Reg readers: Don't assume anything when sharing health data This week's Register Debate tussled over the motion Assumed consent is the right approach for sharing healthcare patients' data, beyond their direct care. The results are in, and as you can see, we have a clear winner. It's possible that there are more intimate forms of personal data than our health records. However those …
The word you're looking for is *PRESUMED". Presumed consent is no consent, you presume to put your view above others for THEIR data, giving YOU the choice and denying THEM that choice, without even asking them. It's not like you don't know the outcome of asking them would be. It would be a no. As long as you don't ask, you can pretend it would be otherwise.
It's not even presumption, its dishonesty.
@"Run the queries on the system and return a graph of number ill versus age or a low res heat map of disease incidence."
So fooking vague, you don't even know what you want to look for in the data, it's like "give us the data and we'll do research type things on it". Yet the motives of the participants are well known and easy to understand.
Tory governments, always want cuts to the NHS. To them it's a big money sink, that could be privatised. As a private company, money would appear on the GDP as if it was business. Since UK economy runs at a loss, and they need to pump the GDP, they always want to privatise things. NHS is ripe for that. That of course would be a distaster for healthcare, private healthcare run to maximize GDP is extremely expensive, and not run for clinical outcome. But GDP wise, its a huge potential. All they have to do, is cut it and cut it till more is moved out into the private sector and becomes GDP.
Data mining companies, the big drivers for this data grab, always sell their data models as a cheaper substitute for expert knowledge. "Our *expert-system* is cheaper, and over time performs better" they claim. This is false. The model is based only on *easily* quantifiable/measurable metrics, not the *whole* dataset, so it is necessarily worse. Things like doctor interviews and visual examinations are difficult to datamine. A prostate examination is a pain in the ass, so why do it if the local incidence is low? Save some money, kill only a few people. Sure the models *appear* to get better over time, as the outcome metrics are derived from their models, the data-driven-model becomes a model-driving-data. So sure, in places where prostate cancer isn't checked, more people die of pulmonary disease and fewer of prostate cancer and the model gets better. Well at least it appears to, as people die of their symptoms and side effects rather than the underlying cause.
So it's not difficult to see the disingenuousness going on here.
All of this is irrelevent. You do not get to violate the hypocratic oath, simply by making vague lies about your intentions.
"One Anonymous Coward said they worked in the NHS and are responsible for handing over patient data to nonprofit organisations run by doctors to provide anonymous datasets for future studies of rare diseases"
Or you're pretending you did, to make it seem fait-acomplis, a classic strategy from this lot.
Generally in agreement, I have a note on this:
"Tory governments, always want cuts to the NHS. To them it's a big money sink, that could be privatised. As a private company, money would appear on the GDP as if it was business."
AFAIK GDP of a country includes all economic activity even if it is government owned / driven. So how would privatising the NHS increase GDP?
And another sidenote, GDP is a terrible, terrible way to measure a country's standing, only used because it is relatively easy to measure. And then of course, Goodhart's law applies - "when a measure becomes a target, it ceases to be a good measure". GDP per capita is even worse you shoul at least use the median!
"AFAIK GDP of a country includes all economic activity even if it is government owned / driven. "
Not *all*. It's the total value of *finalized* goods and services. Adding extra layers, creates extra *finalized* services.
Take for example, civil service management, it is an internal cost to the government. Take that management, privatize it as "management consultancy contracts" and those management consultancy companies contribute to GDP, where the civil servants did not. Costs becomes product.
The UK, has a problem in that is consumes more good and services than it exports and there simply isn't much left for the government to package up and privatize to fill that shortfall and inflate the economy.
It seems its left with selling your private data, and worse, your private *medical* data, and worse, your private medical data *without* your consent.
@jmch
Fully agree but GDP is even worse than that, it includes all the damaging things that if you are not wanting to kill people for should have value.
My dad's funeral boosted UK GDP by a few thousand grand, plus the savings in pensions, plus the reduction in healthcare costs. That's a hefty contribution to GDP.
A logical extension of that would be to corral old folk into privately run prisons and then introduce plague victims until tens of thousands died. Huge boost for GDP, but no government would ever do that because..morality? Legality? Aye.
Human Development Index (HDI) ...
Genuine Progress Indicator (GPI) ...
Thriving Places Index (TPI) ...
Green GDP. ...
Better Life Index (BLI) ...
Inclusive Wealth Index (IWI) ...
Genuine Savings Indicator (GSI) ...
Happy Planet Index (HPI)
'...the US's biometric programme in Afghanistan gives an abject lesson in how tech policies can be overtaken by events...'
I realise this is putting me in Pedant's Corner, but just in case it increases the awareness of anyone who values knowing that it should read:
'...the US's biometric programme in Afghanistan gives an object lesson in how tech policies can be overtaken by events...'
abject = extremely unhappy, poor, unsuccessful; a state of total humiliation
'object lesson' = a practical example of a principle or abstract idea
This post has been deleted by its author
But that is because real-life communication does not follow rules of grammar! In fact, much noteworthy communication deliberates violates rules of grammar in order to make it stand out.
I consider the use of "abject" in this case as a masterstroke in effective communication (even if possibly unintended!).
I would tend to agree with you, in this instance, but unfortunately that doesn't do away with the problem of 'usage without understanding' (which we all fall into now and again).
All credit to Joe if this was an intentional poetic flourish, but for others that will pass them by and 'abject lesson' will become their version of 'object lesson' however inappropriate.
Assumed consent is nonexistent/unworkable. By the time you have a chance to opt-out of sharing your data, it's already over. Your data has been sucked, sliced, diced and spread across thousands of databases and there is no way to delete it. It's like reclaiming sugar once you dropped it in your tea.
> Assumed consent is nonexistent/unworkable
"Assumed consent" is like "assumed verification", in both cases it simply means "absence of ...". Consent, like verification, is a control step, a safeguard, which if simply "assumed" is clearly non-existent/fake.
Pleading for "presumed consent" is pleading for absence of consent and taking people for fools.
Has the proverbial horse not already bolted with the NHS's use of a single storage system for health data?
https://en.wikipedia.org/wiki/The_Phoenix_Partnership#Data_Breaches
Not to mention that broad access to said system was apparently granted by arbitrary, high-handed decisions by the health minister, i.e. the COPI notices? Which pretty much reeks of "assumed consent", if consent was at all considered.
https://www.economist.com/science-and-technology/2020/05/14/the-pandemic-has-spawned-a-new-way-to-study-medical-records
> Has the proverbial horse not already bolted with the NHS's use of a single storage system for health data?
Well that's not a single storage system for GP's registered patients health data, rather its a handful of storage systems - the majority of GP records systems in the UK are provided by either EMIS, INPS, or SystmOne. Back in 2018 EMIS moved the GP records systems that they previously hosted in their own DCs to AWS, TheRegister reported on this at the time: https://www.theregister.com/2018/11/30/emis_x_aws_nhs/
I have not seen anything to indicate if INPS or SystmOne have moved to the cloud yet but suspect it is only a matter of time. How long before a public S3 bucket is discovered containing health data from one of these companies...
As all 3 of these Practice Records system suppliers for some time have hosted their customers' (i.e. Practices) data centrally, whether in their own DCs or in the cloud, rather than the "old" model of having servers in each individual GP Practice then there is a strong risk that these companies can do such things as enabling integrations/sharing with other "NHS" IT systems, perhaps without the Practices' direction or knowledge.
In my own cases (against my GP Practice and BSO) open with ICO I highlighted that it appeared that my practice's records system was integrated by INPS (their Data Processor) with the central HSCNI (aka NHS NI) NIECR system in July 2013 without the Practice (sole Data Controller) instructing them to do so - if this is the case then a breach of Data Protection law occurred as a Data Processor can only lawfully act upon the instructions of the Data Controller. It appears in that situation that INPS for all the NI practices' they manage (and also EMIS for other NI practices) acted upon instructions from BSO who had no lawful authority to do so.
> Well that's not a single storage system for GP's registered patients health data, rather its a handful of storage systems - the majority of GP records systems in the UK are provided by either EMIS, INPS, or SystmOne.
Apparently around 65 million people are covered by the NHS, for approx. 50 million of them TPP/SystemOne holds their health data.
While not mathematically a single system, to me that comes close to a single point of failure in terms of potential privacy breaches.
I work in medicine. I can think of literally no application where large scale data collection is useful to heal people.
Sociologists, sure. Marketing people, sure. Insurances, double sure.
But, honestly, I cannot think of a single use case where this will solve a medical problem. Medical research, which mostly is pharma research these days, is done by modelling molecules on other molecules, and then testing those in several phases. It's educated guesswork and empirics.
Everything else is just smoke and mirrors. And disguised greed. Because, really, it's theoretically very simple to live as healthy as possible, just the practical pressures of competition and manipulation make it hard.
Did you expect a different outcome of this survey based on how the motion has been worded and based on the Register readership? Of course, in the year 2021, only few will be in favor of an opt-out approach. Actually a 24/76 outcome is much better than the 10/90 outcome that I have expected based on the two factors mentioned above.
What if the motion were something like “Sharing my healthcare data will benefit my family and me when we will be in the need of a medical diagnosis and treatment choices”?
This new motion should be accompanied by two facts.
First, a medical diagnosis is more accurate if it’s based on the experience from treating millions of patients instead of only thousands. A typical physician may see thousand of patients per year, building her experience of treating several thousands physicians over the years. Her diagnosis and treatment choices would be more accurate if they were based on the collective experience of treating several millions of patients. This of course requires millions of patients giving access to their healthcare data. This access doesn’t necessarily require sharing private data with third parties, but access through techniques such as federated machine learning where only the insights from the data, not the data itself, are made available to third parties. And this data or insight sharing is not for modeling molecules or analyzing clinical trials, but for analyzing treatment success in the real world, which in the healthcare language is called real world evidence.
Second, people seldom change the default option. This has been researched by behavioral science and is evident, among others, in the participation rates of organ donation programs in Europe or retirement investment programs in the US, all driven by the default choices. Although this is relevant to how sharing healthcare data can be accomplished, it should be primed here to avoid digressing into impractical solutions.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
