It’s all been very quiet on the care.data front recently; which is surprising, as plenty of things have been happening, none of them particularly reassuring.
As outlined in a number of blog posts (below), care.data is NHS England’s big idea for bringing big data to the health service. The idea is to expand the Hospital Episode Statistics and to link these to other data sets, starting with information extracted from GP systems.
But the project is on hold because the commissioning board has signally failed to persuade medical organisations and privacy groups that it has a handle on patient consent – or who is going to benefit from all this new information.
Tim Kelsey, NHS England’s director of patients and information, was at the Commons last week to tell the health select committee that he and his team were “listening very hard” to the concerns, and that new safeguards would be in place before 100 GP practices were asked to pilot the idea this autumn.
None of this stopped the British Medical Association’s annual representative meeting from passing a motion highly critical of care.data – or calling for it to proceed on an opt-in basis rather than an opt-out one.
But while the public debate continued, the Health and Social Care Information Centre, which will provide a ‘safe haven’ for the new service, quietly issued a report admitting that it’s predecessor, the NHS Information Centre, hadn’t been quite as careful with the Hospital Episode Statistics as everybody had always assumed.
Indeed, a review conducted by HSCIC chair Sir Nick Partridge found the NHS IC’s paperwork was not all that it should have been; and that, in a couple of instances, it had no idea who had been given access to HES data.
This matters, because when they are asked about the security of care.data, one of the things that Kelsey and his supporters always say is that HES has been collected, stored and used for many years without any problems. It now appears that this is an optimistic assessment; even if there is no evidence that any one patient has had their confidentiality breached as a result.
Naturally, the HSCIC has promised to tighten up procedures. But Phil Booth, the co-ordinator of medConfidential, which has made much of the running on bringing care.data to public attention, has argued that the failures were “systemic” and that the public will need evidence that they have been addressed.
Meanwhile, it has also emerged that the HSCIC is regularly releasing items of data about NHS patients to the police, Home Office and security services. It will be doing this in line with current legislation, and without releasing confidential medical information.
But when that legislation was passed, the government promised information held by the NHS would be requested only rarely, and only to tackle serious crimes or terrorist threats.
We don’t know what the information is being requested for, but it’s being requested often enough to make the idea that it is being used in only exceptional or serious cases unlikely. That’s the thing with databases. Once they exist, they get used.