Stealth plans to steal records: is back? returns snip for blog post

You can tell when a story is really ‘hot’; lots of media outlets rush to claim it as their own.

Last week, the NHS managers’ magazine, the Health Service Journal, claimed a big ‘exclusive’ on a story that a programme very like was heading for Treasury approval, a few days after the political website, Politico, ran a story about a “stealth plan” to “sell UK patient health data.”

Any moment now, one of the papers will run something similar – keep an eye on The Guardian. Even so, this story was definitely broken by the website I work for,; which featured it in its Thursday newsletter on 4 August.

What was

The story is explosive because was explosive. This was a plan, drawn up by NHS England’s gung-ho national director of patients and information, Tim Kelsey, to expand a dataset known as the Hospital Episode Statistics, and to add more information from other healthcare providers.

All this data was to be ported into a little known body called the Health and Care Information Centre, which would hang onto identifiable patient information, but also prepare it for publication.

The HSCIC was to remove identifiers (such as a patient’s name), from some information and then make this ‘pseudonymised’ data available to researchers and others. Completely anonymised information would be published.

The project went awry when GPs realised they were first up to start supplying identifiable patient information to the new service; and started asking how patients would know this was happening.

In theory, patients can opt-out from having their identifiable data used for anything except ‘direct patient care’, but it was not clear what arrangements would be made for them to opt-out of the new GP dataset.

Then, privacy advocates pointed out that it is possible to reverse the de-identification process; so it might be possible to identify patients from their pseudonymised data, especially if they lived in a remote area, or suffered from a rare condition.

Kelsey and Prime Minister David Cameron made things worse, by suggesting that the pseudonymised data sets might be used by insurers, to adjust premiums, and big pharma to make “every patient a research patient” and boost the UK economy in the process [BBC].

As a media campaign finally got going about the proposal [feature by me], the HSCIC embarked on a cack-handed patient information programme that consisted of a junk-mail leaflet that failed to mention the programme by name or include an opt-out form.

Eventually, the outcry became so much that it was forced to stop the programme. Four ‘pathfinder’ areas were lined up to try out new publicity ideas, but these were halted when health secretary Jeremy Hunt announced that National Data Guardian Dame Fiona Caldicott was going to conduct a review of data security and patient consent.

What has happened now? finally seemed to have been killed off when Dame Fiona put out her report. After all, the then-life sciences minister George Freeman announced that the programme would be “closed”. reported this [news story by me], and so did the limited number of other news organisations that covered Caldicott 3 (most being busy with the final report of the Chilcot Inquiry into the Iraq war that was issued on the same day). However, when we got around to digging a bit deeper, it became obvious that things were less clear-cut.

For a start, we established that the collection of the GP dataset will go ahead. Then, we worked out that the HSCIC, which has since renamed itself NHS Digital, wants to set up something called the Data Services Platform to collect information, hold it securely, de-identify and anonymise it, and release or publish it.

That all sounded very much like [feature by]. Admittedly, FAQs on the NHS Digital website talk about the DSP collecting and issuing information for ‘commissioning’ (the planning and purchasing of NHS services, undertaken by NHS management bodies) rather than for researchers or pharma companies.

But there seems nothing to stop the recipients of de-identified data being extended in the future. And there’s another wrinkle.

One of the oddest things about the row was that it managed to make the deeply dull Hospital Episode Statistics controversial; and (because more than a million people did register strong objections to their data being shared for anything other direct care) less complete than they used to be.

In the course of her review, Dame Fiona appears to have been persuaded that this is a bad thing; so bad that data destined for the NHS Digital ‘safe haven’ should not be subject to patient opt-out.

So, if everything goes ahead, people won’t be able to object to their information being included; even though the most eye-catching feature of Dame Fiona’s report was a/two new patient ‘opt-out/s’ from data being used to regulate health services and/or for research.

Are medical records going to be sold by stealth?

When people read headlines about ‘records’ or ‘patient health data’ being sprayed around by the government, they probably imagine that the stories underneath deal with the kind of intimate information held in the ‘Lloyd George’ envelopes of their youth.

That is not, and has never been, what or the DSP have been about. Both are dealing with ‘data items’ or pieces of information extracted from such a record, that can be used to answer questions such as: ‘what kind of person goes to A&E on Saturday’ or ‘is treatment x in hospital more or less effective than treatment y by a GP for people with condition z’.

The ‘pseudonymised’ data to be pushed out of NHS Digital would look even less like a medical record. The idea that this information is going to be ‘sold’ is also over-selling.

The proponents of talked about recovering the costs of data processing; there’s no suggestion that NHS Digital will charge commissioners for the information processed by the DSP.

Even so, it’s a basic principle of data protection that data should only be used for the reason it is collected. Where that data is put to other uses, people should know what those uses are, and have the chance to opt-out if they want.

The NHS seems to think it should be different; it’s not entirely clear why. At the same time, the establishment of the DSP looks set to kill off attempts to de-identify data at source (or to remove patient identifiers before the information destined for the DSP leaves the GP surgery).

This is a shame; as the concerns about the recipients of data being able to reverse engineer it to identify individuals haven’t gone away; even if the government looks set to legislate to increase the current penalties for doing it.

And even if data is not ‘sold’ this does not mean it won’t end up in the hands of private companies. Commissioners already use commercial ‘business intelligence’ services; so it will go to the providers of those services, even if usage is not widened beyond commissioners in future.

So: medical records, no. Sold, not exactly, But stealth, definitely. When called NHS Digital about HSJ’s story last week, its press office tried to claim the magazine was confused, that has not been revived and that, indeed, nothing new is happening.

No new data has been collected, it said. NHS Digital already processes information for commissioning. There’s a consultation underway on Dame Fiona’s proposals.

That’s true; but also weaselling. George Freeman claimed was being closed and yet all of its elements are to go ahead; this time without an opt-out for patients. That consultation was launched on the day that Chilcot reported and closes on 7 September, just as the schools go back.

You’d be hard pushed to read it and know what is at stake. Even so, as I argued in our editorial at the start of August, the government was trying to pull a fast one, and it’s been caught out. Which is stupid; because it was a lack of clarity and honesty that got it into so much trouble the last time.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s