Home » Posts tagged 'confidentiality'
Tag Archives: confidentiality
The presentation may be awful, but sharing of information can be very useful for clinical decision making
Whenever I hear of somebody refer to ‘Big Data’ and the NHS, it’s an immediate ‘facepalm’.
When I saw a blogpost shared by a Twitter pal shared yesterday, a blogpost written by Sir Jeremy Heywood, my first instinct was completely to ignore it.
I am, though, mindful of the Civil Service’s prolonged campaign to measure wellbeing; this first came across my RADAR from Lord O’Donnell.
I have a disclaimer to make: I am not a corporate shill.
Having done certain training, I am aware of the hard sell of ‘Big Data’ as the next big thing by the multi-national corporates. “Big data” seem to have been given a somewhat pedestal status, like 3-D printers.
We are often told how intelligent technology rather than being a costly burden to the NHS could bring great benefits and outcomes for the NHS.
Undoubtedly, a lot of democratic deficit damage was done by the Health and Social Care Act (2012). At close to 500 pages, it was very easy to say it was too incomprehensible to be analysed. I always felt the Act, for anyone trained in commercial and corporate law, was in fact relatively straightforward.
The Health and Social Care Act (2012), often called “the Lansley Act”, has three essential prongs of attack: one to introduce a competitive market through legislation for a heavy penalty for non-one-commissioning not going out to tender, a beefed up regulator for the market (Monitor), and some detail about insolvency regimens (but not all).
In this, it was completely consistent with work by Carol Propper; and other noises from ‘independent think tanks’, such as the King’s Fund.
However, the acceleration of this Act through parliament by two parties which are extremely sympathetic to the free movement of multinational capital has done long-lasting damage.
I think there are problems with having data so transparent. When I did my Masters of Law practice-focused dissertation in cloud computing law, I unearthed a huge literature on data security and data confidentiality/sharing.
When I later did my pre-solicitor training, I discovered the regulatory requirements on the balance between confidentiality and disclosure to be complicated.
When I later came to revise ‘Duties of a Doctor’ (2013), the General Medical Council’s code of conduct, I found there to be equally onerous considerations.
I am aware of the problems in my own field of work; about concerns that NHS patients will be scared from going to see their GP for fear of being diagnosed, incorrectly, with ‘incipient dementia’ because of a GP’s practice wanting to meet a financial target.
Or a junior Doctor not wishing to share his alcoholism with his own Doctor, for fear that this information will end up with the clinical regulator, with a super-un-sympathetic sanction. This is a subject close to my heart, as you will well know.
Indeed, if you’ve been following me on Twitter, you’ll know that a year after erasure by the GMC (in 2006 to be endorsed by the High Court in 2007), I spent a year sitting in a pub with no family or job. I later was then admitted to the Royal Free Hospital having had a cardiac arrest and epileptic seizure, then to spend six weeks in a coma.
I am now knowledgeable about what both the legal and medical regulators expect me to do, as I am regulated by them.
The next Government will be wishing to implement ‘whole person care’. While I think some of Jeremy Heywood’s claims are a tad hyperbolic (for example saying unleashing data will lead to wellbeing improvements), and while I don’t feel he currently ‘owns’ the data (the data are confidential property of the people who provide the data), there are clinically-driven merits to information sharing.
From now on, I will avoid the word ‘data’ and use the word ‘information’. But ‘information’ does not necessarily mean ‘knowledge'; and it certainly doesn’t necessarily mean ‘wisdom’.
One scenario is somebody prescribed Viagra for erectile dysfunction in the morning. He then has sex with his partner in early evening, and has Angina. He has longstanding ischaemic heart disease, and then takes his GTN spray. His blood pressure then goes through the floor, and he collapses. He then is blue lighted into his local emergency room.
Do not take this anecdote as ‘medical advice’ or any such like where I could get into regulatory trouble please.
Viagra is a class of drug which can interact with the GTN spray to send blood pressure through the floor. If this information were known to an admitting Doctor in the emergency room, this would be useful.
I can come up with countless examples.
A lady from a care home turns up in hospital at 4am. An admitting Doctor wishes to prescribe a heavy-duty blood pressure lowering drug, but notes she has had a series of falls. This is found out by looking at her electronic medical record. She indeed has a history of osteoporosis; weak bones could mean that she might fracture a bone if she had another fall.
But I could come up with countless examples. And I won’t.
I am not a corporate shill. I understand completely the concerns about the loopholes in current legislation meaning that ‘big data’ could go walkies to drug companies, though this is vehemently denied.
I am also aware of ‘cloud failures’ – the Playstation one for some reason springs to my mind.
That’s another reason to keep an eye on ‘My NHS’.
But we do need, I feel, to take a deep breath and to discuss this calmly.
Dr Neil Bhatia’s #CareData flow chart
This is Dr Neil Bhatia on Twitter here, @docneilb.
Feel free to contact him over opting out from #CareData.
Here Phil Booth (@MedConfidential) campaigner battling against erosion of valid consent, so essential plank for the medical profession, and Tim Kelsey (@TKelsey1), a guru in big data for the NHS, battle it out.
Flow chart
Are we actually promoting the NHS ‘choice and control’ with the current caredata arrangements?
In the latest ‘Political Party’ podcast by Matt Forde, an audience member suggests to Stella Creasy MP that wearing a burkha is oppressive and should not be condoned in progressive politics. Stella argued the case that she can see little more progressive than allowing a person to wear what he or she wants.
The motives for why people might wish to ‘opt out’ are varied, but dominant amongst them is a general rejection of commercial companies profiteering about medical data without strict consent. This is not a flippant argument, and even Prof Brian Jarman has indicated to me that he prefers a ‘opt in’ system:
Patients are not fully informed about how their information will be used. For such confidential data they should have to opt in @legalaware
— BrianJarman (@Jarmann) January 28, 2014
If people are properly told the pros and cons they can decide if they want to accept the cons, for the sake of the pros @sib313 @legalaware
— BrianJarman (@Jarmann) January 27, 2014
There are potential benefits, but also risks and if the risks happen they’re irreversible. Hence it’s safer to have opt-in. @legalaware
— BrianJarman (@Jarmann) January 27, 2014
Opting out can be argued as not being overtly political, though – it is protecting your medical confidentiality. People may (also) have political reasons for doing this, but the choice is fundamentally one about your right to a private family life. The government (SoS) has accepted this, and that is why it is your NHS Constitution-al right to opt out – you don’t have to justify it and if you instruct your GP to do it for you, she must.
It’s argued fairly reliably that section 251 of the NHS Act 2006 maps exactly onto Section 60 of the Health and Social Care Act 2001. Section 60 was implemented the following year under Statutory Instrument 2002/1438 The Health Service (Control of Patient Information) Regulations 2002. It is argued that the Health and Social Care Act 2012 did not modify or repeal those provisions of the HSC Act 2001 or the NHS Act 2006, nor did it modify or repeal any related provision of the Data Protection Act 1998. SI 2002/1438 remains in force. However, noteworthy incidents did occur under this prior legislation, see for example this:
Whatever motive you have for arguing against care.data, whether the whole principle of it, the HSCA removing any requirement for consent, the fact that it is identifiable data being uploaded from GP records (i.e. not anonymised or pseudonymised), or that the data will be made available, under section 251, for both research and non-research purposes, to organisations outside of the NHS, etc, the matter remains that the is no control over your data unless you opt-out.
Proponents of the ‘opt out’ therefore propose their two lines of action: either prevent your identifiable data being uploaded (9Nu0) and so effect a block on the release of linked anonymised or pseudonymised (potentially identifiable) data, which otherwise you cannot prevent or control; or block all section 251 releases (9Nu4), whether or not you apply the 9Nu0 code.
The point is, they argue, that you – the patient – cannot pick and choose, when, to whom, or for what purposes your data will be released. You cannot prohibit your data from being released for purposes other than research, or to organisations out with the NHS. This is completely at odds to the ‘choice and control’ agenda so massively advanced in the rest of the NHS. While it has been argued that the arguments against commercial exploitation of these data should have been made clearer beforehand, it’s possibly a case ‘I know we’re going there, but I wouldn’t start from here.’
Compelling arguments have been presented for the collection of population data. It’s argued wee need population data to do prevention and to monitor equity of access and use. It’s an open secret that the current Government is continuing along the track of privatising the NHS; arguably making it all the more important to have good data so we know what is happening. Having more of this data at all starting in the private sector, under this line of argument, is much less transparent, as it’s hidden from freedom of information from the start.
It’s, however, been argued that “the route to data access” has in fact changed. Under Health and Social Care Act (2012), it was intended that either the Secretary of State (SoS) or NHS England (NHSE) could direct HSCIC to make a new database, and – if directed by SoS or NHSE – HSCIC can require GPs (or other care service providers) to upload the data they hold. care.data represents the single largest grab of GP-held patient data in the history of the NHS; the creation of a centralised repository of patient data that has until now (except in specific circumstances, for specific purposes) been under the data controllership of the people with the most direct and continuous trusted relationship with patients. Their GP.
HSCIC is an Executive Non Departmental Public Body (ENDPB) set up under HSCA 2012 in April 2013. NHS England, the re-named NHS Commissioning Board, was established on 1 October 2012 as an executive non-departmental public body under HSCA 2012. Therefore, to suggest that the government has ‘little control’ over these arm’s-length bodies is being somewhat flimsy in argument – they were both established and mandated to implement government strategy and re-structure the NHS. There are also problems with the “greater good” argument; being paternalistic, the opposition to caredata spread bears similarity to the successful opposition to ID cards. This argument presumes that patients will benefit individually, when – and it ignores the fact that it is neither necessary or proportionate –and may be unlawful under HRA/ECHR – to take a person’s most sensitive and private information without (a) asking their permission first, and (b) telling them what it will be used for, and by who. Nobody is above the law, critically.
The fact is that the data gathered may increment the data available to research but that in its current form, care.data may actually not be that useful – it includes no historical data, for starters. And all this of course ignores the fact that care.data (and the CES that is derived from linking it to HES, etc.) will be used for things other than research, by people and companies other than researchers. That is the linchpin of the criticism. Finally, the Care Bill 2013-14 – just about to leave Committee in the Commons – will amend Section 251, moving responsibility for confidentiality from a Minister (tweets by Ben Goldacre here and here).
Anyway, the implementation of this has been completely chaotic, as I described briefly here on this Socialist Health Association blog. What now happens is anyone’s guess.
The author should like to thank Prof Ross Anderson, Chair of Security Engineering at the Computer Laboratory of the University of Cambridge, Phil Booth and Dr Neil Bhatia for help with this article.
The EU Data Protection Regulation: dual challenges for proportionality in primary care and for research
According to today’s Health Services Journal, the new Caldicott Review will recommend a new duty of sharing of medical data where it is in the patients’ best interests:
“The Caldicott review into information governance in health and social care is likely to recommend a new duty to share information between agencies where it is in a patient’s best interests. In an exclusive interview with HSJ Dame Fiona Caldicott, who has been leading the review for the past year, said the six information governance principles she formulated in 1997 were still relevant today. Her previous review led to the introduction of “Caldicott guardians” responsible for data security in each organisation. However, she said her current review would propose two modifications to the rules. “We’ve suggested a new principle which is about the duty to share information in the interests of the patients’ and clients’ care,” Dame Fiona said. The move would balance a tendency towards caution over sensitive information, even where sharing it between health or care providers could lead to better care, she said.”
Sir David Nicholson yesterday conceded that he found it odd that he could be sitting around a board meeting table, and the Chief Nursing Officer of a particular trust would be regulated by his or her regulatory body, the Chief Medical Officer would be regulated likewise by his or her regulatory body, but the manager would not be professionally regulated by any body. However, as a mechanism of last resort perhaps, nobody is above the law. As described here, on 25 January 2012, the Commission published its proposal for a new ‘General Data Protection Regulation’. The proposed Regulation promises greater harmonisation – but at the price of a significantly harsher regime, requiring more action by organisations and with tough penalties of up to 2% of worldwide turnover for the most serious data protection breaches. The draft Regulation is even longer than the current Directive (95/46/EC), running to 118 pages and 139 Recitals. The draft is to be finalised by 2014 and is planned to enter into force a further 2 years after that finalised text is published in the Official Journal. This Regulation is to have powerful effects on domestic policy regarding medical data sharing for research and for medical care. Whilst the legal doctrine of proportionality governs both policy issues, they have the potential to cause unhelpful confusion.
The European doctrine of proportionality means that, ‘an official measure must not have any greater effect on private interests than is necessary for the attainment of its objective’:Konninlijke Scholton-Honig v Hoofproduktchap voor Akkerbouwprodukten [1978] ECR 1991, 2003. Exactly how the courts should approach issues of proportionality was discussed by Lord Steyn in the case of R (Daly) v SSHD [2001] 2 WLR 1622, in which he said at paragraph 27: “The contours of the principle of proportionality are familiar. In de akeitas v Permanent Secretary of Ministry of Agriculture, Fisheries, Lands and Housing [1999] 1 AC 69 the Privy Council adopted a three-stage test. Lord Clyde observed, at p 80, that in determining whether a limitation (by an act, rule or decision) is arbitrary or excessive the court should ask itself: “whether: (i) the legislative objective is sufficiently important to justify limiting a fundamental right; (ii) the measures designed to meet the legislative objective are rationally connected to it; and (iii) the means used to impair the right or freedom are no more than is necessary to accomplish the objective.”
The response by the European Public Health Association to the report by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs report on the proposal for a General DataProtection Regulation (2012/0011(COD)) sets out the formidable nature of this challenge.
“The European Public Health Association, representing 41 national public health associations with over 14,000 members, welcomes the proposal by the European Commission to propose a Data Protection Regulation (2012/0011(COD) that seeks to create a proportionate mechanism for protecting privacy, while enabling health research to continue. In particular, the clarity provided by these proposals will make it possible for high quality research that will benefit their citizens to be undertaken in some Member States where this has not previously been the case. However, we view with the utmost concern the amendments set out by the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament in their report dated 16.1.2013. These amendments would mean that:
- Data concerning health could only be processed for research with the specific, informed and explicit consent of the data subject (amendments 27, 327 and 334-336)
- Member States could pass a law permitting the use of pseudonymised data concerning health without consent, but only in cases of “exceptionally high public interest” (amendments 328 and 337)
- Pseudonymised data would be considered within the scope of the Regulation, even where the person or organisation handling the data does not have the key enabling reidentification (amendments 14, 84 and 85)
The consequences of these amendments for health research would be disastrous, a description that we do not use lightly. If implemented, they would prevent a broad range of health research such as that which has contributed to the saving of the lives of very many European citizens in recent decades. We are concerned that these amendments must reflect a misunderstanding of the nature of health research and the central role played by data in undertaking it, and in particular our evolving understanding of the crucial importance of obtaining unbiased and representative data on large populations so as to minimise the risk of reaching incorrect conclusions that could potentially lead to considerable harm to patients.”
And indeed the authors of that letter, Professor Walter Ricciardi (President) and Prof Martin McKee (President-Elect) [at the time of writing of that letter 21 February 2012], concluded:
“We understand the need to strike an appropriate balance between the societal need for research that can promote the health of Europe’s citizens and the mechanisms that ensure the safe and secure use of patient data in health research and the rights and interests of individuals, while noting that they themselves have an interest in being able to benefit from treatment based on research. We believe that the Commission’s proposals achieve this balance but that the proposed amendments do not and, if passed, they would have profoundly damaging implications for the future health of Europe’s citizens.”
This has been followed up with the following, taken from “The ESHG suppports an initiative of the EUPHA: “EU Data Protection Regulation has serious impact on health research” (dated 7 February 2013):
“A number of these have serious implications for health research, based on the rapporteur’s premise that “processing of sensitive data for historical, statistical and scientific research purposes is not as urgent or compelling as public health or social protection.” He gives no indication of how the evidence for urgent action for public health or social protection purposes might be obtained without research. Were the amendments to pass, the major concern is that they would mean that identifiable health data about an individual could never be used without their consent. This would mean that much important epidemiological research could not take place. For example, it would outlaw any registry-based research, such as that using cancer or disease registers. This would also make it virtually impossible to recruit subjects with particular conditions for clinical trials. The amendments would allow Member State to pass a law permitting the use of pseudonymised/key-coded data without consent, but only in cases of “exceptionally high public interest”. (Amendment 27, p24; Amendments 327 and 328, p194-195; Amendments 334-337, p198-200.) this would be an impossibly high bar for all but the most exceptional research, such as that on bioterrorism. In addition, the amendments would bring all pseudonymised/key-coded data within the scope of the Regulation, even where the person or organisation handling the data does not have the key. This would significantly increase the regulatory burden on organisations using pseudonynmised data or sharing these data with collaborators in countries outside the EU. (Amendments 13 and 14, p15-16; Amendments 84 and 85, p63-64). This would have implications not only for the soon to be 28 Member States but also for accession states implementing the acquis communitare and for those in other countries collaborating with EU researchers.”
Indeed, there is another big problem looming on the horizon for data sharing of medical information. Currently ATOS is running a service which allows queries to be made of GP data (“GP extraction service”), with the main GP IT “system suppliers” providing the hardware for this to be possible in GP surgeries. The information can then be made available to DMICs (formerly the “CSUs”), and it is currently unclear how the DMIC will be processing this information legally in compliance with the Data Protection Act [1998], and the rôle of the NHS Commissioning Board in “requiring” information from the system. A very basic description of this new scheme is shown pictorially below.
Simple overview of the current NHS IT scheme
The expectation is, nonetheless, that these medical data have commercial value to industry, pharma, social marketing companies, management consultancies in health, etc. as “big data”. It is argued that the prospect of commercial sale of medical data is part of the justification for government expenditure on GP data and the drive towards “integration”. Already, there is growing recognition for the need for clinical regulators to keep a careful eye on potential drifting of confidential information under the guise of ‘presumed consent’, not genuine informed consent. There is arguably a material risk that any public outcry over commercial sale of patients’ data without consent, or any major mishap in commercial handling of personal health data, may lead to justification for clamours to support the EU proposals and subsequent legislation.
However, the legal doctrine of proportionality might come back to haunt the keeping of these data somewhere in the system. In a famous unanimous judgment, S and Marper v UK (2008), delivered 4 December 2008, the European Court of Human Rights found that the retention of the applicants’ fingerprints, cellular samples and DNA profiles was in violation of Article 8 of the European Convention on Human Rights – the right to respect for private and family life. Again, this case fundamentally rested on the legal doctrine of proportionality (full judgment here); as discussed elsewhere, the Court recognised the state had a legitimate aim in retaining DNA and fingerprints. The Court then examined whether retention was necessary in a democratic society. Certainly, the door is ajar to a test case being taken later down the line whether the GP extraction scheme is unlawful given article 8 considerations, and organisations such as Liberty may then be the most unlikelist of campaigners for patient confidentiality in reality.
These are complicated issues, but the framework for the extraction of GP data and their use, and the use of information for research in public health, appears to be the EU Data Protection Regulation. That is why it is important to get the implementation right in our domestic policy, otherwise there will be test cases brought in front of Europe in due course. Whatever the knee-jerk reaction politically to Europe and the whole issue of human rights, it is most unlikely that we will leave Europe as all three major parties have triangulated themselves into a position of being pro-EU. However, whilst the details of these discussions might be taking place behind closed doors amongst key stakeholders, they will need to be aired one day.
Why David Cameron's "lurch to the right" must not be above the law
Like John Hirst, the former prisoner who studied law and put the UK on-the-spot about the proportionality of imposing a total ban on prisoners using the vote, David Cameron is not above the law. In a question on fox hunting once in Prime Minister’s Questions, Cameron voluntarily offered the information that he had not done anything unlawful; this was a stupid strategic error, as nobody had accused him of having done anything unlawful. The ‘rule of law’ holds the supremacy of the law, everyone is equal in front of the law, and nobody is above the law.
David Cameron does make the law however for the time-being. He can effectively do what he wants: hence the famous aphorism of parliamentary supremacy of Sir Leslie Stephen ((1832–1904), “If a legislature decided that all blue-eyed babies should be murdered, the preservation of blue-eyed babies would be illegal; but legislators must go mad before they could pass such a law, and subjects be idiotic before they could submit to it.” [The Science of Ethics, p. 145 (1882).]
Eastleigh was a tragedy for Cameron. Having set things up nicely on how his party would offer a referendum on Europe in 2015, which kept the Tory Euroskeptics happy for the time-being, the UKIP backlash was fully active last Thursday. Whilst UKIP does not have a single MP yet, they still threaten the Conservatives with the power to deny them an overall majority. And yet, David Cameron knows that he cannot unilaterally have special terms for the UK’s membership of Europe. Sure, directives can be applied by our Government according to parliament’s wishes, but if he wants anything more he will have to leave Europe. He is not above the law, but he could repeal the European Communities Act (though it would be difficult for him to do so). Even if David Cameron decides that he wishes to tear up the Human Rights Act, he will still have to submit human rights allegations to Strasbourg unless he decides not to become a signatory to the European Convention of Human Rights. Louise Mensch has described that the Human Rights Act itself is faulty, whereas most learned experts feel that the implementation of its analysis could be improved, and we are better off doing the proverbial in the tent than outside it. Leaving the European Convention of Human Rights denies us any moral authority on commenting on the human rights of other jurisdictions, and sets out a very dangerous signal in terms of reputation on our attitude towards inalienable human rights as per Delhi for example.
The more insightful conclusion is that David Cameron is desperate. He was initially tolerated as Prime Minister, but generally even this has deteriorated to being positively loathed by people within his party and outside of it. His Coalition, for example, has legislated for the Health and Social Care Act, which contains one clause section 259(10), which in conjunction with the Data Protection Act and Human Rights Act, is an area where the European Court of Human Rights could easily find the approach of GPs to data confidentiality unlawful; this could be determined one day in a test case similar to S and Marper v UK. It is helpful indeed that lawyers are able to act on poor legislation, as indeed they recently had to do with Iain Duncan-Smith’s mandatory work placement schemes (in the case of Cait Reilly). However, it is the democratic deficit, that laws appear to come from nowhere (and certainly not contained in any party manifesti at the time of the 2010 general election), which is most worrying. It is not so much a case of this Coalition ‘running out of things to do'; it is rather a case of this Coalition ‘running out of things to destroy’.
Unpacking the legacy of this Coalition is going to be extremely painful. George Osborne’s “badge of honour”, the triple A rating, was humiliatingly stripped off the Government, as Moody’s caste judgement on their deficit reduction plan. Construction performance hit a 41 month low this morning. Anyone with the most rudimentary understanding of economics will appreciate that the Coalition terminating ‘Building Schools for the Future’, and other key infrastructure projects, put the brakes on the economy which had been recovering in May 2010. Add to this an increase in 2.5% in the VAT rate, encouraged by corporate CEOs writing letters to the Times, and murder of consumer spending, and you can easily understand how corporate interests saw the UK’s economy being sent down the river. But it’s ok because we don’t have a functional BBC. The BBC, which is not covered by the Freedom of Information Act, is not obliged to explain its ‘creative authority’ for why its journalists never explain why the deficit exploded in 2009 due to a £1 tn recapitalisation of the banks. It does not need to explain either on the basis of its creative licence either why it barely mentioned the activities of the NHA Party in Eastleigh, or why the criticisms of the 2012 Health and Social Care Act (and the concomitant statutory instrument 2012/057) evade scrutiny. However, the reality is that the UK has been trashed like a Bullingdon restaurant party; whether this is the scrapping of the education support allowance, the implementation of tuition fees, the shutting of libraries, the poor regulation which allows ‘value’ horsemeat to be fed in school dinners, the privatisation of the NHS, the triple dip recession, rioting in the streets, or otherwise, the UK at the moment is a disgrace compared to what it could and should be. David Cameron’s “lurch to the right” will not get round that – his only way to get above the law is to rewrite it fast. The other way to get above the law is to annihilate access-to-justice, and by stopping access to the European Court of Human Rights, or any high street mechanism of achieving justice (for example, high street law centres or citizen advice bureaux). No comment.
Confidentiality and disclosure: ATOS, GP extractor scheme and benefits claims
The Government has outsourced duties for awarding benefits claims to ATOS. It has also outsourced the handling of “big data” from NHS GPs to ATOS. Medicine and law maintain that safeguarding against conflicts of interests is essential for preserving integrity of the professions (for a comparative approach, see here). The Solicitors Regulation Authority (SRA) for example have produced full guidance in chapter 3 on this matter in their Code of Conduct. However, chapter 4 on confidentiality and disclosure also provide important information, particularly in relation to the mandatory requirement O 4.4 for “information barriers” to safeguard against breach of confidentiality (click on the picture to see an enlarged view).
These are currently the details of contracts awarded for the GP Extraction Service (“GPES”). ATOS are very open about their “GP Extraction Service” (details here).
Peter Oborne from the Telegraph, and many others, have warned against the portrayal of “benefit cheats” being misleading (see for example his article here, Nonetheless, professional monitoring and surveillance services, for example “George Osborne must correct his claims about benefit fraud. And his portrayal of the poor as mean-minded and cheating” Specialist private investigator firms such as Boothroyds do exist, which have some focus on benefits claimants. This has been a war waged in the popular media, for example on the BBC website and one from ITN news about a “crippled man winning a motorcycle race”:
The issue here is whether the patient has given “implied consent” for the “lawful transfer” of data from NHS to outside agencies. I have previously written about this issue under the present legislation. ATOS have previously denied that they operate any targets regarding benefits. Quoted in an article by Amelia Gentleman in the Guardian, an ATOS Healthcare spokesperson said: “It is simply and absolutely untrue that there are targets for the number of people to be assessed as fit-to-work; neither set by the Department for Work and Pensions nor Atos Healthcare. Every person we see is assessed individually with a focus on the facts of their own case.” The GMC will be mindful that their code of conduct, “Good medical practice”, cites conflicts of interest specifically in paras. 74-76:
Margaret McCartney has previously elicited from the GMC, the regulatory body for doctors, that “The first duty of all doctors is ‘to make the care of your patient your first concern’. But that is not the only duty doctors must observe. Being open and honest and acting with integrity is also an essential part of medical professionalism.” The full response is here. Indeed, the GMC make it further clear that dishonesty in writing reports cannot be justified by reference to the first duty of doctors. Further advice on disclosing information for employment, insurance and similar purposes can be found in this document.
The legal issue which is most crucial to this is whether there is a legal argument that the importance of disclosure outweighs the importance of confidentiality, and this is an issue for the professional regulatory bodies concerned governing the behaviour of all agents in the situation above. There is a good arguable case that ATOS should have effective information barriers in place. It is unlikely that patients when they have consented for their data to be held by GPs are aware that data can be so easily transferred to outside organisations. This is further complicated by the finding from Nature and Science within the last fortnight that it may be possible to identify the identity of individuals from “anonymised” data.
The response should not be one of “moral panic“, arguably. However, this is the sort of the letter that could produce a legal, regulatory and ethical nightmare:
