My wife (NHS nurse) and I (NHS IT tech) received ours a while ago, looked at each other and ticked Opt out after a second or so's consideration, then returned it.
Question is, who do you contact to confirm your Opted status?
Pressure is mounting on NHS England to stall its incoming data grab of GP-stored medical records, after another health body said that the government needed to improve public awareness of the controversial scheme. A stronger campaign was demanded from top doctors at the British Medical Association on Monday. The care.data plan …
There was a mailshot about the Summary Care Record which would have taken place over the last two years or so. This came with an opt-out form and was reply paid. From what I remember it was purple. This is the record that could be accessed for your health care e.g. in an A&E department or emergency GP service at the weekends or evenings.
Care.Data is completely separate. It will not be available to people treating you. Leaflets only came out in the second half of January this year and did not feature an opt out form (there are several good suggestions for forms around here). However opting out of the SCR will not have any effect on this extraction. This needs to be done separately.
Be sure which one you have opted out of.
This post has been deleted by its author
If only because the leaflet they so helpfully sent through the junk mail didn't have anywhere you could actually do that. As others have said, you may be thinking about the Summary Care Record, which is another thing entirely, and for which they did provide an opt-out form.
The best place to go I've found is www.care-data.info which gives quite a bit more info, as well as links to opt-out forms you can send to your GP.
I'm still waiting to be told about this, despite going to see the consultant and doctor on a fairly regular basis.
Now they claim they're going to wait 6 months so they can communicate the advantages more effectively (note the convenient lack of any mention of the disadvantages nor any attempt at fixing the holes - it's difficult to see how this whole mess could ever be in our best interests).
More effective communication? Don't make me laugh - so far in my case there has been zero communication (effective or otherwise).
I've managed to put in an opt-out form using the advice given from the excellent Light Blue Touchpaper blog. Here's the article with an opt-out form download:
I have to go to the Doctor's again before March and certainly intend to deliver my opt-out letter; so assuming that I do, I still think if this goes ahead 'on schedule' (won't that make a change!), the Government should be prosecuted over it.
Guess it's a long time since I read 'The Hitchhiker's Guide' because that comparison is so apropos I'm slightly ashamed it didn't occur to me!
My GP's surgery had a stack of leaflets made up from the details supplied on www.care-data.info, which the nice lady at reception had to resupply because everyone in front of me had taken a copy. These had the "fill in details" section on them already there to be filled in, very handy.
Just thought I would share.
The best option I can see is to opt out and I would advise everyone to do the same.
Any worry that this may be the wrong option can be set aside by noting that we will be given (or can demand) a right to opt-in later. I cannot see any government saying they will leave those who did not initially sign-up for what they say is good for us languishing in that plight. That would be electoral suicide.
They can have our opt-ins when they have convinced us it is good for us.
Under article 8 of the ECHR, we're supposed to have a right to privacy. Indeed this seems to be the main reason the Snowden revelations have caused so much blustering amongst politicians - they're not really worried about terrorists knowing they're under surveillance, they're worried that knowledge of "lawful" activities that are in fact likely contrary to Article 8 will result in a direct legal challenge that could probably succeed.
I'm pretty sure we have an Article 8 right not to have our poorly-anonymised medical records passed to the NSA and sold to Big Pharma and the insurance industry, but because of what we now know, we can be pretty sure that attaching an opt-out label to the data will simply call it out for special attention. It certainly won't have any other effect.
Nevertheless, I'd encourage everyone to at least go through the motions of opting out - at least it's then explicit that we're not quite so fond of constant surveillance as the spooks building their FacelessBook seem to imagine.
Unfortunately, I suspect more people would be enraged at the thought of foreigners underwriting our human rights than that of sharing the details of their treatment for erectile dysfunction.
If you read the privacy impact assessment here:
you'll also see that on page 13 it says you have a right to object to your data being processed under section 10 of the Data Protection Act (DPA). The opt-out being offered by care.data (which is what you'll get if you inform your GP using the forms being discussed - and operates by placing special codes in your GP data) isn't the same thing. It is being offered as an opt-out but will in fact still allow some use to be made of your private data. As such it is a con.
Everyone should actually be insisting on the full opt-out which is their right under the DPA.
Trying to access the link to the care.data website in your article, from a PC on my desk on the NHS network brings up a series of dire warnings...
Warning: Questionable Internet use policy
Reason: Downloads site
The organisation’s Internet access and usage policy suggests you should not be visiting this website. Transferring data to an external website may infringe the internet usage policy. Please think very carefully before proceeding. If in doubt, please contact a member of the Information Governance Team or refer to the specific policies on the intranet.
So - I'm not going to be able to opt-out from work - and neither are a million other people.
No, it's not. Approved purposes are medical research. And the data is pseudonymised (i.e. if you're not inside the NHS, which has this data anyway in this form, it's not readily identifiable).
Insurance companies and profit makers get Green data, which is pre-aggregated.
You're sure about that, are you? Is that what the law restricts them to, or is that just what their policy is this week? Clue: it's the latter.
"it's not readily identifiable" - +1 for weasel wording.
as for the data only being visible to those "inside the NHS" - no thanks. what happens at the GP stays at the GP, it doesn't get strewn around 300,000 employees of the NHS. and what, pray, /is/ the NHS these days? virgin? crapita?
6 month delay is good news, but will be used for propaganda of the anonymised type which the beeb are faithfully regurgitating. NHS number, anyone?
Screw them. I don't recall having been sent anything. I certainly won't have read it if it was sent. It's been years since I've been to the quack. I'm certainly not downloading a form to fill in and post elsewhere, certainly not the doctors surgery as whilst I know where it is I don't the address.
Best solution is to print-screen the form add a tick in whatever they are calling the 'fuck off' box these days, and emailing it as an attachment to whomever is the current political gobshite that is in charge of the NHS. Let that arsehole deal with it.
I had been expecting this so kept waiting, It has not come through my post box. I asked and no one on my street has had it. Granted, due to cuts in the postal service last year we only get a postman about twice a week now and it is rarely the same person, so my guess is that these "inserts" are still sitting at the post office.
Last year I got a letter that was 13 months old, they had found hundreds of bags of stolen mail but were afraid to tell people about it, so the majority of it is STILL sitting in my local postal depot!.
They should OPT everyone OUT, and then send out the leaflets to let people Opt IN...
Hello, long time lurker, first time poster.
First off, i will declare that I work in medical research (academic, not commercial), so could be considered to have an interest in this issue. Judge me as you will...
I have followed this story for the last 18 months or so, from a number of different outlets. The REG gives good coverage, but the comments are always (perhaps unsurprisingly) biased against this and similar 'big data' medical research programs.
I understand the concerns that data will be lost, and based on previous experience of public sector data handling (think laptops left on trains, un-encrypted USB sticks lost) I have genuine sympathies.
However, I think a lot of the objections are based on misunderstandings, or just plain bad information. I will try to deal with these in a rational manner, but look forward to some spirited debates on these points.
Generally, the objections fall in to the following categories.
1. What is actually happening?
The NHS is one of the biggest creators, collectors, and users of data in the UK. Every time you interact with it, a record is kept. Prescriptions, GP appointments, outpatient clinics, you name it, it's recorded somewhere.
At the moment, all of this information is kept on an almost unimaginably complex range of databases, excel spreadsheets, and paper records.
Trying to get all of this information together in one place, ready and fit for use by the NHS as and when it is needed has taken decades. Merging all of these information streams is the ultimate goal of an accurate, secure and effective NHS IT/IM system. We are still years from this.
The Care.Data program wants to merge two massive data sets. The secondary care data set, which is updated every time you see a consultant, or admitted to hospital, and the primary care data set, which is updated every time you see your GP or practice nurse. At the moment, the data is collected and stored, but never linked.
Lets just take a minute to think about this. The NHS, a system set up to look after you from cradle to the grave cannot share information between your GP and your Consultant... This is mind blowing! What happens when you are taken to A+E, and the consultant is trying their best to save your life, but can't access your primary care records (previous illnesses, allergies, do no resuscitate request etc) for want of an electronic link to them
Thankfully, this situation has been partially addressed, by the introduction of the care Summary Care Record, which provides a concise record of your medical history to medical staff in A+E. As a point of interest, it took 5 years of debate to get final agreement that the summary care record was a good thing, That's not 5 years to think about it, plan it and make it happen. That's 5 years to agree that it was a good idea!
However, the summary care record does not address the main issue, that primary and secondary care do not routinely share health information about patients, something almost unthinkable in a 21st century health service!
2. Why should i trust them with my data, when the public sector loses data all the time?
Fair point. The public sector has a fairly poor record. Thankfully, medical research has a better history of securely handling data than the rest of the public sector, as the sharing of information is based on the concept of informed consent, something that is hard to get, and even harder to regain when trust is lost. Ask anyone who works in medical research, how many regulations they have to follow, and how hard it is to to get informed consent. After all that work, they are very focused on retaining the security of the data and the trust of their patient.
3. What data will be shared?
The purpose of the linking in Care.Data is to allow the linkage of data from primary care (what you saw your GP about, what they gave you for it, what your healthcare outcome was), with data from secondary care (did you end up having to go in to hospital for the problem you saw your GP about, did the drug work?).
In practice, this will mean that the Health & Social Care Information Centre (HSCIC) will run database queries at each GP practice, which will copy previously agreed data (things like DOB, address, sex, medical read codes, drug read codes, etc) and then link this with their secondary care records, building a bigger health record for each person.
By linking these two massive data sets together, it will allow approved academic researchers to carry out Longitudinal research, looking for patterns across a massive data sets. It is important to stress that the data shared with these approved researchers will be anonymised, in that they will not contain identifiable data like name, dob, address, postcode etc. Researchers are aware of Jigsaw attacks on anonymised data sets (we've tried a few on our own data to check that our arrangements are strong enough), so are willing to make some accommodations to prevent this. Where potentially identifiable details like dob/postcode are needed, researchers will be able to work with substitutes like age range (18-30, 31-45, 46-65) and partial postcode (Like EH1 rather than EH1 3BG). This along with other arrangements should make it sufficiently hard to identify individuals that it is almost impossible.
Early work on this (albeit on a far smaller scale, circa 1 million people in Scotland), has already improved the healthcare of NHS patients, identifying healthcare inadequacies linked to postcode, age, mental status. The potential for this is almost endless, observing patterns of drug reactions, allowing the establishment of causation rather than correlation. If we are allowed to harness the power of such large data sets (albeit with robust controls), why should a small number of possible problems (which can be mitigated or prevented) be allowed to stop the possible gains for patients?
4.Who the data will be shared with.
Again, a lot of the concerns raised about this issue are based on misunderstandings and 'miss-information'. Access to anonymised data for medical research is already tightly regulated, in statute and in local regulations. I routinely have to apply for access to hospitalisation data for patients who have already given me informed consent to see their records. The forms we have to fill in every 3 months take days to fill in, and that doesn't even include the cost of the secure system we had to set up, and the training/declarations undertaken by our staff and associates. All of this detracts from our ability to carry out research, but reassures us that data (even the anonymised data) is treated very carefully, and only shared with appropriate people/organisations.
Private companies are not routinely going to be given access to this data. Only in rare occasions where they are funding collaborative research (carried out by academics), will they have any access to the anonymised data. They will NOT be given free access, or access to any identifiable data, and the 'Tories' are not planning on selling of the un-anonymised data to their chums in the insurance industry. This has been in the works for years, long before the latest government got in to power, so please don't let your skewed political agenda get in the road of a project with such huge potential for human good.
5.The opt-in/opt-out debate.
This is another contentious area. If they chose the opt out, it ensures that the majority are included in the 'link', something that will only add to the power of the data set produced, helping spot patterns, improve treatment, and pick up more effective drug treatments quicker than ever before. Saying that, it does kind of go against the concept of informed consent, but on something of this scale, I think that the potential benefits to the NHS and to humanity far outweigh the potential losses or damage to any one individual or group, so could quite legitimately be argued as the best option for society as a whole. Dangerous talk from a libertarian...
As a counter-balance, if you want to opt-out, write to your GP telling them this. They will insert a read code in to your primary care record, which when the Health & Social Care Information Centre run their data query against your record, will mark it as one to NOT to be copied. This will happen everytime until you ask for the read code to be removed. Hope that helps.
medical research has a better history of securely handling data than the rest of the public sector, as the sharing of information is based on the concept of informed consent, something that is hard to get, and even harder to regain when trust is lost.
Very true but informed consent is notably absent in what people are being opted into. Opting out is made as difficult as possible and it simply isn't being explained clearly.
You have done a pretty good job presenting a case for; so why could the government not do an equally good job? The suspicion must be that they deliberately chose not to, do not want to, and that suggests there is something we are not being told, something they don't want us to know, and is a good enough reason alone to be highly suspicious.
Private companies are not routinely going to be given access to this data... the 'Tories' are not planning on selling of the un-anonymised data to their chums in the insurance industry.
I. and I suspect others, would like to see some guarantee of that. Call us untrusting, paranoid, whatever, and that is okay, we are entitled to be. It is for the government to convince us that what you say will be the case.
Most people who are worried are not worried about medical researchers, but about the secondary use of the data that is not being ruled out explicitly. Weasel words from politicians and others trying to pretend there is no data protection issue just put people off and while it may be a laudable attempt to do something good, the sneaky, underhand and duplicitous way it has been attempted to slip it past unnoticed just breeds mistrust of all the other assurances given.
Even the opt out appears not opt you out of the big database, just to opt you out of having your personal identifiers attached. Jigsaw attacks may not be possible today but I'd put money on it that in a few years with ever increasing computing power and ever increasing big databases, cross referencing will make short work of that.
"Where patients have objected to the flow of their personal confidential data from the general practice record, the HSCIC will receive clinical data without any identifiers attached (i.e. anonymised data).
i.e. the intention is to still to extract information from the medical records of people who had opted out, just not with their NHS number, postcode, date of birth and gender attached.
This is not what any reasonable person would understand by opt out – if you opt out, no information from your medical record should leave your GP practice."
-i.e. the intention is to still to extract information from the medical records of people who had opted out, just not with their NHS number, postcode, date of birth and gender attached.-
That's the thing though. If it contains no identifiable data (NHS number, name, full postcode or DOB) it is no longer 'Your' data. It is anonymised and will be aggregated in to a larger data set, making it far harder to carry out an effective jigsaw attack.
I really am unclear why people are concerned about anonymised data being taken and used for this purpose?
If you need any persuassion on the power of this type of science, i strongly advise the tech savvy audience to watch some of Isaac Kohane's lectures on the subject. This one is a great example of the power of using big data to cure public health issues that affect Millions across the world. http://www.youtube.com/watch?v=P5O66e8r2QM
As a footnote, i would strongly recommend that any of you who have any doubts over the potential of projects like care.data take 10 minutes to watch this presentation by Dr Isaac Kohane, who is leading the way on health record linkage in the US.
It really is inspirational what a little bit of technology, hard work, and good will between competing interests can do in the health care setting.
We have the single biggest healthcare system in the world. If the yanks can do such amazing work with 10 million people's records, can you imagine what the NHS could do with 60 million records?
Biting the hand that feeds IT © 1998–2021