HSJ reports a belief within Government that some current data practices, changed dramatically with emergency powers to meet the needs of the urgent pandemic response, should now become ‘the new normal’. While some of these changes might indeed be welcome, and some probably should remain, others need to end – and others must be significantly amended if they are to become anything like ‘normal’. 

It is not news that some status quo practices in the NHS around digital records were not entirely safe; this was for many reasons, not least the motivations and incentives of a range of actors – from multinational corporations to creepy single doctors – who want access to people’s direct care records for reasons beyond direct care.

A net assessment should be conducted of the goals and proposed ‘end state’ around health and care data (medConfidential will do one too) to provide a comparison with our net assessment from before COVID-19.

Digital and Direct Care

DHSC and the NHS did what they could in the circumstances, but access to digital services for those who are digitally disengaged continues to be a problem across Government – especially where community access points such as libraries are closed, either temporarily or permanently. A Whole of Government approach should be taken (possibly in the spending review) to assess and improve the piecemeal work done by Departments.

Mobile phone networks providing free data access to NHS.UK was a milestone in access to digital services, but many digital approaches across the NHS are not via zero-rated services: probably the starkest example of this is video consultations, which are a postcode lottery of apps and charging models – while the much-vaunted NHS app* still lacks video consultations for those situations where it helps both GPs and NHS 111. (*: No, not the (contact tracing) app. Rather, the good one that NHS Digital built as a core service; the NHS app which acts as a ‘front end’ to NHS.UK)

As COVID-19 de-escalates, and as NHS Test and Trace capacity therefore becomes available, the newly-NHS parts of PHE should address the mess – including the ongoing postcode lottery – of digital services that facilitate STD testing. NHS T&T will need something to do with its capacity after COVID, and the country requires a testing infrastructure to remain.

There will likely be a range of additional tests which can be moved to the ‘post-back and test’ approach of Test and Trace; SH:24 has shown how to do this at scale, but the broken model of Public Health England prevented equal benefit for all. And when such testing moves into the NHS, all of the existing Public Health safeguards and ring fencing around such data collected by NHS T&T will be required.

As with every new technology innovation requiring personal data, these can be used as a mechanism to get laid: creepy single doctors (and others without clear direct care purposes) should not have the ability to view the STD history of those they treat – or go on dates with, having met outside of work – in the way that, due to COVID reforms, creepy single doctors can currently view someone’s full medical history due to the removal of safeguards, with no means for a patient to know when their record was accessed.

Access to individual records for care

The widening of access to records has long been debated within the NHS. And while some clinicians will say how much it helps them, and while some of that may indeed be true, it is far from clear whether the patients involved can know whether their records were accessed where they should have been – i.e. that the wider access was actually useful – or whether their records were accessed when they should not have been – i.e. where wider access was harmful.

NHS Digital keeps records of every Summary Care Record access; these should be made available to each patient within the NHS app (and on NHS.UK when the NHS Login launches there) in order that verified patients can see how their record was used. Without providing that evidence base, any argument for any use of patients’ data will likely be some form of special pleading.

If the public is to have confidence in the broader uses of their data, the ‘new normal’ is going to require the NHS and wider public services to provide the evidence and information people require to assess their trustworthiness. Absent such information, and with decisions being made or influenced by those with other agendas, public trust will continue to degrade. Whether incrementally or catastrophically (as with another care.data) remains to be seen.

The decision to provide this evidence can no longer be ‘kicked into the long grass’; the information vacuum is already being filled. And where NHS IT suppliers such as TTP – which, with its GP Connect Access Record: HTML service, makes information on how a patient’s record has been accessed available to people outside of TPP’s service – do this in ways in which patients themselves cannot see, even if they use the NHS app, it is being filled in ways that are potentially explosive.

Access to records (in bulk) for secondary uses

ONS recently published a new re-identification process for ‘anonymised’ administrative data, which demonstrates that data even less detailed and less specific than data that is currently disseminated by NHS Digital is still open to re-identification – in practice, as well as in theory.

Even if some still assert that pseudonymised data is “not identifiable” – as contradictory as that opinion is to GDPR and DPA 2018 – it is now clear that pseudonymised data can be re-identified. NHS policy and practices of dissemination can no longer ignore the law, or the published work of the Office of National Statistics.

Some developments during the pandemic, such as openSAFELY, which while impossible even to establish without emergency COVID powers, probably should be incorporated into the ‘new normal’. But not simply as they are. Each such initiative must have a proper ongoing legal basis – by which we do not mean infinitely-extended exemptions, such as perpetually renewed s251 support, but proper involvement of data controllers – and robust information governance for every project: all projects being approved by a statutory public body with a reputable, transparent process approved by data controllers. 

Consensual, safe and transparent use of patients’ data is the only sustainable long term model; completely lawful, and with the appropriate governance and patient visibility to be trustworthy that is absent around the cabal of friends we see with some entities.

Public bodies can Improve The Foundations of other priorities

The move of (much of) PHE into the NHS is not new. The cancer registry was moved from PHE to NHS Digital due to the failures of PHE, and the opportunities available for better cancer data within the NHS are already being delivered, following that move. That the cancer registry has applied the National Data Opt-out since 2018 did not cause harm to data users, so there is little cause to worry that any other lawfully-operating disease registry will lose out by moving within NHS Digital.

As the future location for all of PHE’s other responsibilities remain unclear, an approach based on ‘offline harms’ would – given the new bodies’ remits – allow a new advisory committee to cover anything beyond DHSC’s National Institute for Health Protection and the NHS, and ensure no gaps.

NHSX / NHS Digital reforms: One cannot build on toxic foundations. Any ‘reform’ that merged NHS Digital and/or NHSX into NHS England (and Improvement?), would be fundamentally unworkable. The body that makes commissioning and decommissioning decisions cannot credibly claim to both make decisions based on evidence and be the statutory safe haven for medical records, without patients equally credibly believing their records were used to close their hospital – even if such a belief is incorrect.

‘Artificial Intelligence’: Using its purchasing power to insist on a scheme of commodity pricing, the NHS can ensure both a competitive market for health AI – giving patients the benefits of new services, NHS medics tools and diagnostic assistance they can use, and innovators the confidence they will be able to get a reasonable return for a good investment – while also opening up the worldwide use of NHS-class services and tools.

Documents:

• Offline harms: June (superseded) and September (current)
• NHSX/NHS Digital remit reforms
• AI business models
• OKRs in Government (and the NHS)
• NHS data net assessment (pre-covid)

The Butler Review into Intelligence on Weapons of Mass Destruction (ie the Government’s decision to invade Iraq) had one meaningful outcome – it obliged the creation of the Chilcot Inquiry. The current Review of the UK’s response to COVID-19 by the All-Party Group on Coronavirus must be given the evidence to do the same. 

This Review has other important matters to attend to, so its remit will naturally be constrained. Its main focus while we are still in the crisis must of course be forward planning for this winter, and our future response to COVID-19.

While there will – quite rightly – be much wailing and gnashing of teeth about the history of this pandemic, including the contact tracing app debacle, this will in large part be academic except in what it contributes to the primary goal of getting the Review to require an Inquiry.

History has shown this can come from civil servants, who already know this Government will leave them unsupported within processes they built.

The truth will come out, it always does; the question is, will you help?

medConfidential will publish our draft submission here in due course, and we are happy to help others with theirs. 

P.S. We take donations.

The people who know the most, do the most; and in this pandemic, they have seen the most, and they’re all horrified. Expertise and knowledge can be tiring in a crisis – especially one that has run for this long – and it’s been 12 weeks since we published ‘apps for the next pandemic’. 

Dunning-Kruger provides an energy all of its own, and profiteering and cronyism are inherently at their worst in a crisis as new procedures are being stood up and bedded in, before the ‘loopholes’ are ironed out.

We have already seen political thuggery happening to aid mercenary cronies, stories of which percolate out over time. The point of (good) Government is to endure and be resilient; the ‘PR-first’ approach of Number 10, blaming everyone but themselves ‘or the NHS’ will work only until it pivots to a target who has nothing to lose from an honest and clear articulation of reality, grounded in genuine compassion for victims and their families.

Part I – Process and Priorities

Public Health 

The Joint Biosecurity Centre (JBC) could represent a welcome return to some of the structures of the Health Protection Agency, before it became part of Public Health England (PHE). If it performs well, it should remain as an expert DHSC body reporting to the CMO and Parliament.

Over the last 19-30 years, the UK has developed a dysfunctional obsession with ‘security’ above ‘public health’, one result of which is the slow motion car crash exemplified by the unreformed ‘institutionally ignorant’ Home Office’s use of power and spin to hide itself. Theresa May took this into Downing Street, and Boris Johnson carries it forward.

Being alert to the risks of only ever solving the last crisis, and as PHE falls apart due to long-term senior management neglect, care must be taken not to forget those parts of PHE that are not merely in response mode right now. The JBC must be as rigorous and as transparent as a normal public health body. And while the breakup of PHE is beginning, what replaces it must be far better managed than the ideological bonfire that created it.

NHS Digital is taking on the data functions, but what does the ‘glue’ look like between (what we must hope will be) an increasingly functional JBC, and (what are evidently) increasingly functional local public health responses? 

The line between NHS and Government is blurry

Those who are competent understand that things will always change, and that doing the right thing is welcome – however long that takes. It is unclear what will happen when goodwill runs out, but squandering it on politically opportune frivolities may prove unwise… 

The cultures of DHSC and NHS England enable fudges to continue, undermining everything up to and including the narrative of the Secretary of State. Though some may be calling for heads, changing a Director General mid-stream is unlikely to achieve anything positive and would likely cause significant disruption, generating even more disarray and dishonesty. NHSX already lacks sufficient numbers of staff who are both experienced enough and incentivised enough to ensure that the truth is told to them, and to then tell the truth to power – had power ever wanted to hear it. 

More data can mean better decisions, but only if people want to make better decisions. 

That NHS England (now within NHSX) has got away for so long with telling one group of people one thing in one room, and different groups the opposite in others, represents a political failing of external actors and institutions – both research bodies and NGOs – who were seemingly more interested in DHSC ‘carrots’ than the truth. Entirely predictably, the wider cost of these ‘bribes’ has now come due… 

The contrast between the Nuffield Council on Bioethics’ briefing on ‘immunity certificates’ and the typically hedged ‘explainer’ from the Champions for Digital Exploitation and Intrusion, whose narrow-mindedness and sycophancy in a broader context shows through in its AI barometer, is telling. Rather than championing the public interest, CDEI seems to have written a Vultures’ Menu for Venture Capital (including CDEI’s landlords) and Government’s favourite AI mercenaries.

Political decisions (and the app): 🤷‍♀️🤦‍♂️ 

NHSE/X promised transparency to the public back in March.

Three months on, this remains substantially undelivered; FOIs have been refused / delayed, and it has taken threats to sue to get parts of the most basic of information released. DHSC only published the COPI notices because Hal at The Economist already had. Evasion, delay and obfuscation are basic techniques in DHSC’s and NHS England’s playbook, and – given we are in a health crisis – Number 10 has taken that playbook ‘to scale’, not least because they are relying on what DHSC tells them.

The public will continue to support the NHS, and at this point it appears NHS England has more institutional power than this current Number 10. The infection rate in care homes (and in the NHS) may be ten times the community infection rate, but this is widely seen as being down to a Government that failed to give the NHS and social care sufficient resources, and a Number 10 that then covered it up.

It requires a fundamentally different skill set to run an institution where people remember promises, than it does to campaign as an outsider. The institutional advantages that parts of the NHS and Government have used throughout the crisis – to drive an evolving narrative, and to deny history – will come back to bite, ferociously, if the Government is still around. Especially while people continue to demand answers promised months ago (where, for example, are the missing files ‘embedded’ in the DPIAs?).

Government may be able to hide from the public for a while but, as history has shown repeatedly, the cover-up is always worse than the crime.

Part II – Priorities and Process

As we prepare for the second peak and what comes after it, the Overton window is exceptionally wide. Many ideas and a lot of ‘old thinking’ have been used up in Wave 1; we are going to need a refill for Wave 2. Possibly the most brutal outcome of its initial response is that, minus the cost of the body bags, this Government has ‘freed up’ 13.6% of the social care budget, which has to drive some change.

The consequences of trauma

The distrust – and carelessness – with which DWP treats those who the NHS believes are ill is as callous as it is calculated. Meanwhile COVID-19 can affect anyone. There are already patients who have a form of COVID that’s lasting for months, and what’s certain is that there are people who will be suffering with the consequences of COVID (and the consequences of those consequences) for a very long time.

Civil servants across government are under immense and sustained strain right now. Some of them will require support afterwards, as will many of those on the NHS front line, and many more in the wider community. Some of that support will be provided by DWP, and Universal Credit. Pushing the most vulnerable through an assessment, appeal process, and tribunals (that DWP mostly loses) adds far greater cost to the public purse than simply believing the NHS evidence that was provided to DWP in the first place.

To those civil servants advising on or making decisions about the social safety net that will exist for the most vulnerable in society: choose wisely! More than one of your friends will likely need it, as others already do and many, many more will. Those gaps you help cut in the social safety net under COVID-19 are ones your friends and family may fall through.

What to do: be guided by transparent science… 

While political indecision masked as “following the science” may have got us into some of this crisis, it is ethical open science and research-level transparency that offers the best hope to get us out of it.

No-one expects every cancer research project to cure cancer; no-one gives money to Cancer Research UK expecting that CRUK already knows exactly what the right answer is. We trust instead that they, and those they fund with our donations, will genuinely follow the science.

In the COVID-19 crisis, we have seen leadership from some epidemiologists and researchers showing the public what research can and is being done – consensually, safely and transparently – with their data. That work should continue, albeit overseen and led by the NHS and national research bodies, not ad hoc friends of Boris putting out comms and relying on readers to be able to distinguish meaningful research and independent reporting from consummate PR spin…

The public have no real understanding of why Palantir and Faculty are building (secret) dashboards, largely because the public have never been shown what NHSE/X usually does with their data, much less what anyone is doing with it right now. This long-term failure of leadership rests with NHS England and DHSC, but significant parts of it could be resolved by simply publishing what NHSX said it would publish back in March – and then maintaining the transparency that was promised throughout the rest of the crisis, and beyond. 

More data can help make better decisions, but it also requires a desire to make better decisions. NHS Digital has had the ability to tell you how data about you has been used since the National Data Opt-out was introduced two years ago – yet DHSC never gave them the green light to launch it, because of political concerns about what will happen when you know how data about you is used.

The second Coronavirus Bill will try to restart the economy with a firesale of public assets and data; there should be a political commitment – required in law for public bodies, and encouraged for those in the private sector who wish to be seen as reputable – that data subjects should be able to see how data about them is used. DHSC has a Department-wide data release register, and can launch data release statements for individual patients within the NHS app, for which NHS Login already works. Launching both of these before it is next in (dire) need of claiming ‘transparency’ might help inform such publicly significant decisions.

…into the long, long term

In bureaucracies, as in life, those who care for longest often win. It’s why an unreformed ‘institutionally ignorant’ Home Office continues to make toxic decisions despite claims it will improve. It hasn’t, and for as long as one racist can delay improvements, it won’t.

Everyone has human rights, and we fight for them all – even if we mostly talk about those particular rights that are within our remit. The effects of COVID-19 are starkly differentiated based on race; black lives matter, and that the statues of some slave owners are torn down should not be the only legacy of this time. 

Boris Johnson clearly wants to be remembered. He may even want a statue bearing his name, and for people to write books about him, the same way he does about others. And, given the deaths in this crisis, they probably will – though not for the reasons he may wish. (Noting we remember the 1918 flu pandemic as the Spanish flu mostly because, being neutral in WWI, they were honest about it and didn’t cover it up. )

The current administration claims to “follow the science”, science often done by those who most often work diligently for years, far from the public eye, without expectation of the fame or glory that a statue denotes. But history will remember them. Eventually.

Statutes built to celebrate events grounded in contempt, ego, hate or suppression sooner or later get torn down. They can and will be replaced with others. It may have taken much more than a hundred years for the first statue of a woman to be erected in Parliament Square, but there will be more statues. The choice is ours. Poor choices are temporary; good choices endure.

The GCHQ-informed NHSX app requires a central authority which can read (i.e. decrypt) everything the app shares. In NHS language and the language of the law, the app is an ‘information processing system’.

Given NHSX has chosen to build an unnecessary massive pool of sensitive data, it  must ensure that the data is well protected. With combined effort, GCHQ and NHS Digital will likely be good at defending the big pool of sensitive data.

But there is no need to have that data. The best way to make sure data doesn’t leak, is to have chosen the method that never collected it.

Google and Apple’s ‘Exposure Notification’ model does not have a central data authority so does not require the infrastructure that GCHQ suggested the NHS build, a design which requires GCHQ to defend it. 

And GCHQ needs extensive new powers to detect abuse of the system it designed, that Google and Apple’s system makes simply impossible. (Their approach minimises the amount of identifiable data in the system to the extent that it is effectively publishable.)

Those building the NHSX app made a fundamental mistake, and are now trying to cover it up with more mistakes. It emerged at the Sci/Tech select committee that it would be ‘very useful epidemiologically’ to keep the location of where you see other devices, to share where you got infected several days ago, and to “see the contact graph”.

We expect there will be an app for a country in the United Kingdom which uses the Google/Apple API; we are inclined to suggest everyone waits for that one. You can install GCHQ’s code on your phone if you wish – but their job isn’t to protect you or your family.

[our update for the week after – 24th April – fitted in a tweet]

NHS England is keeping its dashboards hidden away, but the contractors building them left their contracts “accessible via an unrestricted portal” – which goes some way towards explaining why things are still hidden. 

Despite promises to be transparent, and to publish the Data Protection and other Impact Assessments of what they are doing – as well as the contracts and agreements they claim followed standard ‘G-Cloud’ procurement processes – NHS England and DHSC are staying true to form; demanding visibility of our data, but showing nothing in return.

This lack of transparency only fuels suspicion and mistrust –  especially when we hear the Secretary of State, after melting down in two interviews back-to-back, try blaming the tech companies for his own ‘app-happy’ mistakes. And when we learn the CEO of NHSX has to admonish his staff not to exploit their positions “for personal or corporate gain”.

If this continues much longer, such behaviour – and even more blatant attempts to rewrite history – will not only be seen as a serious transparency deficit, but will raise serious questions about the accountability of those who demand we trust what they do with our data.

“It’s for your own good” is no reassurance when those saying it won’t show how, and for what, and by who.

So where are we now?

Death statistics: Extrapolating using a rough rule of thumb, the current figures we are being given for COVID deaths represent only around 40% of those who are dying in reality. Many of whom are in care homes. Meanwhile, the continuing failure to supply sufficient PPE for both clinicians and carers is an ongoing scandal. Matt Hancock believes a single “Herculean” effort is enough; but PPE gets used up quickly. In reality, the task’s more Sisyphean.

DWP: While each week drags by for those keen to leave the house, the clock ticks even slower for those who’ve been forced onto Universal Credit. For another 2 weeks, they’re still part of a 1.4 million person queue somewhere inside DWP. Support services like Citizens Advice always have insight into the size of the peaks as more and more people claim UC, and sight also of how UC breaks. Such insights will only increase as DWP’s business processes do their business-as-usual things, and comparisons will become clearer over time.

Google and Apple announced their new shared API. Both their API, and the way they have approached it, are the right things to do in this situation. We want to take this opportunity to thank both companies for their positive and proactive outreach to responsible members of the international privacy community. Despite whining from those who made bad early choices, the NHSx tracing app will either be like all the other apps with an NHS logo, or people will install a generic one built by someone who believes in technology assisting access to health everywhere around the world.

Contact tracing: We await news on whether the NHSx app (and DP3T) will be rewritten to use the new APIs. If not, the app will only work while your phone screen is turned on, and you’re using the app – which also eats your battery. The concept of everyone on the tube staring at their phone screen which shows them the number of people they’ve ‘been in contact with’ today is not one likely to reduce public anxiety.

Tracing beyond the border of England: Given its and PHE’s remit ends at the boundary of England, when (or if) the NHSx app launches, it is not at all clear what will happen to those who are close to Wales or Scotland. It’s likely many people will not be best served by installing an app on their phone that is based on a political and bureaucratic boundary which is more limited than they are…

‘Immunity certificates’: With little more than the sound of a starting gun from Matt Hancock to go on, it is still far from clear why or how these will be useful. But harsh lessons from history tell us how such “immunoprivilege” can be actively harmful, both personally and economically; even the editor-in-chief of the Lancet has pointed out they’re not helpful. We must reserve judgement until more information is forthcoming, but for now, we have questions (to which you are welcome to add).

Perverse incentives: When bars and restaurants reopen, will the old ‘smoking areas’ be transformed into sections for those with compromised immune systems, or for those with COVID immunity? Either way, HM Government will need to avoid creating perverse incentives around self-reporting of antibody tests. NHS incentives are all for people to be honest, and to get the best care – but HM Treasury (which knows the price of everything, but perhaps the value of much much less) still won’t reassure your racist uncle that the people wearing their ‘certificates’ who ‘look a bit foreign’ have actually met the criteria. Wrong information in an already toxic culture just makes things ten times worse (or maybe half that, e.g. 5G).

As much of the magic thinking around contact tracing without mass testing dissipates, and as reality – both technical and biological – bites, we sincerely hope the next magic roundabout ride on apps for immunity measuring will itself be more… measured. 

[For background, please see our earlier posts, “The Coronavirus” and “Apps for the next pandemic”.]

Matt Hancock’s ‘tech vision’ from February now seems to be from another world (our response, drafted pre-Corona is here). The best parts have been implemented already, in the NHS at least – while other parts now look more like digital ideology than things that would have happened if they were a good idea. The tech ‘shortcut’, that people should adapt to the technology before it improves, has been upended; the virus has made the tech companies satisfy the requirements of doctors.

If DHSC had not deferred the decision to tell every patient how data about them is used, public concerns about Palantir et al. could have largely been mitigated by normal NHS processes. Instead, all of the consequences of commentators and the general public not understanding how the NHS uses data are causing work for the Department (and parts of the NHS) at a time when they have little free time.

medConfidential had already drafted a net assessment, which remains all too relevant – as a list of things undone by DHSC, which the NHS would have been able to build on today.

Instead, we have what we have…

So where are we?

Don’t get caught: Many of the companies offering their services to the NHS would previously have lobbied hard to weaken the standards they now seem perfectly willing to meet. (It’s almost as if their previous actions were driven by money, not substance…) Unfortunately for Palantir, DeepMind, Google, Amazon, and others, their previous missteps around data and public trust undermine their claims to be working in the public interest now.

Notices to all care providers: Hal Hodson of the Economist published a scoop of the Notices under reg 3 of the COPI Regulations that care providers are required to do with data what is appropriate to fight COVID-19. (Noting that “appropriate” still includes restrictions and controls that are sensible, practical and necessary.) Those who go beyond this, indulging in unenlightened self-interest, will be examined afterwards – and the public will not be kind to those who exploit others, even if the regulators are slow.

AI Lab: Handing the NHSX ‘AI Lab’ to Mustafa Suleyman of Google DeepMind is not necessarily the worst idea, given the Lab by itself wasn’t due to start for another year – but with the cloud under which he left the company he founded, we hope this move will be productive, and result in fewer gagging clauses and pay-offs to junior staff. DeepMind has previously produced an AI which can tell the difference between viral and bacterial pneumonia; adding SARS-CoV-2 to that seems like a good use of resources. 

Intellectual Property: Following the approach of the Gates Foundation, the healthcare response should commit to building multiple diagnostic support AIs, on different datasets, and with different approaches – and make them all free to everyone around the world. If  DeepMind’s past contracts (now taken over by Google) are anything to go by, how much is the NHS being charged for that model and expertise, and how long will that cheap deal last? The COVID response must deliver results the NHS and world can use in perpetuity, at no additional cost.

Deaths: Many people are dying who are not included in the headline figures. While the NHS is receiving a great deal of the political focus, the effects of the lack of protective equipment, staffing shortages, and long term chronic underfunding in social care are just as severe. And we will see the effects. We still lack current overall death figures – i.e. “all cause mortality” – which cover not just those who had COVID-19, but deaths for all related reasons (so HMG cannot fiddle the figures by, e.g. not testing the dying). Testing only when it has clinical relevance is the right thing to do right now – but it does undermine the current death statistics. (These also exclude inquests, which should cover health care workers, deaths of young people, and deaths where treatment was delayed or were due to the economic consequences of COVID.)

Planning: When pandemic planning was the remit of PHE and professionals, it seemed to be  going relatively well. Now they’ve let CDEI and the ‘Tech Bros’ in, things are going about as well as you might expect from an outfit led by someone whose previous venture helped cause mid-Staffs. These issues will most likely come to the fore with the ‘immunity certificate’ app in the next week or two…

Contact tracing: medConfidential understands NCSC has had input into the contact tracing app, but we have not seen written confirmation that the ‘random identifier’ broadcast by the app will be generated by the app itself, or be read from the phone operating system’s bluetooth mac address (and so be available to others). We believe the app is less broken by design than it was a week ago, but highly controversial implementation decisions seem to have been made for reasons that may provide short-term benefits to NHSX – while dumping longer-term burdens onto the public, without any clear justification. Getting the 50-60% takeup required for such an app will be extremely difficult, especially if those building it don’t invite knowledgeable civil society experts to briefings containing complete answers to substantive questions.

‘Monster factories’: Details on DWP’s blunders are always five weeks behind the headlines, while the Home Office is a monstrosity (mostly) in public view. The NHS is working flat-out to save as many lives as possible, and most of the healthcare workers who have died are from overseas, yet the Home Office changes nothing and continues to increase the burden on the NHS in all aspects of its operations.

‘Immunity certificates’: While Matt Hancock might want his get-out-of-quarantine-free card, the NHSX (for which read, NHS England and DHSC) approach to ‘immunity certificates’ needs to be of a standard higher than anything else they have delivered so far. While the contract tracing app has clear health functions and can be NHS branded, it is unlikely the NHS and public health infrastructure will lead on an immunity app that will be actively undermining the consistent public health messaging. As a result, it seems likely this will be something the unreformed ‘institutionally ignorant’ Home Office may seek to take on, as ‘immunity passports’. The Home Office approach to NHS data entirely aside, it and its Ministers’ and officials’ regard for life and law make the ‘herd immunity’ debate look positively affectionate towards Grandma… [Edited to add: Initial thoughts for comment]

GP data for care: TPP/SystmOne previously took it upon itself to act as a data controller for its customers’ patients’ data, and apparently misled the Information Commissioner about its actions. With an opportunism that would not be unprecedented, the company is believed to want to re-enable that ‘design flaw’ for an unknown period of time. We’ve written to them with questions.

GP data for research: EMIS and Oxford are doing a study for which GPs can opt their entire practice into sharing information on, or relating to, COVID. (They won’t be the only ones.) It is unclear at this point what, if anything, this study tells patients about how data about them is used. A bit of text on a website, which no one knows to look at, is always insufficient.

Transparency: Extraordinary times may require extraordinary measures, but throwing due process out of the window creates even worse problems. Talking about transparency but failing to deliver it is no longer an option, especially if those asking the public to do extraordinary things want to maintain trust and public confidence.

NHS England’s ‘all seeing dashboard’: We have been promised transparency, and that “G-Cloud procedures” were followed – so, where are the Data Protection and other necessary Impact Assessments, the Data Sharing Agreements (surely they have them…) and what about the contracts? At the time of writing, no previews or proper information have been given to the medical or tech press about what NHS England has asked Palantir et al. to build. Does the system even work? 

Happy Easter to you all; our continued thanks and admiration to each and every person working in the NHS and across social care for all your efforts in the current pandemic, and our thoughts and good wishes to all those affected. 

It may be too late for this pandemic, but some of the apps under development could be useful in the early stages of the next large outbreak. There should be no rush to launch any new ‘shiny thing’ that undermines or conflicts with HM Government’s current advice to the public on their behaviour.

Currently proposed apps tend to fall into one of three overlapping categories, plus egregious random ridiculousness:

1. Open Standards and survey apps
2. Contact tracing
3. “Immunity certificates” and testing apps

Plus what happens afterwards…

1) Palantir, Open Standards, and survey apps

The Palantir dashboards could be entirely public. For the same reasons that NHS England hasn’t said the Palantir dashboards will be public, not everything about real-time health should flow without friction.

Open Standards in healthcare are a good thing; Open Standards in public health in the time of a pandemic rely on every actor moving with understanding, responsibility, and the gravitas appropriate to the situation. Then someone invites Facebook…

If asking people to fill in a daily COVID-19 survey is good, for example, and more people filling in interoperable surveys is good, then surely Facebook promoting a survey daily to everyone on their homepage is even better? Especially when Facebook can see exactly who clicks what, and people can be tracked all across the web (fbclid)… or maybe Facebook could just do this all itself (and be trusted not to use it for its advertising algorithms)?

Just as Huawei are politically toxic in the UK right now – but are keeping the mobile networks working anyway – and Palantir are completely aware that they’re creepy by design – their logistics platform is world class, though it’s more often used to move people closer to death than further away – so Facebook have the same naive arrogance in 2020 that they had in 2015, without any appreciation of what happened in the interim.

All standards get abused.

In a public health context, it isn’t enough to merely claim that you won’t shit in the water supply; you must have everyone else believe that you don’t – in addition to not actually doing it. Your track record matters.

Newbie missteps in implementing an Open Standard for flu tracking will undermine the good work of all of those entities which have been doing this for some time.

2) Contact Tracing – good apps or bad apps?

A contact tracing app can be encouraged for social care and NHS staff to use to help them protect themselves, their clients/patients and families – and there is no way such an app can be launched and not be usable by everyone else, since people will install it anyway – so it has to work. That does not mean it is necessarily a good idea.

While the Government’s communications strategy has improved in the last week or so, its ability to launch an app that doesn’t undermine the ‘stay at home’ narrative is, in practice, likely to be low – even if well intentioned. And this DHSC has an unfortunately poor record of promoting digital mediocrity and clinical irrelevances. Even in the current crisis, Matt Hancock shows little sign of changing his spots or improving his discretion. 

At best, a rewrite of the Singapore app so that it instead stores a list of random Bluetooth LE beacons on-device would be a beginning, then allowing the sharing of beacons ‘seen’ in a particular time frame after the user presses an “I have symptoms” button. While it looks like the Government has gone with Oxford, we don’t yet know who actually wrote the NHS tracing app, how badly they’ve screwed up the inevitable Facebook / Grindr / TikTok integration, or whether they’ve taken shortcuts in their implementation at the expense of the people they want to use it.

Any contact tracing app will only be installed and working on the devices of those who choose to use it. (In the same way that Boris Johnson said he’d still shake hands…) People may have learned a great deal in the past few weeks, but those who choose to use the app will likely already be following the rules, and those who don’t, well, don’t…

And, in the bigger picture, we must ask: would we do this for HIV? For whatever we do for COVID will be copied by others – first for COVID, and then by others for other conditions.

Given the volumes of users and devices required for contact tracing to be even minimally effective, there is non-trivial scope for ‘tourists’ to stand outside Number 10’s gates near the journalists for a few hours, and then press the “I’m Infected” button for giggles and chaos.

3) “Immunity certificates” and testing apps

The tests will come. They are coming. And there will be a time when such tests are necessary to affect what a citizen should do next; that time is not now, but it is approaching.

• Antibody tests can show that you have had the virus, and are effectively immune (for now).
• Antigen tests can tell you that you’re not currently infected with the virus.
• In terms of results, what you want is a negative antigen test, and/or a positive antibody test – a distinction that scientific illiterates who’ve repeatedly been told to disregard experts may find difficult to make.

There will be some who (lawfully or otherwise) choose to limit access to those with the ‘right’ form of either test. Whether by employer, or social groups, or at the border. Do we want to become one of those countries that takes blood samples as people try to pass through customs? China may choose to do so, but who do we want to be?

While minimal central infrastructure is required for a contact tracing app that one hopes is used by a high enough percentage of the population for it to be meaningful, testing apps have very different requirements.  

When there are perverse economic incentives around testing, one person with known immunity might take the test in place of others – and others may feel compelled to expose themselves for the chance to feed their kids, or return to a ‘normal life’. Any mass testing infrastructure will rely not only upon the accuracy of the test itself, but upon there not being harm(s) for one type of outcome compared with another. 

And any centralised list of confirmed test results will, by definition, be a list of the entire population and their digital devices. A National Identity Register in all but name. The choices and actions of the unreformed ‘institutionally ignorant’ Home Office with regard to such datasets in the past now creates harm for everyone, should this be attempted.

Incentivising people to lie about their status will cause harm. And forcing people to disclose they have had (or not had) any temporarily notifiable disease has ugly precedent, with practices steeped in prejudice and racism. 

The costs of ongoing institutional intransigence, blind spots, and/or delivery failure are all coming due in a period where agility is most needed and where the results are most visible. This is clearest in the NHS supply chain, but it applies to institutions (of all types) which, when they are most needed to deliver something new, end up just doing the same thing they did before.

People will follow Government’s lead. A million people in a week responded to Treasury’s announcements by first understanding their circumstances, and deciding they needed UC.  GDS and NHS digital teams have deployed hundreds of structural changes to their services, in addition to thousands of content changes, but others – most notably DWP – seem to have done little more than shuffle people around. 

When the vaccine comes, we want people to have survived, and our society to have survived too – not be degraded into the sort of fear and bigotry that embody Marsham Street’s default perspective. 

After ‘stay home’, five strains of flu are normal

Last year, there were four strains of flu; now there are five. In a perspective of years, that difference is minimal.

The country will go back to (a new) normal. Do we really want abusive employers or others to be checking antigen and antibody status for employment in Wetherspoons, or at an Amazon warehouse – or so you can pick your own kids up from the school gate? 

If not that, then how do we treat someone who gets off a plane from anywhere – whether they came from China (with their choices), Trumpistan (with their inaction), NYC (with their resources), or Africa (with their resources)? What is the goal of “immunity certificates”? And how will that work at Heathrow?

The Home Office will, of course, default to racism and prejudice; fingerprinting arrivals because its Ministers and officials have long wanted to (it went badly). Actions and cultures predicated on secrecy rarely prove effective.

For any category of app to be effective, you need enough users using it for users to be able to expect others to have it. Announcing an app at the PM’s daily press conference might (hopefully) achieve that. And the app might even do what it’s supposed to. But making that announcement in a way which doesn’t undermine even more vital public health messaging would need a degree of demonstrated competence that NHS England / NHSX have thus far failed to deliver at any point since their inception.

---

Substantive details on particular points:

• Data from this pandemic, afterwards
• Boris’ perpetual monitoring machine
• DWP: ‘sending money next week’ and ‘what DWP did instead’
• To come – Immunity certificates

[This was written and published on the 17th March 2020. Our briefing for the Commons stages of the Coronavirus Bill was published on the 20th]

The notion of a public health emergency has always been within the scope of discussions around data and confidentiality in the NHS and health data. Overall, the responses of the NHS across the UK, Public Health England and its counterparts in the Devolved Administrations, and Her Majesty’s Government have been within and along the lines of pre-considered contingency plans they were able to take off the shelf, which matched those discussions. 

In that respect – and while medConfidential will maintain a watching brief, from a discreet distance – we don’t expect there should be any major concerns regarding the use of patients’ data as long as HMG and its agencies follow scientific advice. Should that change, or as new information becomes public, we will take a view at that time (for example, the legislation text has not yet been published)

We expect there to be a full Public Inquiry into lessons learnt after the current crisis is over – even in the best case scenarios, the effects are already too large for there not to be such an inquiry.

medConfidential will keep non-urgent suggestions until our submission to that Inquiry, by which time the Scientific Advisory Group for Emergencies (SAGE) advice and models will all have been published (as per HMG contingency planning). It may be helpful for the Government to indicate at what point in the pandemic they anticipate the selection of the Inquiry chair to commence.

Even in the best case this situation is going to last months, and many possible actions could be taken. However, the human rights and civil liberties of the entire nation should not be abandoned in favour of fear or xenophobia against anyone whose virus threshold is unknown – nor to introduce a state of permanent data monitoring that will, even at its most intrusive, fail to suppress people’s fears. Decades of discrimination around HIV have taught us the dangers that arise when mob mentality demands proof of a negative from whomever they choose to ask. 

In closing, we want to express our gratitude and admiration for each person working in the NHS for their efforts in the current pandemic. Thank you all.