Track Record
"[Kelsey] said that it was simply not true that "the state is going to do dastardly things" with centrally held GP medical records. "
And, of course, their track record bears this out.
NHS England's bosses and the government's health minister came under fire from MPs on Tuesday afternoon over the fudged and delayed plan to store patients' GP-held medical records with other data kept by hospitals in a centralised database. Tim Kelsey, the health service's patients and information national director, admitted …
I am convinced that the use of inmates on day release from Broadmoor Hospital to manage and develop Government software projects is not the world's greatest idea. It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function. I am convinced that this is the reason why almost all government projects have infinite cost overruns and the capacity to fail on their objectives. The "was it wasn't" illegal sale of hospital records for the princely sum of £2,500 will of course keep the NHS running for a long time; about 1 second did I hear?
I think this is the real problem.
I don't suppose for a minute that anyone at the NHS wants to do dastardly things. I also assume good faith on the part of most of the Government. But that isn't enough. We now don't trust any of our power structures in this country, after 5 decades of ineffectiveness and occasional magnesium flares of corruption.
Duck houses, the way failed politicians run away to well paid sinecures in Europe, Blair and his housing stock, Thatcher and her cover ups. We don't trust them any more. At all. Over anything.
So when they try to do something that /might/ need us to take a balanced view of why they are doing it, we can't. Because we suspect everything they do. We have become uber-cynical.
The shame is entirely theirs.
"He said if scattered pieces of such data could be assembled, like a jigsaw, to identify a specific individual, for example, then the firm responsible would face a fine of up to £500,000 from the Information Commissioner's Office."
Half a million cap on the fine, and no possibility of a custodial sentence. Compared to the value this data set has, half a million pound fine could simply be put down as the cost of doing business.
Once that data set has been re-identified and distrubuted, the damage is done.
500k puts the value of each record at arround 10p, I think the data is worth a bit more than that!
Perhaps they should really anonymise the data. Not pretend-anonymise. It is almost as if it was anonymised in a way that could easily be de-anonymised if wanted. I mean, birthdate, gender and full postcode. Never attribute incompetence to a government, when you can as easily attribute malignacy to it. Government employs enough people with univ degrees to get it right, to get it wrong has to be deliberate.
"But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime "
Not enough. Look at Murdoch and his vermin all bleating that they didn't know or they didn't do it deliberately. Proving otherwise is difficult, and could be enough to get the despicable liars (or incompetents) off the hook.
Far better to make people cupable for circumvention of privacy controls, without having to prove knowledge or intent. It then becomes the organisation's responsibility to have controls to ensure that they do not circumvent privacy requirements. Ignorance of the law is no defence - why should ignorance of the organisation breaching the law be a defence for those rewarded for responsible for running it?
The fine is for the company doing the dedupe, so you simply dissolve the company after you have sold the data to yourself.
The fine only applies to companies doing the dedupe if they are under UK jurisdiction, simply run the server in Boratistan and you are safe.
There is no fine for buying/selling/using the data afterwards
Problem is, once the genie is out of the bottle, or in this case, the data has been compromised, that is it. You can't get it back in.
With this in mind:
Do you trust the Government to successfully implement an IT project that manages data of such a private nature, akin to your financial data, to ensure that the safeguards are so watertight that even a malicious insider couldn't easily walk away with it?
If the answer is no then how can you agree to the proposals?
Not that I think *what* I think will make one jot of difference to the inevitable outcome. I will have to rely on incompetence to do the job for me. Worked with identity cards.
> just how much IT do you think a surgery has to do this
Don't most local surgeries outsource their IT already?
> You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.
I'm not so sure pre-reviewing every request is entirely necessary. Decent security, restricted authentication tokens, comprehensive logging of every request, a clear audit trail, and stiff penalties for misuse, should be enough to deter most ne'er-do-wells from mucking about.
How often would such requests be done, anyway? Surely only when a patent's status changes - they move home, visit a doctor on holiday, require emergency treatment, etc. We're surely not talking 1,000 requests per second which need reviewing.
Want my data? Limit the postcode to area code (first 3/4 characters only), no date of birth, just age range accurate to decade, and no NHS number or other unique identifier. And then make it opt-in.
Otherwise, I will not only opt out, but also encourage everyone I know (and anyone else I can reach) to do likewise and spread the word further.
I have 2 conditions affecting 2% of the population. if these are independent ( research topic there straight away, contact me re informed consent) then I'm one special snowflake within 250 ordinary snowflakes.
now talk to me about re-identification. oh and I've "opted out", which seems to mean my data from the gp is going to be extracted to somewhere (in the UK?) by the nice people at atos. quite what happens after that? perhaps that nice history graduate from McKinsey could enlighten us?
"...NHS England would try to bring an end to concerns about care.data by talking about legal safeguards..."
Like passing a law criminalising the possession of patient data of those who have opted out by private companies, attempting to obtain, , or viewing, or encouraging others to obtain, or supplying data of those opted out. Criminalising the de anonymization of any NHS patient data by private businesses, or attempting to reconcile it with third party databases. Making those within the NHS responsible for the data criminally liable for allowing unauthorised 3rd party access, including someone handing over a password or allowing records to be viewed. Etc, etc. With decent custodial sentences attached.
Given the deliberate mendacity, hedging and incompetence to data, I won't hold my breath. The current half cocked attempts to deliver a back door fait accompli to the private sector will blow back very badly.
Bottom line: I'm very happy for my medical data to be used for the good of all. I'm not happy for it to be used as another asset to be sold off in the forced privatization of the NHS.
Ben Goldcare has a nice article in the Grauniad: http://www.theguardian.com/society/2014/feb/21/nhs-plan-share-medical-data-save-lives
Let's see what changes get made in the 6 months "consultation" period - and opt out if we're still not happy.
Ben Goldacre is now rather less optimistic. If you look at his tweets yesterday (@BenGoldacre), you'll see - it's the most vexed I've ever seen him.
And given his (guarded) optimism in that piece last Friday, it seems that care.data is sunk.
This post has been deleted by its author
...or just move to Scotland.
NHS Scotland has always been a separate body from the NHS in England & Wales and healthcare is already a devolved issue in Scotland.
Not sure that would be sufficient to delete/opt-out your NHS England & Wales data though?
Information Governance page at NHS Scotland:-
http://www.knowledge.scot.nhs.uk/ig.aspx
Do you want any healthcare professional to be able to access your complete medical record before treating you, or to guess what a GP might be treating you for, or another hospital out of your area.
Do you want the NHS to be able to analyse health data for trends to identify disease or side effect trends, so that research funds can be applied.
If you do, then how do you think the NHS can do this without a single data structure to interrogate, be it distributed or centralised.
I have little trust in politicians, or indeed health service managers, but a lot of trust in healthcare professionals, with good reason, having had to repeat my medical history verbally many times over the past few years, I would much prefer that this data is available to any doctor who needs to treat me, just in case I forget a detail. I also don't want to carry a usb stick or card around with me that has that data on it, or authorises access, being human I would forget them.
Oh, and you might also want to think about the full consequences of Insurance Companies seeing everybody's heath records, not that I want them too, but you are required to disclose known medical conditions when you take out a policy. In some cases also during a policy, for example car insurance, failure to do that would invalidate your insurance. The Insurance companies might well find that their client pool drops dramatically, along with profits and revenue.
This is not about mistrusting the healthcare professionals. It's mistrusting the management wonks - either now or in a few governments' time who will flog this off to the highest bidder.
Sooner or later they will fuck the nation over massively with this. They will.
I don't think many people will have a problem with medical data being used for life-saving medical research. What I have a major problem is the selling of this data to the private sector for commercial gain. Those two areas have been lumped together for care.data, which is why it's a farce to begin with.
Secondly, the rhetoric coming from those in charge of the project just shows they haven't a clue - this project, in order to work, needs complete transparency, and for the rules on how data is used to be clear. On the first point, they've already bungled, by refusing to explain decisions that led medical data be sold to insurance companies due to companies "re-branding" (whether that particualr act is actually damaging to peoples interests is debateable, but the refusal to explain IS definitely damaging) and on the second, nothing exists.
And it's going to be implemented by ATOS. Now I know that you're going to have to use a big provider for this, but jeez, anyone but ATOS...
You seem to misunderstand what Care.data is about. It's not about sharing your medical records inside the NHS, it's about sharing medical records with 3rd parties outside the NHS. Your data is already available to the professionals within the healthcare service. Staying opted-in will not change the fact that you're asked to repeat your medical history every time you see a doctor or healthcare professional.
And thirdly
If all the insurance companies have access to everyones medical records, where does your presumption that "The Insurance companies might well find that their client pool drops dramatically, along with profits and revenue" fit in.
What it's more likely to lead to is many more people being refused motor insurance altogether, but continuing to drive anyway, or only being able to get insurance via a few specialist insurers who actually take the time to understand the 'risks', which the big companies almost certainly won't do. Take it from someone with experience in that respect; the big insurance companies are only interested in low risk customers.
More uninsured drivers = higher premiums all round = more profits for the insurance companies. Win/Win for them, Lose/Lose for us.
And that would be applicable across ALL sorts of insurance. Got 'free' travel insurance with your bank account? You can bet that noone will cover you for any pre-existing medical conditions
I have previously proposed a solution to a fair few of your hopes for care.data, but being on the wrong side of the pond... Yeah.
My proposal: A Smart card-ish device with a good encryption standard to hold your medical records; with emergency info printed on it (allergies, etc) it gets reviewed whenever you go to the Doc/A&E, and then updated with your treatment. NHS can offer a "Back-up" service to provide a replacement for a lost/stolen card, and they can run analysis on those who use the service. There should also be a method wherein your GP can make a backup for those who do not want to be analyzed. Read/Write capabilities should be regulated as medical equipment, with the associated costs, to keep snooping/malfeasance to a minimum.
This, I believe, would allow the data portability (data ubiquity, if you will) that care.data is supposed to deliver with the added benefit of the individual to control their data.
"Do you want any healthcare professional to be able to access your complete medical record before treating you, or to guess what a GP might be treating you for, or another hospital out of your area."
Amazingly, unbelievably, that is the one thing that ISN'T included in what's being visited upon us, although the very limited, rather slanted material provided by the NHS appears to imply it is the case although its never explicitly stated. The quite separate "summary care record" provides health professionals with a very limited view of your allergies and prescribed medication, but thats it.
" - The information uploaded to care.data will not be made available to health professionals providing your treatment, but to universities, pharmaceutical companies and commercial organisations
- care.data does not concern clinical care, it is an administrative and research database"
Thats from brief.care-data.info , which is written by a GP, and seems to provide more detail and clarity over what is and isn't being done that the lamentable NHS blurb - they do after all have an interest in bigging up the value to patients.
Perhaps get your facts straight before spouting.
You are either ignorant, an idiot or a troll.
The care.data will not be used for medical treatment, that data channel is already present, it will be use for Big Data mining, and that can be very dangerous without strict and clearly defined /existing/ rules; there are no effective /existing/ rules..... it's FUBAR.
None of these morons in Government or the NHS understand that it is not their data, it is MY medical record, private and personal. Its is about me, for me and future treatments and would be best kept by me. If I lose it it is MY problem. If I opt in it is my choice, it should not be about opting out. No matter how much the data is anonymized, if the patient DOB sex and practice in which the data was obtained, the other half of the data can be obtained from the local government agencies. It can never be anonymous simply by reason of that fact. There is no point in having any central database if records do no not contain age, sex and location when researching any disease or condition. If I dont not want people to have access to this that must be the default.
have to agree, however the labour party sold us down the river. they passed a law saying medical records belong to the secretary of state for health, currently Jeremy cunt.
no political party is proposing to repeal that.
even if they did, the law could be reenacted. answers on a postcard please.
I thought when you opt out it doesn't actually remove your data in any way. Instead they "tag" it with a "code" that means "don't look at me". Anyone who wants to use the data for "other" purposes isn't going to give too hoots about the opt out code. If anything it will make your record more interesting as you clearly have something you want to hide!
Even if the system is secure now, it has to stay secure for your entire lifetime and probably your children's lifetime too - as your medical history is useful in predicting around 50% of your parent's/sibling's/children's susceptibility. Though that likely excludes the more embarrassing personal medical history but not the insurance issues.
And therefore if you opt out but the records of your parents/siblings/children who haven't are ever cracked then perhaps 50% of your info can be inferred.
Would you bet on tech not being able to break current encryption in 20, 40, 60 years time?
As has been posted above: this is a data grab for Big Finance and Big Pharma.
It has NOTHING at all to do with clinical care.
And for all the imaginary situations whereby "instant access to full medical records" would prevent some kind of irreparable medical harm: bollocks. I cannot remember a situation where I have required this, or have heard of it happening to a colleague, or a friend of a aunt of a colleague. I find it hard to imagine a plausible situation where this would be required. There are no published case reports, let alone observational studies of this problem. With some guesstimates based on my personal experience and using the rule-of-three, for p<0.05 there could be harm to at most 0.006% of those presenting to inpatient medical care.
Non-IT related rant follows:
What would be useful is if those receiving health care and taking medication could take as much interest in their treatment as, say, the engine size and fuel efficiency of their car. Or the current form of their preferred sports team, along with how the manager should improve things, or the present storyline(s) of their favourite soap, or indeed ANYTHING ELSE that people seem to feel are entirely reasonable things to know all about. If your health is important to you, you should probably pay some attention to it.
And breathe.
(If your health is not important to you now, it might well be in the future if you need to come and meet me. Your choice.)
....who have neglected to put into place a plan to upgrade more than 1 million NHS computers from Windows XP, at a cost of $200 per desktop for the first year, going up to $400 in the second and $800 in the third year? I'm not saying that the XP state of affairs would prevent the care.data scheme from going ahead (especially since the total isn't all GP-related) but it'll make it all the more interesting - £120million for Year 1 to stay as they are, with all of the additional challenges that the continued use of an out-dated operating system brings.