Care.data - Getting the ducks in a row

Good Friday has different meanings and traditions across the cultures. For some the most sombre day of their church calendar. For others, another Bank Holiday and start of the long weekend in spring. For Mr.Cameron this year, getting stung by a jelly fish abroad.

For me, visiting family in a small nordic village, it's the day of the annual duck race fundraiser.

2,000 numbered plastic ducks are thrown into fast moving water high upstream, and the public waits and watches anxiously as the toys approach the central village bridge and race beyond. The first to hit the finish line net at the weir after an arduous course, is the winner.

There are lots of obstacles along the route and some ducks get stuck. Children are allowed to pick up those off-track in side eddies and hurl them back into the main channel. As a parent, you inevitably lose your child at some point in the crowd, fret they may have joined the ducks for a swim, and the whole race always takes longer than we expect.

So, it feels, as a citizen and patient, is the current progress of care.data.

There was a misjudged start. There's lots of obstacles still to overcome. It looks like the finish line is getting clearer. And some believe it might take longer than first thought.

Whilst on holiday I've taken time to read over the recent letter, to colleagues, from Tim Kelsey & NHS England. It's addressed to colleagues, which I'm not, so perhaps it feels a little like looking over someone's shoulder on the train, but hey, It's the only update we've got.

Looks like some positive acknowledgements and steps are in progress:

• We will work with stakeholders to produce support materials, such as an optional template letter for patients and ways of making opting-out more straightforward
• We need to do more to ensure that patients and the public have a clear understanding of the care.data programme
• This work is continuing and we will update you on these changes separately 
  
• We want to hear your views and suggestions so we can take action to improve and build confidence in the care.data programme. We will also be engaging with patient groups, GPs and other stakeholders through local and regional engagement events

Notably, it's the first time NHS England has said opt out. In the past it has only ever been an objection. As a linguist, language is important to me. And the two are not synonymous no matter how often I may be told by NHS England that they are to be used interchangeably.

It's the first time there really feels like more give, and less we'll take without asking you first.

And it's the first mention towards offering local and regional engagement.

There are some new hints which need explanation, such as a change towards who may use the data - described always as for secondary uses, clinicians and patients using it is new:

"Care.data is an initiative to ensure more joined-up data is made available to clinicians, commissioners, researchers, charities and patients."

And there are some ideas which are making progress, but seem a little stuck.

"In addition, steps have already been taken in making changes to the law"...

Whilst changes have been put into the Care Bill, other rather sensible ones, such as legal penalties for data misuse were rejected. And the purposes are still so loose as to be possible to give data for a wide range of 'health purposed' clients. That was the day in which it appeared fewer than 50 MPs were in the chamber to hear the Care Bill debate in which nearly 500 came in to vote. (How they can reasonably and effectively vote on something in which they did not hear the debate, I don't understand.) These are legal changes I believe which need hurled back to Parliament to get them on track again.

Experts much wiser than me, have made a proposal of comprehensive amendments, and seem, from my lay understanding, both really positive and practical.

The "optional template letter for patients" may be something GP practices could consider using to contact individuals where they know that leaflets were not delivered. Even Dame Fiona Caldicott did not receive hers. (BBC PM listen from 33:30)

If centrally, it is known where they did not reach patients, it would be helpful for GP practices to then be able to evaluate if there is an additional need to contact their patients. For example, in my area, no one I have spoken to received a leaflet.

Perhaps that might seem trivial now, and in the past, but for trusting the scheme I believe it is really important to know why that was. Because since no opt out was originally planned I want to know that the intention was truly to tell us all. Did they print enough? Distribute enough? Follow up at all? I've asked to find out.  After all, it was our state money that paid for it. A previous Freedom of Information request, on the status of its distribution with Royal Mail, from Phil Booth of MedConfidential appears to contradict ministerial mutterings that said an exception was invoked. I know that for myself, I had not opted out of junk mail, yet I still didn't get one. I knew to look out for it and inspected my pizza flyers and dog walking leaflets in every post in January. No leaflet and all of my friends were the same.

If the experts such as Dame Fiona, the GPES advisory group which in September had:

"major concerns about the process for making most patients aware of the contents of the leaflets before data extraction for care.data commenced" 

and ICO felt the leaflet went out with the wrong content and was rushed then I want to know why, so that the same people are not making the same decisions, and will cost us time and trust again. Why it went ahead against every expert's better advice is important to understand. "Regrettable that you are not now able to take any of our comments into account" was ICOs comment and the sentiment seems echoed by Dame Fiona on today's radio broadcast.

Even a lay person like me, could see it was a disaster about to happen.

My suggestion, was that role-based patient communication would be much more understandable. Take some stereotypical sample citizens, map their 'day-in-the-life' using HSCIC data systems, show how these interactions send data to HSCIC and map them to show what data is extracted and where it goes, is stored and may be viewed and distributed by whom. There are an awful lot of individual scenarios so no model may match any real patient experience, but looking at it backwards, take all the HSCIC systems and extract a situation which would send the data up. A&E, School nurse, Electronic Prescription Service, Choose&Book, GP screening. Mental health call centre. It would be possible.

People should know what data, is extracted when, why and who will use it. Visuals are better than words. The leaflet failed in the case of care.data, but would an individual letter have achieved more, in just a few sentences?

More has been achieved to raise our awareness of the Health and Social Care Information Centre and Government uses of our health data, through all the hoo-ha in the press, and the re-tweet by David Nicholson of the care.data downfall parody, than by the original leaflet. Perhaps the leaflet's measure of success was not intended to be a 100% reach at all. I hope we'll understand more soon.

(** for updated thought 19th April see note below.) Should we presume an 'optional template' means that no paid letter will be provided from NHS England to all? GP practices may decide to use the 'optional' template to send out letters now. Professor Mathers had called for one. But I wonder if GPs themselves will be expected to bear the cost, of an imposed central initiative for which there is no choice to participate and yet the GPs are legally liable Data Controllers for complaints? If no funding is offered, and GP practices decide not to send letters out, it would seem a risk trade off. The risk of a patient complaining or indeed legal action, if they did not know their data was going to be extracted and and potential risk for harm ensued. Yet fair processing should be a Data Protection Act requirement. But is it for care.data?

This week also saw the list of number of patients published by GP practice. Helpfully with postcode. So if my practice were to want to post a letter to every patient in my area, at 53p second class, it would cost around four thousand pounds. I don't know if they get any bulk discounts and one per household might reduce numbers. But that's a lot of money - but perhaps (**) it may be covered centrally after all, though the letter does not indicate that? (I now also know how few over 90 yr old men are registered, if interested).

It seems like there is much positive going on in the undercurrents of the care.data developments, which the general public cannot see, such as the care.data advisory group work-in-progress.

There would seem much which needs work in a very short space of time for relaunch in autumn. But if Dame Fiona Caldicott, Chair of the panel set up to advise NHS and Ministers on the use and governance of patient information, said she thinks we need longer, then I am sure she is right. To take as long as is needed to get it right would seem sensible. To rush and fail a second time, would be irretrievable. Surely, her advice would not be ignored again?

The HSCIC this week also released the Framework Agreement between the Department of Health and HSCIC. 

It will be interesting to see if this affects and changes the HSCIC roadmap. In my opinion, it should. The care.data addendum to widen commercial uses was pushed back but is still to resurface. There is still no clarity around commercial re-use licenses. These commercial drivers should come out if Mr.Hunt's rock solid assurance is to be believed which, "puts beyond any doubt that the HSCIC cannot release identifiable, or potentially identifiable, patient data for commercial insurance or other purely commercial purposes."

At the moment I would hope the HSCIC roadmap would change in its commercial focus:

"especially in relation to the potential sale of data". 

"Help stimulate the market through dynamic relationships with commercial organisations, especially those who expect to use its data and outputs to design new information-based services."

It remains to see if it does.

That framework is a good read with a hot coffee (and a short snaps if you are where I am). What's missing for me, is any reassurance at all that the HSCIC will remain public. There is a large chapter on what process would need to be followed if it were to change structure or be merged. And therefore does not rule out a private owner of the single central repository for our health, social care, research and recipient of integrated ONS data in future.

"Any change to its core functions or duties, including mergers, significant restructuring or abolition would therefore require further primary legislation. If this were to happen, the Department would then be responsible for putting in place arrangements to ensure a smooth and orderly transition, with the protection of patients being paramount."

It would appear to me, that a future intent to privatise the ownership of care.data and more could remain open. Certain aspects of the day-to-day functions were potentially to be outsourced in a past ISCG roadmap. I would hope the core will remain firmly State owned.

Bizarrely, duck races are not treated equally across the globe. Wisconsin recently repealed their ban. It seems almost as bizarre, as the idea of selling our taxpayer financial and VAT data. Or our school pupils personal details. I wish I could say, one of these stories were not true.

What the duck is going on with Government's attitude to our personal data?  The Cabinet Office seems to be failing to give out legally required Freedom of Information responses, and yet happily selling the knowledge of our health, wealth and our children?

"These regulations also allow the department to disclose individual pupil information, subject to the Data Protection Act 1998, to named bodies and persons who, for the purpose of promoting the education or well-being of children in England are conducting research or analysis; producing statistics; or providing information, advice or guidance. The department may decide to share pupil and children’s information with third parties on a case by case basis where it is satisfied that to do so would be in accordance with the law and the Data Protection Act, and where it considers that such disclosure would promote the education or well-being of children."

So if McDonalds wants to run a healthy eating campaign, would they qualify?

Open Data does not equate (must read) with being open with all of our data. Tables and summaries at aggregated level of statistics are nothing to do with individual level data. Before any Government body considers if they should enable private and other organisations to use data more freely and effectively, and their stance on charging and profit from use of data, they should think twice.

Remember the daft Deregulation Bill 162? It revokes the need to sell pre-packed knitting yarn by net weight and other nonsense. Perhaps it is the 'Exercise of regulatory functions' which is the root cause of much of these  issues on the monetisation of our data:

Clause 63 provides a power for a Minister of the Crown to issue guidance on: how regulatory functions can be exercised so as to promote economic growth;

Sections 60-67 of the Deregulation Act currently passing through Parliament allow the removal of any regulation that conflicts with the interests of a profit-maker. If your body manages data, there's really only going to be one way to meet the obligations of Bill 162. Sell it.

Someone needs to tell all the departments, if you have any chance at all of getting care.data through to the finish line, stop giving away or selling any of our personal data which we trusted you with for an entirely different original purpose.

Whilst there are many people working on many manoeuvres to get all the ducks ready to relaunch for care.data, the Government has to pay attention to the whole race. If we lose faith in the Government to make wise decisions on what will be done with all data we share for a given purpose and find later it is given to others without our knowledge, we won't trust it with our health data. If the data warehouse may one day be sold off, then all the gameplanning and rules in between will appear to have been pointless.

This is not a race to the finish with the least bad option. Care.data needs to be exemplary if it is to have any chance of reaching the podium as the world leader in patient data-sharing management. It's got one second chance to get a relaunch.

Without public trust it will flounder. Without GPs to patient communications thoroughly thought out it and funded, it is destined for a rough ride. Without further legislative changes, it's not going far enough to be convincing of real commitment to change.  Without these three, it will not reach the finish line.

The best summary of why we need still much work and how to respect so many of these under good governance, came out this week, from the Chair of CAG. "However, we cannot expect to have all of the answers in six months time. The commitment must be an ongoing one to continue to consult with people, to continue to work to optimally protect both privacy and the public interest in the uses of health data."

So between Dr. Taylor and Dame Caldicott the wise seem to indicate more than 6 months is needed.

There are encouraging signs, but many issues don't seem to be addressed yet at all, from the recent NHS England letter nor Framework Agreement. Above all, in common with the tax data sharing, pseudonymous is not equal to anonymous. It's not only what HSCIC currently determines as identifiable, which we need vital improved governance to protect.

In any upcoming public communications, I pray don't patronise the public saying that 'name and address will not be extracted' as the last FAQs and poster did. Explain instead what the Personal Demographics Service stores already, educate us how the PDS and linkage works and why. Details like this must not get lost in any rushed relaunch.

And other departments' decisions must not put it in jeopardy.

Whilst care.data is getting its ducks in a row, the wider Government approach to data management seems to have gone, I can't help but say, absolutely quackers.

-------

** 19th April Update: Reliable comment says if GPs get patient letters made available they only have to address them to send to their patient list. Will this happen in this case? Good news for informed communications? Let's hope so. 

No Security Blanket - why consent packages fail our children - care.data and more

From Al.com via Scott Stantis 2007

As a mother, I want to know that my children's personal data, when it is collected by any organisation, will be kept safe and used in ways I would expect. I see it as my responsibility safeguarding my children today, to also think of their future. 

But it feels as though the world around us in England has gone mad on giving their personal data away and with it, their future autonomy.

Here's five recent case studies and why they fail our young people.

The Department of Education’s National Pupil Database & Personal Demographics Service

What About Youth is using contact details directly from the Personal Demographic Service (PDS) data stored at HSCIC and the schools' database, the Department of Education’s National Pupil Database, and giving them to IPSOS Mori, the poll research organisation to carry out the What About Youth? study on behalf of the Health and Social Care Information Centre, funded by the Department of Health. To contact our 14-16yr olds directly.

"Your contact details were taken from NHS Registration data, held by the Health and Social Care Information Centre and the Department of Education’s National Pupil Database, which contains details of every pupil in England. The NHS Registration data has been used as it is a reliable source of details such as name, address, date of birth and NHS Number. It does not include any medical data so we don’t know anything about any illnesses or conditions you have had or received treatment for.

We have received approval to use your contact details only for this study. We won't be using them for any other purpose, nor will we share them with anyone else. "

I don't know that any parent would find that an expected use of their personal contact details to be contacted by the third party directly.

How is the questionnaire coded I wonder, whilst "the answers will not have the child's name and address on, so no-one who sees them will know whose they are," the "aim of the study is to make it easier for doctors, nurses and local authorities to help young people." So it would appear Local Authority is going to be coded at least. And your individual postcode. And child's age and gender and ethnicity and more.

If the child (14-16yr olds) agrees to being re-contacted, I would want to know as a parent exactly how, when and for what. But parents are encouraged not to influence the child completing the form, so we may never know. The survey asks about all sorts of insecurities, not all of which I believe every 14 year old will have yet considered. Is it right that the State should intrude with these topics into my child's private time and thoughts? The content deserves scrutiny from parents before the children are involved. At least, not done in school, we get a letter and know about it at home.

But how can the project ethically ask my child to give their consent to share intimate details not only about themselves but about our whole household and potentially agree to future contact, whilst expressly asking me not to be involved in the decision?

I wonder how pupils will feel whose parents suggest they would prefer their child does not complete it?

Surely if the Department of Education’s National Pupil Database is obligatory it should not assume OK to give out personal contact details to anyone? Some families choose to be ex-directory. Does the cross-purposes use of the Personal Demographics Service make that now impossible?

Should our children and parents, who trust that their personal details are used for registering for the basic rights of health and education, not be allowed to trust those contact details are held in confidence, rather than shared with third parties?

What is the government thinking about, as it manages our young people's data privacy?

The National Citizen Service and Health Data stored at the Health and Information Centre

While I was looking more closely at the DAAG (HSCIC) minutes this week as related to care.data, I looked at the approval for consent advice and request for future data linkage with the National Citizen Service (NCS) project, open to all 16 and 17-year-olds in England. The request checked that the consent was appropriate for future sharing of Mental health and Hospital Records with the Cabinet Office.

While I was at it, I took a look a close look at the NCS sign up process. At the bottom of the online register in small print was the required check box to proceed:

I agree to my personal data being stored, shared and used by the NCS Trust and other organisations to inform me of NCS and graduate opportunities and to support the delivery of NCS and its graduate programme. I agree to the NCS Terms & Conditions and Privacy Policy.

Then you need to click down twice, to the T&C and Privacy Policy. 
From the Terms&Conditions we need to take another step:

Information about you : We will never pass any details you provide to us on to anyone other than those specified in our privacy policy. 

You also need to go to the separate Privacy Policy. which turns out stating there is virtually nothing private about managing your personal data after you enquire at all - but is in fact a  'Data Sharing Policy':

 "By submitting the Expression of Interest form you agree to your personal data being stored, shared and used by the NCS Trust (the data controller) and the following organisations: NCS contractors and their sub-contractors, government bodies, strategic partners of NCS, fraud detection organisations, organisations supporting the delivery of NCS or other organisations (including any organisation running or supporting all or part of NCS in the future)."

You must agree or cannot proceed with the application.

Where does the consent to link to a child's medical Mental Health and Hospital records get asked I wonder? Does it get expressly asked later in the project or on paper because it does not get asked online in the Young Person nor the Adult/Guardian's sign up. Is this the consent process the DAAG approved? Is it just meant to be included in the blanket "government bodies"? Perhaps the wording is still to be amended?

Sign the child (and your own 'Guardian' details) up for NCS and there is no choice but to accept that data sharing agreement. You must accept it to sign up for the programme but there is an open ended who, when and for what in the blanket consent ..."supporting all or part of NCS in the future." The NCS sign-up and consent doesn't explicitly mention sharing data with named sub-contractors anywhere either.

The charities involved may do great work. But why Serco? Is this the organisation that we would wish to be managing our young people's personal data? Think I agree with Navca on this one. By signing away rights ..."in the future," we have no idea WHO will own the data  later.

Should our children who need this NCS programme most, not be allowed to particpate unless their personal and potentially medical details go to all these unknown future places?

UCAS and student applications - further education

When I read recently in the Guardian about Ucas selling student records of our under 18s applying to university I was equally surprised.

At a time when teen deaths from alcohol consumption often mixed with energy drinks appear regularly in the news, it is highly irresponsible to me as a parent, to know that a commercial company promoted new energy drinks by sending cans to 17,500 selected students in order to create a "social media buzz". I know from my own experience, university is often the place we are first exposed to a regular bar life. And so does business.

This goes far beyond the scope of what our teens signing up should expect their data to be used for. Who will decide what products and what uses of data will be acceptable in future?

I am fed up of these blanket consent approaches which deny a service unless we also sign away the knowledge of our personal habits and preferences for others to commercially exploit.

This mixing of purposes in which data privacy is to one’s disadvantage, is an abuse of trust. And it is the importance of trust and exploiting mixed purposes, which for me, has been so starkly highlighted in the management of our medical records.

Dental Service - the NHS Business Service Authority


When I signed the form to pay for my recent dental treatment I read the small print. The Dental Admin Assistant shared my surprise to find that the data processing takes place outside the UK, and requires data sharing with processors in 'India or Sri Lanka." WHO WILL USE IT WHERE and FOR WHAT PURPOSES? I am required to sign the form to agree to pay for my treatment. It gives permission to share with Dept of Work and Pensions, HM Revenue and Customs, local authorities and CCGS (then PCTs). But why should the one signature to bind them all, mean sending my personal confidential data abroad, outwith EU data laws even?  

Is there fair processing on this form, does it indicate properly for what purposes the wide ranging bodies will be given access? Surely they don't all need it for "fraud prevention and to ensure correctness" about my dental check up? 

If the government bodies are all working together and can share data at will under these blanket assumptions, without our explicit consent or knowledge, then a great number of people will be rightly concerned. I am concerned by powers this Memorandum gives NHS Protect and the Border Agency from 2011 and I am a legitimate resident. " To provide a centre of excellence for NHS anti-crime work by applying a strategic, coordinated and intelligence led approach."  I only went for a scale-and-polish!

This default to wide sharing seems to be increasingly seen as the norm. Surely it should be assumed that the minimum data should be shared with the minimum necessary recipients? Current policies seem to have confused a drive for Open Data with giving away our privacy.

How could it be done differently? If I sign a form to pay for my dental treatment, surely it should be only that. If you want other permissions, ask in other check boxes. I believe our NHS should be managing our NHS data within our borders, but that is a separate debate.

This blanket consent approach excludes the service unless you are happy to give open ended access to your personal data to Government and its contractors.

Should I not be allowed to have NHS dental treatment, for which I pay on completion, unless my personal details go to all these other places?

Let's consider an alternative. Enable the ability to say yes to paying for my treatment, without sharing fully identifiable data with other government bodies or sending it abroad.

It is one thing to share truly anonymised data. And quite another to extract identifiable personal details for at minimum ten years or longer. Time limit the consent.

If the 14-16yr old on the What About Youth questionnaire agrees to 'future contact' they presumably are agreeing to  having identifiable data and contact data kept with their answers, to enable that future contact.

If children agree to the NCS blanket sign up, they are signed up for an unspecified time. These sign ups remove our children's autonomy later in life, and they can never get it back.

Right now, I wouldn't let my children's personal data anywhere near any of these systems if I wanted to retain any future control of it at all. But do I have a choice? My children are in school, and that will mean in the Department of Education’s National Pupil Database. And they will have NHS records. I see some subject access requests ahead.

Given past historical purposes of the ONSET project at the Home Office, Contact Point and DWP I would want to keep my kids' data free from all of these.

Some may ask, why does it matter?

Because this joining up of services is interweaving systems whose aim is on the one hand compassion and care, with those on the other which are punitive and controlling. Their aims are not aligned. And inevitably it is the systems which shout loudest, under any government of the day, whose opinion tips the balance of purpose and decision making. And recent claims of micro managing in Health show, top down control usually wins.

Because I believe the earlier we label our children the harder it is for them to become anything more.  Inevitably labels shape expectations. Not only for the individual but those who interact with them. It is only the very best educators and social care staff or police or medics who manage to put those aside and see the individual in each episode of contact. The future intent for care.data is integration of data sharing between medical contact, social care and education, under local authorities, health and wellbeing boards and more. How far would the impact of one wrong label spread in a child's lifetime, in different places?

Because our children should enter adulthood with as few restrictions placed upon their development and self-determination as possible. Even, I would argue, those children who need the contact with all those organisations. I could argue, all the more so, precisely because they have those extra needs and contact. They may need excellent care and transition between youth and adult services. They need it facilitated first and foremost by qualified individuals who are trusted to do the job they trained for and have a vocational passion to complete. Yes the staff need data, but proportionate to the individual need, for the time period it is needed. We need to protect the extra vulnerable in many extra ways.

And we also need to protect the fundamentals in the Universal Declaration of human rights for all. Everyone in the community should find the free and full development of his personality is possible. Everyone has the right to work, to free choice of employment. In effect, these basic human rights seek to prevent discrimination and interference.

Our young people don't care about the risks of personal data sharing?

Our young people are more savvy than we give them credit for. In a world of shared selfies and social media, it can be wrongly assumed that they are careless with their own privacy. This  Electronic Patient Records work run by the Academy of Engineering in 2010, with support from the Wellcome Trust, came out with a report and seven key questions p.39 which are very pertinent today. The young people identified themselves the risks of prejudice and discrimination. The concerns they raise are no different from concerned adults. Our young people are switched on to the risks of personal data sharing.

When it comes to our children's data, organisations should be going the extra mile to be transparent. I believe they should carefully consider how the public will perceive anything that looks hidden. Consents should be all up front on the top layer of sign up forms. One consent per sentence. If you want to contact my children, ask me first. And if you offer a public service, would you consider first not piggy-backing a commitment to sharing with other bodies or commercial companies on to the consent package?

Why these blanket consents fail our children

These blanket consents are ubiquitous in modern data sharing, from the obvious supermarket sign ups, to which even David Cameron does not consent, to the totally surprising in education and health. Yet he happily signed us up under a blanket assumed opt in to be 'willing research patients.' This mixing of purposes under one blanket consent, in which looking after your data privacy is to one’s disadvantage, or criticised as selfish, is an abuse of trust. And an abuse of our children's future freedoms. They fail to give proper governance of who will own the data once shared. They fail to give proper information of what it may be used for. And they fail to clearly limit the time period for which the consent is given, and after which data will be destroyed.

Not only trust, but the needs of genuine purposes in the public interest are undermined by mixing all these purposes into one consent. Worse still, assuming yes for all these conflated uses unless you opt out. If there had been singular purpose, care.data would have been easier to understand and less likely to have failed to win our support.

I for one, am fed up with blanket consent. We can do it differently. We can do better for our children.