In the latest ‘Political Party’ podcast by Matt Forde, an audience member suggests to Stella Creasy MP that wearing a burkha is oppressive and should not be condoned in progressive politics. Stella argued the case that she can see little more progressive than allowing a person to wear what he or she wants.

The motives for why people might wish to ‘opt out’ are varied, but dominant amongst them is a general rejection of commercial companies profiteering about medical data without strict consent. This is not a flippant argument, and even Prof Brian Jarman has indicated to me that he prefers a ‘opt in’ system:

Patients are not fully informed about how their information will be used. For such confidential data they should have to opt in @legalaware

— BrianJarman (@Jarmann) January 28, 2014

If people are properly told the pros and cons they can decide if they want to accept the cons, for the sake of the pros @sib313 @legalaware

— BrianJarman (@Jarmann) January 27, 2014

There are potential benefits, but also risks and if the risks happen they’re irreversible. Hence it’s safer to have opt-in. @legalaware

— BrianJarman (@Jarmann) January 27, 2014

Opting out can be argued as not being overtly political, though – it is protecting your medical confidentiality. People may (also) have political reasons for doing this, but the choice is fundamentally one about your right to a private family life. The government (SoS) has accepted this, and that is why it is your NHS Constitution-al right to opt out – you don’t have to justify it and if you instruct your GP to do it for you, she must.

It’s argued fairly reliably that section 251 of the NHS Act 2006 maps exactly onto Section 60 of the Health and Social Care Act 2001. Section 60 was implemented the following year under Statutory Instrument 2002/1438 The Health Service (Control of Patient Information) Regulations 2002. It is argued that the Health and Social Care Act 2012 did not modify or repeal those provisions of the HSC Act 2001 or the NHS Act 2006, nor did it modify or repeal any related provision of the Data Protection Act 1998. SI 2002/1438 remains in force. However, noteworthy incidents did occur under this prior legislation, see for example this:

Whatever motive you have for arguing against care.data, whether the whole principle of it, the HSCA removing any requirement for consent, the fact that it is identifiable data being uploaded from GP records (i.e. not anonymised or pseudonymised), or that the data will be made available, under section 251, for both research and non-research purposes, to organisations outside of the NHS, etc, the matter remains that the is no control over your data unless you opt-out.

Proponents of the ‘opt out’ therefore propose their two lines of action: either prevent your identifiable data being uploaded (9Nu0) and so effect a block on the release of linked anonymised or pseudonymised (potentially identifiable) data, which otherwise you cannot prevent or control; or block all section 251 releases (9Nu4), whether or not you apply the 9Nu0 code.

The point is, they argue, that you – the patient – cannot pick and choose, when, to whom, or for what purposes your data will be released. You cannot prohibit your data from being released for purposes other than research, or to organisations out with the NHS. This is completely at odds to the ‘choice and control’ agenda so massively advanced in the rest of the NHS. While it has been argued that the arguments against commercial exploitation of these data should have been made clearer beforehand, it’s possibly a case ‘I know we’re going there, but I wouldn’t start from here.’

Compelling arguments have been presented for the collection of population data. It’s argued wee need population data to do prevention and to monitor equity of access and use. It’s an open secret that the current Government is continuing along the track of privatising the NHS; arguably making it all the more important to have good data so we know what is happening. Having more of this data at all starting in the private sector, under this line of argument, is much less transparent, as it’s hidden from freedom of information from the start.

It’s, however, been argued that “the route to data access” has in fact changed. Under Health and Social Care Act (2012), it was intended that either the Secretary of State (SoS) or NHS England (NHSE) could direct HSCIC to make a new database, and – if directed by SoS or NHSE – HSCIC can require GPs (or other care service providers) to upload the data they hold. care.data represents the single largest grab of GP-held patient data in the history of the NHS; the creation of a centralised repository of patient data that has until now (except in specific circumstances, for specific purposes) been under the data controllership of the people with the most direct and continuous trusted relationship with patients. Their GP.

HSCIC is an Executive Non Departmental Public Body (ENDPB) set up under HSCA 2012 in April 2013. NHS England, the re-named NHS Commissioning Board, was established on 1 October 2012 as an executive non-departmental public body under HSCA 2012. Therefore, to suggest that the government has ‘little control’ over these arm’s-length bodies is being somewhat flimsy in argument – they were both established and mandated to implement government strategy and re-structure the NHS. There are also problems with the “greater good” argument; being paternalistic, the opposition to caredata spread bears similarity to the successful opposition to ID cards. This argument presumes that patients will benefit individually, when – and it ignores the fact that it is neither necessary or proportionate –and may be unlawful under HRA/ECHR – to take a person’s most sensitive and private information without (a) asking their permission first, and (b) telling them what it will be used for, and by who. Nobody is above the law, critically.

The fact is that the data gathered may increment the data available to research but that in its current form, care.data may actually not be that useful – it includes no historical data, for starters. And all this of course ignores the fact that care.data (and the CES that is derived from linking it to HES, etc.) will be used for things other than research, by people and companies other than researchers. That is the linchpin of the criticism. Finally, the Care Bill 2013-14 – just about to leave Committee in the Commons – will amend Section 251, moving responsibility for confidentiality from a Minister (tweets by Ben Goldacre here and here).

Anyway, the implementation of this has been completely chaotic, as I described briefly here on this Socialist Health Association blog. What now happens is anyone’s guess.

The author should like to thank Prof Ross Anderson, Chair of Security Engineering at the Computer Laboratory of the University of Cambridge, Phil Booth and Dr Neil Bhatia for help with this article.