Who cares what the EU group think?
Bemoaning the results of a survey showing that more than a third of people don't trust the NHS with their personal information, a new EU-funded lobby group has stressed the need for a “new culture of openness” in allowing patient data to be shared between studies. eTRIKS, which describes itself as “the result of a …
"Possibly, however, the UK government won't be able to claim whatever they come up with is because of the EU and there is nothing they can do about it."
The Tories are still blaming all the UKs woes on the last Labour govt of 6 years ago. Said Labour Govt. were still blaming Thatcher and Major for all the UKs woes right up to the end of their 13 year reign.
It seems that all politicians are actually quite useless and ineffective as they never seem to be able to sort out the previous Govts. "mess".
I'm very accepting of the fact that the more medical data that is shared the more medical science can progress.
What I'm not accepting of is the fact that medical corporations will take public money and my personal information and then make phenomenal profits by selling symptom masking drugs at price gouging prices.
"symptom masking drugs"
There is not much reward in trial-and-error diagnosing (troubleshooting) to find and treat root causes of many ailments, so treating the symptom meets peoples' expectations of immediate resolution (because they saw it done on TV in an hour including commercials or just out of desperation) and the system's expectation of funneling patients through as quickly as possible with as little cost as possible.
"at price gouging prices."
This is a legitimately confusing point for me. As I understand, the NHS has price controls on care and medications, so the cost for patients should ostensibly be minimal.
This being the case, irrespective of whether the drug treats a symptom or the cause, development takes resources which need to be recouped. So, when faced with one outlet with price controls which cannot meet the cost of R&D (and regulatory compliance and investment expectations, both which can be abusive,) then the price for the other outlet must compensate.
I've nothing against medical corporations making profit and covering their costs - and modern drug treatments and the research behind them can be incredibly expensive however they have a history of charging that the market can stand and not a fair price for the drug. This isn't conjecture, this is from personal experience and trusted colleague experience who have seen the pricing decision making process from the inside where the development costs are often entirely unrelated to the final pricing.
"eTRIKS, which describes itself as “the result of a collaboration between 17 different partners” including Pfizer, GlaxoSmithKline, AstraZeneca, Imperial College London, and the University of Oxford's e-Research Centre, has reported the results of its own survey."
You couldn't make this shit up. 'eTRIKS'. Tricks.....
Yes, access to data on a large scale would be useful. There is no denying this. And, if there was a fair price paid which funded NHS services based on subsequent profits, then yes. I can see no moral problem.
Except, of course, the fact that history has shown us that any data sharing exercise, despite amazing assurances, safeguards, promises, which involves a Governmentally linked body with the private sector results in the data subjects usually getting shafted by the fact there is a monumental screwup. Which then is a Pandora's Box scenario.
As someone who knows someone who deals with NHS IT Services and providers...personally, confidence is low.
and agencies for the good of everyone?
So unfashionable now, alas.
Or if it were administered by competent and honest administrators.
Or perhaps even competent /or/ honest ones?
Better to export questions and gather answers, giving each citizen a monthly account of who asked what, under what power I'd pretext.
the amusing thing - is if they just said no human could look at this data i'd be fine with it.
I have no problem with my puny medical file being used to cure cancer, or whatever - as part of a larger anonimized data set.
I have a massive problem with Jenny from Mayday Hospital getting bored and deciding to rummage through her neighbours, friends, colleagues, random person on the tele records - as has been proven to already be happening.
It can't, that's the problem.
There are only three white males living in my postcode. Only two in even the approximate age band. So anything else about me - age to the decade, hair colour, martial status, indoor/outdoor job, alcohol consumption - will identify me.
It's just not possible to get the resolution needed to do this research without identifying individuals.
But the NHS shares my medical data already with the people who need to know it. Those are the hospital, my GP, and er - that's it. I don't want Bayer having access to see how a 28 year old who is a non-smoker/aparently-binge-drinker-who-drinks-4-pints-on-a-sunday-every-month recovers from tearing a tendon near his knee while he was yawning*.
If I have cancer, and I want access to a medical trial that could save my life, I'd be open to it then. But just accessing my records for the sake of it? Absolutely not. And this is something that won't go away even with Brexit.
*that actually happened.
Nope. Was sat at my desk, very tired (was my second night of sub-4 hour sleep), and I yawned. As I did I stretched my arms, then my legs. At which point, I hear a sound which is akin to ripping the wing off a cooked chicken. No immediate pain, until I stood up. Couldn't bend my knee. It stayed like that for 10 days, couldn't walk.
Literally couldn't even go for a shit without crying.
"Have you not heard of laxatives? "
I'm confused (or you are). You appear to be suggesting that he either shits standing up, or that laxatives can someone allow him to bend his leg without pain so he can shit in a toilet.
ORRRR...you think the crying was due to not being able to shit, when I believe it would be more to do with not being able to bend his leg.
Take your pick. Personally I'm hoping you meant he should shit standing up, coz at least that paints a funny picture :)
how long before the Pharma sites get hacked and we have all our medical records plastered over the internet.
While it might be 'lovely jubbly' for a few demented hacks (as they expose what so called celeb had what done to them and when and where and how much it cost) for the rest of us it would be deeply embarrassing.
I don't want Ad slingers like Google to know that I have Leukaemia. Sorry that is a matter between the NHS, me and my family and the few others that I might tell. And yes I do have it. Currently in remission.
Posting anon because we can be sure that Google, Amazon and the rest will have bots reading this forum.
Don't mean to sound like an alarmist doom'n'gloom monger, but relying on posting AC is of dubious utility unless you've taken extra precautions.
Assuming you're not using a blockerator of some sort (and I pray to FSM that you are), the google-analyrics.com JS is active on the El Reg "reply to post" form so if they were so inclined, google would be able to see a user with the cookie jNnQ0MWllwa9yHPGVIqOu9Tjpg1lvXrg accessing the "write post" page, and eight minutes later posted a post, which coincided at the exact same time as a post titled "While the data might be limited to Pharma".
Oddly enough, from the same cookie ID jNnQ0MWllwa9yHPGVIqOu9Tjpg1lvXrg is also seen to regularly log into the gmail account of firstname.lastname@example.org and the facebook page of HettyMacHetterson, which gets us names, addresses and phone numbers. A few more queries into jNnQ0MWllwa9yHPGVIqOu9Tjpg1lvXrg and we'll have a ballpark for your profession, your earnings and your dependants. And whaddaya know, this set of
shakedown merchants valued clients will pay handsomely to target individuals suffering from serious life-threatening conditions.
Whether the ad slingers actually go to this level of detail or not I don't know (not enough tinfoil in my diet clearly), but I don't see why it's not technically possible. As someone else noted elsewhere, there's already been plenty of work done on de-anonymising large data sets like the Netflix subscriber catalogue... and things like diseases are even more identifiable I should think.
Other gubbins that attempted to load by the page I'm on now besides google:
(By the way, "congrats" may be the wrong word, but long may your remission continue in peaceful anonymity with your friends and family)
How many of the commercial entities in this partnership have been dinged for suppressing inconvenient findings and even deliberately marketing product they damned well knew were harmful?
IMHO ALL results, good, bad and ugly should be published before a drug candidate is given final approval. And if deliberate mal, mis, or nonfeasance can be demonstrated if/when a drug proves to be harmful in the long term, then the penalty should be 100% of the total revenues (not profit) derived from that drug.
How many of the commercial entities in this partnership have been dinged for suppressing inconvenient findings and even deliberately marketing product they damned well knew were harmful?
The same companies who want to hide the clinical trials that don't support their products you mean? The same ones that fiddle the patent system in order to block generics? That industry?
Its a simple statement and very true.
The big corporate seem to forget what the word "personal" means and why we don't want random companies knowing about all our medical history and issues, nor do we want to find out that they were accidentally leaked or shared with "partners".
In any case, any such rules on personal data must be "opt in" with no impossible to bypass conditions such as "use of this site grants us ..." type legal BS when trying to book an appointment with the local GP or attend hospital.
You have to assume that most outcomes would be negative for the individual - leaked personal data or misuse, for example insurance companies would probably buy it and use that data as a reason to not take a policy or pay out when the worst does happen to some unfortunate person, since 3 generations back someone had something broadly similar.
When data is leaked, big corporates may be able to get away with just paying a fine and walking away from any issues, but its not possible for the rest of us to undo their mistakes as easily, we have to live with their consequences. Personally, I'm not taking that risk. Personal data will remain personal.
What I want to know is where is the data protection act and why isn't this being enforced to reduce the misuse of our personal data.
Just that. And governments everywhere are doing the exact opposite of what they need to do to earn it. How long is it going to take for them to realise this?
First earn trust by accepting that past behaviour is wrong and stopping it. That means more than having a tribunal tell you that you were wrong in the past because you were misusing legislation. That idea of "wrong" can be fixed by continuing to do the same under different legislation. It wasn't wrong because of the legislative framework, it was just wrong. So TPTB need to recognise that, publicly acknowledge it, apologise, and stop it.
Then start afresh. Make the data protection principles the basis of all handling of personal data. Share data only with specific informed consent. Give feedback to data subjects as to when and how data is shared. Make it a condition that when data is shared under consent it cannot be further shared without new specific informed consent. If this is breached each data subject should be entitled to a payment sufficiently large to make such breaches unprofitable with damages where the data subject has suffered actual loss as a consequence (e.g. medical history passed to an insurance company that then raises rates).
And this is where GDPR is supposed to come into play - they current data protection act is out dated and easy to work around.. GDPR introduces up to 4% of gross annual turnover or 250m, which every is highest as a maximum fine instead of the small amount that the ICO can enforce under the DPA at the moment. It will be interesting to see how the NHS and other larger organisations prepare and change for GDPR in 2018 ( the U.K. Will still onboard this regardless of leaving the EU to continue trading) especially as the primary focus is around consent with an explicit opt in only, data sharing in general and targeting of individuals
And this is where GDPR is supposed to come into play - they current data protection act is out dated and easy to work around.. GDPR introduces up to 4% of gross annual turnover or 250m, which every is highest as a maximum fine instead of the small amount that the ICO can enforce under the DPA at the moment. It will be interesting to see how the NHS and other larger organisations prepare and change for GDPR in 2018 ( the U.K. Will still onboard this regardless of leaking the EU to continue trading) especially as the primary focus is around consent with an explicit opt in only, data sharing in general and targeting of individuals
The ICO has already shown itself to be toothless on this issue.
It's now past the six months from that undertaking - has anyone heard from HSCIC like they promised? I haven't.
Consent is already opt-in, it's a fundamental part of the existing data protection rules, it's just that those rules are being widely ignored and the ICO does almost nothing.
I think that even with the best will in the world that guarantee will never happen.
More practically, there should be defined compensation to be paid by each entity using the data, to each person whose data it is, in the event of a breach and or/leak and/or misuse.
Then we will be able to be sure there will be real incentive for the data to be handled correctly, and so have a reasonable hope that it /will/ be handled correctly... but if not, compensation will be paid. Perhaps 10k per record over tens of millions of patients might concentrate the mind a bit.
>I don't have a problem with that as long as their is a big box saying 'Feck Off' I can tick....
No, no, no, no, no ... you want UNCHECKED boxes:
I am happy for you to share my medical records with public authorities
I am happy for you to share my medical records with private authorities
Check boxes must be unchecked, optional, clearly marked in a wider box that explains a bit more about WHAT data they intend to share etc. A list of fields with user friendly names (descriptions) MUST be provided, can be on separate page clearly linked-to in the description directly above check boxes.
And yes, I think we need to ensure the NHS, or national equivalent in other states, gets a standard fixed amount per "shared" patient record.
I am, of course, very upset about the EU funding these data thieves ...
There is only one way data should ever be shared, and that is with a decision model at source, i.e. your permission is required for it to leave any repository where it was collected such as GP practice system or hospital database.
On top of that, you must a. have the right to render any shared data anonymous BEFORE it is sent (to prevent any "accidents" later) which will support statistical needs enough and b. have the right to have non-anonymised data to be reported and erased when sent elsewhere or, in short:
THE ONLY PERSON WHO GETS TO MAKE DECISIONS ABOUT PATIENT DATA IS THE PATIENT.
No government, no pressure group, no academics, no big pharma - the data owner is and should remain the patient itself. That is the model you should work with, there is really no need to make it any more complicated.
A great deal of research goes unpublished; the so-called 'negative data'. When drug trials don't show a benefit for the promoter they get quietly hidden. Then data for published work is often either not available, incomplete or in a form that is hard to use. And a large proportion of the research papers themselves are published behind very expensive paywalls.
The non-profit organisation PLoS has changed and is changing the publication landscape, and academic campaigns for open access to research papers and open data also play a part. But there is a long way to go.
Big Pharma can have details of my medical history when they publish all their research data, including that which shows their products in a poor light, and when they stop charging people to read the papers
I rather like that idea, but with the caveat that they still won't get access to PERSONAL data, only to anonymised information.
For the rest I'm all in favour of it. Or maybe they should fund an independent resource (funding according to turnover, not profit, so it's harder to game) which then does the data crunching for all pharma.
This could be a nice joint University effort, and they're only allowed to make use of it if they paid their contribution (to stop creative accounting - well, OK, lessen its impact - and prevent result skew towards sole funders like the tobacco industry has been doing for year).
Dang, we solved it. Do we get a medal or something?
Why so sure? Private patients presumably sign long and tedious forms authorizing whatever procedure is recommended, and there might well be some sort of data-sharing clause in there as a matter of course.
I certainly dont /know/ this, I'm only speculating. Does anyone have any examples or evidence?
"there might well be some sort of data-sharing clause in there as a matter of course."
Some of the principles of data protection (from the ICO's site.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
I think that should be sufficient to rule data sharing clauses illegal. In particular, passing data out of control of the original custodian makes 7 particularly difficult to achieve.
Oh, and look at this one:
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
So much for the Privacy Figleaf.
I object to having to pay tens of pounds to get copies of my data out of my local hospital when the pharmas don't. Well not that amount scaled up anyway.
It's supposedly anonymised but you don't have to get much publicly available information (for example news that somebody was involved in a road traffic accident) to connect everything up.
From the "news" items that arise from time to time the biggest problem facing the medical profession at the moment is the increasing ineffectiveness of antibiotics. Now there is no obvious means of knowing if Big Pharma is doing anything about this out of the public gaze, but finding new drug treatments for common infections that could run riot through humanity following just a small mutation in the infective agents would seem to be a more worthwhile activity than delving into the detail of patient records for any reason.
Would trawling patient records help find a treatment for ebola, to cite just one example? I suspect not. Just look at all the treatments have been developed without harvesting patient data on a huge scale.
Like (I suspect) every other commentard I sincerely hope that this idea is trampled on and killed off at once, but I fear that it won't be...
Perhaps its supporters could tell us exactly which medical procedures will benefit from the idea while at the same time the risk of dying from a hospital acquired infection gets greater and greater.
I have a rear end problem and am offered surgery. I ask the consultant whether my sexual preferences create any risk. No they don't. So the question could have been forgotten. But no, the whole thing gets reported in detail three times in my records.
I ask about appointments and find that receptionists and administrators have full access to consultants' reports.
It has been said repeatedly on this site that hospital staff don't bother with individual logins and passwords, whilst there have been plenty of other stories about general IT and data security incompetence.
I've been Admin of a patient records system
1. You only had to log in for the access to see anyones full medical record. It wasn't possible, lied the software company, when i suggested for example restricting visible patients based on a authorised caseload list. I told them this was nonsense, mainly based on another of my systems having this in a fairly simple way technically. It came down to money inevitably. You could search by name, address, symptom, medicine. You name it. We had thousands of users, including secretaries as doctors were loathe to write anything themselves. The patient data was not in the top concerns by Staff
2. Log ins were obtained by anyone from student nurses to IT staff, to the service desk for payment Resets. The only thing stopping them snooping was randomised audits... By me. Which without dB access (don't ask, the setup will depress you) involved going onto a patients record and seeing the footprint of who else had. Very fallible.
3. You better believe medical staff shared logins. I remember being new and one password requiring caller having used her friends account for four years. I reported it, as all kinds of metrics would be wrong. Nothing happened past retraining her (an hour long session whereby she signed paperwork indicating she understood the hows and whys of her account)
While there was a governance team and you have professional bodies who monitor how your data is accessed, in any given trust your data is accessible by way, way more people than necessary.
While I can gripe about the design of the system, by far the biggest problem was users misusing the system and having an ignorant attitude to the records. Sadly most of my user base were doctors, nurses, and therapists, medical professionals who you'd want to be arsed.
Most of the time my job was spent moving or correcting incorrect data. John Jones 1 would have his record updated by a nurse who hadn't checked anything to ascertain she was talking to John Jones 2. If you're JJ1, a nurse has therefore read your record needlessly, possibly discussed it with the patient who isn't you, and the IT bods have gone into the record to alter it, at which point reading it becomes unavoidable. You can request a history of who has accessed your record, but don't imagine you're told if something happens to yours.
90% of my day was user (NHS staff) generated issues like the above.
Access to the system was backed up with training, signing paperwork and other such necessary steps when making sure someone really, really needs to understand the sensitive nature of their system access. If I could choose only one word to sum up the system use by staff however, I'd choose the word Cavalier.
I certainly don't miss my technical help desk getting calls from doctors asking me to update a record (i wasn't allowed to write data), or in one memorable occasion calling to enquire what diagnosis a certain set of symptoms needed. 'But you're a help desk!'
“a total of 56 per cent of the 2,000 people surveyed in the inaugural National Personal Data in Research Survey would also stand in the way of advances in medical science by not allowing their data to be shared for research.”
Big Pharma needs to be beaten with the Cluestick *and* the Salmon of Correction - it's called Personal Data for a reason!
"IMI's executive director, Pierre Meulien, said: “Medical researchers rely on data from patients to advance our understanding of diseases and develop new treatments. By bringing together different stakeholders in research, projects like eTRIKS are well placed to facilitate the use of this data to advance research while respecting patients’ wishes and addressing wider ethical and legal issues.”
projects like eTRIKS are well placed to facilitate the use of this data to increase profits while ignoring patients’ wishes and wider ethical and legal issues.”
Perhaps the NHS can do the decent thing and share it with the patient themselves first?
I mean its a royal pain in the ass to get to see anything, then you have to pay and its crappy photo copies and scans.....and you want us to "learn" to share for some obscure and dubious process?
The NHS has had £10's billions to get it's act together and is still floundering in the 1950s.
Biting the hand that feeds IT © 1998–2022