UK government bows to pressure, agrees to delay NHS Digital grabbing the data of England's GP patients The UK government has conducted an embarrassing climbdown by agreeing to delay the implementation of NHS Digital's controversial grab of GP patient data by two months. Jo Churchill, under-secretary for health and social care, told MPs today in Parliament that the date for the extraction of data from GP systems under General …
Didn't work too well last time <cough>brexit<cough>
I think they feel Brexit worked wonderfully. They got 31% of the electorate to vote for something and then pretend that the majority of people want it. They now have the opportunity to blame problems upon covid and screw over us even more thoroughly.
my little conspiracy theory is that this game of green/amber covid chairs is to keep the Brits at home this summer. Not directly, because that might cause mass-unrest... but, you know, every little helps, people, scared of losing even more money to airlines and incompetent testing 'partners' will spend this summer time (and money) on the Great British Holidays. Also, they might give a helpful hand to the Great British Farmers, lamenting shortage of cheap European labour...
"{...] and incompetent testing 'partners' [...]"
Dido Harding is moving on. In the spirit of the magic circle of upper management failures - she is being tipped as No. 10's choice to run NHS England.
There's probably a whole team of people employed to be on the lookout for that sort of day
I'll save them a few dozen Serco consultants costing a grand a day -- the day to make the announcement will be 30th August, for the following reasons:
1) It's a Bank Holiday.
2) Parliament isn't sitting.
3) The news will be full of complaints about this year's scheduled exam results fiasco.
Opt out while your opt-out isn't yet overridden by the next opt-out scheme.
Yep, opted out. But it was a real pain.
I had to find the opt-out form.
Download it.
Find someone to print it.
Work out how to complete it -- in the end I put a big tick next to 'opt out'. What a shit form.
I then had to send it to my GP. So bung it in an envelope, pay for a stamp and go and find a post box.
The fucking NHS is geared to the old, computer illiterate numpties (who probably voted for brexit). You know the sort. They only use cheques, and think direct debit is a dangerous evil. Or is that just my parents?
Some of us don't need to use a telephone, and know what a computer is and how email works. It'd be nice if I could use email to talk to my surgery rather than only being able to use it for some shitty admin queries about their website.
FFS we are in the 21st century. The sooner the old die off the better it will be for us all.
Is this deliberately named GPDPR to make people think it protects their privacy like a similarly named law? I'm thinking it probably is. When there was a very successful campaign named "National Living Wage", which pressured the government to bump up the Minimum Wage to something people can live on, the government responded by renaming the minimum wage to the National Living Wage. Which would presumably kill the campaign's Google ranking and sow confusion.
Is it just my suspicious mind, or have they deliberately named it such that the acronym* is very similar to "GDPR", in order to sow confusion, and possibly subconsciously associate any bad smell that arises with the EU's GDPR?
*Yes I know it's not technically an acronym, sue me.
edit - OK, so I see I'm the third person to post the same thought. We are a suspicious lot, aren't we?
In a very brief summary -it's complicated. I spent a lot of time looking at this and was surprised at the extent of the amount of private commercial companies already active in the NHS and their core functions. For instance Capita running Primary Care Support Services for just about everybody. The extensive role that Atos plays within NHS Digital and NHSX. etc etc. It seems it all started with Matt Hancock. I am now waiting for the journalist who can follow the money after Matt received a ticking off for breaching the Ministerial Code( for his family firm getting NHS contracts in which he has an interest). Normally a resignation issue.
P.S. and do not even mention killing off all the old biddies in care homes with covid
"build a trusted research environment and ensure that data is accessed securely"
Wrong priorities. How about build a restricted non-commercial research environment and ensure that data is accessed with complete respect for patient privacy?
The gov't web site that you are supposedly able to opt out through (see my post below) states that there is no deadline to opt out. I suspect they are using weasel words here of course. The "deadline" is the date after which, if you have not opted out, that data will be scraped. Opting out after that date would presumably stop further scraping of your data, and may trigger a process where the data that has already been scraped is removed, but my faith is low that, when these requests filter through to the private organisations that are obtaining that data, they won't already have aggregated, copied, illegally de-anonymised and permanently archived that data.
In line with the works that your user name references, at that point, the only thing to do may be to unleash the Train of Trismegistus to find that data and bring it back (with apologies to Rob).
Information Commissioner Elizabeth Denham “Data protection law enables organisations to share data safely”.
No, it bloody doesn’t, it enables nothing, it is not bleeding tech support sending a couple of tech to switch this on set that protocol. That is like saying the speeding laws enable drivers to drive at a safe speed. It is meant to prevent with the threat of punishment your private data being shared unsafely and punish those that do. But let’s face it everyone ignores the threat only following the law if caught.
This is the second time a whole bunch of highly skilled, well-meaning people have behaved as if they were idiots. The last time it happened I was professionally involved as an IG manager for a large NHS body. The whole process was so half-baked I personally opted out of sharing. In due course the process was "fixed". Now we are in it again.
To be plain, I'm quite content (even keen) for my data to be shared for the good purposes which can follow for medicine, even the NHS and others involved in the private sector. (I'm a capitalist.)
What I'm not happy with is the thought that if the Government is so incompetent in announcing/selling this, how incompetent are they going to be in delivering secure data use?
And the shitty government website couldn't find me by my name and NHS number. That's the same NHS number I have printed on my "book your vaccine" letter(s), and also on a recent hospital discharge. Funnily enough, the vaccination centre, the local hospital, and my GP all have no difficulty in finding me.
Somehow, the inability to find me to allow me to opt out doesn't give me any confidence that they don't actually hold information on me.
If the system can't find me, I'm pretty sure the result of sending them a SAR would be "you're not in the system". That doesn't mean my data is not in a system, only that I don't know which system it is in, owned by which "NHS" organisation (anything that is not just the NHS, is a private company charading as part of the NHS). Am I to send SARs to everyone in the phone book, just in case?
I have asked the question and await the answer - is use of a private individual's data without their consent *in any form* illegal under GDPR? I ask this on behalf of the tens of thousands of people who do not have internet access or read "techie news".
I suppose the obvious follow up argument is whether the NHS (ie Government) owns the data or the patient?
> "I have asked the question and await the answer - is use of a private individual's data without their consent *in any form* illegal under GDPR?"
No, consent is only one of the six lawful basis that can be used to process personal data. For example your bank likely uses "performance of a contract" (i.e. for managing your bank account) as the lawful basis to process your personal data.
In addition for special category personal data (which health data is) a lawful condition is also needed. There are 10 lawful conditions to choose from.
Check the Privacy Notice of your GP Practice (should be on their website) to see what lawful basis and lawful condition(s) they define for the various handling of your personal data (including sharing) that they do.
> "I suppose the obvious follow up argument is whether the NHS (ie Government) owns the data or the patient?"
Its more complicated than that. Your GP Practice is the Data Controller for your patient medical records that they hold. Typically Practices use one of the electronic record providers (EMIS, SystemONE, INPS, etc) to host the IT system for this, the provider acts as a Data Processor for the GP Practice. So this means that your GP Practice "own" (i.e. are responsible for) your personal medical records that they hold.
GP Practices enter into various data sharing arrangements with other Health bodies (such as NHS Digital) in which case a Data Sharing Agreement (DSA) should be in place that defines, amongst other things, the nature of the relationship between the parties ot the agreement - this typically would be a Joint Data Controller relationship. Such a DSA would therefore potentially enable your GP Practice to share some of your personal data that they hold with other bodies.
> "the NHS (ie Government)".
There is not really such an entity as "the NHS", there are various public bodies (Dept of Health, NHS England, NHS Digital, Trusts, etc) and commercial entities (GP Practices, Dentists, etc) that form "the NHS". Your GP Practise is likely to be either a partnership or a limited company!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
