Your medical data in their hands - concerns mount over new NHS IT project

What was once a simple data warehouse for producing statistical information on patient care is to be transformed into a whole life system of universal health surveillance.

Jane Fae
29 November 2013
big brother eyes.jpg

Image: Flickr/Duncan C

Following last month’s announcement of a £1m nationwide publicicity programme, what now for care.data, the NHS's latest multi-million pound big data project?

Is it, as the carefully managed news release implied, merely taking its time – in fact, delaying a key project by almost a year - so as to nail issues of patient confidentiality? Or is it already in deeper mire and headed towards another ignominious IT failure?

And if it does go bad, will we ever find out why and how (and how much it cost)? Or is the new arms-length NHS wholly immune from parliamentary scrutiny?

Let’s start with the mire.

The theory behind care.data is straightforward enough. Data from all (non-dissenting) UK patients is to be lodged in a central database, from where it may be used for admin purposes, for statistical analysis by the NHS or sold on to select research companies.

It is overseen by the Health and Social Care Information Centre (HSCIC), part of the new devolved NHS England, and intended to be “a modern information service on behalf of the NHS”, using information from a patients’ medical record to improve the way that healthcare is delivered for all”.

Moreover: “The service will only use the minimum amount of information needed to help improve patient care and the health services provided to the local community”.

So far, (sounds) so good.

care.data’s ancestry is the ill-fated National Programme for IT in the NHS. It adopts an open data platform (ODP) which separates the storage and processing of data, from turning it into information - and invites a range of providers to get involved.

You want to extract what?

According to NHS England’s GP toolkit the data will be extracted initially by the centrally managed General Practice Extraction Service (GPES).

 ATOS provides the technology; the information service will be carried out by other IT suppliers either centrally or in regional IT centres.

It will extract from GP records both medical data and personal identifiers including NHS number, gender, date of birth, postcode and ethnicity.

After the data is uploaded to HSCIC or a regional centre, it will be indexed to allow individual data from other sources to be added in, before the original data is deleted. Unfortunately, that appears to be most of what is known publicly.

This leaves a host of questions, such as: 

 ·         Who exactly is involved?

 ·         Will it work?

·         What will it do?

 ·         How much is care.data costing?

Despite putting all these questions and more to the relevant parties over a period of time, few answers are forthcoming. Nor are we likely to get more information any time soon. For the Health and Social Care Act 2012 (HSCA) that established NHS England also effectively removed that body from parliamentary accountability.

The Department of Health passes such questions directly over to NHS England.

Repeated attempts to elicit comment from the office of opposition Health spokesman, Andy Burnham, MP, have also drawn a blank.

According to sources close to the project, technical issues are already surfacing, with a plethora of IT providers meaning data centres in each region are using different technologies that are currently incompatible with each other.

A second source claims that the uploading process itself is simply not working yet.

We have asked NHS England for comment on both these claims – but so far no answer.

How much? Oh, you can't tell us...

Costs, with or without the impact of any technical glitches, remain a mystery.

Officially, according to NHS England: “We are not yet in a position to provide the full costs of the programme.” They are working with HSCIC to do so and “anticipate” that further information may be forthcoming in the New Year.”

The Informatics Services Commissioning Group that suggests that “care.data programme costs will be built on the current costs of the proposed Open Data Platform”, which was “estimated at £33m over three years”, excluding “any additional accelerator project costs, which remain to be determined”. Extra costs may for example include the extra £11.8m of funding that Councils will receive to support the move to a new social care data collection system.

Universal health surveillance

Meanwhile, care.data is starting to encounter opposition both for the enormity of what it intends to put in place, and the somewhat hamfisted way in which it has proceeded to date. For the vision is clear: under the HSCIC, what was once a simple data warehouse for producing statistical information on patient care is to be transformed into a whole life system of universal health surveillance.

According to the GP toolkit, the amount of personal, privacy-busting information to be uploaded is massive. Categories of information include diagnoses (anything from diabetes to schizophrenia), health group (including whether a patient smokes or has high cholesterol), interventions and prescriptions.

Those concerned about the scale of information being released might be relieved to learn that “sensitive information” – that’s information relating to subjects such as termination of pregnancy, convictions and domestic violence – are to be omitted. For now.

However, NHS England is keen to “listen to” calls by patient groups to open such data up, since its current omission might be considered “stigmatising”. Or in other words, you ain’t seen nothing yet – and information currently considered too sensitive for inclusion may yet be added.

And there’s more in the pipeline: hospital data is due to be added a year after GP data; and social care data a year after that.

Concerns over confidentiality are twofold. First, despite assurances that security is “the most important priority of the HSCIC”, and that care.data “will conform to the same strict standards of data security and confidentiality that have governed the use of HES for many years”, experience suggests otherwise. Government and data security, many would argue, are mutually exclusive things, and history seems largely to prove that where security can be breached, it will be. Given the literally career-changing nature of some of the data soon to be passed around, the risk, critics argue, is not worth it.

Accidents apart, the uses that the HSCIC intends for the data have raised eyebrows. Previously the outputs were aggregate statistics - but now we have individual, though ‘pseudonymous’ data. HSCIC claims it will not be possible for individuals to be identified.

Money spinning data sets to be sold for £1

This data will be shared with GPs and managers who need information to hone the service they provide). It will also be shared with “customers” such as BUPA, Dr Foster and Civil Eyes research. These companies are among the early approvals, and likely to benefit greatly from plans to make extracts available commercially for no more than £1. (That appears to be the price for whole datasets)

While initial releases of data will be anonymised, the scope remains to match back to personal identifiers. According to the Health Research Authority s251 of the NHS Act 2006 allows “confidentiality to be overridden to enable disclosure of confidential patient information for medical purposes, where it was not possible to use anonymised information and where seeking consent was not practicable, having regard to the cost and technology available.”

In other words, mission creep is already happening. It appears patient confidentiality may be overridden wherever the Secretary of State feels a sufficient case for doing so.

More mission creep

Further releases of information and are currently being considered and procedures are already in place to formalise the data sharing process with third parties. Already, a Section 251 exemption now allows use of identifiable data for commissioning purposes. In practice this appears to mean that identifiable patient data can be passed around routinely for non-direct care purposes – including admin, audit, and invoice reconciliation - at national (NHS England), regional (NHSE Area Teams, CSUs) and local (CCG, local authority) level.

The Independent Advisory Group overseeing this commented in September 2013 that they were concerned de-identified data could be re-identified by commercial customers of HSCIC: their solution was to require customers to sign an undertaking to the effect that they would not do this (PDF).

Having tried to rush things through without adequate time for patients to be informed what was happening to their data, the government faced a backlash.

MedConfidential, jointly co-ordinated by Phil Booth and Terri Dowty, who were previously movers behind No2ID and ARCH (Action on Rights for Children), have started a campaign urging patients to opt out of care.data – something that Health Secretary Jeremy Hunt had previously agreed was permitted.

There were also complaints from GPs and the Information Commissioner.

Hence last month’s surprise announcement that NHS England is now to distribute leaflets to all 22 million households likely to be affected at a cost of 8p per household: £1.76m – or £1 million, as they more economically reported!

This is something of an embarrassment for that organisation, which had already stated, somewhat bullishly in their business plan for 2013/14-2015/16 that “75 per cent of GP practices will be providing the full extract to care.data by September 2013”. Er, no.

The door-drop is due to go out in January 2014. Uploading will commence in spring or summer.

But is that really the issue? Or just a face-saving excuse for delay while HSCIC get on with fixing system glitches behind the scenes?

The problem is: we just don't know. On the one hand, the HSCIC has opened up a little, making public both physical architecture and debates about process. On the other, key questions - what all this will cost, who are the main providers - remain closed. On cost, supposedly, some two months after the project was due to go live, they are not in a position to say.

And there, beyond the technology, beyond issues of confidentiality and privacy, lies the real issue: that in the end, all might go swimmingly, but along the way, the right of public, politicians or anyone else to engage, to point out potential pitfalls is now seriously, officially limited. 


 This is an edited version of a story previously published on The Register.

Had enough of ‘alternative facts’? openDemocracy is different Join the conversation: get our weekly email


We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram WhatsApp yourData