Tag Archives: digitaleconomy

Data in the rest of Government: AI, and today’s laws for tomorrow’s benefits

AI has finally got Government to take data seriously.

Information is the blood of any bureaucracy – and copying is the circulatory system. “Digital” in its broadest form is just the latest wave of faster photocopiers – decisions keep getting made no matter how fast the machines work. Any good private secretary knows: if you control the paper flow, you steer the decisions.

Just as the Cabinet Office has “spend controls” for technology, there should be flow controls for data. Current data practice in Government is 5 different scandals away from adequacy. As with our work in the NHS, some of those will be public, some of those will be private – the scandal is optional, the improvements are inevitable.

Even where the is a fundamental disagreement about a policy in the non-secret parts of Government, there should be the ability to have a shared factual understanding of how data is used.  But even in the “non-secret” parts of Government, there are legitimate reasons for some projects to have limited information disclosed (fraud detection being an obvious one where some information should be withheld, or generalised). The recent Data Sharing Code of Practice Consultation from the Cabinet Office seems to get that balance right for fraud data.

It would be helpful to have political leadership stand up and say (again) that “Citizens should know how data about them is used, in the same way taxpayers should know how taxpayers’ money is spent.” (quoting Matt Hancock MP – then Minister for the Cabinet Office). But that is only helpful, not necessary, and there are sub-political choices which deliver benefits for the civil service and Departmental priorities absent political leadership.

The Spring 2017 Conservative Manifesto gave a strong and clear vision of how Verify could be at the heart of a Government that was accountable to its citizens (page 3). The question is whether new guidances lets that be implemented, or stymied. The Article 29 Working Party has yet to issue full guidance on the transparency requirements of GDPR – but waiting to do the minimum is not in the spirit of the UK’s desire for leadership in AI, nor goals regarding data.

Government has a range of data sharing powers, and they should all be subject to transparency – otherwise the failings of one will infect public confidence in all.

Fortunately, the range of discussions currently ongoing give the opportunity for the choices of the future to be better than the the past; if that is the desire. The National Statistician’s Data Ethics Committee is a good start, addressing the highest profile and precedent setting issues across Government. However, as with other parts of the Digital Economy Act (Part 5), there should be a Data Review Board for all data sharing decisions that don’t reach NSDEC: it gives a process for which data sharing decisions can be reviewed.

However, if there is an informed citizenry, with citizens able to see and understand how their data has  been used by government, the more complex questions of AI and algorithms become tractable. The status quo will not lead to a collapse in public services, and they will always be able to catch up, the question is only the nature of the political pain that Ministers will suffer because of their civil servants.

A number of Departments believe that “digital transformation” has either failed or is not for them, and they wish to go another way. But the target was always the outcome not the method, and the test is not the pathway, but delivery. How do Departments transform to reflect their current situation? Will they be accountable and to whom?


Bad ideas beyond the AI Review

The recent “AI Review” talks about how “Navigating a complex organisation like the NHS is an unfathomable task for small startups like Your.MD.”. Your.MD being a company which hosts data they collect in the US (ie subject to US law), and outsources coding to eastern Europe (it’s cheaper), and generally cuts every corner that a startup cuts (the corners being things required to protect NHS patients). It should not be too much to ask that anyone wishing to use NHS patient data is capable of hiring someone who can use google to find NHS data rules. Although, as that is a test that DeepMind catastrophically failed, maybe Monty Python was right to hope for intelligence somewhere out in space.


Loopholes (and the Data Protection Bill)

There are some areas where narrow special interests still see themselves as more important than the promises made to patients or citizens, and as more important the principle of no surprises for patients. No bureaucracy can rid itself of the temptation to do what is in the interests of only the bureaucracy. However, it can decide to hold itself to a higher standard of transparency to the people it serves, and let them make the decisions.

With clause 15 it is Government’s demonstrable intent to carve holes into data protection law for its own purposes. To balance such attempts, through the many gateways through which it is possible in the Bill, there must be transparency to a citizen of how their data is copied, even if it entirely lawfully. That allows a separation between whether data is copied, from the rules that cover data copying and access, and an informed democratic debate

AI has finally got institutions to take data seriously. In doing so, it has created a clear distinction between those who understand data from those who do not (the transition from the latter to the former is incentivised as the latter are easier to replace with an AI). As yet, the AI companies don’t yet understand (or wish to understand) the institutions they want data from – which suggests those companies too are easily replaceable (paras 35-49). The AI review also suggests “data trusts” mirror other dodgy kinds and replace the existing principle of safe havens. While some of the large charities can look at that approach as insurance should public confidence in a particular disease registry collapse, and they are entirely wise to do so, a lawful disease registry should command public confidence.

The dash to big data and AI does not mean everything we have learnt about confidentiality, institutions, and public confidence should be thrown away to satisfy startups with less history than a Whitehall cat.

Any external body which seeks to prevent misuse of data will likely fail over time. It is easy for mediocre managers to believe the sales pitch to buy a big system that will “do everything” – to flood a data lake – while earnestly convincing others that this approach will solve whatever problem they think you have. Care.data was supported by many sectors, long after the flaws were undeniable, it was only when the public became aware that their tune changed. How will the new bodies learn from that mistake? Do they even think they have to?

The actions of the Home Office have destroyed the integrity of Country of Birth / ethnicity data in the National Pupil Database. At no point was that a discussion – just a directive. It impossible to expect even the most privacy-interested civil servant to defend such a line – even if they remained implacably opposed, their successor eventually would not. There are 3.5 years before the next census. If the first thing the nation’s children know about a census is that it deports their classmates, the fundamental basis for all statistics about the UK will be fatally undermined for a decade. This isn’t counting cranes, it’s extra resources for the areas that think they have high levels of immigration….

Bad ideas never die until they are replaced by better ideas. The misstep in the life sciences strategy illuminates the way that the future may go wrong – there needs to be a way to course correct over time. Just as every use of data in the NHS should be consensual, safe, and transparent; every use of data by Government can be fair, safe, and transparent. That includes uses by any group who cares to assist and be accountable to the individuals whose data they desire.

Is there an interest in a strategic, practical, and available solution? If not, then how many more data scandals will it take, and how high will the associated price be?

There is a better approach, using today’s laws for tomorrow’s benefits.

Overview of Current Data Discussions – October 2017

Two weeks after our annual report and rest of government supplement, there are now a number of data consultations on going. We attempt to summarise them all here.

Data Protection Bill

The Data Protection Bill is passing through the House of Lords. Clause 15 if so significant concern, giving Ministers the ability to carve a hole in the Data Protection Act at will – something this Government claimed it wouldn’t do, as it was key safeguard in the Digital Economy Act earlier this year. As written, it is a dramatic change from the data protection status quo, and gives the Government broad powers to exempt itself from the rule of law.

We have a briefing on the Bill for Second Reading in the Lords.

As the NHS moves towards transparency over medical records, the very information provided via transparency must be subject to the same protections against enforced SAR as the records themselves. It’s unclear whether clause 172(1) does this sufficiently.

Implementing the Digital Economy Act: “Better Use of Data”

To plagiarise Baroness O’Neill, whose approach is very relevant here: better than what?

The Cabinet Office are consulting on the Digital Economy Act Codes of Practice. We have a draft response to that consultation, which goes into more detail on a number of issues raised in our rest of government supplement.

As for how that will be used in practice, the Cabinet Office are having meetings about updating their data science ethics framework, and the ODI is seeking views on their proposed data canvas. The canvas is better, but to qualify as science, it can’t just be some greek on a whiteboard, but must include a notion of accountability for outcomes, and falsifiability of hypotheses.

Otherwise, it’s not science, it’s medieval alchemy – with similar results.

Most interestingly, it appears that despite all it’s flaws, the current “data science ethics framework” is in use by Departments, and they do find it useful for stopping projects that are egregiously terrible. So while the framework allows unlawful and unethical projects through, preventing those was not their goal – the hidden goal was to stop the worst projects where every other “safeguard” has demonstrably failed. This is a good thing; it’s just a pity that the previous team denied it existed. The honesty from the post-reset team is welcome – the previous approach included denying to our face that a meeting like this one was taking place, after someone else had already told us the date.

… part 2 is now here

Any Data Lake will fail; there is an alternative

We’ve added some new words to our front page.

Any attempt to solve problems of records following patients along a care pathway that involves putting all those records into a big pile, will either fail – or first breach the Hippocratic Oath, and then fail.

A Data Lake does not satisfy the need for doctors to reassure their patients (e.g. false positive tests), does not satisfy the need for doctors to hold information confidentially from others (e.g. in the case of Gillick competency, or on the request of a patient), or when institutions cannot tell doctors relevant details, e.g. in situations where there is “too much data, but no clear information”.

From the NHS’ national perspective, micromanagers at NHS England will get to reach into any consultation room and read the notes – especially in the most controversial cases. They might be trying to help, and while members of Jeremy Hunt’s Office itself might not reach in (to be fair, they probably wouldn’t), do you believe the culture at NHS England is such that some NHS middle-manager wouldn’t think that is what they were expected to do, urgently, under the pressure of a crisis?

This is also why any ‘blockchain approach’ to health (specifically) will fail. Such technologies don’t satisfy the clinical and moral need to be opaque – deniability is not a user need of your bank statement.

Just as every civil servant recognises aspects of Sir Humphrey in their colleagues, it is the eternal hope of the administrator – however skilled, and especially when more so – that if a complex system worked just as they think it should, everything would be eternally perfect.

Such a belief, whether held by NHS England, DH, or the Cabinet Office is demonstrable folly. If you build a better mousetrap, the system will evolve a better mouse; everything degrades over time.

It was a President of the Royal Statistical Society who talked about “eternal vigilance”. This is why, and it also provides the solution.

As we’ve outlined before, the alternate approach to a leaky Data Lake is to add accountability to the flow of data along a care pathway.

The system already measures how many patients are at each stage, and their physical transfers; it should give the same scrutiny to measuring how many records follow electronically. Where the patient goes, but their data doesn’t, should be as clear to patients as statistics on clinical outcomes – because access to accurate data is necessary for good clinical outcomes.

Interoperability of systems, in a manner that is monitored, is already being delivered by care providers up and down the country. Creating lakes of records is simply an administrator’s distraction from what we already know works for better care.

medConfidential takes donations

medConfidential comment on DCMS Data Protection “Statement of Intent”

DCMS’s intent is clearly to pay more attention to Civil Service silos than citizens’ data.

Sometimes you reveal as much in what you don’t say, as in what you do. Or in what you pointedly ignore…

The ‘Statement of Intent’ document suggests that the confidential information in your medical records deserves no better protection than your local council’s parking list. This is contradicted by both the Conservative Party Manifesto, and the pre-election commitment around Jo Churchill MP’s Bill in the last Parliament to put the National Data Guardian on a statutory footing. So why is DCMS saying no?

DCMS says it intends this to be a “world leading “ Data Protection regime. Even if this weren’t the UK’s implementation of the General Data Protection Regulation, DCMS would know its intent falls short had its Ministers and officials paid any attention to what’s happening outside their own offices.

Three weeks ago, the Government and the NHS committed to telling data subjects when their NHS medical records have been used, and why; and multinationals such as Telefonica have argued clearly and cogently that full transparency to data subjects is the only way forwards with innovation and privacy, without pitchforks.

The Government, however, is doing the minimum legally necessary – and already failing to meet the promises that it was elected on.

Given the Government’s manifesto and the Government’s commitments elsewhere, it is entirely possible for the UK to use digital tools to implement a world class data transparency and protection framework… So why is DCMS saying no?

On what principles will data be used in the Single Government Department?

Whitehall proceeds step-wise, and ever more rapidly, towards an end state of a “Single Government Department”. This is Sir Humphrey’s decades-old vision of “Joined-up Government”, predicated upon Government doing whatever the hell it likes with your data, wherever and however it gets it, in flagrant disregard of Data Protection and Human Rights, Articles 8 and 14 (at least). User needs or departmental needs?

In a world where there’s a single Government (and government) data controller – the Data Controller in Chief; the Prime Minister, the final arbiter – will a single Department’s policies, practices and prejudices determine the list of Government policies?

We don’t see how it doesn’t.

It may be useful to begin with an NHS analogy. It’s a gross simplification, but it carries the necessary meaning.

There are multiple hospitals in Manchester – Royal Manchester Children’s Hospital, Manchester Royal Infirmary, and St Mary’s – all on the same site, with interconnected modern buildings, all built at the same time. Why are there three hospitals? Because when the new buildings were constructed, and everything was consolidated on one site, though treating them as a single hospital would seem most sensible, that would (to many people) effectively be “closing two hospitals”. Hence, there are three.

What about Government departments?

In a Britain with a single government department, what is currently the Home Office – with its particular approach (covered elsewhere) – will go on the rampage across all areas of everything.

For how will weaker policy goals be defended against stronger ones? “It’s a matter of national security, don’t you know…”

Clause 38 of the Digital Economy Bill “solves” this problem by simply ignoring it – those with the highest bureaucratic power will win the fight; we’ve seen this already with the Home Office demanding the names and addresses (p16) of patients – and it’s quite clear they’d have grabbed everything if they’d wanted to.

In this context, with the Digital Strategy of DCMS, and Cabinet Office’s warmed-over Government Transformation Strategy in play, what should happen to make the world they’re trying to build safe?

The greatest concerns must be with the Transformation Strategy; the current “ethics framework” suggested by GDS (the part of Cabinet Office responsible for writing the Strategy) is so flawed, for example, that it suggests a Privacy Impact Assessment can fit on a single sheet of A4 – the self-same strategy used to justify care.data, relying on NHS England’s public statements. Thus far, the country has been saved from a systemic collapse in trust by the fact that this “ethics framework” isn’t actually used by departments.

So what’s the alternative? A citizen view of Government.

Government insists it should be able to copy our data – whatever it wants, wherever and whenever it likes – including to its commercial partners, e.g. Google (or rather, Alphabet) DeepMind and Palantir, for whatever policy whim catches the interest of any particular official. Proportionality and public acceptance are irrelevant; these are not what the civil service is set up to do.

As we saw with DeepMind at the Royal Free Hospital, one person with power can torpedo years of careful and diligent work in order to meet their own short-term, narrow perspective, self-interested goals.

The single Government department makes this worse, if left unaddressed. What should replace it is a citizen view of Government.

This conversation has never been had. The discussions that have been facilitated were designed to get to the pre-conceived end state of the Cabinet Office. As such, the answer was given and civil society time was wasted on a ‘debate’ that was entirely pointless; any wider opportunity to improve the use of data in Government through the Digital Economy Bill was lost.

As an example, well-defined APIs might work for departments – but if departmental silos weaken (as is the explicit goal: “to remove barriers to data sharing”) then things begins to fail. Citizens should not have to rely on how Government talks to itself.

The start of the conversation has to be with complete transparency to citizens – with the likes of Verify and public bodies being accountable to the citizens they work for. Citizens can now be shown what data is required for their transactions, and from where it will be accessed, and why. Operational decisions should inform democratic debates, both by policy makers and citizens who wish to engage in democratic debates about the services that affect them.

Civil servants all work for the Crown and not the public – whatever ‘flavour’ of Government is in power – and this may be a tension that needs consideration. What happens when the political will meets the public won’t? How is trust in institutions maintained?

Because without action, continued secrecy and the drip drip of cockup will undermine all trust.

This works in practice

Fortunately, some NHS GPSoC IT Providers (the data processors who provide IT systems to your GP) have taken the lead in fixing the systems from within the system. How many decades will it take Whitehall to catch up?

We have already demonstrated what this looks like – with Verify and other tools.

Rather than a “single government department”, the principle should be a “Citizen View of Government” – where every service a citizen has touched can be seen, with accountability for how they used data and why. This would make Government accountable to the citizen, as it should be – without the citizen having to understand the intricacies of how Government works.

In a “Citizen View” world, whether Government is one Department or many doesn’t matter as much. If civil servants want to justify access to data, they can – but they must be aware that citizens will be told what data and why, and might become unhappy about it if the reasons aren’t just.

Any Government that fails tell its citizens what it is doing and why, or which doesn’t really want them to know, will not be wanted in return – as the EU discovered with Brexit. This is what the open policy making process should have prepared the groundwork for; the price of that failure keeps going up as digital continues its march.

Unless we wish to treat data about human beings with less care than we treat the data about carcasses in our food supply chain, ‘Globalisation 2.0’ will be based on registers and code – determining risk and eligibility for consumers and for regulators. This simply does not square with a world of copying data; it can only work in a world of APIs to data where there is a lawful, published case for each access, grounded in fundamental accountability to citizens about their data.

It is obvious that data about the food we eat should not be locked in a filing cabinet in Whitehall. It should be equally obvious that “taking back control” shouldn’t mean giving every civil servant a copy of all the data on every citizen.

Related pieces:

The Home Office: Secretive, Invasive, and Nasty

In various guises, those who coordinate medConfidential have been dealing with the effects of Home Office missteps for what now in total amounts to decades.

Liberty Human Rights Awards 2010

Liberty Human Rights Awards 2010

Here is some of what we have learnt:

Home Office is the part of Government that must confront and ‘deal with’ the absolute worst in the world: murder, rape, terrorism, paedophilia – the stuff no-one really wants to have to know about; things from which civilised people prefer to turn their eyes. There are obvious – and legitimate – reasons that some of what the Home Office does must be confidential or classified.

The people who we task with dealing with these terrible issues deserve to work in a culture of compassion and competence, with solid foundations in Justice – the current Home Office has none of these.

Secret: Hiding errors in a file marked Secret harms the public good.

As can happen with bureaucracies more generally, the hint of secrecy at Home Office has spread into an all-encompassing security blanket around any information that might be be helpful to an informed debate in a democracy.

Treating information about every offence and misdemeanour as if they were the worst, keeping arbitrary secrets, and hiding your actions while telling others they must simply trust that “It’s for your own good” are the actions of someone who has lost perspective. Lost a sense of proportion. And lost the ability to discriminate, except in the prejudicial sense.

The examples of this are countless – from Ministers’ refrain of “trust us” about the ID scheme to “We know but we can’t tell you” about the Communications Data Bill; from petty refusals to extreme resistance to simply ignoring requests for information; and as evidenced by the secret ‘National Back Office’ in the NHS, only exposed in 2014, when Sir Nick Partridge reviewed what happened in the building where the previous-but-one Home Office-administered ID card scheme ended up.

Worse than that, on getting information via a backdoor into people’s medical records, the Home Office wrote in secret to people’s doctors, telling them to deny treatment.

Invasive: No consideration of innocence, or the consequences of action

The political culture pervading the Home Office has led to an organisation which cannot consider side-effects.

It sent round “Go home” vans because they might contribute to a “hostile environment” for illegal immigrants, without any regard to the effects of that hostile environment on innocent parties.

And it’s lost the ability to discriminate: to Home Office, everything it looks at is a crime – or a potential crime – so it is prejudicial towards everyone.

In being unable to discriminate between ‘crimes’ – including thoughtcrime, and perfectly normal behaviour, such as trying to keep your personal communications private – Home Office discriminates wildly and inappropriately against whole classes of people, and individuals who have in fact done nothing (or very little) wrong.

And, in pursuit of its obsessions, it considers nowhere, and nothing, sacred (Q78).

If it will not respect the boundary of the confidential relationship between you and your doctor, where is it that you believe the Home Office will not go?

In this world view, the entire country gets treated the way the Home Office treats illegal immigrants (which it claims is “respectful”!) and – after many attempts, including a RIP Act that for years emboldened nasty, technocratic petty-mindedness down to the local council level – it has finally got its Investigatory Powers Act, so it can snoop on all our communications data.

Nasty: Fear breeds paranoia, and suspicion is contagious

Bullies are fearful. They don’t always appear to be – especially when they get themselves a gang. But you can tell bullies by the way they pick on people, and who they pick on; the weak, the odd, the vulnerable. People who can’t put up a fight.

The Home Office delivers little itself; it cannot act directly in many of the areas for which it is responsible. For these areas of concern, it develops policy, dispenses budgets for various programmes, commissions systems, lobbies for legislation, and other things – but it assumes everything will fail, which leads to suggestions like a 15 foot high concrete wall around Parliament: “Operation Fortress Commons”.

But the few things it can do corrupt everything. It tries to turn everyone it leans on in every part of the public services into a border guard, or a snitch. Demanding the Met hand over details of those who witness crimes makes everyone less safe – if you are the victim of a crime, you want those who know something to share what they know with the police, without fear that it may be used against them. In this case, the hostile environment is hostile against innocent victims of street crime, because the Home Office has harmful priorities.

There are countless examples of each of these, which will appear over the course of the campaign. Some of them will even come from us…

The Home Office has been responsible for a string of high profile, national embarrassments in recent years. Flawed decisions by Home Office led to national humiliation at the opening of Terminal 5 – ever wondered why the baggage handlers couldn’t get to work? The shameful disarray of the G4S contract for the Olympic Games, from which Home Office had to be rescued by the military. The collapse of many criminal trials because policy at SOCA and NCA was simply unlawful. The harm to the UK’s economy, and international reputation, from the wrongful deportation of 48,000 students – because the Home Office panicked after watching a TV programme. And the harm to public safety and public confidence.

Shorn of Justice, the Home Office has lost touch with humanity, proportion, and the fundamentally positive spirit of the Britain. Human Rights are pretty much all that protects you from excesses or mistakes by the Home Office.

How does this relate to the NHS and privacy?

The greatest hazard in this election comes not to/from Brexit, but rather the deeper, more insidious threat to the autonomy of every citizen from the State. It forgets the worldview that created the NHS: that no matter what the world’s darkness, there will always be people there helping.

In a Brexit world, the Home Office worldview offers the NHS just three choices: be nasty to ‘brown people’; be nasty to everyone; or ID cards. These are the only choices its worldview can see, while the perspective of the NHS is quite simple; healthcare, free at the point of use, for all those in need. Without discrimination.

Related pieces:

Digital Economy Bill: Part 5, Chapter 1, clause 30 and Part 5, Chapter 2 from a health data perspective

medConfidential asks Peers to:

  • Express support for Baroness Findlay’s amendment on Part 5 (NC213A-D)
  • Express support for either amendment to Part 5 Chapter 2 (Clause 39)
  • Oppose current Clause 30 of Part 5 in Committee and on Report

We attach a briefing, with a more detailed consideration of these points, but in summary:

In 2009, the then Government removed clause 30’s direct predecessor – clause 152 of the Coroners and Justice Bill – because the single safeguard offered then was ineffective. Bringing that back, this Government has not only excluded important aspects of Parliamentary scrutiny, it is trying to introduce “almost untrammeled powers” (para 21), that would “very significantly broaden the scope for the sharing of information” (para 4) without transparency, and with barely any accountability. The policy intent is clear:

“the data-related work will be part of wider reforms set out in the Digital Economy Bill. [GDS Director General Kevin] Cunnington said as an example, that both DWP and the NHS have large databases of citizen records, and that “we really need to be able to match those”. (interview)

While there is a  broad prohibition on the use of data from health and social care for research further down on the face of this Bill, in Chapter 5, the approach taken in clause 30 is very different, and contains no such prohibition. Regulations (currently draft) published under clause 36 simply omit the Secretary of State for Health from the list of Ministers, thereby excluding NHS bodies but not copies of health data others require to be provided. This is another fatal flaw in clause 30.

medConfidential is deeply concerned that Chapter 2 of Part 5 contains no safeguards against bulk copying. We accept the case for a power to disclose civil registration information on an individual consented basis – a citizen should be able to request the registrar informs other bodies of the registration – but, just as clause 30 contains insufficient safeguards and is designed to enable bulk copying, so is Chapter 2. One of the amendments laid to Part 5 Chapter 2 should be accepted.

Governments have had since 2009 to solve the problems that clause 30 not only leaves unaddressed, but exacerbates. The Government should either heavily amend Clause 30 at Report stage, or ensure it is removed before Third Reading. This clause is a breeding ground for disaster and a further collapse in public trust, and it simply doesn’t have to happen.

While medConfidential is open to legislation that treats sensitive and confidential personal data in a consensual, safe and transparent manner, this legislation does not. Despite more than 2 years of conversations about accessing data through systems that respect citizens and departments (ie data subjects and data controllers) and the promises they make to each other; Cabinet Office instead took a clause from 2009 off the shelf, and has been actively misleading about the process.

Briefing for Committee stage

Your Records in Use – Where and When… — Political will (or wont) for telling you how your data has been used.

The NHS changes greatly over time, but there are few “big bang” changes overnight, that happen without involving the patient. Your health context can change in the course of a single consultation, but the system does not change – only how you interact with it. Press releases may suggest that the NHS is rushing towards genomics and AI, but it’s much more a slow stroll.

The publication of Caldicott 3 called for an “informed” “continuing conversation” about health data. We agree – the best way for a patient to understand how their data may be used next month, is to be able to see how it was used last month. But if there are caveats that remain hidden from the public, a dishonest entry is worse than no entry.

Every patient has a personal lived experience of the NHS, and using that as the starting point for accountability of data use is vital. Data usage reports can give a patient the information about how data is used, in a context that directly relates to their personal experience of the NHS. Some of that they were involved in, and some of it is the system doing its thing and hoping no one notices.


Databases: poor and past?

Why are some patients being told to bring their passport to receive care, even though the NHS was there when they were born?

Databases that have benefits will receive public support for doing what they were supposed to do, but there is a widespread recognition that some past data choices by the NHS may have not been wise.

Whether that legacy will be repaired, or left to fester, is now up to the Department of Health, when they respond to the Caldicott Review. The Review left a number of hard questions unanswered, including the abuse of some patients that has been described as tantamount to “blackmail”. Care.data was just one of those. There are others that have hidden under a rock for some time, and followed care.data as it it were a guidebook.

The databases proliferate, there is almost no evidence for whether they are useful. Is the energy spent on them worthwhile? Is there a better way of delivering the goals they were designed to meet? There is an opportunity cost to doing anything…

There are many good reasons to use data, but just because a data collection has existed for decades, doesn’t mean it’s still the best way to deliver on the goals. Continued secrecy about the effectiveness of some data projects suggests that perhaps the claims of benefits are overblown, and are not supported by the evidence of what actually happened.

A continuing conversations requires ongoing evidence of reality, not political hyperbole.


Will patients be shown the benefits?

Will patients be provided with the evidence to show how their wishes have been implemented? What was the outcome of projects where their data was included?

What was the outcome of the “necessary” projects where dissent was ignored?

Will the Caldicott Consent Choice ignore the choices patients were previously offered?

In 2016, NHS Digital have made the final preparatory steps to telling patients how their data is used, which was firstly, keeping track (a side effect of beginning to honor objections), but they also now publish a detailed data release register – with sufficient detail for you to work out where some of your data went and why. Such a register allows for independent scrutiny of any data flow, and is a necessary prerequisite to a data usage report.

It does not tell an individual whether their data was used, nor what the knowledge generated was (e.g. see notices tab), but it is the key step. And while two thirds of data sold by NHS Digital does not honour your opt out, Public Health England sneak a copy of NHS data, refuse to honour objections, and hide those actions from their data release register. (As of December 2016, some administrators pretend that there was no opt out offered from “anonymised” hospital data… here’s the video from Parliament).


Digital, Deepmind, and beyond

How AI will support care is a choice for the future, but if there is going to be any move towards that world (and there already is), the transparency of all digital services must be fundamentally, inviolable, and clear — it can include AI, but can’t include dodgy caveats.

If there is any secrecy about how patient data is used, NHS institutions may hope to be given the benefit of the doubt for secrecy, Google not so much. If there is secrecy for the NHS organisations, companies will try and sneak in too.

Similarly, if patients are to be offered digital services that they can use without fear, there must be an accountability mechanism for when those services were accessed, that they can view when they wish. Otherwise, the lowest form of digital predators will descend on health services like it’s feeding time. It doesn’t have to happen – unless there is a political decision that mistakes can be covered up.

When companies put out a press release, we often get called for comment and insight  on what is actually going on. That’s a journalist’s job, and ours, because some good intentions come with too high a price.

Will the mistakes of the past begin to be rectified, creating the consensual, safe, and transparent basis for the (digital) health service of the future?


Demonstrations of Delivery on promises

There will always be a demand to do more with data – but any framework has to respect that some things will not be permitted.

As Caldicott 3 recognised, telling patients how their data has been used is necessary for public confidence in the handling of data. If there is to be confidence in the system, and allowing data to be used to its full potential, then there should be a recognition that when that use is objected to by an individual, then that objection is respected.

We focus on health data, but this applies across the public sector, where there is a desire to make data great again in 2017…


Briefing for the Digital Economy Bill – House of Lords 2nd Reading

Our 3 page briefing is here.


Given the obstinacy of the Cabinet Office, Part 5 of this Bill has been offered on a take or leave it basis to Parliament.  If it is not improved at Committee stage, we suggest you leave it.

A major hospital in London has a deal with Google to produce an app to tell doctors which patients are in the most urgent need. This is a good thing. But to produce it, Google insisted on having a copy of main dataset covering every patient in the hospital, which is only available up until the end of the previous calendar month.  The appropriate way to get the information needed, was to get up to the minute information on the patient whose details they were going to display. However, Google wanted all the data, and insisted on it if the hospital wanted to work with them.

It’s not the creation or production of a pretty app that’s the problem – it’s the demand for excessive data in return for using the app. It’s entirely rational for the hospital to accept the app as it may lead to marginally better care for their patients; but the price is being paid in their patients’ data. The Bill applies this principle across Government: third parties want the benefits of having the data, because this Bill does not require any protections.

The Minister was asked a simple question about safeguards: “Could you explain where they are and what they look like? and no answer – because there are none.

Characterising Chapters 1 and 2, it can be said they “will have the effect of removing all barriers to data-sharing between two or more persons, where the sharing concerns at least in part the sharing of personal data, where such sharing is necessary to achieve a policy objective…”

Unfortunately for the Government, that characterisation is quoting from the Government’s explanatory notes for s152 of the Coroners and Justice Bill (para 962). Nothing has changed in Government thinking since 2009, when the House of Lords threw out that clause.

Our 3 page explanatory briefing is here.