NHS England DIDN'T tell households about GP medical data grab plan NHS England patients who went to the trouble of opting themselves out of junk mail being crammed through their letterboxes did not receive the health service's recent leaflet about its data grab plan with GP medical records, it has been revealed. That's despite ministerial mutterings that implied that households across the …
My problem with this scam scheme is that it concerns sensitive data, and should thus never have been in the opt-out category to start with. And when you rely on opt-in to get something off the ground, you will damn well make sure you get people informed.
Why not actually follow general Data Protection principles? Or do they have something to hide (sorry, couldn't resist that last one)?
Follow the money.
In the case of Virgin, it's in their interests to spam people, hoping a proportion will sign up. As a volume game, it doesn't matter that you haven't signed up yet.
In the case of health data, the money is to be made by selling the data (or more likely handing it over for free to a company run by a minister's friend), and that money is therefore maximised by NOT delivering opt out leaflets.
Anybody still not in the tinfoil-hatter camp on this matter may wish to look at this article on today's Telegraph website:
http://www.telegraph.co.uk/health/healthnews/10656893/Hospital-records-of-all-NHS-patients-sold-to-insurers.html
Here's a tip that worked for me.
Email their CEO, Tom Mockridge, tom.mockridge@virginmedia.co.uk, telling him that you regard their constant unwanted communications as harassment under the terms of the Harassment Act 1997. And that if you receive any more communications you will take action under that act against him personally, as the person responsible for the company.
You'd be amazed how quickly they get their arses in gear to get it stopped and just how apologetic they get.
> Here's a tip that worked for me.
Neat. But may I also suggest joining the MPS too? Just to be on the safe side mailing preference service and even better, kill off those annoying cold callers with the telephone preference service. It takes a few months for it to really kick in but it works very well when it does.
Edit: and I didn't receive the leaflet in question either.
"I live in a large house converted into 5 flats. One leaflet was delivered."
Sounds about par for the course.
That's one reason why a generic leaflet is not the right way to do this. Similarly, any households in which there is more than one person living, and the first person to see the post is likely to not understand what the leaflet is and discard it as just some more junk in with the post.
It should be sent individually, addressed to each and every patient - and if it's done like that, there's no reason not to include a form to allow people to opt out. Or, even better, a form asking for consent. But the danger with an opt out form is that people might actually fill it in and return it. And the even bigger danger with a consent form is that people won't bother to fill it in at all.
Better, then, to send a simple, non-addressed leaflet to households. That way, fewer people are likely to see it, and therefore more people will be opted in.
Oh, wait. That's what they did, isn't it?
Who? Me? Cynical? Ridiculous!
Sure I haven't seen it either. However seeing what it is meant to look like might help jog the grey cells...
Just a random google image search gives me this: http://www.energyroyd.org.uk/wp-content/uploads/2014/01/betterinfobettercare1.jpeg
...and nope, it doesn't ring any bells at all even with a pic of it.
1) Not mark it as "exceptional"; and
2) Send it as junk mail in the first place; and
3) Not correctly anonymise/aggregate data to ensure privacy?
Once they are identified, fire them for gross negligence and/or bringing the company (i.e. civil service) into disrepute. This is what would happen in the private sector; this is what MUST happen in the public sector.
Oh, and the sackings should begin from the top down (starting with Jeremy Hunt). No compensation, not hand outs - just fired.
"Once they are identified, fire them for gross negligence and/or bringing the company (i.e. civil service) into disrepute. "
Why? The outcome is precisely what was intended. I have a very low regard for civil servants (see note 1), but you can't blame them for doing what the politicians wanted, in the way they wanted it done.
1) Having once been one myself you'll understand the standards are lower than Barry White's balls on a deep sea dive.
Going by the description of the HES data, that is what it is supposed to be available for.
http://www.hscic.gov.uk/hes
"Each HES record contains a wide range of information about an individual patient admitted to an NHS hospital, including:
clinical information about diagnoses and operations
information about the patient, such as age group, gender and ethnicity
administrative information, such as time waited, and dates and methods of admission and discharge
geographical information such as where patients are treated and the area where they live."
So its not your full medical record. But a fair bit of data. The site does say that admission with low incidents are suppressed to reduce possible identification.
You can download a lot of the info from the site anyway. eg Apparently there were two admissions for "Glanders" (usually affects equines) in 2012-2013.
From http://www.hscic.gov.uk/hes
"In 1996 these bodies were abolished and the NHS-Wide Clearing Service (NWCS) was set up to provide a means of transmitting the records. In 2006 this work was taken over by the Secondary Uses Service, which is run by the Health and Social Care Information Centre and the National Programme for IT.”
So it came under HSCIS’s remit in 2006. The data set was from 2000-2010.
For tracking though, there is the HESID - http://www.hscic.gov.uk/media/1370/HES-Hospital-Episode-Statistics-Replacement-of-the-HES-patient-ID/pdf/HESID_Replacement_Nov09.pdf
Which appears to include per-client pseudonym-ids. Data cleaning on release appears to be documented here - http://www.datadictionary.nhs.uk/web_site_content/cds_supporting_information/security_issues_and_patient_confidentiality.asp?shownav=1
And what is the problem with that? Insurance companies providing cover for the actual risk, not the under-represented (i.e. fraudulent) risk means fairer prices for all. Only those actually at increased risk pay more.
Otherwise those to stay healthy have to subsidised the unhealthy.
We already have a catch-all (the NHS), so those who choose to price themselves out of private insurance can make do with that.
It's just like driving. Why should good drivers subsidise bad? This is why you have to declare your points etc.
The whole point of insurance is is to spread the risk across as wide a population as possible. That's how it worked when insurance was first set up as non-profit societies for mutual protection. Bad drivers are penalised by loss of their no-claims bonus. You seem to be assuming that people who suffer poor health all bring it on themselves.
"The whole point of insurance is is to spread the risk across as wide a population as possible."
Two points:
1) If you apply for insurance you have to declare your medical history anyway and if you miss anything out then it may invalidate the policy (years later, after you've paid all the premiums, and now actually need a payout).
2) The point of the NHS is to make medical insurance unnecessary, by providing medical care according to need, free at the point of delivery. If that's not working for you, you don't need to worry about the health insurance business, you need to worry about the NHS.
"We already have a catch-all (the NHS), so those who choose to price themselves out of private insurance can make do with that."
What about those who don't "choose" to get sick who you so conveniently overlook? Perhaps through genetic defect, environmental factors etc etc - the majority I suspect.
The world needs fewer of you and your ilk.
I can't tell if I've received it or not since:
a) I have opted out of junk mail;
b) replacement postmen sometimes forget and deliver junk mail anyway;
c) when that happens it goes straight into the recycyling without me looking at it.
About Virgin Media, I did actually ring them up and ask them to stop sending mail to 'The Householder' at my address. They said they would but it would take up to a month to take effect. More news on this soon.
Virgin Media periodically send my elderly mother broadband offers addressed to her by her christian name, in very familiar terms that, I expect, at 94, she found offensive, and probably puzzling, as she only vaguely grasped the idea of the Internet. As she died in November, I find them even more offensive and hope they'll stop soon.
So much for CRM, campaign management and targeted marketing.
I'd never heard of this Door-To-Door opt-out from RM, and I'm sick of the junk crap (for Virgin Media, old-fogey insurance, etc) that they keep sending. So I headed straight over to their website to find out how to sign up.
For everyone else's convenience, check here: http://www.royalmail.com/personal/help-and-support/how-do-I-stop-receiving-any-leaflets-or-unaddressed-promotional-material
The vast majority of the junk mail I receive (bar Virgin Bloody Media) is pushed through the door by people other than the postman, I reckon maybe 8-10% only of the leaflets arrive via the Post Office, the rest is either leaflet distribution companies or people employed by the one company to leaflet the area. Opting out would make very little difference to me sadly.
the rest is either leaflet distribution companies or people employed by the one company to leaflet the area."
...and quite a few of those companies can trace their history to right about the time the TPS and other opt-out schemes related to Postal deliveries came into existence. One wonders if any of those companies are owned or part owned by senior officers of the PO, what with them knowing it was coming and having the experience to set up a private postal service.
I have another solution - I tend to send the brochures back to the sender via post, but without postage..
There are two explanations I'm torn between: the one AC just proffered "to avoid sending it to the people who were most likely to opt out in the first place" to which I'd add 'which thought they promptly convinced themselves had not occurred to them, i.e. repressed'. Or, in a similar vein, that the process was decided upon by the type of people who are such lying, unprepossessing little bread-heads that they're sticking it to people who opt out of 'Direct Mail' (sic).
I did get the leaflet (but wouldn't have noticed it had I not heard something about it on the radio a few days earlier). It arrived in the middle of a wad of 5-6 pieces of 'junk'; pizza menus, Budgens monthly offers, local DIY shop monthly specials, curry take-away menus,...
The visual design did not really distinguish it from junk mail, and certainly didn't give the impression it was 'important' (even if it said the word 'important' on it).
I'll bet a fair few of the people claiming they didn't receive it actually put it straight in the recycling bin without even noticing it.
Since this opt-out is on a person by person basis, and the head of the household / first to the post doesn't have the right or ability to opt is or out for you, why wasn't this sent out as individually addressed letters to everyone with an NHS number?
Yeah, I know the answer. Still need to ask though...
I haven't had a leaflet but I'm not that surprised
Last time I went to the doctors a few months ago they had an address 3 years out of date, and the doctor asked me about my asthma, which i don't and never have had.
I went to A&E around the same time, due to bad luck, and the address they had for me there, 10 mins walk from the doctors, was over 10 years out of date, and they didn't think I had asthma.
Last time I went to the doctors a few months ago they had an address 3 years out of date
Lucky you were still registered then ... I visit Doctor very infrequently (my father was a GP and I was brought up to not be ill!) but over the past 12-18 months I've had a couple of calls/letters from the surgery and whatever the local health authority is called now to check that I still want to be registered each of which indicated that if I didn't respond then I would be removed from the regsiter.
My GP surgery regularly changes a random digit in my phone number. On the first occasion I only realised after the snotty receptionist delivered a sharp little lecture about "not keeping my phone number current", and the apology was only perfunctory when I pulled out my phone and showed them an inbound call from their number 3 months previously.
I've no idea what they're actually doing, but I'm sure it has worse consequences than the consumption of humble pie.
There are a lot of benefits to aggregating all this data. Real, life-saving benefits. But I think those benefits would still exist without precise identifiable data. Why not upload age brackets and first part of post code, and create unique keys which never leave the GP practice to tie it all together downstream? I think if they don't want to do that, it's pretty strong evidence that individual health records are valuable to insurers and the intention is to sell them.
I looked at the linked web site, decide I wanted none of (don't) care.data (insecurity), found the better opt-out doc on my doctors web site, and have already provided the completed double ticked and signed form to them.
I've warned other people too.
Sorted!
This data is too damned valuable to allow third parties access to it; it /will/ leak!
Might not it have been more enlightening to know how many households the 'Better Information means better care" leaflet was delivered to and how many opted out? That might give us a better picture.
PS - Ever tried applying for private health insurance without divulging a raft of personal information to an unaccountable ('cept to it's shareholders) insurance company? I don't think you'd get too far.
Should we start a sweepstake on how long it will be before our medical records get hacked and stolen? And then put on pastebin for all to see?
Because let's face it, private and confidential computer data has never been stolen before, has it. And I bet NSA/GCHQ can't believe their good fortune.
You are personally anonymous to the government and NHS cronies through security-through-obscurity. However the buyer of your personal information (inevitably somehow linked to the same government and NHS cronies, odd that) will now know all they need to know about you. They will then link this new information to all of other personal information that you never gave permission to be shared.
And then people wonder why I always fill out such random information on forms that don't need this information, refuse to give my address to random shops for "catchment surveys" and other general flippances. So instead my bank sold, or lost, my personal details for me...
I sit on a Research Ethics Committee in Scotland, and there are a lot of places up here that are one post code=one house. We regularly have applications for approval where the identifier is going to be "anonymised to a code, being initials and post code"! They don't get very far with that up to now, but a worry is researchers saying "Well, this is what the care.data information gives, so where is your problem?". I know of one NHS data safe haven with very robust privacy and anonymising protocols that is extremely unhappy about care.data.
About 20+ years ago British Telecom were promising again and again that the soon to be released phone book on a CD would be encrypted so that you couldn't sort the contents in ways that are/were illegal. Well the sortable hacked version was freely available before the formal CD was officially launched.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
