning from NHS England and leaving the UK for Australia, to work as a commercial director for Telstra Health, a division of Australian telecommunications provider Telstra Corp – which in March this year acquired Dr Foster Intelligence [2], the company Mr Kelsey co-founded in 2000.

Tim’s commitment to the NHS is exemplified by serving his full notice period of 6 months. Earlier this morning, the HSCIC published its Board’s rejection of the Directions for the care.data pathfinders [3], a decision made in July.

Phil Booth, privacy advocate and long-standing scrutineer of Tim’s work, said:

“Tim’s gone back to his old job in the private sector, but serious questions of consent and transparency in NHS England remain unresolved. At the beginning of September Jeremy Hunt announced that responsibility for effective patient consent, long ignored by NHS England under Tim’s rule, had been handed to Dame Fiona Caldicott for resolution.

“We look forward to seeing how public confidence in the handling of NHS patient data will recover under new leadership. NHS England’s strident insistence on commercial re-use of medical records must now be reconsidered.

“Lord Saatchi’s Medical Database Bill, due to be re-published in the Commons the week after Conservative Party Conference, may provide some sign whether Jeremy Hunt has learnt the lessons of care.data for the entire NHS.”

—

Notes to editors:

1) NHS England announcement of Tim Kelsey’s resignation, 17/9/15: http://www.england.nhs.uk/2015/09/17/tim-kelsey-to-leave/

2) Telstra Health acquires Dr Foster Intelligence, 26/1/15: http://www.drfoster.com/updates/news/dr-foster-acquired-by-telstra-health/
Dr Foster Intelligence was formed when the Department of Health a 50% stake in Dr Foster in 2006, in a deal that was later criticised by the National Audit Office: http://www.nao.org.uk/report/dr-foster-intelligence-a-joint-venture-between-the-information-centre-and-dr-foster-llp/

3) Minutes of HSCIC Board meeting on 15/7/15, published on 17 September 2015, as part of papers for upcoming HSCIC Board meeting on 23/9/15. HSCIC reject the care.data Directions (previously approved by the care.data Programme Board and NHS England Board) for reasons listed on p10 of 300:

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/461371/20150923_HSCICBoardpapers_Part1.pdf

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on phil@medconfidential.org

– ends –

[PRESS RELEASE] Prime Minister’s secret data trawl through your GP appointments

A letter from a senior NHS England official [1] to EMIS, the UK’s dominant provider of software to GP practices across England [2], reveals plans to extract details of millions of patients’ GP appointments within the next few months [3].

The letter, which claims “backing from the most senior levels of Government including ministers”, seeks the assistance of GP IT providers “to obtain extracts of de-identified patient level data from systems that either record appointments or record consultations or in some cases both.”

Approaching the IT providers to extract patient-level data rather than GPs themselves is a serious breach of medical confidentiality – let alone data protection. GPs are the ‘data controller’ for the records they hold, not the companies they choose and pay to provide software, and it is GPs who have a professional and ethical duty of confidence to their patients.

A statement from NHS England makes the bizarre assertion that details including the date, time, “type of professional” and “Reason” for each appointment, linked to the sex, year of birth and postcode sector of each patient [4] aren’t “personal” – and potentially highly sensitive.

The “specification of requirements” also makes it clear the data extraction will not be a one-off; NHS England wants appointment data from the past two years and continually into the future, for purposes that could change with the political interests of the Prime Minister.

Phil Booth, coordinator of medConfidential, said:

“If NHS England thinks a complete list of when and how often you visit the doctor, and who it is that you see, isn’t personal information then maybe someone involved should have gone to medical school, rather than politics school.

“With this letter, NHS England has shown it’ll prioritise political motivations over patient trust. It quite evidently thinks it’s above the law when it comes to the protections around patient data. And it’s intentions are clear: route around doctors and patients, trample on every rule of confidentiality, and collect it all.”

—

Notes for Editors:

1) As reported in http://www.dailymail.co.uk/news/article-3168803/Privacy-storm-GP-visits-No10-demands-details-millions-confidential-appointments.html The official identifies herself as “Programme Director for Prime Minister’s Challenge Fund Digital Team” and “Head of Digital Primary Care Development”.

2) medConfidential presumes a version of the letter was sent to each of the other GP IT providers as well – TPP, INPS and Microtest. It would be extraordinarily anticompetitive were EMIS the only supplier to have been approached.

3) The letter states, “This extract needs to be in place by September 2015”.

4) A “specification of requirements” attached to the letter lists 38 items or fields of data to be extracted – including the date, time, duration, “type of appointment”, “type of professional” and “Reason” for each appointment, linked by means of a “Patient ID” to the sex, year of birth and postcode sector of each patient. This appears to conflict with NHS England’s statement:

“It is crucial not to misunderstand what is being proposed. We are not talking about individual personal information in this letter. What we are referring to is overall statistics for GP surgeries on issues such as total numbers of appointments. Practices have asked us if we could secure more help from the system suppliers in auditing their data so as to reduce their costs and workload. Such information is clearly needed to ensure the £125 million is wisely invested through the Prime Minister’s GP Access Fund. To repeat, there is no question whatsoever of patients’ personal information being shared.”

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

[PRESS RELEASE] care.data restart announced

The restart of NHS England’s hugely controversial care.data scheme was announced on Wednesday afternoon, 10 June. Patients in one of the ‘pathfinder’ CCG areas (Blackburn with Darwen) may begin to be sent care.data “communications” [1] in as soon as two weeks’ time.

The “Update” on the Blackburn with Darwen Healthwatch website [2] states:

Blackburn with Darwen will be ready to start fair processing (the time patients have to make a decision whether to opt out) at the end of June; Somerset and West Hampshire wish to start at the beginning of September. Leeds have not confirmed when they will commence testing communications but are also working towards the beginning of September.

It goes on to point out that:

Formal accountability for proceeding with the Programme sits with the SRO (Senior Responsible Officer), Tim Kelsey. Dame Fiona Caldicott will express her view of the safeguards and arrangements in place to the Secretary of State and this will be taken into account by Tim and the Programme Board.

From the moment that “communications” begin to be sent out in each area, patients will have a limited amount of time to decide whether they wish for their identifiable medical information to be extracted from their GP record, or whether they want to opt out [3]. The Update indicates that patient data could begin to be extracted “between September and November”.

This announcement has been made despite that fact that nearly a million [4] patients who opted out of the scheme over a year ago have not yet had their opt-outs actioned, while their hospital data has continued to be sold to third parties – including for “commercial reuse” [5].

Phil Booth, coordinator of medConfidential, said:

“It beggars belief that care.data should be restarted before the serious outstanding problems with the scheme have been fixed and, just as importantly, been seen to be fixed. The shambolic mess that care.data has become must be cleared up before another single patient is contacted.

“What are the million patients who opted out last year supposed to think? Their objections have all been ignored, so why should they or anyone else trust a zombie data grab that hasn’t even got in place statutory backing for Jeremy Hunt’s guarantee to patients, or defined legal safeguards promised last summer?

“NHS England must make good on every opt-out, and demonstrate that every last promise and safeguard is in place, or it’ll show it cares more about getting hold of your most sensitive data than ensuring every use of it will be consensual, safe and transparent.”

—

Notes for Editors:

1) The communications should include a letter addressed to each person over the age of 15 and three-quarters, an opt-out form and an information leaflet.

2) The announcement was originally published on the Blackburn with Darwen Healthwatch website, here: http://www.healthwatchblackburnwithdarwen.co.uk/news/care-data-update but was replaced, mid-morning on 11th June, with some different text (including links to official information about care.data) and a link to Blackburn with Darwen CCG’s website, which has a page providing the same text as the original “Update”: http://www.blackburnwithdarwenccg.nhs.uk/care-data-update/

3) Jeremy Hunt promised in April 2013 at the launch of the Caldicott2 report “Information: to share or not to share?” (YouTube video, time code 13:13) that patients would have a no-quibble right to object (opt out) and that all patient objections “will be respected”.

4) http://www.telegraph.co.uk/news/health/news/11655777/Nearly-1million-patients-could-be-having-confidential-data-shared-against-their-wishes.html

5) Quarterly Data Release Registers from the HSCIC: http://www.hscic.gov.uk/dataregister show organisations provided with data in various forms since January 2014 include Experian, McKinsey & Co, General Reinsurance and a number of “information intermediaries” such as Harvey Walsh (which services pharmaceutical marketing clients as well as the NHS), NHIS Ltd and Dr Foster (recently acquired by a subdivision of an Australian telecommunications company).

[PRESS RELEASE] Stop this toxic trade in health information; make it all ‘classified when complete’

Responding to revelations about the disgraceful trade in sensitive health information [1], medConfidential today called for all personal health details to be treated as ‘classified when complete’ [2].

Exemptions in the Data Protection Act are not only exploited by unscrupulous traders; some are routinely used by large commercial organisations [3] and public bodies to legitimise the “sharing” and “re-use” of health information.

Despite promises made by Ministers last year following the care.data fiasco and the exposure of the legalised sale of NHS patients’ medical information for “commercial re-use”, changes to the law remain uncommenced [4]. Indeed, the amended definition of legitimate use – “for the promotion of health” – still permits sale to “information intermediaries” and use by pharmaceutical marketers and other commercial interests.

While medConfidential supports, and last year called for [5], criminal sanctions against those who abuse or misuse people’s health information, the threat of harsher punishment for a few ‘bad apples’ will not address the toxic presumption, perpetuated by Government policy, that people’s most sensitive personal details are tradable assets.

Phil Booth, coordinator of medConfidential [6], said:

“For all its fine words, this last government added no real protection for medical records – its political promises came to nothing.

“To stamp out this toxic trade, politicians must take decisive action and guarantee that all medical reports and data are legally defined as classified. There’s no reason your family’s health details should be treated as any less sensitive than a police witness statement or George Osborne’s lunch order, for that matter.

“Only when medical records are properly protected in law, and people are told everywhere they’re sent, can we truly trust our most sensitive information will be kept confidential.”

—

Notes for editors

1) http://www.dailymail.co.uk/news/article-3018659/Privacy-sale-s-health-secrets.html

2) More details in medConfidential’s proposal, ‘A modern Lloyd George Envelope: CLASSIFIED when complete’: https://medconfidential.org/wp-content/uploads/2015/02/2015-02-16-A-modern-Lloyd-George-Envelope.pdf

3) medConfidential drew attention last June to some insurance and financial services companies’ abuse of enforced Subject Access Requests: https://medconfidential.org/2014/is-jeremy-hunt-serious-about-shutting-down-insurers-access-to-your-medical-records/

4) Regulations to the Care Act 2014 failed to be laid before Parliament was dissolved. These Regulations were necessary to define the operation of the Confidentiality Advisory Group that advises on the dissemination of NHS patients’ information, to enable “one strike and you’re out” sanctions for those who misuse data, and to define “the promotion of health” – the over-broad purpose by which patients’ information can be made available for commercial “re-use”.

5) See Q7 of Oral Evidence to Health Select Committee, on Tuesday 25 February 2014: http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/health-committee/handling-of-nhs-patient-data/oral/6788.html

6) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

[PRESS RELEASE] 27 fundamental areas of concern: 52 unanswered questions for NHS England on their care.data scheme

For immediate release – Thursday 18th December

The Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, published its report [1] to the care.data Programme Board this afternoon.

Responding, NHS England has welcomed Dame Fiona’s “observations and the insight it offers”, and will “discuss the report further once we have had the opportunity to speak with our colleagues in the pathfinder areas”.

The report lists 27 areas of concern for the care.data Programme Board itself, containing some 52 unanswered questions, with 7 additional tests that pathfinder CCGs must meet.

The sheer number of unanswered questions indicates just how fundamentally misconceived care.data was from its inception, and at this stage – 10 months after the programme was stopped – suggests continued mishandling by those inside the care.data bunker at NHS England.

Questions raised in February remain unanswered at Christmas. No doubt someone at NHS England will find a lump of coal under the tree when they’re at their desk next week.

Phil Booth, coordinator of medConfidential, said:

“It’s up to NHS England whether care.data in 2015 will be handled as badly as in 2014. Discussing questions to which they should already have answers with people they’ve been discussing with for months risks repeating the same failures over again. This needs a second reset [2].

“It all boils down to what will patients be told? What will actually happen? And who will make sure that all of this is true? Quite clearly Dame Fiona, and the public at large, still don’t know.”

—

Notes for Editors:
1) The Independent Information Governance Oversight Panel’s report to the care.data Programme Board on the care.data Pathfinder stage: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389219/IIGOP_care.data.pdf

2) “The re-constitution of the programme board follows recommendations from the Major Project Authority’s Project Validation Review”. Chair’s notes from care.data Advisory Board meeting on the 25th June: http://www.england.nhs.uk/wp-content/uploads/2014/07/ad-grp-notes-250614.pdf

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential – phil@medconfidential.org

– ends –

[PRESS RELEASE] BMA votes for care.data scheme to be opt-in

For immediate release – Wednesday 25th June

The BMA’s Annual Representatives Meeting voted this morning for the controversial care.data scheme to be “an opt-in system rather than an opt-out one”.

All five parts of motion 356 [1] were carried:

* 356. Motion by the Agenda Committee (motion to be proposed by the Suffolk Division)

That this Meeting agrees that the care.data system should not continue in its present form as:

i. it lacks confidentiality and there is a possibility for individual patient data to be identified
ii. it carries the risk of GPs losing the trust of their patients who may feel constrained in confiding in them
iii. the future potential users of the data are not well defined
iv. it should be an opt-in system rather than an opt-out one
v. the data should only be used for its stated purpose for improving patient care and not sold for profit.

This follows polling from Ipsos MORI, commissioned by the Joseph Rowntree Reform Trust Ltd [2], that shows half of the population (51%) say they have never heard of the care.data scheme. The survey also shows that while 27% of the public would support an opt out approach to sharing of their medical records, 40% think it should be opt in (although 10% say that it would be fine to use their data without their knowledge or consent).

Phil Booth, coordinator of medConfidential [3], said:

“The democratic body of the medical profession has voted for the care.data scheme to be opt-in. Will NHS England push on regardless, ignoring the views of the people who know best just how vital confidentiality is for patient care?

“What’s needed now is a full inquiry into how NHS England mishandled patient consent into this mess – decisions taken by officials, repeated failures to properly inform the public and professionals and what looks like a collapse in governance under the quango that’s now running the NHS.

– ends –

Notes for editors

1) Motions on BMA ARM website: http://bma.org.uk/working-for-change/arm-2014-info/agenda/health-information-management-and-it

2) Topline results now published online; care.data-related questions are Q4 – Q7: http://www.ipsos-mori.com/researchpublications/researcharchive/3407/Privacy-and-personal-data.aspx

3) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –

[PRESS RELEASE] medConfidential welcomes NHS England medical director’s call for care.data to be partially opt-in

For immediate release – Tuesday 24th June

Before the critical care.data vote at the British Medical Association’s Annual Representatives’ Meeting tomorrow [1], patient privacy campaigners today welcomed statements by Dr Mike Bewick, deputy medical director at NHS England, who told GPs at a medical conference that parts of the Government’s controversial care.data scheme should be ‘opt-in’ only [2].

Latest polling figures commissioned by the Joseph Rowntree Reform Trust Ltd from Ipsos MORI [3] show half of the population (51%) say they have never heard of the care.data scheme. And generally amongst the public, while 27% would support an opt out approach to sharing of their medical records, 40% think it should be opt in (although 10% say that it would be fine to use their data without their knowledge or consent).

medConfidential’s proposed hybrid opt-in/opt-out approach – ‘Local Choice’ [4] – would offer GPs and patients straightforward choices that reflect clear public and professional concern while acknowledging the benefits that may be gained from legitimate research use.

Phil Booth, coordinator of medConfidential [5], said:

“The Information Centre has acknowledged how wrong it was and is moving to restore public confidence. We hope Dr Bewick’s statements indicate a similar shift in thinking by the bosses of NHS England.

“While we all may benefit from genuine medical research, commercial exploitation was never part of the NHS social contract. With such low levels of public awareness and high levels of opposition amongst doctors, we think it is time patients were offered choices that reflect their real concerns.”

—

Notes for editors

1) Composite motion to be voted on at the BMA’s Annual Representatives’ Meeting: http://bma.org.uk/working-for-change/arm-2014-info/agenda/health-information-management-and-it

356. Motion by the Agenda Committee (to be proposed by the Suffolk Division)

That this Meeting agrees that the care.data system should not continue in its present form as:

it lacks confidentiality and there is a possibility for individual patient data to be identified
it carries the risk of GPs losing the trust of their patients who may feel constrained in confiding in them
the future potential users of the data are not well defined
it should be an opt-in system rather than an opt-out one
the data should only be used for its stated purpose for improving patient care and not sold for profit.

2) Reported in Pulse, 20/6/14: http://www.pulsetoday.co.uk/your-practice/practice-topics/it/parts-of-caredata-should-be-opt-in-only-says-nhs-england-director/20007039.article#.U6RsOrHryK4

3) From the Joseph Rowntree Reform Trust Ltd’s ‘Privacy and Personal Data’ poll, conducted face-to-face with British adults aged 15+ by Ipsos MORI from 25/4/14 to 1/5/14. Data are weighted and the base size is 1958. Full data will be published at www.ipsos-mori/caredata on 25/6/14:

Q1 How well, if at all, would you say you know the care.data proposal?

Know very well 3%
Know fairly well 9%
Know a little 19%
Heard of but not sure what it is 13%
Never heard of 51%
Don’t know 4%
Know at least a little (net) 31%
At least heard of (net) 44%

Q2 Thinking about the care.data proposal, which of the following best represents your view on how, if at all, your GP should be able to share information from your medical records with the care.data programme?

My GP should be allowed to share my data automatically without needing my knowledge and consent 10%
My GP should be allowed to share my data automatically as long as I know about it and do not object or opt out 27%
My GP should only be allowed to share my data if I know about it and have given my explicit consent and opt in 40%
My GP should not be allowed to share my data under any circumstances 13%
I would need more information to make a decision 7%
Don’t know 4%

4) ‘Local Choice’ devolves the opt-in/opt-out decision to GPs at practice level, with patients written to with the choice of opting out of ethically-approved research or opting in for all secondary uses. All existing consent choices must be respected.

medConfidential note for BMA ARM, 25 June:

https://medconfidential.org/wp-content/uploads/2014/06/2014-06-11-Achieving-local-choice-and-consensual-research-use.pd

medConfidential note for LMC Conference, 23 May:

https://medconfidential.org/wp-content/uploads/2014/05/2014-05-15-Note-for-LMC-conference.pdf

5) medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org

– ends –