Phil Booth https://www.opendemocracy.net/taxonomy/term/5685/all cached version 18/04/2018 12:37:48 en Why BigData is running roughshod over the NHS - and what to do about it https://www.opendemocracy.net/ournhs/phil-booth/why-bigdata-is-running-roughshod-over-nhs-and-what-to-do-about-it <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>The NHS is being treated as both a 'cash cow' and a 'data cow', a string of recent scandals suggest. And now there's another privacy-bashing tech bonanza on the way, as ID cards rise from the ashes of Brexit policy.</p> </div> </div> </div> <p><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="//cdn.opendemocracy.net/files/imagecache/wysiwyg_imageupload_lightbox_preset/wysiwyg_imageupload/549093/9276962702_143a35ff9e_z.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="//cdn.opendemocracy.net/files/imagecache/article_xlarge/wysiwyg_imageupload/549093/9276962702_143a35ff9e_z.jpg" alt="" title="" width="460" height="460" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em>Image: <a href="https://www.flickr.com/photos/adactio/9276962702/in/photolist-f8LRNN-VMEkma-dht2wF-VwXWTq-bm7eAX-deKzer-VcrwRu-cJVgkY-Uv7Neq-ruGnWz-rP23sX-bm7ef2-VMEpUD-TFqnRP-bm7dBa-dMeUvi-bm7ddc-rLJ7PE-bm7eXX-hyUgEr-ruGo1c-hyUhdv-hySNGU-VMEmjT-VMEhqR-hySDNR-Uy7WvX-VwXYVm-F8rYDw-VcrwA9-Vcrx9U-r7tb42-hyTo6q-hySQzS-pVFEZW-hyUfUi-hySRxy-hySNXJ-hyTjSG-qNCjcM-VMEhdg-hyUeEp-hySN5b-nVMo2e-r5aTAu-hyUh4n-pkVM7q-hyTmoh-qaETfM-omdx8f">Flickr/Jeremy Keith</a>, some rights reserved.</em></p><p>It’s no secret. We all know we pay for the NHS through our taxes. But increasingly we’re also paying for health and care services with the invisible currency of our most sensitive personal data; our medical records.<span>&nbsp; </span> </p><p class="MsoNormal">As data companies insinuate themselves into every aspect of our private lives, in the global Information Gold Rush, we must ensure the founding principle of the NHS – healthcare for all, without discrimination, free at the point of delivery – does not fall prey to the curse of free services: “If you ain’t paying, you <em>are</em> the product.”</p> <p class="MsoNormal">Since long before the care.data controversy, patients have been paying with their privacy, and it’s almost always the companies that define the terms of the deal. </p> <p class="MsoNormal">In a data-driven world, corporations run rings around the analogue administrators of the NHS. They siphon off resources and when it goes wrong simply walk away from their responsibilities – as <a href="https://www.theguardian.com/society/2017/jun/27/jeremy-hunt-nhs-shared-business-services-data-loss-scandal"><span>we were reminded this week</span></a> when the NAO slammed the disastrous mess that a part-privatised company made of NHS letters.</p> <p class="MsoNormal">How can Google DeepMind continue copying the data of 1.6 million patients from the Royal Free Hospital, despite having <a href="http://news.sky.com/story/google-received-16-million-nhs-patients-data-on-an-inappropriate-legal-basis-10879142"><span>no lawful basis</span></a> to do so? DeepMind paid negotiators to go to the meeting; the NHS sent doctors.</p> <p class="MsoNormal">How can <a href="http://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/"><span>GP IT provider TPP</span></a> get away with deciding that it knew better than GPs who should have access to GP records – and get away with refusing to implement adequate security measures, even when asked? And then, rather than spending engineers’ time fixing the problem, choosing instead to pay its lawyers, strenuously denying to all who would listen that it had done anything wrong?</p> <p class="MsoNormal">Because – as we’ve also seen in the fallout from the Grenfell Tower disaster – commercial interests are allowed to subvert the public good, whilst politicians and senior civil servants fail to reign in those interests, putting deregulation above people’s rights to safety, privacy, and due care.</p> <p class="MsoNormal">Whitehall and Westminster seem locked into a failed model of ‘cutting red tape’ to ‘liberate’ commercial entities to exploit us as they see fit,<strong> </strong>despite the best efforts of clinicians and public-spirited technical staff. In the world of NHS IT, we’ve seen a long line of<strong> </strong>policy decisions, <a href="https://www.gov.uk/government/publications/review-of-data-security-consent-and-opt-outs"><span>ignored warnings</span></a>, inexcusably delayed action and <a href="http://www.independent.co.uk/news/uk/politics/nhs-cyber-attack-jeremy-hunt-tories-accused-ignoring-extensive-warning-signs-outdated-computers-a7734961.html"><span>bodged responses</span></a>, such as when the WannaCry ransomware hit the NHS.</p> <p class="MsoNormal">Meanwhile, the announcement last week that ID cards are effectively back on the table as Brexit Britain draws closer, offers the possibility of a massive bonanza for whoever gets the contracts – and a<strong> </strong>massive challenge to the fundamentals of what we believe as a country.</p> <p class="MsoNormal">Having already introduced measures that try to make NHS staff <a href="http://www.independent.co.uk/news/uk/politics/nhs-hospitals-20-forced-show-passports-id-health-tourism-crackdown-healthcare-jeremy-hunt-government-a7530931.html"><span>hassle </span></a><a href="http://www.independent.co.uk/news/uk/politics/nhs-hospitals-20-forced-show-passports-id-health-tourism-crackdown-healthcare-jeremy-hunt-government-a7530931.html"><span>brown people</span></a><a href="http://www.independent.co.uk/news/uk/politics/nhs-hospitals-20-forced-show-passports-id-health-tourism-crackdown-healthcare-jeremy-hunt-government-a7530931.html"><span> for documentation</span></a>, the NHS now faces a three-way stand-off – a ‘Brexit Triangle’. In the simplest terms: does the Department of Health now direct NHS staff to hassle people with ‘foreign accents’<strong>,</strong> or to hassle everyone, or do we simply give in and issue everyone with ID cards?</p> <p class="MsoNormal">Do we want more cases like Dena Bryant – a <a href="http://www.bbc.co.uk/news/uk-england-lincolnshire-39138733"><span>deaf British woman</span></a> who struggles to communicate verbally, who turned up to A&amp;E with an injured arm only to be quizzed about her nationality after staff didn’t think she looked or sounded English enough?</p> <p class="MsoNormal">It doesn’t have to be this way, of course. The other option, the choice we first made 69 years ago today, when – having survived the horrors and deprivations of WWII, and when people’s now-defunct ID card numbers were used to generate the very first NHS numbers – we as one nation chose to all contribute to the provision of universal healthcare, free at the point of use, without discrimination. </p> <p class="MsoNormal"><a name="_gjdgxs"></a>We heeded well the words of NHS founder Nye Bevan, who said: “<span>How do we distinguish a visitor from anybody else? Are British citizens to carry means of identification everywhere to prove that they are not visitors? For if the sheep are to be separated from the goats both must be classified. What began as an attempt to keep the Health Service for ourselves would end by being a nuisance to everybody.”</span></p> <p class="MsoNormal">So what can <em>you</em> do to break the stand-off? While forces far bigger and more complicated than anyone seems to have planned for steamroller on?</p> <p class="MsoNormal">It starts with something quite straightforward: inform yourself, so you can inform others. Get the facts; for, armed with facts, <em>every</em> patient can speak with the authority of their own lived experience of the NHS.</p> <p class="MsoNormal">If you <a href="http://medconfidential.org/for-patients/"><span>have a login for your GP practice’s website</span></a>, go and look at the letters that have been scanned into your record, and count the logos. (If you don’t already have a login for online access, <a href="http://medconfidential.org/for-patients/"><span>here’s how to get one</span></a>.) Then, as your NHS changes over the next few years, do you see more commercial logos or fewer? </p> <p class="MsoNormal">While you’re at it, you may also want to check who’s <a href="https://medconfidential.org/for-patients/your-records/"><span>accessed your GP record</span></a>. </p> <p class="MsoNormal">And while everyone’s been distracted by Brexit, the latest reorganisation of the NHS – the “Sustainability and Transformation Plans” – is descending into a divide-and-conquer carve-up. </p> <p class="MsoNormal">With a democratic deficit in the NHS that does Theresa May proud, there is very little scrutiny of the process by which decisions are made locally around which services will be cut – the amounts of cuts having been decided centrally, with minimal regard for <a href="http://www.independent.co.uk/news/health/nhs-leak-london-hospitals-care-restrictions-secret-cuts-programme-north-central-royal-free-great-a7800366.html"><span>effects on services</span></a>. (Meanwhile, DH and NHS England still want to copy all your medical records into a <a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>data lake</span></a>, <a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>t</span></a>o<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span> </span></a>m<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>i</span></a>c<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>r</span></a>o<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>m</span></a>a<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>n</span></a>a<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>g</span></a>e<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span> </span></a>h<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>o</span></a>s<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>p</span></a>i<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>t</span></a>a<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>l</span></a>s<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span> </span></a>o<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>n</span></a> <a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>a</span></a> <a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>d</span></a>a<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>i</span></a>l<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>y</span></a> <a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>b</span></a>a<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>s</span></a>i<a href="https://medconfidential.org/2017/fishing-in-the-national-data-lake/"><span>s</span></a>…) How would your experience of NHS care have been affected, had those cuts already taken place? </p> <p class="MsoNormal">Since its inception, reorganisation of the NHS has been an ongoing bureaucratic activity – with the expectation that the public and patients will continue to be passive observers. So, what if the public’s interest were to become an active ally to the Hippocratic Oath: do no harm? As STPs move forwards, whether you wish to be a passive observer of the NHS or not – based on your lived experience and that of your loved ones – is a decision only you can make, and talk about with others. </p> <p class="MsoNormal">If you don’t think your experience matters enough to speak up, who do you believe will speak up for you? </p> <p>&nbsp;</p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/your-medical-data-in-their-hands-concerns-mount-over-new-nhs-it-project">Your medical data in their hands - concerns mount over new NHS IT project</a> </div> <div class="field-item odd"> <a href="/ournhs/colin-leys/how-trustworthy-is-nhs-digital">How trustworthy is NHS Digital?</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> ourNHS digitaLiberties uk ourNHS Phil Booth Wed, 05 Jul 2017 08:31:38 +0000 Phil Booth 112099 at https://www.opendemocracy.net Care.data is dead - long live care.data? https://www.opendemocracy.net/ournhs/phil-booth/caredata-is-dead-long-live-caredata <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>Whilst the care.data 'brand' has collapsed, the widespread sharing of your data looks set to expand - and not just in health.</p> </div> </div> </div> <p class="MsoNormal"><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="//cdn.opendemocracy.net/files/imagecache/wysiwyg_imageupload_lightbox_preset/wysiwyg_imageupload/549093/big brother eyes_0.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="//cdn.opendemocracy.net/files/imagecache/article_xlarge/wysiwyg_imageupload/549093/big brother eyes_0.jpg" alt="" title="" width="400" height="300" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em>Image:&nbsp;<a href="http://www.flickr.com/photos/duncan/">Flickr/Duncan C</a></em></p><p class="MsoNormal">So care.data is dead. </p> <p class="MsoNormal">It was killed off – not because of ‘<a href="https://www.theguardian.com/commentisfree/2016/jul/07/better-nhs-killed-privacy-paranoia-care-data">privacy paranoia’ as Polly Toynbee put it in a recent Guardian article</a> – but because promises from politicians and some of those entrusted with patient data proved to be false.</p> <p class="MsoNormal">But while the toxic <em>brand</em> of care.data may have finally been laid to rest, the Government is pressing ahead with its ‘data-sharing’ plans. </p> <p class="MsoNormal">To understand what happens now to privacy and to the good research that needs to be done, let’s look at the record. </p> <p class="MsoNormal">It took over 2 years to even begin to respect patients’ wishes. There had been no proper planning for what might happen if people took up the offer to opt out. A level of presumption from those in charge towards public sentiment that seems all too familiar.</p> <p class="MsoNormal">We now know that <a href="http://www.hscic.gov.uk/catalogue/PUB20527"><span>about 1 in 45 patients across England opted out</span></a> of having their medical information sold on or shared. That’s a figure roughly equal to the margin of error in every opinion poll you’ve ever seen. Even the census, the gold standard for population data, misses data equivalent to twice as many people. </p> <p class="MsoNormal">Of greater concern to most public health researchers is not the opt-out numbers themselves, but the loss of trust in any health research, due to the government’s failure to guarantee the data from HSISC wouldn’t go to commercial sources who’d misuse them. We now have a situation where genuine health research is impeded even as commercial access to an ever wider pool of data is maintained.</p> <p class="MsoNormal"><span>As <a href="///C:/Users/User/Downloads/.%E2%80%9D%20%20http:/www.amrc.org.uk/news/amrc-statement-on-the-caldicott-review">the Association of Medical Research Charities says</a>:</span></p> <p class="MsoNormal"><span>“People need to feel that they can trust the system to handle their information with care and competence, and respect their wishes. If the public do not trust the system, they will be unwilling to share health information for medical research and this will seriously hinder progress on new treatments and cures of diseases such as cancer, dementia, rare conditions and many more.”</span></p> <p class="MsoNormal">Instead, the announcement that retired the care.data brand was neatly buried under the Chilcot report. </p> <p class="MsoNormal">At the same time, the Government released the Digital Economy Bill – which extends the spirit of care.data across the rest of Government. This is a bill that the Open Rights Group says “<span>is creating the data sharing powers to enable policies that have not been properly outlined or discussed</span>”.</p> <p class="MsoNormal">And at the same time, almost unnoticed, a long-delayed <a href="https://www.gov.uk/government/publications/review-of-data-security-consent-and-opt-outs"><span>review of data security, consent and opt-outs</span></a> in the health and care system was also published.</p> <p><span>The Review suggests removing your existing opt out for GP data going to the HSCIC (page 31). Information you share with only your GP, will be copied into the HSCIC against any wishes you have already expressed.</span></p><p><span>&nbsp;</span><span>But then </span><span>data about you will leave the HSCIC. </span><span>The review also suggests that the opt out covering the very same hospital data that caused so much consternation when it was shown to be sold on and shared – linked, individual-level medical event histories which 1.2 million people don’t want passed on – should simply not apply (page 34). &nbsp;</span></p> <p class="MsoNormal">Even people who are eager for their own data to be used can understand why someone at risk might make a different decision for themselves or their family. <span>"It seems the Department of Health is trying to have it both ways - tell patients one thing and commercial entities the other. </span></p> <p class="MsoNormal"><span>The last data release register from HSCIC contains continued release to commercial companies. One, Beacon consulting, on their homepage, advertise "we help our pharmaceutical clients solve difficult commercial problems". Their commercial access was renewed in the most recent HSCIC data release register.</span></p> <p class="MsoNormal">Those without an agenda see that promising one thing and then doing another will undermine, not rebuild, trust in handling of patient data. But such understanding seems entirely absent in these latest proposals and, yet again, critical planning for implementation will not begin until after the decision has been made.</p> <p class="MsoNormal">So Ms Toynbee can rest assured. The proposal in 2016 is to roll back to the <em>status quo</em>, as if Jeremy Hunt had never been Secretary of State: no meaningful opt opt, even more of your medical information passed on for purposes beyond your care – and, the sting in the tail, overstretched doctors expected to explain all this to patients and get blamed when Government once more changes the rules underneath them. Junior doctors will know what that feels like; anyone concerned with their privacy will soon know it too. But not because those in authority will tell them.</p> <p class="MsoNormal"><a href="https://consultations.dh.gov.uk/information/ndg-review-of-data-security-consent-and-opt-outs/consultation/subpage.2016-06-22.4165482086"><span>You can respond to the consultation online</span></a><span>.<span>&nbsp;</span></span></p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/ournhs/jane-fae/caredata-questions-mount-just-wholl-get-our-medical-data">Care.data questions mount - just who&#039;ll get our medical data?</a> </div> <div class="field-item even"> <a href="/ournhs/tamasin-cave/tim-telstra-and-tech-takeover-of-nhs">Tim, Telstra, and the tech takeover of the NHS</a> </div> <div class="field-item odd"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/your-medical-data-in-their-hands-concerns-mount-over-new-nhs-it-project">Your medical data in their hands - concerns mount over new NHS IT project</a> </div> <div class="field-item odd"> <a href="/ournhs/jane-fae/future-of-caredata-hangs-in-balance">The future of care.data hangs in the balance</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/sleepwalking-into-information-grab-by-private-health">Sleepwalking into an information grab by private health?</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> ourNHS ourNHS Phil Booth Fri, 19 Aug 2016 12:27:10 +0000 Phil Booth 104855 at https://www.opendemocracy.net Your medical data - on sale for a pound https://www.opendemocracy.net/ournhs/phil-booth/your-medical-data-on-sale-for-pound <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS.</p> </div> </div> </div> <p class="MsoNormal"><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="//cdn.opendemocracy.net/files/imagecache/wysiwyg_imageupload_lightbox_preset/wysiwyg_imageupload/549093/patient data.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="//cdn.opendemocracy.net/files/imagecache/article_large/wysiwyg_imageupload/549093/patient data.jpg" alt="" title="" width="400" height="300" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_large" style="" /></a> <span class='image_meta'></span></span><em>Picture: Flickr / Community Eye Health. Some rights reserved.</em></p><p class="MsoNormal">The government’s announcement <a href="http://www.pulsetoday.co.uk/your-practice/practice-topics/it/private-companies-set-for-access-to-patient-data-for-just-1/20003879.article#.UgS1RJKT6Ep">today </a>that private companies are to be given access to patient data for the princely sum of £1, is just the latest attack on the principles of patient confidentiality in the interests of commerce.</p><p class="MsoNormal">David Cameron signalled the intent back in 2011 when he announced that we are all to be <a href="http://www.bbc.co.uk/news/uk-16026827">research patients by default</a>. Behind the window-dressing of scientific progress, lies a determined new policy on ‘open data’ which is about using your data – including your medical records held by the NHS – in order “<a href="http://data.gov.uk/opendataconsultation/annex-1/economic-growth">to drive economic growth</a>”. Under the new regime, your sensitive health information will be taken directly from your GP’s record system and presumed available for a variety of “secondary uses” that go beyond research or your direct medical care. </p><p class="MsoNormal">To enable this, the NHS Constitution has been rewritten and fundamental assumptions such as medical confidentiality are being overturned. In private, officials admit the end state of all this is unclear, but the public language about what is happening to your confidential medical records is carefully chosen to obfuscate and pacify.</p><p class="MsoNormal"><strong>‘Anonymisation’</strong></p><p class="MsoNormal">One of the more misleading half-truths you will hear is that your data will be ‘anonymised’. Quite aside from the fact that NHS England applied for and has now been granted <a href="http://ehi.co.uk/news/EHI/8624/exemption-to-share-sus-data-granted">exemptions</a> by the Secretary of State to process and pass around patient data in identifiable form, the ‘anonymising’ of data to avoid the rules which would otherwise apply to personal data does not guarantee privacy. </p><p class="MsoNormal">Truly anonymous data cannot be linked or matched to particular individuals. It requires statistical techniques like removing small number counts, adding ‘noise’ or perturbing aggregate data – to minimise the chance that particular individuals can be identified. </p><p class="MsoNormal">The ‘anonymisation’ proposed for your medical information is nothing like this. What in fact will be done is <em>pseudonymisation</em> ­– substituting identifiers such as your NHS number with less identifiable numbers or removing obvious identifiers such as name or address.&nbsp; </p><p class="MsoNormal">This means - along with the cross-matching of data from different sources - means that it will not be hard to apply clever statistical techniques for private companies to obtain data on identifiable individual patients. There has even been a <a href="http://www.guardian.co.uk/technology/2013/may/17/private-firms-data-hospital-patients">suggestion</a> that the NHS would provide this service for companies itself, for a token fee. </p><p class="MsoNormal">Even if this doesn’t happen, a lifelong aggregation of episodes, diagnoses and prescriptions, even if not in themselves rare or unusual, provides a wealth of reference points. Filtered by age, gender or geographical area it is surprising how few of these are necessary to pinpoint an individual. The task is made even easier when data is made linkable to other information gathered in other contexts in a patient’s life. And that is exactly what will happen: ultimately, each person’s social care records will join with their health records in one single, central repository.&nbsp;&nbsp; </p><p class="MsoNormal">As the marketing industry and researchers know, the value of your data lies in being able to make matches; truly anonymous data that cannot be linked is nowhere near as useful or exploitable. </p><p class="MsoNormal"><strong>Consent</strong></p><p class="MsoNormal">Consent means giving your permission. In order to be valid, consent needs to be properly informed and freely given by a competent individual; patients need to know the intended use of their medical information and be able to choose to participate or not. </p><p class="MsoNormal">Most people would agree with the notion of ‘presumed consent’ in the context of their medical treatment. When going to a doctor or hospital, you expect that your information will be shared with other health professionals responsible for your direct care. But this “consent deal” – based in the trust people have in their doctors and the NHS – has been stretched to encompass a whole range of other uses, many of which are obscure or completely unknown to patients. </p><p class="MsoNormal">Dame Fiona Caldicott’s recent Information Governance <a href="http://www.lgcplus.com/news/caldicott-report-highlights-anxiety-and-disagreement-over-record-sharing/5057964.article">Review</a> refused to support the proposition that - because patients are presumed to trust their own doctor with their medical data - they should be presumed to trust commissioners, too. &nbsp;</p><p class="MsoNormal">Purposes such as medical research – for which most people are happy for their information to be used, so long as they are asked – are being conflated with uses such as patient-level tracking and monitoring, business planning and contract management. The drive to commodify medical records means the default is to make them accessible to more and more people less and less directly related to your medical care, constrained not by the professional duty of confidentiality that most patients presume but only by data protection compliance or contract terms and conditions. </p><p class="MsoNormal">The word ‘sharing’ has become a euphemism for the systematic extraction, processing and disclosure of vast amounts of deeply personal information. Taking something without consent is not&nbsp; sharing. Passing legislation to override doctors’ duty of confidence may make a practice lawful; however it does not legitimise it.&nbsp; </p><p class="MsoNormal">Explicit consent has been replaced by an assumed consent, with opt-outs about which minimal information is provided to patients<a name="_GoBack"></a>. This is not informed consent. Worse still, despite promises that patients who have already opted out will have their wishes respected, new initiatives such as care.data <a name="OLE_LINK1"></a> a <a href="http://www.pulsetoday.co.uk/your-practice/practice-topics/it/nhs-to-link-up-data-from-gp-records-and-secondary-care/20002260.article">monthly upload</a> of identifiable data from millions of patients’ GP-held records – mean that hundreds of thousands of people who have already acted to protect the confidentiality of their medical records will be forced to opt out all over again. Assuming, of course, they are even made aware of what is happening.</p><p class="MsoNormal">The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS, and it speaks to a deeper erosion of trust.&nbsp; If patients cannot trust that what they say to their doctor will be kept in confidence, some will withhold information – putting not only their own health but the public health at risk.</p><p class="MsoNormal"><strong><em>Like this piece? Please donate to OurNHS&nbsp;<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=T625S8Z4BN8DL" target="_blank">here&nbsp;</a>to help keep us producing the NHS stories that matter.&nbsp;Thank you.</em></strong></p><p>&nbsp;</p><p class="MsoNormal">&nbsp;</p><div class="field field-topics"> <div class="field-label">Topics:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Democracy and government </div> </div> </div> ourNHS uk ourNHS Democracy and government Big Data Technology and privacy Phil Booth Fri, 09 Aug 2013 12:30:51 +0000 Phil Booth 74649 at https://www.opendemocracy.net Phil Booth https://www.opendemocracy.net/author-profile/phil-booth <div class="field field-au-term"> <div class="field-label">Author:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil Booth </div> </div> </div> <div class="field field-au-firstname"> <div class="field-label">First name(s):&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil </div> </div> </div> <div class="field field-au-surname"> <div class="field-label">Surname:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Booth </div> </div> </div> <p><span>Phil Booth co-ordinates medConfidential - campaigning for medical data privacy. For more on how the changes will affect your medical records, visit medConfidential’s ongoing ‘<a href="http://medconfidential.org/whats-the-story/ ">masterclass</a>’ blog series.&nbsp;</span></p><div class="field field-au-shortbio"> <div class="field-label">One-Line Biography:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil Booth co-ordinates medConfidential - campaigning for medical data privacy. For more on how the changes will affect your medical records, visit medConfidential’s ongoing ‘masterclass’ blog series. </div> </div> </div> Phil Booth Fri, 26 Mar 2010 13:12:47 +0000 Phil Booth 51225 at https://www.opendemocracy.net We must stop Clause 152 https://www.opendemocracy.net/blog/ourkingdom-theme/phil-booth/2009/03/02/we-must-stop-clause-152 <p><em>Phil Booth of NO2ID responds to Anthony Barnett and Henry Porter&#39;s call for suggestions as to <a href="http://www.modernliberty.net/2009/henry-porters-and-anthony-barnetts-views-on-what-next">&#39;what next&#39; </a>in the wake of the Convention on Modern Liberty...  </em> </p> <p>Please write NOW to your MP - <a href="http://www.WritetoThem.com">http://www.WritetoThem.com</a> is a single<br /> click away - telling him or her that you *refuse your consent* to the<br /> arbitrary sharing of your information under any ‘Information Sharing<br /> Order’ and that you want him or her to vote to have Clause 152 of the<br /> Coroners and Justice Bill (currently being debated in Parliament)<br /> *completely removed* from the Bill.</p> <p>If you care about our fundamental rights and freedoms, the time to act is now - before we lose yet another one!</p> <p>For those who don’t have time to read Clause 152, it would enable<br /> any Minister by order to be able to take any information gathered for<br /> one purpose - across the public and private sector - and use it for any<br /> other purpose.</p> <p>All by itself, it is more dangerous than the entire Identity Cards<br /> Act - it literally provides the powers to build the Database State.</p> <p>Please write to your MP *now* - and tell everyone you know about Clause 152, and ask them to write to their MP too.</p> <p><a href="http://www.WritetoThem.com">http://www.WritetoThem.com</a> - “I refuse to consent, stop Clause 152″</p> <p>We CAN stop this. Over to you…</p> uk uk Phil Booth OurKingdom Mon, 02 Mar 2009 12:55:50 +0000 Phil Booth 47430 at https://www.opendemocracy.net Privacy: This is a 'Magna Carta moment' https://www.opendemocracy.net/blog/email/phil-booth/2008/11/28/a-magna-carta-moment-for-privacy-part-1 <p><strong>Phil Booth (London, <a href="http://www.no2id.net/">NO2ID</a>): </strong>At a conference in Manchester organised by the Information Commissioner twelve months ago, NO2ID raised a wry smile from delegates by handing out pairs of (blank) CDs marked &#39;HMRC&#39;. A year on, it is no joking matter that so little has been done by the government to address the systemic and policy failures - and internal culture - that led to the worst data breach in UK history.</p> <p>In fact, government data breaches are on the rise - a 77 per cent increase so far this year - and almost every branch of government is involved: the Home Office, MoD, NHS, DWP, HMRC again (repeatedly), the list goes on and on. Every week there is another story of more people&#39;s personal details being mislaid, citizens put at risk by a government that not only can&#39;t protect them but which doesn&#39;t seem particularly bothered to do so. The scale of the problem 12 months on is so great that the Information Commissioner himself has quipped that his office is being used like a confessional.</p> <p>This year&#39;s ICO conference, on &#39;Privacy Enhancing Technologies&#39;, may have looked like an event for Data Protection and IT geeks - it was anything but. Speakers included Sir Edmund Burton, the man who conducted the inquiry into the first major MoD breach to come to light, Dr Louise Bennett, chair of the British Computer Society&#39;s Security Forum Strategic Panel and &#39;Building Trust in eGovernment Working Party&#39;, and Dr Steve Marsh who works at the Cabinet Office, the author of the government&#39;s National Information Assurance Strategy published in 2003 (yes, 2003), whose wise words have tragically fallen on deaf ears.</p> <p>Hearing these people speak it was impossible to conclude that the government&#39;s failure is anything other than wilful. It&#39;s lack of appropriate action cannot be excused. In pursuing strategies such as &#39;Transformational Government&#39; it is actively ignoring the advice of people who clearly know what they are talking about, and is breaking fundamental principles in pursuit of a bureaucratic/technocratic fantasy.</p> <p>Most striking were the consistent themes emerging from their presentations:the problem is imminent and serious; rapid, effective action is required;the solution is not just about IT, it is about people, processes and culture change; people at every level must be aware of the risks, must accept responsibility and actively seek solutions; protecting personal information, valuing and preserving privacy and confidentiality (both essential to trust) should be &quot;HOW you do what you do&quot;, not a bolt-on additional task.</p> <p>And it is imperative that privacy, information security and data protection (and they are NOT the same thing) must be taken seriously at Board level in every organisation - private and public - for unless the people at the top take responsibility and are accountable, how can the necessary culture change take place? As Sir Edmund and others said, this is essentially a leadership issue.</p> <p>But what sort of leadership is demonstrated by a Prime Minister who says &#39;we can&#39;t promise to keep your information safe&#39;? Who abrogates responsibility for a bankrupt policy (rampant accumulation and &#39;sharing&#39; of personal data), while continuing to pursue an agenda of state identity control (&#39;ID cards&#39;), mass surveillance (Communications Data database) and centralisation ofsensitive personal records for mere administrative convenience (NHS Care Records and &#39;Secondary Uses Service&#39; (SUS), ContactPoint, and literally dozens of other initiatives)?</p> <p>As NO2ID has said: if you can&#39;t protect it, don&#39;t collect it.</p> <p>The arrogance to even try to shift all the blame onto human or technical error is staggering. The imperious attitude that says, in essence, &#39;we, your masters, shall be the arbiters of trust&#39; is chilling. The fear-driven control freakery intent on fingerprinting and tracking every person in the country throughout their entire lives &#39;just in case&#39; is government out of control.</p> <p>Literary or recent historical allusions are no longer sufficient. It is cliché to say &#39;the Nanny State&#39; has tipped over into &#39;Big Brother&#39; when more young people cast votes in a TV show of that name than turn out in a general election. Comparing our leaders to tyrants is ineffective - these people are not genocidal, their particular dangerousness lies in the fact that they think &#39;we are the good people&#39; while ignoring or suppressing the negative consequences of their actions.</p> <p>No wonder that Sir Edmund Burton, when I asked him a question, thoughtfully replied that this was &quot;a Magna Carta moment&quot;. It is.</p> uk uk Database State Phil Booth OurKingdom email Fri, 28 Nov 2008 13:33:46 +0000 Phil Booth 46897 at https://www.opendemocracy.net The stalker state https://www.opendemocracy.net/blog/ourkingdom-theme/phil-booth/2008/10/21/the-stalker-state <strong>Phil Booth (London, <a href="http://www.no2id.net/">NO2ID</a>):</strong> The mainstream media has finally woken up to the dangers of the government&#39;s proposed Communications Data database – the detail of which openDemocracy <a href="/blog/ourkingdom-theme/phil-booth/2008/08/25/the-secret-silo-for-your-familys-data">published back in August</a>.<br /> <br /> As National Coordinator of NO2ID I suppose I should be grateful for small mercies. But this hardly includes the thin sugar-coating on the Home Secretary&#39;s speech last week when she described her promised &#39;consultation&#39; on the Communications Data Bill. Hers was a transparent attempt to misdirect the argument. <br /> <br /> The government says it won&#39;t be storing the <u>content</u> of your telephone or internet use, as if that makes it all right. It is however proposing to record – for life – the details of everyone you call or write to and what websites you visit.<br /> <br /> Do you want the State (which in the UK means a large and growing number who can gain access to its systems) to have a record of your religious and political interests, your sexual curiosities, your financial and medical worries, your wider (or narrower) concerns and your special relationships; not to mention a trace of what it reckons ‘you’ have done on your computer even when it is done by someone else? You don’t?<!--break--><br /> <br /> But Jacqui Smith says they are only keeping this information &quot;just in case&quot; it ever become of interest to the authorities.<br /> <br /> Were an individual to spy on you like this, it would be called stalking. Which is a crime. It is not a defence for a stalker to claim, “I was only following her in case she fell over”. The action of continuous snooping is itself recognised in law as a wrongdoing. <br /> <br /> Now <a href="http://www.timesonline.co.uk/tol/news/politics/article4969312.ece">we hear</a> that the government is considering compulsory registration of all mobile phones. Clearly, this is motivated by the same desire to monitor all communications data in yet a further extension of the stalker state.<br /> <br /> Sometimes, quite often in fact, the government comes up with ideas that are not just very expensive and inefficient and – as with stalking – plain wrong. In addition there are times when it is hard to imagine anything more designed to make matters worse. <br /> <br /> This is a classic example. Registering ownership of a mobile phone with your passport would work only on the compliant. Organised criminals (and terrorists) would have a neat range of options open to them: they could use stolen phones, or buy phones second hand in private deals; they could re-programme the International Mobile Equipment Identifier (IMEI) of the mobile phone handset, and maybe sell such a service to others; they could forge or steal the ID required to buy the phones; bully or deceive others into buying a phone for them (or even just swap phones); use a foreign phone, clone phones or corrupt the supply chain.<br /> <br /> Compulsory registration not only won&#39;t seriously hinder criminals, it may actually assist them and will certainly create a profitable ‘secondary’ market in sub-prime, sliced up fraud. <br /> <br /> Fraud is already enough of a problem with dodgy mobile phone shops or crooked employees getting access to your credit card or bank details, without any need to make it worse. But worse it will become if as now proposed the government forces you to hand over your passport or ID card when you acquire a new blower. Such a law will only fuel more copying, cloning and trafficking in personal data. Fraudsters and organised criminals will be rubbing their hands with glee.<br /> <br /> But, however much it may not work in defending us from crime, terrorism and identity-theft, the problem with arguing against these measures in this way is that it accepts the premise and appears to accept that they are being put forward in good faith. It is a bit like arguing against torture on the grounds that it produces bad information. <br /> <br /> The government’s desire to track and record all digital traces of our lives is an assault on liberty. It is a basic right – yes, a human right – to be free to call whoever you choose, to read, write and watch what you want in your browser without the State keeping tabs on you, and your friends and your connections. <br /> <br /> The government is attacking our right to remain a <u>private</u> citizen. <br /> <br /> Ah, but &#39;if you have nothing to hide, you have nothing to fear&#39; comes the tired refrain…<br /> <br /> Wrong. Dead wrong. Privacy is necessary, many secrets are good.<br /> <br /> Let&#39;s just take a few examples – such as high-level negotiations in either the private or public sectors. Under the proposed system of blanket surveillance, the government of the day may always gain an advantage in, say, pay negotiations or industrial disputes when it can easily identify which union leaders and officials are talking to each other away from the table. The content of the call or e-mail is never the only useful information. In many situations, simply knowing who is talking to who can provide the upper hand.<br /> <br /> And what sort of deterrent to commercial investment in the UK will it be when directors realise that the British state apparatus is monitoring who they and their employees are calling, and when? Or will <u>their</u> communications be given a cosy exemption when the government belatedly wakes up to the fact that trampling on commercial confidentiality is bad for business. <br /> <br /> And for campaigners like me and my colleagues, fighting against this or any future government? Or investigative journalists rooting out corruption within an establishment which will, of course, have back door access? Or a whole host of others whose safety depends on anonymity - are we to be forced into criminality in order to protect our sources and contacts, ourselves and our loved ones?<br /> <br /> You don&#39;t have to agree with everything I&#39;ve said. I certainly hope it won&#39;t come true. But it could, if you simply put up with what the stalker state is trying to do.<br /> <br /> Please <a href="http://www.writetothem.com/">write NOW to your MP</a> expressing your disgust at this government&#39;s move towards spying on its people continually, and ask what he or she intends to do about it. (N.B. Please write in your own words - it is <u>much</u> more effective.) uk uk Database State Phil Booth OurKingdom Tue, 21 Oct 2008 11:49:17 +0000 Phil Booth 46552 at https://www.opendemocracy.net The secret silo for your family's data https://www.opendemocracy.net/blog/ourkingdom-theme/phil-booth/2008/08/25/the-secret-silo-for-your-familys-data <p><em>Those who question the &#39;database state&#39; are often <a href="http://www.guardian.co.uk/commentisfree/2007/dec/14/pollytoynbee">accused of alarmism</a>. But what if we were to report that a recent series of announcements show that the government is already spending millions on a vast database that will retain digital copies of all variety of tracking and information about the whole population, our phone calls, bank accounts, commercial records as well as personal ones, and that it is creating the authority and powers which allow it to do this by hiding behind EU regulations which it has inspired, to impliment them without a parliamentary debate? Now read on:</em> </p> <p><strong>Phil Booth (London, <a href="http://www.no2id.net/">NO2ID</a>): </strong>Back when Charles Clarke was Home Secretary, not long after the London tube bombings, he pushed EU justice ministers to massively increase communications data retention powers. Terrorism was, of course, at the forefront of everyone&#39;s minds - and frequently referred to by Mr Clarke in his championing of mass surveillance. Other countries such as Germany did not see the need for such wholesale interception of personal phone, text, e-mail and internet usage data. They were overruled.</p> <p>Two years later, this turns out to have been a classic of policy laundering. The EU Data Retention Directive <a href="http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML">(EUDRD) 2006 /24 /EC</a> provides powers to retain communications data, powers which the Home Office intends to take to the limit. Germany, which resisted the exercise, will probably take the minimum 6 months&#39; retention; the UK is taking 4 times as long.</p> <p>Yet again the Home Office refers to terrorism as a prime motivation for the creation of these powers, but the way the information will actually be accessed is through the Regulation of Investigatory Powers Act (RIPA). As we now know, this means it will be made available to the hundreds of official bodies, including those well-known counter-terrorist agencies, our local councils - responsible for half-a-million surveillance applications last year alone.</p> <p>(Don&#39;t forget that the so-called watchdog in this area, the Interception of Communications Commissioner, just recently went on record saying that local authorities are not using their <a href="http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act">RIPA powers</a> enough. He literally called for MORE snooping! The lunatics really are running the asylum.)</p> <p>Since this will be enacted as a Statutory Instrument enforcing an EU Directive, it is unlikely even to be debated in Parliament and, of course, it cannot be amended by our elected representatives. Perhaps this is why the &quot;consultation&quot; is taking place while they are on holiday. Are MPs being treated with contempt because they simply don&#39;t matter? </p> <p>N.B. It should be noted that bugging and tracking genuine suspects in real ongoing investigations is unaffected. What is being developed  is mass-surveillance for the retrospective convenience of officialdom in general: keeping records of everything that <em>might</em> be convenient to know about you and me. &quot;Just in case&quot;, is the justification.</p> <p>At the same time the government continues to plan the building of a massive central silo in which to store all this retained communications data. And, of course, once it&#39;s in the silo (not held by ISPs and phone companies) it may well stay there indefinitely or for as long as they damn well please.</p> <p>Payment for this marvellous snooping toy falls under the Interception Modernisation Programme (IMP), i.e. it&#39;s black money - part of the spooks&#39; undisclosed funding. The Home Office has refused to answer parliamentary questions on the budget, citing national security concerns, but a <a href="http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/">recent article</a> in The Register suggests that a senior official has already been appointed to run the project and that a nine figure sum has been committed, before the thing is even official policy.</p> <p>And this is where things start to join up. In May, Gordon Brown said the Communications Data Bill - which everyone expects to include this central database - would be laid before the Commons prior to the Parliamentary recess. It wasn&#39;t. Now the powers in the EU Data Retention Directive will be forced onto the statute books as a Statutory Instrument, to populate a database already being built with spook cash beyond sight of Parliament. </p> <p>Do you smell something rotten? Even the Information Commissioner thinks this stinks - and he can be a bit of a wet fish himself. But one source of complaint may be stilled. Companies have protested at the prospect of having to keep masses of data and then service the new directive. Hey presto! Here&#39;s a lovely new database to take the burden off big business and put it back on the very people who are being surveilled. Isn&#39;t it wonderful being a taxpayer?</p> <p>The Home Office has the gall to claim that this is all compliant with the Human Rights Act and represents a &quot;proportionate interference with individuals&#39; right to privacy&quot;. Proportionate, my foot! The problem is that - yet again - the Government is playing incrementalism on duration. This time it&#39;s 24 months data retention, instead of twelve. 42 days for your physical body, how long for your digital one?</p> <p>And, of course, as with the deterntion of the innocent without charge, the basic principle is being utterly ignored. They are proposing to abuse the privacy of tens of millions of innocent, law-abiding people by storing and searching their personal connections and communications. You, your partner, your kids, your parents. And the practical reality will be that this new system provides anyone who has access, direct or indirect, with unprecedented powers - cross-referencing and triangulation, profiling and sorting, fishing trips galore. The potential for abuse, misuse and mistakes (leading to miscarriages of justice, or worse) is simply terrifying.</p> uk uk Security Phil Booth OurKingdom Tue, 26 Aug 2008 01:42:25 +0000 Phil Booth 45992 at https://www.opendemocracy.net