Do you care who knows about your health records? About what pills you’ve taken, what diseases you’ve caught, what treatment you’ve had? If you don’t, you can stop reading now. If you do, you’ve got a fight ahead.

Today the British government published a draft strategy, ‘Data Saves Lives: Reshaping Health and Social Care with Data’. Health secretary Matt Hancock graced the airwaves to underline the message that NHS data would save lives – and that we, the patients, would be in “control”.

But a close look at what the government has been saying and doing over the last couple of weeks suggests that isn’t really true. Hancock and his lieutenants have been busy telling us that the plan is all about saving lives – though it isn’t – while giving themselves the right to share our data with pretty much whoever they want and fudging our legal protections.

As ‘Data Saves Lives’ lands, the government is showing its respect for patient control by trying to scoop up the GP records of everyone in England into one central database – the catchily titled General Practice Data for Planning and Research – and allow access for whatever commercial and other organisations it sees fit.

Following the threat of a legal challenge from Foxglove, openDemocracy and a coalition of campaigners, the government has postponed the massive data grab – originally planned for 1 July – until 1 September. Patients now have until 25 August to opt out.

The coalition called for that time to be used for an open consultation and extensive information campaign – and for the government to drop the plans to share the hugely valuable data with private companies for profit.

Hancock’s doublespeak

But there’s little sign of openness yet. The new 91-page NHS data strategy contains just one paragraph on the plans to grab our GP data.

And challenged this morning on BBC Radio 4’s Today that GP data could be “accessed by private companies under certain [circumstances]”, Hancock replied: “No, the goal is to make the NHS itself run better.”

If you want anyone to have faith in you, rule one is not to reply ‘no’ to a simple statement of fact. NHS Digital itself says that our data could be used “by organisations who have a legal basis and legitimate need to use the data”. And it also says it will be made available to third parties for a fee.

On the radio this morning, Hancock then invited listeners to “imagine a world” in which our medical records were accessed by “every clinician looking after you… the people who need to know, but only the people who need to know”.

We can imagine that world as much as we like. But it’s not the world that Hancock’s plans offer us.

His tech geeks at NHSX have spent the last year refusing to publish the list of projects and organisations to which they release data. But we already know, thanks to painstaking research from MedConfidential and others, that existing, smaller pools of NHS data are already accessed by many who don’t “need to know” – but who can make money from knowing.

Control

Hancock also asked us to “imagine a world” in which “you control your data”.

But his definition of “control” is a strange one. “Control,” he claimed, “means you can both see it… [and]... your different clinicians can see it.”

You can see the Mona Lisa in the Louvre gallery, too. But that doesn’t mean you control it: you have no choice over who else sees it, or what others do with it. And you can’t take it away.

Under Hancock’s plans, you don’t have control either. You have no choice to decide, for example: yes, I’d like whoever is treating me to be able to see my health records at that moment; and yes, perhaps I also feel happy with university researchers sharing that information to help develop better treatments; and perhaps I feel happy with NHS managers sharing it too, to help design more responsive services – but no, I don’t want it to be available to commercial firms for vague, largely unspecified purposes.

Your only choice is to opt out altogether – meaning that both public and commercial research is ruled out.

What the apps will know

The more you look into it, the more real power seems to be handed over to others. Hancock spent today talking up the “brilliant” NHS App as the mechanism by which patients would be able to “control” – or, more honestly, view – their own health records.

But the announcement from the Department of Health and Social Care indicates that the NHS App is just one route to us being able to digitally access our health services. Its digital vision relies upon an increasing range of “other patient-facing apps” – privately provided – also having access to our records, medication lists and so forth.

The strategy sets out, for example, how our “appointment bookings, vaccination status, health records and personalised wellness services” could be “made available nationally for strategic partners to integrate with”.

And what of those “strategic partners”? Do they include spy tech firm Palantir, now a preferred supplier for handling NHS data, to whom the government has been trying to grant wider, business-as-usual access to our NHS data, again in the face of stiff opposition from openDemocracy and our colleagues at Foxglove?

Interestingly, earlier this month Palantir also bought a strategic stake in Babylon, a firm that specialises in artificial intelligence and apps for healthcare and already has a range of NHS contracts. Babylon has been the subject of privacy and safety concerns.

Will the law protect us?

NHS Digital reassures us that our sensitive personal data is protected by data protection legislation dating from the EU era. But just last week Downing Street published a taskforce report proposing that those safeguards be replaced by a watered- down version, so that health data could be more readily shared to make way for AI and health app development.

Now today’s strategy says that new laws to enable greater health data sharing will be “secondary legislation” – and thus not subject to proper parliamentary debate.

This is simply not good enough. The issues need serious debate – and a massive public information campaign so we can take part in that debate.

Despite Hancock’s claim that he instigated the GP data grab pause to “to work with the privacy groups”, he doesn’t seem in any rush to do so. His department has so far given no substantive reply to the Foxglove-openDemocracy coalition’s outstanding questions, just “indicators of delay”.

And asked this morning if the government would now write to everyone about the data grab and how people could opt out of it, as campaigners are demanding, Hancock replied: “I’m not against that.” A pretty passive statement from the man who is in charge of making it happen – or not.

But isn’t it all about saving lives?

Today’s strategy leaves all the key questions about the GP data grab – how it will work technically, what the legal safeguards are, how we can know about and exercise meaningful choice, and most of all, who will have access to our data – for another day. Perhaps we’ll find out in the Data Protection Impact Assessment that the government still hasn’t published, despite being legally required to do so.

But the health secretary would rather invite us to imagine a rose-tinted future in which lives are saved, privacy is protected, money is saved, and there are no losers.

Hancock airily invokes NHS hospital trials to justify doing pretty much anything he wants with non-hospital, highly personal GP data. He vaguely tells us that dexamethasone saved lives “because of NHS data”, which is about as meaningful as telling us it saved lives “because of doctors”, or “because of Matt Hancock”.

His junior minister Lord Bethell pursues a similar strategy, claiming that because “analysing patient data on maternity outcomes has improved care for mothers and babies”, it therefore follows that “greater sharing of patient information across the health and care system will undoubtedly go on to drive further improvements in patient safety”.

Well, perhaps. But who exactly is part of the “health and care system”? Big pharma? Spy tech? The US insurance companies already embedded in our NHS? What other benefits might they reap, and will these all necessarily be in the patients’ interests?

The vagueness is deliberate, giving the impression that the planned massive new GP data flows will be used to improve treatments, whilst avoiding saying explicitly it will be used for clinical trials. Because if they said that explicitly, they’d be in hot water – the ethics of trials, and the requirement for meaningful consent, are well established – and, notably, far too rigorous for pharmaceutical companies’ liking.

Brushing these serious issues aside, Hancock claimed to the House of Commons Science and Technology Committee earlier this month, that “the vast majority of people are strongly onside” with the plans to scoop up all their GP data – without citing any evidence to back up that assertion.

Asked about Palantir, he told Today this morning that “the goal here and what I’m determined to do is to have trusted research environments” – systems that protect privacy and ensure meaningful control whilst allowing useful insights. But we already have those kind of systems. The trouble is they are not compulsory, nor sufficiently protected from being watered down, and there’s no promise to make them so.

The real aim seems to be to obfuscate whilst clearing the way for companies (and indeed other parts of government, including the Home Office and Department for Work and Pensions) to drink more freely from the data lake of our health information.

It’s causing enough concern amongst MPs that David Davis, who’s part of the Foxglove-openDemocracy coalition, is holding an adjournment debate on Thursday to discuss the GP data grab.

There are certainly many tough questions that need to be asked. As Cori Crider of Foxglove pointed out, the “whiz-bang data integration” that has started to take place during COVID “didn’t stop the United Kingdom having one of the worst death tolls in the Western world”. Poor people have been the most exposed, and data hasn’t provided any kind of magic bullet to prevent or address that. “This kind of techno solutionism is not necessarily the best way of making an NHS sustainable for the long haul,” the lawyer says.

The big questions are not just about privacy, but about democracy – and in particular, about the ongoing corrupting influence of big tech, big pharma and big business in general, on our health and care systems. And about just why the government finds it so difficult to offer people a real choice between sharing their data purely for care purposes, and sharing it for profit.