Watchdog warns UK health data platform could damage patients' trust As the UK government plans to launch the procurement for a national patient data store, the legal guardian of NHS data has issued a coded warning concerning trust and transparency in health data usage. Late last week, Dr Nicola Byrne, the National Data Guardian (NDG), said that the forthcoming competition for the Federated …
But I'm sure I saw a SPAD or a Minister saying somewhere that because the solution was federated no additional data permissions were required so they had no intent of re-seeking consent for the newest slurp. No doubt the RFP docs will be filled with Data Mesh BS.
1. We all know there will be a central "cache".
2. GDPR cares just as much about transmission as it does storage.
Same old leopard - same old spots. Instead of addressing the challenges of creating a medical data permissions framework they'd rather spunk all the cash on lining the pockets of Palantir in return for a cushy board spot or 2.
ahhh - it was here : https://www.theregister.com/2022/11/04/uk_governement_set_to_extract/?td=readmore
Problems:
(1) Palantir
(2) GDPR.....seems it does not apply in this case
(3) "Pseudonomysation".....does not work!! Surprise!!!!
Link (item #1): https://www.bloomberg.com/features/2018-palantir-peter-thiel/
Link (item #2): https://www.computerweekly.com/news/252482365/Privacy-International-puts-Palantir-in-the-dock-for-NHS-data-analysis-work
Link (item #3): https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds
.....and still NOTHING is being done to stop this huge, probably illegal, privacy-breaking slurp!!!!
Being cynical makes you more likely to be right than wrong about this.
Even my (Tory) MP, who's on the ball about a number of things, appears to believe that Palantir can't possibly want to monetise NHS data and that the NHS Digital gang have our best interests at heart at all times. AFAIK he's never had a non-political job and has a decidedly non-technical mindset.
In consequence I suspect that he has little idea of the value of other people's medical data to unprincipled people with a total commitment to the metaphorical 50 bucks.
I suspect that he has little idea of the value of other people's medical data to unprincipled people with a total commitment to the metaphorical 50 bucks.
Another interpretation is that pretending not to understand such matters gives him plausible deniability. Thus when the inevitable happens, he can (claim to) be shocked to his very core that such skulduggery could take place, etc.
I suppose it's possible that he is, in fact, completely ignorant of how the world works in the age of surveillance capitalism, but that's not a great look either.
Pretty obvious what's getting stitched up here. I'd guess Palantir are going to be grooming US healthcare VC for 2-Tier NHS and they need this data to set your insurance premium. The privacy bit will be a figleaf so that Ministers can say "won't comment on any individual's costs" and deny they ever thought people in deprived and less affluent areas would be paying more than posh Tory voters.
No it's not. It's a cluster of personal data records of individuals who are the sole legitimate owners of their records.
No agency (government or otherwise) has the moral right to claim ownership of it, as it exists solely on the understanding that it is confidential to the person concerned and those providing their medical care. Of course that won't stop the powers trying to take ownership. The only way to fight this is for enough people to make enough noisy fuss to embarrass the powers.
Not quite. These records belong to the Secretary of State for Health (or whatever they are called today). The patient's rights are essentially to be able to see them, to seek to have errors corrected and ultimately if there is no agreement about an "error", to have a note setting out the patient view added.
> So is this UK patient data or England & Wales patient data?
It's not Scotland or Northern Ireland. Not sure about Wales.
> Your article confuses the two and some of us need to know if NHS Scotland is part of these plans so we can protest.
Not just the article that seems to be confused. e.g. in a slightly related theme, from the Scottish Governments website:
"The UK Council of Caldicott Guardians.......... To be the national body for Caldicott Guardians"
Um, as it's the *UK* Council then's it's not a national body, it's a body for all 4 nations...
I was going to post the same thing.
On digging deaper, this is NHS England only. (Ref: https://www.ig.com/uk/news-and-trade-ideas/palantir-shares-could-soar-if-its-awarded-nhs-contract-220615
The article should be amended to make this clearer. As you say, it starts off talking about the UK generally.
Intentionally giving away data aside, This thing needs to be as bulletproof as possible and not simply awarded to the lowest bidder, it'll be attacked from day 0.
Different departments and GPs need to be granted access to specific patients to prevent people snooping on their neighbours or selling it to whoever asks (see the police database breaches for how inside threats can happen even on audited systems)
From: https://darntons.com/2022/09/25/update-on-palantir-nhs-deal-all-we-know-this-far/
“With regards to customer data, Palantir acts as a data processor, not a data controller. Our software and services are used under direction from the organisations that license our products: these organisations define what can and cannot be done with their data; they control the Palantir accounts in which analysis is conducted; and any Palantir engineers that assist them in their work follow these directions.”Palantir does not and cannot reuse or transfer our clients’ data for our own purposes.
“Attempting to profit from customer data in this way would be illegal and would undermine the trust that is necessary to work in the sensitive environments in which we have built our business, said the company”.
It will go to whomever bungs the Tories (or in 2 years, Labour) the most cash.
There are some flies in the ointment with regard to data quality.
When I went to A&E with an allergic reaction, they sorted it rapidly. Then they told me I had had a heart attack and might have another any minute. I should contact my next of kin, possibly for the last time. I was on an observation ward for five hours until a nurse admitted that I was in better health than she was, and that results had been mixed up.
As it is now almost impossible to see a GP, the data may be becoming a bit sparse. Patients have had to switch behaviour to triage by 111.
AI is typically trained on historical/obsolete data. Perhaps too obsolete given the impact of the pandemic. Much ordinary medicine ground to a halt, testing was reduced, many conditions worsened, and treatments are now delayed. Our health and our healthcare is worsening. Pre-pandemic data was on a curve that is no longer a good fit for where we are, and analysis of it may not produce models that are relevant for current healthcare policy/capability. The goalposts have shifted.
How good would you want data to be to pay $10bn for it, per year?
The only value the patient cares about is improved outcome for the same cost, or same outcome for lower cost. What's needed is not centralization of records, but improved handling of records at the point of care.
When I visit one of my specialists, he has a slick desktop application that allows him to pull up my entire patient history _with him_. It cost him real money, but it didn't cost millions. From the patient point of view, he has the right information. If he needs to know about my other conditions then he can ask me, if he needs details he can ask me to authorize a transfer of those patient records.
Now contrast that with my GP. He referred me to a specialist for treatment I didn't need. I questioned that and his response to me was, quote: "Do you want to die!?" Much later I wanted to discuss that treatment with him, he didn't remember it and asked for permission to request the medical records. Granted, but then his secretary asked me "Do you have the contact info for that doctor?" WTF? You referred me to that specialist! (And I did have the contact info on me, that's so basic.)
I rather like that all the care providers need to go through me to transfer the medical records between them. In that way I'm my own data controller. Centralizing those records wouldn't make my treatment better. What would make my treatment better is if the GP's desktop software was as good as my specialist's desktop software.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
