back to article What does the NHS’s new IT plan really want to extract from us?

Following last month’s announcement of a £1m nationwide spam drop, what now for, the NHS's latest multi-million pound big data project? Is it, as the carefully managed news release implied, merely taking its time – in fact, delaying a key project by almost a year - so as to nail issues of patient confidentiality? Or …


This topic is closed for new posts.
  1. Skoorb

    How else is the NHS supposed to do this?

    It should be pointed out that a lot of 'data sharing' has gone on for many years within the NHS, and is required for it to function.

    A couple of examples:

    Diabetic Eye Screening. This is referenced in the article. For any screening programme to function it has to know who they should be screening, and where they live so they can send a letter out telling the patient to turn up. Currently that means every GP in the country posting or faxing a form to their local screening programme every time they get a new diabetic patient, the patient moves house, changes their name, dies etc. This is ridiculous, how exactly would anyone suggest that this information gets from the GP to the screening programme if not through automated data transfer? Shall we stick with the faxing of handwritten forms?

    The HES, or Hospital Episode Statistics. Hospitals are paid based on their results from treating patients. For example, if a patient is discharged following surgery, and is then readmitted within 28 days, it is assumed that the discharging hospital sent them home too early. The hospital that performed the surgery and discharged them has to pay for the new admission, even if the patient is admitted to another hospital. How exactly is anyone supposed to notice that a patient is readmitted soon after discharge so the first hospital can be penalised without automated data transfer? If we stop this, hospitals can go back to discharging patients too early without worrying about losing money, or it being noticed by the regulator. People will only start to notice when many patients die. The data has to be recorded and checked to keep hospital managers honest.

    Just two examples there of problems that cannot be solved by going back to paper records locked in filing cabinets. Does anyone have any idea how to solve them without any sort of data sharing?

    1. thenim

      Re: How else is the NHS supposed to do this?

      The argument is not against the system, it's required. That's a given.

      The debate is about who has access to the data? and wtf they plan to do with it? And importantly how much does it cost? All three are pertinent questions, which don't appear to have clearly defined answers.

      I don't like this concept of private companies being given my healthcare data (even if it's anonymised!) It's none of their fucking concern...

      1. Anonymous Coward
        Anonymous Coward

        Re: How else is the NHS supposed to do this?

        It is private companies (pharma) who supply all of the drugs to the NHS.

        Would you not want them being able to use data to determine where their product is needed?

        Aren't Dr Fosters and IMS private companies that supply NHS organisations and the government with information about national trends?

        You see, analysing data at a local level doesn't tell you the whole picture because your local services might be run really well or really badly. By having information for all GPs, hospitals and providers you can do comparisons to work out what needs to be done.

        Also, the trend in the NHS is to rent services that analyse data. Local NHS organisations simply do not want to spend money on big database systems.

      2. Skoorb

        Re: How else is the NHS supposed to do this?

        Again, to use an example from the article. In Farnham Virgin Healthcare are the provider of Diabetic Eye Screening. In East Anglia it's Health Intelligence ltd.. Oh dear, it looks like private companies may already be getting some data. Likewise, companies like Ramsey Healthcare (own lots of private hospitals) and Specsavers (hearing aids and glasses) do a lot of NHS work.

        If the issue is private company involvement in the NHS, it should be taken up as the issue of private companies being allowed to bid for NHS contracts, not used as a complaint to dismantle any kind of data transfer or data sharing programmes.

        1. Anonymous Coward
          Anonymous Coward

          Re: How else is the NHS supposed to do this?

          > [...] Oh dear, it looks like private companies may already be getting some data.

          The data are recorded by staff working on contract or other basis for the practice. It's regulated by government, but is a private business. The data may well be stored in systems operated by another private business. All humans in the process work for money: they are private individuals. What of it?

          The law on using patient data for direct patient care is very clear. You're actually in trouble if you wilfully fail to do it. Using anonymous data for research has gone on for years in government and elsewhere and the law's clear on that too.

          In neither case is the *technology* used to perform the sharing relevant.

          1. Intractable Potsherd Silver badge

            Re: How else is the NHS supposed to do this?

            The problem is small numbers - it is ridiculously easy to identify a small group (or individual) in a small population with very little information. Data-sharing at population level means that the size of "small population" is increased by at least three orders of magnitude (instead of easily identifying 1 in 40, it becomes trivial to identify 1 in 40 000), and this means that *any* use, even audit, should go through research ethics approval to ensure that the interests of the participants are properly protected.

            This is not trivial, and hiding behind AC to defend it makes your position very suspect.

      3. Syntax Error

        Re: How else is the NHS supposed to do this?

        Funny people worried about who has access to their data when GCHQ and the NSA are allowed to access all our on line data. (Health data included)

        See the Guardian today..

      4. Anonymous Coward
        Anonymous Coward

        Re: How else is the NHS supposed to do this?

        "The debate is about who has access to the data? and wtf they plan to do with it?"

        It's perfectly simple. It costs a quid to get the names of a hundred people with anal herpes.

        But they'll pay the research company thousands of pounds each not to tell their mates.

        I see a business opportunity.

      5. JohnMurray

        Re: How else is the NHS supposed to do this?

        Since the NHS is now a collection of private companies operating under the "NHS" umbrella, one is compelled to wonder exactly how they are supposed to access your medical information if data-sharing consent is withdrawn (as mine was initially, and now will have to be again).

        Unless you have missed it, your GP will now offload any treatment needed to another provider. Minor eye surgery, such as cataracts, may well be done by a private hospital and paid for by the NHS (it is locally).

        Where NHS hospital physiotherapy departments were once the first choice when needed, now private physio is the first choice (get five sessions free, pay for the remainder @ £76/Hr) (been there, been done by that). GPs' get a kick-back for referrals....

        Of course, if there was separation of medical service provision and other uses of the information then this would not be a concern. Except there is no such separation. At present even the local councils taxation department has access to your information.

  2. Anonymous Coward
    Anonymous Coward

    Is the UK now just England?

    Does this story relate to the NHS in Wales and Scotland? Lots of references to NHS England but at the begining we are told "...all (non-dissenting) UK patients....". A few lines explaining what is happening in other parts of the UK would have been nice.

    1. 8Ace

      Is the UK now just England, Wales, and Scotland ?

      If you are going to complain about the use of the term "UK" you might want to learn what it actually represents first. Last time I checked those folks in N. Ireland were part of the UK also.

  3. Anonymous Coward
    Anonymous Coward

    Ah yes mr Skoorb,

    Your eye's are perfectly good, but I see you visited the proctologist recently. Can I ask how, when you slipped on the carpet, you managed to get Buzz Lightyear that far up?

  4. John Smith 19 Gold badge

    So it's the NHS "National Identity Register." What is it with f**king burocrats?

    No. The UK is a small country with broadband access to every medical practice.

    The truth is this sort of massive central data repository is simply unnecessary unless you want to flog off all medical records to whatever drug company wants it, for peanuts

    This is a data fetishists wet dream. Anonymity is at their discretion.

    Britards. Tell your GP's,

    Do not want. Do not need.

    1. Vimes

      Re: So it's the NHS "National Identity Register." What is it with f**king burocrats?

      Any mention of 'customers' is a fairly blatant way of them telling us what they intend: the monetisation of our personal and private information. As a transplant patient myself I thought that my doctor would have said something about this by now since I see them on a regular basis. I haven't heard a word. Not a single poster in the clinic either.

      Does this even comply with EU directives regarding privacy? You know: the ones this government are legally obliged to implement at the national level?

      I'm thinking specifically of 95/46/EC - the closest thing that the EU has to a Data Protection Act.

      Article 8 section 1 reads:

      Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

      There are exceptions listed of course but 'we need the money' strangely doesn't seem to be listed.

  5. Seanie Ryan

    the big issue i see here is the attempt to install ONE system to cover the health system. Its an enormous task and darnn near impossible.

    Having spent a few years involved in a medical software company some years ago, my thoughts are that they should have a fairly generic patient demographic system that linked across hospitals and hospital departments (thats the important point on)

    Each hospital department is very very different , both in procedures and in type of care given. Think General Medice vs Stroke Unit. Different data is recorded in each and key info is different in each too.

    So a generic demographic on each patient database, with certain common interest elements like what drugs they are currently on is the first think that needs to be in place.

    Each department then actually needs a sub-system written for that departments type of care. One for Stroke, one for Oncology, one for Cardio, one for Maternity etc.

    That way, each can be deployed independent of each other, at different time scales and budgetary allowances. Rollout and planning can then be much easier. Eventually this builds up to a super system, integrated, but specific care given in each department if private.

    Anecdote: I know of one Dr, who, in desperation, got his own system developed and installed, just for his department, trained his staff himself and tweaked it over a few years. When there was a drug recall issue because of side-effects, he simply referenced his system and found all who had been prescribed that one and contacted them all for followup. His colleagues across the same hospital and in other hospital were deep in the site for weeks, trying to compile lists , go over old records, notes etc. Took him 10 mins to have an accurate list. Took others weeks, yes, actually weeks.

  6. Anonymous Coward
    Anonymous Coward

    Great, more unsecured data

    This one database to rule them all is a scary proposition, I can absolutely guarantee the data in the giant database is not encrypted, and even if it is it will be via TDE which is pointless when the data isn't at rest (the data will never be at rest apart from when it's backed up and shipped offsite).

    I have been a resident (patient) of a major NHS trust for 6 months & the NHS' systems are archaic, so expect world + dog to be able to easily look up pretty much ANYONEs data without any controlled AAA. That worries me... a lot.

    I give it 6 months before a public breach splashes its way onto El Reg, or the news...

    1. JudeKay (Written by Reg staff)

      Re: Great, more unsecured data

      El Reg OR the news? How very dare you...

    2. NeilMc

      Re: Great, more unsecured data

      A scub bag hackers wet dream.

      ah an dlets not forget the Chinese Govt Hackers and

      Eastern European Criminals meal ticket to a millionaires lifestyle of riches borne from exploiting the wealth of unprotected data.

      and thats before the Govt or NHS decides to off-shore its storage to a mud hut on Guam

      another FUBAR project

  7. Jane Fae all those saying: what do i expect the NHS to do, simple. This is playing fast and loose with my/our personal data. It might be to a good end, appears now to be seriously outwith any parliamentary scrutiny.

    That's the worry. With power comes responsibility and, i'd hope, accountability. The set-up here omits the last component.

    1. Vimes

      I believe that the exemptions that this system relies upon are contained within the Health and Social Care Act 2012. Presumably parliament would have had a say at that point when passing the act.

      Don't expect your MP to actually pay attention to what he or she is voting for however.

  8. Vimes

    I'm curious, if we assume 10 customers would normally buy something like 10 datasets a year then this would have presumably brought in somewhere between £2,000,000 to £3,000,000 annually for the NHS (previously £20,000 to 30,000 per request according to the article that was linked to from within this piece). Now that will be a maximum of £100.

    Making access cheaper might make good business sense from the point of view of the private sector, but what will replace this lost funding?

    And this was just using figures plucked from thin air for the purpose of giving an example. I would not be surprised if the drop in funding is far bigger given that it would seem likely that there would be more requests made each year.

    Couple that with the ~£1.7 million spent on leaflets and the other no doubt extensive costs of actually running the system and I end up asking myself how much this is going to cost?

    And why are we being asked to help fund the profits being made by the pharmaceutical industry? We already have problems with the pharmaceutical industry being in cahoots with pharmacies so that the NHS can be overcharged, sometimes resulting in the cost of medication being pushed up 2,000%.

    I for one certainly do not trust them to stick to any rules.

    1. Vimes

      Another thought:

      Jeremy Hunt has been in charge of the DoH for much of this.

      It would seem that he's not content getting too close to the likes of Murdoch and other parts of the media in his guise as culture secretary. Now he seems to be too close to the pharmaceutical industry if the apparent lack of action taken over issues with overcharging the NHS is concerned, not to mention the throwing of patients under the bus where their privacy is concerned.

      To use an old phrase, IMO he just isn't 'fit for purpose' when it comes to being secretary of state of *ANY* department.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021