Twats!
That is all
Vital safeguards for protecting patients' privacy when NHS England records are shared with companies were scrapped by peers on Wednesday night. A proposed tweak to the Care Bill, tabled by Lord Owen, would have brought in independent statutory oversight to better protect the handling of patient information across the health …
Yes. Not that winning a raffle has much to do with immunity to twattage. Especially as the ones proposing this in the first place were elected.
But the thinning out by Teflon Tony a few years ago of hereditary peers means that more and more are ex ministers and people who can be "relied on" who are granted peerages.
I was once in a queue with one of the local Hereditaries: we were both collecting parts for combine harvesters. We were both driving rather scruffy Land Rovers.
I can't imagine that ever happening with an elected MP. He has far more wealth than I do, but our worlds overlapped.
(Another near-neighbour once shot a Government Minister, but only by accident.)
"Call me cynical if you like, because I am."
Cynical? I'd call it realistic.
And I notice that anonymised data isn't even being mentioned any more, it's now 'pseudonymised' i.e. 'sort of' anonymous.
What's next? "Yeah, well, we might give them your name, address, date of birth, bank account details and full medical history, but we won't let them know your shoe size or the length of your dick, honest.."
One word : Apathy
I recently spoke to a "well educated" person about the care.data scam, however this person had never heard about it, and actually said that he didnt really care either way. Age of person - Late 20s.
If this is the general feeling amongst many people, we're screwed.
Apathy plays a role, as do prioritization, ignorance and good ole fashion stupidity.
You're obviously familiar with the role apathy plays, so we can skip that. But prioritization is a huge factor in the personal/family lives of the general public. Most people know that personal information is being captured and used for 'something', but at best they view it as an abstract distraction. It might be worth looking into, but only after their work is done, family fed, clothed, vaccinated and educated, their retirement fund 'full enough' and they've cleaned out the hair trap in the kids bathroom shower.
You can't really blame them for their priorities, those are understandable enough. But their ignorance is most unfortunate. Most people who aren't in marketing or IT simply have no concept of how much personal data is being collected. They also don't know and/or understand the stunning advancements in dealing with vast amounts of unstructured data. They don't know that 'anonymized' data can be used to identify an individual and how from that point members of a family, workplace or social activities can be plugged in and create an extraordinarily accurate picture of someone.
That leaves us with the fucking stupids. People who think that if they oppose what someone else is doing to get rich then they might one day oppose them if their fortunes changed one day. The fucking stupids group also includes the people who think that anything that makes money is good for everybody.
Because the system doesn't like protests:
News of a protest will not be advertised by main stream press before the event
Any organised protest has to be arranged and allowed by the police
It will generate headlines like "Fears of violence, you are urged to stay away, don't bring children"
You will not be able to cause disruption to business, traffic, . . . . (erm scale of protest would that permit)
You will have to leave by 9:00 p.m.
One idiot will throw a bottle, police will kick the crap out of a bunch of people and it escalates
Only the violence will be shown and 'analysed' by the press, not the reason for the protest.
"Only the violence will be shown and 'analysed' by the press, not the reason for the protest."
Totally agree especially with this part of your post. The 'analysis' will extend to the computer of the one throwing the bottle and they'll probably find computer games outside of the mumsnet-approved [*] Solitaire genre.
[*] because they play it themselves when they should in fact be checking their offspring's homework or monitor how they use dad's computer and ipad while nobody's watching
I work in IT for a hospital (hence the Anon - sorry)
A little story seen from the other side of the fence.
We have been looking at accessing our patients GP records so that we can see what Drugs they are on (saves the "Well Doctor I'm on 1 small blue one, a white one and a pink one last thing at night" conversation) or maybe see their BP record (Multiple data points are better than just one taken in our clinic). To access this we have to write to the GP to ask permission, The GP then writes to the patient to get them to come in to give permission. This has to be done seperatly for each Clinic that the patient goes to (eg Heart, Chest, Kidney , Diabetes etc)
When you explain this to the patient most say "I thought you would just be able to see it anyway"
To me this shows split between the expectation and the reality. We have not yet got to a point where we have found a good balance between privacy and clinical effectiveness. This balance is going to change over time as the generations change, most health service users are in the 55-75 age range so they are changing from "Doctor knows best" born in the 40's and 50's to children of the 60's on 70's with different attitudes to being involved in their care.
As far as I'm concerned, the NHS have my data somewhere, and it would be good if any appropriate person in the NHS could access my data whenever they needed it. In fact, that needs to be made possible with all speed.
The problem is that it looks like my data will be available to be sold off for private companies to profit by it by targeting me for products or services, or by denying me socially-valuable services such as insurance if they determine that it might hit their bottom line. Weak and woolly assurances that 'whilst legal, we would, of course, never actually do that...' might placate the TL;DR brigade but I don't believe them for a minute. After all, 'universities won't charge the full 9K apart from the odd exceptional case' and 'the priority hedge-fund managers have agreed not to dump their preferential Post-Office stock the minute the price goes up'. How well did that lot work out?
If you allow these organizations to do something that's morally repugnant but profitable and do it within the law then it WILL happen.
> To access this we have to write to the GP to ask permission
The 'obvious' solution to me is to have the records *optionally* held encrypted but the key being held by the original gp but also optionally on patient, perhaps on a usb or similar.
I *presume* in an emergency (stretcher/flashing lights type of thing) you can grab the data you need without asking in the current system.
Downside is if the patient wanted this extra security but the key isn't on then, they're stuffed. But at least it gives us the option.
Probably other holes in this, but I wonder if it's workable.
Data access to aid medical treatment is a red-herring in this argument. The concern here is making confidential/personal data widely available.
When I attended an out-of-hours clinic last year, I was asked permission to access my GP records. The access was then logged, and the GP record updated. There is no problem with this. There is a problem with bulk data that can be trivially de-anonymised being given to any other and especially commercial organisations.
I live in Scotland, and have recently worked for NHS Scotland in an IT capacity.
The GP who was sufficiently worried to start the care.data site ( http://care-data.info ) is perfectly clear that this is NOT about clinically useful sharing of data:
"This ... is not about sharing your medical information with doctors, nurses and other health professionals outside of your GP surgery.
It's not about the ways in which your GP shares information about you as part of providing essential medical care.
It's not about ensuring that hospital specialists have the information that they need when you are referred to see them."
Good site and worth everybody's attention.
See also medConfidential, as mentioned in the article.
There's a tricky balance here. I've had letters come out of the blue asking for a blanket permission to share personal data with anyone.
It was the local council, not the NHS; they didn't even say it was the Social Services department wanting permission to pass on some info to an NHS clinic to support making an appointment.
And, while I know there can be administrative rules set which add restrictions, the law would allow a GP practice to register under the Data Protection Acts a blanket permission to pass on data for the purpose of providing medical care. It would need to be carefully worded but the Data Protection Acts are not rocket science: is it so hard for a manager to read them and be able to ask a lawyer a sensible question?
Your data, when harvested, will be available to medical professionals (which is a wide-ranging term) (and local taxation authorities) irrespective of your opt-out (if any).
Given that my dentists tooth cleaner is a registered medical pro, that gives me loads of confidence.
And even when they have accurate info about medication in hospitals, they still regularly dose patients with the wrong drug, or the wrong dose of the right drug.
Ah, but they've failed to expound on these regulations under discussion. By cleverly embedding a seemingly related statement into a wholly unrelated issue they've concealed the fact that they are regulating the disbursal of the kickbacks and determining how much to leave in a central pool for buying off would be whistleblowers who might stumble upon them later.
Exactly this! It's not anonymity that bothers me as much as as it's MY DETAILS and and you're going to sell it to COMMERCIAL organisations who will use it to make money off us!
FFS I'm sick of "capitalism". I simply don't believe commercial orgs are better than private ones, only being private they can hide their mistakes more easily, whereas public orgs will be disadvantaged by having a duty of transparency.
Anyway, a quick Gedankenexperiment for everyone: will these commercial organisations prioritise
[ ] valuable livesaving stuff
[ ] crap like hair regrowth lotions
Tick as appropriate.
I've worked in manipulation of massive marketing databases, I know you can't prevent a sophisticated recompile from taking so called anonomized data right back to an individual.
Despite that, I signed up for this as soon as I could. Why... Because I have a rare blood disorder that means if certain anesthesia is given to me, I die.
So for me, If I'm mangled in an accident, I want any hospital in the Country to be able pull up my records and see this. I also want my record out there being used in any studies that may help to find medications that bypass my condition.
"Because I have a rare blood disorder [snip] I also want my record out there being used in any studies that may help to find medications that bypass my condition"
Mmmm, only they won't be working on anything for you because your condition is rare and they won't make enough money out of you or others with your condition. Wear a bracelet with 'XXX alergy do not administer'
...and you do realise that opting-in to Care.Data won't help prevent you being given the wrong anaesthetic at all.
As you say, it may help a company develop a new one that won't trigger your problem, but Care.Data does not make your data any more readily available within the NHS than it ever was.
The loading of your data into a Summary Care Record would be something that you would not want to opt-out of, but that's completely separate from Care.Data.
This illustrates how even well informed people can misunderstand the mess that the NHS has got themselves in.
So for me, If I'm mangled in an accident, I want any hospital in the Country to be able pull up my records and see this. I also want my record out there being used in any studies that may help to find medications that bypass my condition.
care.data and the Summary Care Record (SCR) are two entirely separate projects.
Your first sentence quoted refers to the SCR; the second to care.data.
> So for me, If I'm mangled in an accident
This has absolutely nothing to do with accessing your medical records for medical purposes. Almost everyone is OK with that. This is about giving your personal data to commercial organizations so that they can use it to sell you stuff, or refuse you health/life insurance, etc.
You didn´t need to sign-up for it.
Everyone is automatically signed-up for it.
This fuss is about nobody bothering to consider telling the common (non-private patients) people about it, and consequently selling pseudo (non) anonymised information to their friendly back-pocket-filling insurance company friends.
"A second proposed change to the Care Bill limiting secondary use of patient data to the provision of care and "biomedical and health research", tabled by Lord Turnberg, was also rejected last night."
That is the only thing I would be ok about - without that I am opting out. It will end up being abused by scumbags.
This doesn't affect me directly, as I live in Wales, but I do know that at my elderly mothers surgery, all her friends meet up in the waiting room at their regular appointments, and they are all aware of this issue (I may have given them a nudge). Despite the fact that they are Tories to the core, they do not trust the Government (just they REALLY don't trust the other lot), and will be opting out en mass if this actually starts to go ahead.
Many have already put in forms, and will do so again in case the old ones are now invalid.
Bear in mind these are people in their 70's upward to over 100 - the people who have the most dense medical records. If they opt out at the rate I am seeing for this one surgery, the data files will be largely empty.
"sold to private businesses"
Data's not being sold, it's for the NHS's own data analysis to help improve care and budget more sensibly (currently they fly blind when assigning money as there's such little data to base funding decisions it on). It CAN potentially be supplied to "authorised" third parties, but even then it's not sold (that would be quite unethical); however, they will be made to pay for the admin services supplied by HSCIC so the tax payer isn't covering the cost.
"People can opt-out of the slurp"
Er... no, they can't. You can opt-out of your identifiers being included (referred to as "Personal Confidential Data" in documentation), which means the system can't match your GP record to the data already taken from hospitals (for years) and community suppliers (I don't know how long that's been happening). Congratulations, you've just helped make the data less useful and the NHS can continue to struggle and eventually fail(!)
If you want some useful information, please don't go to the media (full of mindless conjecture) or MedConfidential (they too have failed to understand how care.data works). Try this wired article, it's quite balanced and the author clearly read the accompanying documentation to care.data, not the tabloids.
http://www.wired.co.uk/news/archive/2014-02/07/a-simple-guide-to-care-data
Data's not being sold
The article you reference says:
Who can access the data?So it can be sold.Information from your Care.data record will be made available to organisations within the NHS (such as commissioning bodies) but also outside of the NHS, potentially (subject to approval) to pharmaceutical companies, health charities, universities, hospital trusts, think-tanks and other private companies.
Yawn:
¨Will anything be left at my GP?
Free text notes -- conditions are all coded and it's these codes that are extracted -- and "sensitive data", which includes details of infertility and assisted conception, sexually transmitted infections, abortions, gender identity matters and abuse. However, this list ** "might be reconsidered" ** at a later date¨
¨Who can access the data?
Information from your Care.data record will be made available to organisations within the NHS (such as commissioning bodies) but also outside of the NHS, potentially (subject to approval) to pharmaceutical companies, health charities, universities, hospital trusts, think-tanks and other private companies¨
I could go on, and on, and on..just from that website...
I have worked in the NHS for over 10 years and specifically in managing data from numerous Trusts.
Currently the so called beneficiaries of this data is the drug companies so they can improve health, that is total bullshit. They already have access to data but under the supervision of a Doctor via study groups and sponsored research. They pay quite a high price for this, for example one study pays £60 per patient to the patient and £600 per patient to the Doctor. They want unlimited access to this data so they can export it to 3rd world countries for analysis. Some of the research carried out helps Doctors in the NHS, but this moves the value of that to a commercial company and takes it away from the Doctor. Remember the Doctor wants to make patients better, the drug companies want to sell you a pill you have to take every week, for life.
What amazes me from working in the NHS is the complete and utter lack of a consistent access control system for data. Some Trusts have "school leavers" looking after their data and will quite happily dump a complete SQL database because they do not know how to selectively extract data.
Others are incompetent with the HL7 interfaces, they say "well give you everything and you sort out what you need".
Meanwhile GP's are already not respecting your wishes if you want to opt out of the spine (your data being shared across the NHS).
The spine itself has already been infiltrated by Data companies who are selling selective parts of this data such as the address of patients to debt collection companies.
The data is not anonymous, because when you combine this data with data from other databases including Companies House directors, the electoral register and all the other databases.
For this reason I do not put my name on the Electoral Register.
The most sinister aspect of this is that you CAN'T OPT OUT, I already opted out of the spine with my GP but my data is being provided to the spine and being sold off to 3rd parties NOW. How do I know this?
I split from my Ex and took on some credit card debt which was sold off to a debt collection company. It took a while for me to get a new flat so I was staying with friends. I was temporarily at two different addresses, but I did not give those addresses to any organisation except two parts of the NHS, one was the transplant register, within a week I received a threatening letter from the debt collection agency, so that address had got onto Equifax.
Then a month later whilst at a completely different address that I provided to my local hospital who asked me to confirm my address. I gave them the address but I modified it by adding "first floor" even though it was a detached house. Sure enough the debt collection company wrote to me at the new address and included the "first floor" in their address.
Whilst I was at these two addresses I was completely "off radar" even my bank did not have my address. So the idea of GP's managing your preferences is a joke, they can't even manage it now.
Quite how the data is getting out of the NHS at the moment is unknown to me but I suspect it is a company that is plugged into both by providing some sort of outsourced IT service. Of course they will never admit it and right now they are probably only using the address updates but have you noticed how every time you use the NHS they are manic about getting you to confirm your address is correct?
Once you let this data out of the NHS access control will go out the window, the big data management companies will abuse your data (just look at what their American parent companies already do).
Some of these data companies already manage "public" databases things like the tenant deposit register to name just one, there are too many to mention.
Various different companies have access to public data, some buy the electoral register for under £5 per thousand records, they then bolt on information they gather and scrape from other sources including Google. This is why you are so stupid to provide your data either to companies or even sites like linkedin and Facebook. All that data can and is scraped daily.
The data protection act has a key element called PURPOSE, you provide your data to an organisation for a purpose and they are not allowed to use it for a different purpose without your express permission. The public sector organisations are exempt from this and the private data companies want access to this this exemption via the back door and you are not even being given consent.
Many companies are putting your data on credit registers without even telling you, they do not just look you up but they share your payment history. This includes energy companies, broadband suppliers and mobile phone companies.
So how can this data be abused, well putting aside the fact that some faceless organisation has access to your data without your permission? Simple, by profiling. When you know a patient has been putting on weight you can put relevant ads up to them, this already happens, it is called re-targeting, you can do it across most internet platforms (it is how ads chase you).
Consider Google, they collect your web search history and the only way to opt out is to register with them and specify that, they will still collect that data, they will just not use it to affect your search results. They have a spy on your desktop, first with Google Chrome, but also with the various toolbars in other browsers and also in the search box of the browser itself. Now this all sounds like innocent marketing right, sure, except that when Google sent their streetview cars around they used a pernicious bot to identify your router, grab all the information about it and even break through it to trawl your PC data. We recently found out that Google management were warned about this by their engineers and still proceeded. When asked to delete the data they said "we can't delete all of it but we have done what we can" what this means is that they deleted the data but not the index of it. Once they index data it is part of the index and that cannot be deleted ever. Just read the book "in the plex" to understand why. Hell they even index your emails.
So now Google knows your habits, it can identify you by the unique footprint of your router, SSID, your mobile, your PC name and when these change it can update your "profile", this is not a profile you have access to, but the Government does, there is a publicly admitted part of this
http://www.theguardian.com/world/2014/feb/03/microsoft-facebook-google-yahoo-fisa-surveillance-requests
and the not so public admitted
www.pcmag.com/article2/0,2817,2426590,00.asp
Plus off course what we were told by Edward Snowden
en.wikipedia.org/wiki/Edward_Snowden
Google is not the only one, Facebook will use your likes, the groups you belong to, your connections with friends, fair enough you might say, but they use your private messaging that is stepping over the line. Worse still 3rd party companies use software to trawl Facebook data and build their own profiles.
What it shows is that if you do not restrict and regulate big companies they will go as far as you let them.
Another example is insurance companies, with this NHS data they will be able to start to build a profile, it will start with increased policy costs and lead to refusal to even offer a policy. That is just one abuse of data, the whole idea of insurance is that you spread the risk across the masses.
What we have here is the beginnings of the creation of a "sub-class" for some it will be your financial status for other your health status and it is the combining of data that is the biggest risk. That will allow them to create new "sub-classes" or "prospects". Your medical data may be used to determine your lifestyle choices, how much alcohol you consume, have you ever taken drugs, are you depressed, are you a single parent, are your promiscuous, have you had an abortion, etc etc; your whole reputation is being sold, not just to one party but to all takers. They will combine that data with other databases, identify you, probably try to get you to confirm that identity with a questionaire or survey, or just use it as a "potential match". The continual updates from the NHS means they can chase you and you can't get away.
The only way to avoid this invasion of privacy is to take out services in false names and using false previous addresses, they know this and that is why they want access to data you can't change, your health data.
Information is power so collecting it by any means possible gives a lot of power and we know that power corrupts.
At the most basic the caredata system should be opt-in not opt-out so people have to choose to share their data, but I think the whole thing should be scrapped.
My experience is that even though the commercial world has all this data they still get it wrong - I regularly receive fiancial documents and other sensitive documents sent to my address because the banks etc can't get the Post Code right - even after they and the real "owner" have been told - multiple times.(Why can't the Postie realise my semi does not have Flats?)
In a way one of the problems is that someone elses medical or other data gets assigned to you, try and convince the big organisations that they have it wrong, if you ever had a credit problem you will know what I mean.
If you are rich, you do not have to use the NHS and can chose 'private providers' who do not share info (and know you will sue if they do) - which is why the Cameroons and Lords dont care.
In the short term do not do social networks, be ex-directory (phones and census), do not agree to any data sharing/sales where you are permitted that is.