You couldn’t make it up.

According to Pulse magazine,

“a substantial number of GPs are so uneasy about NHS England’s plans to share patient data that they intend to opt their own records out of the care.data scheme.”

“The survey of nearly 400 GP respondents conducted this week found the profession split over whether to support the care.data scheme, with 41% saying they intend to opt-out, 43% saying they would not opt-out and 16% undecided.”

Simon Enright, Director of Communications for NHS England, tweeted to indicate methodological issues with concluding too much from this ‘snapshot survey':

@legalaware disappointing that Pulse did self-selecting sample with potential question bias in survey.

— simonenright (@simonenright) January 26, 2014

 

And of course Simon Enright is right.  But one has to wonder how much GPs themselves have been informed about the debate about data sharing concerns. GPs are trained to explore, and in fact examined on exploring, the ‘beliefs, concerns and expectations’ of their patients; so it would be unbelievable to assume that no one had had this particular conversation with a patient.

GPs tend to be a very knowledgeable and versatile group of medical professionals, and indeed many have an active interest in public health.

But here there’s been another problem at play? All of the patients who I know, because of the known issues in waiting for an appointment to see their GP for ‘routine matters’, have decided to opt-out by simply dropping in to sign a form with the receptionist. But that sample could even be more unreliable than the Pulse survey.

For all of the huge budget that’s set aside for NHS England’s interminable activities on patient engagement in the social media and beyond, you’d have thought a spend on explaining data sharing would’ve been money well spent?

Views on an individual’s right to ‘opt out’, described in a previous blogpost of mine, vary.

There are many good arguments for proposing the sharing of care data, but the lack of willingness of industry, primary care or public health to discuss openly how data sharing might be necessary and proportionate, under the legal doctrine of proportionality, is utterly bewildering.

What has resulted is an almighty mess.

In as much as there is a ‘root cause’ of this problem, an unwillingness to make the arguments for data sharing with the general public is a good candidate.

Julie Hotchkiss, a public health physician, has for example written to Tim Kelsey about the matter today.

Dear Mr Kelsey

re:Care.data

I think there is so much to be gained by collation of personal health data – for epidemiological observation (prevalence, time trends, variation), allowing data-linkage enjoyed by other countries such as Sweden, to aid commissioning of health services as well as, of course, for direct patient care. For all these reasons I support in principle the care.data initiative. However I have grave concerns about how the data might be used. I am aware that many, many people share these concerns, and many of these have been expressed in the press in recent weeks. Many of my colleagues (long term NHS employees) are saying they will opt out. There are a number of senior voices in the Public Health world who are urging people to opt out.

NHS England is in a unique place to be able to address these concerns – but in many ways the horse has bolted, and I fear we may never get it back in the stable. PLEASE now put your energies and resources into a full and frank consultation, including IT experts, medical colleges, academia and for goodness sake – the general public! The fact that no such awareness raising and consultation has taken place makes people suspicious. They already don’t blindly trust the NHS / government anymore. So if you want to get health professionals and academics behind you in order to have a greater number of voices advocating for care.data please address the following concerns – in a published document- as soon as possible.

• definitive ownership of the data
• responsibility for data quality
• assurance (ideally in legislation) that ownership or data management will remain with a governmental agency and not be out-sourced
• will the HSC IC own the data, and allow access through a form of brokerage (allowing specific views/queries) or access to the full data set)?
• detailed Information Governance arrangements, e.g. requirements for Section 251 approval?
• what Research Governance / Ethical approval arrangements are being put in place?
• what will organisations have to pay,? and if so is this a handling fee or will they get ownership of the data?
• criteria for granting access to data and legally binding restrictions on usage of the data
• exactly to what extent will records be identifiable (for instance the long-established practice at ONS of suppressing cells with fewer than 5 individuals from disclosure)

Although I expect a response, more than this I expect published documents to detail all these issues. I’m sure there are many other details specialists in health research, Information Governance, medico-legal matters and civil libertarians would require in order to be assured that this was something in which they could participate.

Kind regards

Julie Hotchkiss, Fellow of the Faculty of Public Health

Another question for Tim Kelsey may be, potentially, whether the data from care.data will be processed according to the National Statistics Code of Practice.

It is somewhat unclear why the public health community have not had themselves a discussion with the general public, despite some advocates of this community now complaining very loudly about the presentation of ideas leading to the ‘opt out campaign’.

But they will need to confront the stench of public mistrust aimed at various politicians. Examples of events leading to this profound distrust include the NSA/Snowden affair, and relevations at GCHQ.

The corporate capture in some areas of public health is not a topic which public health physicians have wished to talk about. However, these authors somehow managed to sneak an excellent discussion of the phenomenon here in the British Medical Journal.

There have been calls for much tighter regulation of “data brokers”, as corporates wish to rent-seek this plethora of data. What always appeared to have been lacking was an “intelligent debate” with the general public about data sharing. Nonetheless, the social media, for example “Open democracy: our NHS” websites, have for a very long time been publishing relevant articles on this subject.

There was also the small issue of how the £3bn implementation of the Health and Social Care Act (2012) came into being,  which led to a turbo-boost of the outsourcing and privatisation of the NHS. Members of the academic public health community were slow on the uptake there too – some would say “completely asleep on the job”, perhaps not as far as their own research interests are concerned, but on the specific issue of potential violation of valid consent for individuals.

And guess what the Health and Social Care Act (2012) also contains a legal ‘booby trap’, which many did not see fit merited discussion with the general public.

Section 251 of the NHS Act 2006 (originally enacted under Section 60 of the Health and Social Care Act 2001), allows the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. For example a research study may require access to patient identifiable data to allow linkages between different datasets where the cohort is too large for consent.

This would require time limited access to identifiable information where gaining consent from a large retrospective cohort would not be feasible and would require more identifiable data than would be necessary for linkage purposes. However, section 10 of the Data Protection Act (1988) currently allows a right for an individual to prevent damage or distress by data processing.

This is indeed conveniently “triggered” by section 259(10) of the Health and Social Care Act (2010), i.e. “[the provision] is subject to any express restriction on disclosure imposed by or under another Act (other than any restriction which allows disclosure if authorised by or under an Act”:

The trust is further eroded through the loss of data from government agencies, coherently tabulated on this Wikipedia page.

Proponents of democratic socialism have long argued that citizens often are not able to buy influence through competing with large corporates, but can legitimately exert influence through the ballot box.

There is also no doubt that people are talking at cross-purposes. There is a bona fide case for disease registries and surveillance, for example. However, the problems of an individual’s data being shared with lack of informed valid consent in the name of population presumed consent do need to be addressed ethically at least.

Public health physicians who would like to see the law applied to promote public health and research overall cannot condone profiteering from personal data abuses. Tim Kelsey has always been adamant that the English law is strong enough to cope with such threats. The scenario has mooted before of private insurance companies being able to abort insurance contracts (rescission) from data disclosed to them, on the grounds of misrepresentation or non-disclosure, but the position of the NHS England has always been to present such scenarios as far-fetched.

However, the issues appear to have been intelligently debated at European level. The draft “EU General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (the EU Regulation), was published in 25 January 2012, and has been debated in the European Parliament for most of the time since then.

Under “Albrecht’s proposals“, health data should generally only be able to be processed for the purposes of historical, statistical or scientific research where individuals have consented to such processing. It would be legitimate for processing in the context of research to take place without consent only where: (a) the research would serve an “exceptionally high public interest”; (b) the research involves anonymous data from which individuals could not be re-identified; and (c) the regulators have given their prior approval. Consent, however, is to follow the stricter interpretation, requiring explicit, freely given, specific and informed consent obtained through a statement or “clear affirmative action”. There is, however, legitimate concerns that these proposals might damage the interests of both corporate and public health communities.

It looks very much like chaos has set in since 2010 in running the NHS. Any party can do better than this.

This is of course an almighty mess, and it is hard to know how the whole thing could have been approached better. A plethora of issues have converged seemingly at once, and there is a possibility a ‘big opt out’ would still deliver a result without the matters having been properly discussed. If you think this is bad, consider what would happen in a national discussion of the terms of our membership of the European Union?

 

 

by @legalaware