The two organisations that were set up last year to run the NHS and provide the data needed to do it have got themselves into a horrible mess over their plans to set up a super-database of patient information.
NHS England and the Health and Social Care Information Centre have found themselves facing increasingly strident claims that care.data is part of a government plot to spy on its citizens, or to sell off their data to all and sundry.
Kinglsey Manning, the new chair of the HSCIC, has denied both claims. He insists that strict rules will make sure that only bona-fide researchers will get access to care.data information, and that they won’t get more personal details than they need. So what is planned, and is he right?
From HES to CES
Care.data is an expansion of something that already exists – the Hospital Episode Statistics, or HES, which is a database of information about hospital admissions, outpatient and A&E attendances.
This was collected by the old NHS Information Centre and used by planners, regulators and researchers to get some idea of, for example, the number of patients being admitted to hospital in a particular area, and so what kind of services they might need in the future.
The care.data programme wants to expand HES by getting hospitals to submit a lot more information about what happens to patients before they are discharged. It also wants to link the HES data to information from other parts of the NHS, starting with information from GPs in March.
Both ideas are problematic. Most hospitals don’t have the IT systems that they will need to deliver up the kind of information that the HSCIC is hoping to get its hands on, so they’ll either have to spend a lot of money, or cross their fingers on data quality.
GPs have excellent IT systems, but they are worried about just how much data the HSCIC wants, and that patients have not been properly informed about what is going on; even though they have a responsibility, as the data controllers for the information that they hold, to make sure they do.
The second concern has pushed NHS England and the HSCIC into running a £2 million publicity campaign for care.data, with a very pretty animation, and a leaflet drop to every household in the country.
Unfortunately, from their perspective, this has drawn attention to the programme. It has also upset privacy campaigners by failing to learn the lessons of an earlier row, over a plan to put everybody’s basic medical details into another database; the NHS Summary Care Record.
The Summary Care Record (which is, at least, supposed to make it easier for the NHS to look after patients if they turn up in places like A&E without notes) was held up for years because campaigners complained that people had to opt-out, and the government made it difficult to do so.
The newer care.data leaflet campaign has faced the same criticism. For example, it fails to mention care.data by name and doesn’t include an opt-out form.
Added to which, it is going out unaddressed to households as “junk mail” – and stories are already circulating about leaflets turning up inside pizza menus and furniture store flyers.
Big brother is watching you (possibly)
One of the features of care.data that has not attracted much attention (yet) is that it will mean that the HSCIC will hold an awful lot of identifiable information about patients. Each of the data points will come with identifiers such as a patient’s name, age, and NHS Number.
NHS England and the HSCIC insist there is no need to worry about this, because this information will not be “routinely” shared with others, and that access even within the HSCIC will be restricted to a new network of ‘accredited safe havens.’
However, in a revealing email exchange, an NHS England press officer let slip that it will be shared “under civil contingencies legislation” and a mechanism known as Section 251, which enables the health secretary to order its release “in the public interest.”
The first presumably means the Regulation of Investigatory Powers Act which, as enterprising journalists periodically prove, is used and abused by all sorts of organisations; including councils that want to track down people who misuse their bins.
The second has been used to keep the English NHS’ commissioning (ie: planning and purchasing) system going for years; although, to its credit, another bit of NHS England is trying to stop this.
So, while it’s possible to quibble about how routine the release of this information will be, there is no doubt that it will be released; which makes its insistence to the contrary seem, at best, naive.
Given the ongoing revelations of the activities of Western spy agencies, and the present government’s less than hidden desire to involve the private sector in public sector activities, the HSCIC is not in a position to say what future health secretaries will decide is “in the public interest.”
Plus, if the HSCIC wanted to guard against this eventuality, it could collect data that was anonymised (or, strictly, “pseudonymised”) at source.
This would mean that the data was stripped of those identifiers (or, strictly, that those identifiers would be replaced by placeholders that would enable different bits of data about an individual to be linked together, without identifying the individual) before it left the GP practice or other data controller.
This would not only avoid its present problems, but head off a potential challenge from the EU, which wants to bring in new data protection rules that would require people to give their explicit consent to any use of their personal, identifiable data.
However, it has refused to consider doing so, citing technical problems. Since at least one of the big GP systems suppliers says it could pseudonymise data at source in short order, these probably lie on the hospital side.
Meantime, the government has said it will fight the EU’s proposed directive, because it would make all sorts of uses of data, including medical research, “impractical.”
Most attention has focused on two other aspects of what will happen to the information in care.data. Firstly, how it will be released to researchers. And second, who those researchers will be.
The HSCIC has insisted that people do not need to worry about being identified as a result of data being given to researchers because information will be anonymised or pseudonymised before it leaves its safe havens.
In practice, the HSCIC intends to operate a ‘traffic light’ system. It will anonymise (remove all the identifers) from population-level data (what it calls ‘green’ data). But it will pseudonymise (swap one or more identifiers for pseudonyms or placeholders that allow bits of information to be linked together by a statistics package) for more sensitive (or ‘amber’) data.
Privacy campaigners and researchers have pointed out that some people live in such small communities – or with such rare diseases – that almost any piece of information about them would identify them. It is also possible to “de-pseudonymise” (or re-identify) data.
However, HES has rules to deal with the first problem. And the HSCIC is working on rules to prevent “jigsaw” identification – in which one researcher has an NHS Number and another has a name, so between them they can work out who their data is talking about.
The centre also says it won’t publish ‘amber’ data. Instead, it will only release it to researchers with a contract setting out stiff penalties for misuse, including re-identification. So this is one of the less worrying aspects of the programme.
Flogged off – for £1
Meanwhile, Geraint Lewis, the public health doctor behind the programme, has said categorically that care.data information will not be sold, but instead given away at cost – perhaps for £1 – to encourage innovation.
He is also keen to focus attention away from the use of data by organisations that will want to identify individuals – such as insurers – and onto the use of data by researchers who want to work at a population level – for example to identify links between lifestyle and diseases, or treatments and outcomes.
For this kind of research, big and complete data sets are essential. That’s why 40 medical research and support charities have launched a campaign to persuade people to stick with care.data. If lots of people opt-out, then there might not be enough data to spot a link between, to use one of their examples, cancer and smoking.
In support of this, Manning has said that such strong governance procedures will be put in place to decide who can have access to care.data informaton that sale to insurers “just will not happen.”
To be fair to it, the Independent Advisory Group that the HSCIC is working with has been tough. It has set about imposing new conditions on access to data by commissioners, and has refused to sign off on any access to any care.data by anyone outside the NHS so far.
The problem, again, is that while Manning, Lewis, their advisors, and 40 charities may all have the best intentions, they simply cannot say who will actually have access to this information now; or that they will be able to hold their line in the future.
In addition, research is not value neutral; there are plenty of things that researchers might look into that people might object to, even if they were happy enough with the idea of ‘research’ in principle.
Even if that was not the case, it is just arrogant for those involved to insist that the public should give them a blank data cheque, on the grounds that they know best how to spend it effectively. If the uses to which the information in care.data will be put will command widespread support, why not just ask people to support them?
Not evil, but not right
So, is care.data a government plot? Probably not, even if more identifiable information will go to government agencies and, as those agencies are privatised, private companies, than those involved in setting up care.data want to admit. Or think.
Is it a good idea? Probably, in that it will release valuable information to planners, researchers and individual doctors. However, there are other ways that this could be achieved – and some of them might avoid some of the ‘garbage in, garbage out’ problems that are going to hit when the hospitals join in.
Is it being done in the right way? No. Its approach feels paternalistic and its information campaign outdated.
These days, it is impossible to make an online transaction without being told what data collection will be involved, and what use that data will be put to. This enacts some basic data protection principles, and it’s hard to see why the NHS cannot do much the same thing.
Sure, most people never read end-user agreements, and most people will never read NHS blurb explaining that the data that is collected to support their treatment will also be used for paying out prescriptions or planning where to put a new health centre. But that’s their choice.
Similarly, most people will never care if their information ends up in a research project, particularly if it is for something uncontroversial, such as the links between lifestyle and cancer, or a cure for heart disease. But some will, and if they want to opt out, that should be their choice.
A former health secretary, Andrew Lansley, used to talk about “no decision about me, without me.” If NHS England and the HSCIC had applied this to care.data, it would look very different.
Added to which, they wouldn’t have found themselves embroiled in the current mud-slinging about an information leaflet.