> a trusted research environment
Phrases that mean "we bought an expensive firewall and that's it". No environment should be trusted since Google (I think) brought out Zero Trust.
Around 20 million people in England are in the dark over plans to share their GP medical records with a NHS Digital database, according to a study by not-for-profit consumer watchdog Which? In a survey of 1,700 adults in England, Which? found 45 per cent were unaware of proposals for their medical records held by their doctor …
It could also mean something like OpenSAFELY. OK, an environment like that still likely depends on firewalls, but it looks like a pretty good start at both allowing use of health data to actually benefit people and preventing the soul-miners from getting access to it.
On the other hand, while I'd like to say my trust in the people doing this has been lowered by Hancock's obvious lie (if 45% of people don't know what the something is, it's kind of hard for a 'vast majority' to be in favour of it), it hasn't, because it's already zero. So I imagine 'trusted research environment' will mean 'something one of Johnson's chums will make a lot of money from and which will then leak all the data which somehow will not be their fault and also we'll pass some laws making it illegal to talk about what happened'.
Your comment about NHS hospital made me think....if treatment (dental or non-dental) gets carried out in a private hospital, isn't the protocol that the consultant/surgeon/whoever sends a letter to your GP to let them know what was done? If so, then it'd end up on your NHS records even for treatment carried out privately.
OK, maybe not for something relatively minor like a filling, but I'm sure that when I had my wisdom teeth taken out at a private hospital (thanks BUPA) word got back to my GP that I'd had surgery.
No, I do not believe it does. I have a BUPA "6 week" policy where if an operation can not be done within 6 weeks then I can go private. The 3 operations I have had done under that policy at private hospitals do not show in my GP record whereas an operation I had done at an NHS hospital does show up.
He's in cahoots with Babylon Health and has endlessly promoted it when Health Secretary. It basically uses a chatbot to triage patients and has been accused of cherrypicking patients.
Why yes, major shareholders in the company just happen to be Tory donors...
Well I'm rather glad he's gone at least. But if NHS Digital want to engage with the public over this, then I would suggest that the best way is to; (1) Opt Out all individuals from the start! (2) Write to all individuals, explaining clearly what is intended and how their personal health data is to be used and by whom. (3) Back that all up with a comprehensive TV / Internet information campaign. (4) Then ask people if they would still like to sign up to it - with the option of reversing that decision at any time in the future.
I think any loss of trust should be directed towards ministers and their cronies, not what is left of the NHS as a whole.
My own awareness, of this and earlier related stories, came about through this worthy web site and it's many contributors!
"... not what is left of the NHS as a whole."
I think that two entities are being conflated here when people talk about the NHS being untrusted.
The bit that is doing this is NHSDigital. They seem to be the sweepings of the corporatist data-grabbing bit of the IT industry whose only real interest is making as much money as possible from other peoples data.
The real NHS are the doctors and nurses, support staff and volunteers struggling to keep a lid on this pandemic we are suffering.
Personally I trust the real NHS to look after my well-being and keep my intimate and private data secure..
I trust NHSDigital about as far as I could spit them.
The real NHS, in the form of my GP, pro-actively mailed all patients inviting us to opt-out. Not long before that my Twitter feed was full of NHS staff alerting the world to this fiasco, none in fear of their 'real NHS' bosses sanctioning them.
When doctors are regretfully announcing they will be opting out you know something bad is happening.
'Strangely' I've not seen anything from NHS Digital for or against. Funny that.
>But if NHS Digital want to engage with the public
The evidence is that neither the Government or NHS Digital want to engage with the public on this matter.
>then I would suggest that the best way is to ...
For NHS Digitial to lobby Government to become part of the NHS proper and thus subject to NHS data protections...
>I think any loss of trust should be directed towards ministers and their cronies, not what is left of the NHS as a whole.
Agree, however, given what is known about the Conservative party's NHS privatisation agenda, it actually serves their purpose that people trust the NHS less. In this respect Which and other media outlets really should be taking care about the way they headline and byline this sort of information, as without care they are simply reinforcing the Conservative's intent to create a market for private alternatives to the NHS...
Nope, GDPR defines 6 lawful basis for processing personal data, consent (i.e. opt-in) is only one of those. In addition for 'special category' data (which includes health data) a lawful condition is *also* required of which there are 10 to choose from.
For NHS I'd expect them to use Article 6(1)(e) "Public Task" and Article 9(2)(h) "Health" as their lawful basis & condition respectively.
That assumes a degree of competence however - here in Northern Ireland HSCNI (aka "NHS NI") chose Article 6(1)(a) "Consent" & Article 9(2)(a) "Consent" for a patient records IT system when they set it up 8 years ago and they've since tried to switch to "Public Task"/"Health" as lawful basis/condition but appear to have failed to do so lawfully (the DPIA to consider the switch is still not completed 2 years later, no revised Data Sharing Agreement yet created and agreed by all parties for the change).
Public task and Vital Interest are the ones most commonly used.
We don't use consent models as it wouldn't be viable as it would potentially mean people withdrawing consent and all those expensive time consuming tests would need to be erased and redone if they came back in - it would also arguably make their health care far more risky.
While most people wouldn't withdrawn consent trust me after 15 years working in NHS IT and 5 in data protection/infosec there are people out there who would do it out of spite just to cost the NHS thousands and do it repeatedly too.
"While most people wouldn't withdrawn consent trust me after 15 years working in NHS IT and 5 in data protection/infosec there are people out there who would do it out of spite just to cost the NHS thousands and do it repeatedly too."
When something relies on Consent as its lawful basis then that means that people have the *right* to withdraw their consent at any time (for whatever reasons - whether its spite is irrelevant). If its costing the NHS thousands then it sounds like either it was a bad decision by the NHS to use Consent as the lawful basis for whatever system you're referring to or else that Consent was the only possible legal basis that could have been used (in which case those cost side-effects of Consent withdrawal are of the nature of "it costs us money to follow the law").
As you indicated that's why other lawful basis exist as consent is not necessarily the "right" fit for something. However, as I'm sure you know, deciding on which of the lawful basis to use has to take into account ("balancing test") the rights of individuals against the interests of the organisation.
In the Northern Ireland situation I'm highlighting one of the failings is that they used "Consent" but then provided no method to withdraw consent. Plus later when they decided Consent wasn't the "right" lawful basis to use (after the introduction of GDPR) they attempted to change to Public Task/Health without doing so in a valid way (and so despite their "protestations" that they are using Public Task today they have been unable to produce any valid documentation to show that the change was made in compliance with GDPR).
As a spin off from the European Declaration of Human Rights in the aftermath of WW2, data protection legislation was envisaged primarily as a means of protecting citizens from abuse of their personal data by governments - in fact as an extension of human rights law. Ever since, governments have availed themselves of ways to exempt themselves from its restrictions in the name of providing "services" or "security". It's been quite easy, as governments effectively make the laws. What's hard is finding legal ways to curb the resultant abuses (for the same reason).
My experience with this:
Managed to find a link to opt out which was texted to me by my GP after I specifically requested to opt out. Here is the link for the "National" opt out. There's a "Type1" one as well which is a paper form you have to fill in with your GP but i think that's being scrapped in favour of the national one (I'd check that, don't take my word for it).
After this I followed up with some questions to email@example.com which was the provided enquiry link, firstly to verify that I'd been removed, then these follow-ups:
- please could you provide information regarding how the GPDPR programme complies with GDPR legislation, because the sharing of personal data of (effectively) the population of the UK without express permission seems, on the surface (to my limited legal understanding), to be illegal.
- could you provide a list of to whom my data matters; that is to say, a list of the third parties that my data would have been passed onto if I had approved this.
They sent back a word doc with links to this page, which does go into how it fits in with GDPR ("it's in the national interest so we don't need your permission (and it's only England, not UK)") and this page. They also said: "For more information, please contact your GP or local authority."
I've resent this question:
- please can you provide a specific list of the companies that data will be shared with. This way they can be held accountable if any data goes missing and it will ensure that they are under scrutiny not to sell on any data. It seems that this sort of information is unlikely to be held by my GP or local authority as this is clearly a strategic decision.
I'm not expecting a response but I can update anyone if they care.
What bothers me is that if at some point this does turn out to be a GDPR violation, it'll be the NHS that ends up paying the costs... which in turn undermines the NHS, and costs tax-payers.
Summary: I'm not sure the people making these decisions give a crap; they win one way or another whatever the outcome. Perhaps the only way to solve that would be if it were possible to make specific individuals (i.e. head of NHS digital) personally liable?
"What bothers me is that if at some point this does turn out to be a GDPR violation, it'll be the NHS that ends up paying the costs... which in turn undermines the NHS, and costs tax-payers."
Don't worry its unlikely to found to be a GDPR violation as the ICO is unlikely to do much. Even if the ICO do decide its a violation they will probably just do a "Hans Blix" (from Team America):
"Or else, we will be very, very angry with you, and we will write you a letter telling you how angry we are."
I have been trying to get something done about *multiple* distinct data protection violations of both GDPR and the preceding UK DPA 1998 by basically the whole health service (i.e. Trusts, GPs, Dentists, Pharmacists, other bodies) occurring on a daily basis in Northern Ireland for 2 IT Systems that were in operation over the past 10 years.
I've spent the past year trying to get something done about it. I have raised the matter with the central org that setup and manages the systems (and the compliance of those systems) and they've ignored me, lied to me, delayed responding to FOI Requests, purposely ignored their failures to provide requested information when conducting a FOI Review, and recently admitted their continuing failure to complete some documation *required* by GDPR (i.e. DPIAs, Privacy Notice) despite GDPR being in force for 3 years now.
I have 2 cases open with the ICO regarding this matter (one since January) which they only started to look at 1 month ago, I've raised it with the Dept of Health NI who said they would look into it (3 months later I've still heard nothing), I'm meeting my local politician next month to raise the matter that way.
But yes as you said in the unlikely scenario that the ICO actually decides to "do something" more than write a nasty letter they will fine the organisation(s) (most, but not all, "NHS" orgs are government "Arms Length Bodies" - GPs are typically private partnerships) in which case it is ICO (government) fining NHS (government) with the fines going to the Treasury (government) so its just musical chairs. It's practically impossible for any individual of any seniority to be personally held to account (worst case they'll "retire" or move to another senior role in another gov agency).
"I would say the public does not mind the data to be centralised."
How can the public not mind something that they don't actually know about?
A key aspect of the GDPR is "transparency" - organisations *must* inform people of how they process personal data and any (significant) change in the way that they process it (which the introduction of GPDPR would be) requires that they inform people of the change - otherwise the change is not lawful.
If you only do the on-line opt-out and don't do the paper form to your GP then your GP data will be hoovered up under the current plans.
This is all part of the confusion surrounding this.
Yes, in due course the on-line opt-out MAY also apply to GP data, but it doesn't today. Currently it only applies to "non-GP data" such as from hospital or clinic treatments. It's likely that anyone wanting to opt out wants to, and needs to, do both.
"The National Data Opt-out will not stop your GP data being extracted by the new GP data collection" as the excellent medconfidential site states.
We all know how well that works out with DVLA data and unscrupulous car parking enforcers...
While they may currently say that data would not be shared for marketing or selling purposes, private sector organisations will extract value from it - fine tuning insurance premiums, tailoring products and services (obviously for improved revenues and profits), etc.
The data will be fully anonymised - I believe that has been the mantra in this exercise.
However the quote
"Meanwhile, patients could opt out at any stage, and have historic data deleted from NHS Digital systems after it had been uploaded, options previously denied."
means that all data held MUST be directly linked in some way to the patient within the new database otherwise a deletion by patient request would be impossible. In whatever way the system is implemented that is *NOT* fully anonymised data being passed to the new database, at best it's data with a variant of a hash based on NHS number, at worst it's data records with the patients NHS number in a secure field labelled "do not look at this field".
Well, I suppose that if your data are linked to a one-way hash of your personal details in some normalized form, and only that hash is stored, then it is theoretically possible to allow opt-out from an anonymised data set.
Whether or not a data set can be effectively anonymised in practice is another theoretical argument altogether.
Not very theoretical, given the range of near complete data sets that are out there* matching up to people in a postcode will result in a high success rate.
If NHS operated the DB as a service (like G & FB do with theirs) to charge by the query for a set of non geographical anonomised results thing could be a lot better for all of us and the NHS gains another income stream.
* all the existing DBs including phone tracking detailing out lives to the Nth degree - phone went to surgery/Pharmacy at (date/time) match with prescribed meds at (data/time)
Difficult to trust this when there are exceptions to the promised safe-guards, for which it's difficult to work out what they actually mean.
For example, the National Data Opt-out has an exception.
"NHS Digital won’t share any confidential patient information about you - this includes GP data, or other data we hold, such as hospital data - with other organisations, unless there is an exemption to this."
Then on trying to find out what this actually means.
"If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website"
That leads to another page, at which point I find it difficult to work out what's relevant to General Practice Data for Planning and Research
I don't see how they can claim this is straightforward and transparent communication with the public.
Quote: "......whereby third parties analysing the data did not extract it from NHS Digital systems...."
Whoa!!!! How is this possible? So the analysis is being hosted on "NHS Digital systems"? So it's not a slurp at all? Someone here is facing both ways at once"
Whoa!!!! The slurp contains the postcode and the date of birth for each patient record. With people like Peter Thiel (Palantir) waiting in the wings, the data will only be anonymous for a few seconds.........and then sold on to unknown entities (guess......private health insurers, snoops in Cheltenham.....).
Colour me cynical.....
I keep getting pinged by SMS spam, allegedly by my GP, to go to a site to enter ethnicity data. A phone call to the GP confirms that this if kosher within a very restricted sense - it's the NHS that requires it and I suspect it's they rather than the GP who are doing the pinging. There are a lot of issues with it, not the least is that the URL goes to a site (of which I'd never heard) and includes a code that goes straight to a page which greets me by name.
Yes, that old, crusty, noob security hole. I've no idea how sparse the code space might be but it looks likely that a bit of experimentation with variations would pull up someone else's details - what details there might be I don't know because I haven't pursued beyond the greeting page for my own code let alone trying anyone else's.
I'd have hoped that these days the work experience child responsible - surely nobody more experienced would have done this - would have been quietly advised by an intern to have another go and do better, but no, it's released for use. Perhaps there's scope for a bit of investigative journalism here. Hint.
It's really not hard
If the government thinks people are as aware as they should be, then switch it around to an "Opt In" approach
Tell people the positives of the scheme, let them *chose* to take action.
Oh, what's that? You don't think many people will bother
Well what on earth does that tell you about your stupid scheme huh??
down the Honest Politician pub in Newmarket, after the local MP has bought a round of drink for everyone (on expenses). Afterwards when he asked them if they were 'onside' with the GP data grab, the majority were not sure. After a few more rounds, and the vast majority of people in the pub had left, of the remaining, the vast majority were 'onside' with the proposed motion - namely, the publican announcing 'last orders please'
NHS Digital said: "We know we need to take people with us on this mission which is why we have committed to putting even tougher protections and safeguards in place and stepping up communications through a public information campaign before the new programme begins.
"Data is only shared where there is a clear benefit to healthcare planning and research. This benefits all of us, but it is only as good as the data it is based upon which is why it is absolutely vital that people make an informed decision about whether to share their data."
IOW - "Look what I just pulled out of my arse."
'Trust' doesn't just magically occur because some policy wonk recites a spell. Trust is earned through actions matching words time after time. Another word for the process is 'integrity'.
This stuff really isn't rocket science, although looking at the behaviour of those who presume to lead us one would begin to think that it is. And their attempts have 'FAIL' stamped all over them.
He's a lying cunt. Always has been. His app before being in government was a failure and all through the pandemic he's been lying. Not a fan of cummings but he was right that Hancock is a liar.
I feel guilty just making up small white lies to users when I've forgotten to do their ticket. Doing it blantently in front of cameras means you clearly give no fucks.