Ben Goldacre writes in The Guardian:
I am embarrassed. Last week I wrote in support of the government’s plans to collect and share the medical records of all patients in the NHS, albeit with massive caveats. The research opportunities are huge, but we already knew that the implementation was chaotic, with poor public information, partly because the checks and balances on who gets access to data – and how – have not yet been devised or implemented. When you’re proposing to share our most private medical records, vague promises and an imaginary regulatory framework are not reassuring.
Now it’s worse. On Monday, the Health and Social Care Information Centre admitted giving the insurance industry the coded hospital records of millions of patients, pseudonymised, but re-identifiable by anyone with malicious intent, as I explained last week. These were crunched by actuaries into tables showing the likelihood of death depending on various features such as age or disease, to help inform insurance premiums.
We can reasonably disagree on whether you find this use of your medical records acceptable, but the process must be competent and transparent. The HSCIC has now told the BBC that this release of your medical records broke the rules, and that there may have been other similarly erroneous releases: but it won’t say more until “later this year”.
On Tuesday, at a health select committee hearing, things got worse. HSCIC said it couldn’t share documentation on these releases because it had all been done by its predecessor body, the NHS Information Centre – even though the HSCIC replaced the NHSIC in 2013, and is in the same building, doing the same job, with almost identical personnel and all the old records. Furthermore, the actuaries’ report using the hospital data carries the HSCIC’s logo – not the old NHSIC one – with the HSCIC’s admitted full consent. If HSCIC disapproves of NHSIC releasing this data – or regards it as illegal – why did it add its logo and approval to the output?
Conrad Quilty-Harper writes for the Daily Mirror:
The launch of a controversial database which would centralise access to GP surgeries healthcare records has been delayed from April until Autumn. Why?
Let’s start at the beginning, this stuff is quite complicated.
What is care.data?
The NHS wants to share data collected at GP surgeries about individual patients so researchers can find ways to improve healthcare and generally make the NHS more efficient.
Since 1989, researchers have been able to request hospital episode statistics including billions of records from hospital visits.
Care.data will open up the data behind about 300 million patient consultations every year at GP surgeries.
The controversial bit is that this involves using identifiable information — like people’s date of birth, full postcode, NHS number or gender — to connect the data together.
The NHS says the data is protected, but people are still worried about the implications for privacy and doctor-patient confidentiality.
Nick Triggle writes for the BBC:
There comes a point when the weight of criticism becomes so much that the dam bursts.
For NHS England – and its Care.data project – that point was reached on Tuesday.
When you have a group of bodies as disparate as the British Medical Association, privacy campaign group Big Brother Watch and the Association of Medical Research Charities united in their condemnation, you know you have a problem.
The organisation has defused the problem for now by agreeing to delay the data-sharing project by six months.
But how did it get to this point? After all, the concept of the giant database has the backing of almost the entire medical community, many charities and some of the most influential patient groups.
Charlie Cooper writes for the Independent:
Controversial plans to trawl patient records from every GP surgery in England have been put on hold, amid concerns from doctors and ministers that the public have not been properly informed about how their private data will be used. The care.data programme, which was scheduled to begin collecting the confidential information from GPs in April, will now be delayed until the autumn, NHS England has announced.
The pause will allow the NHS more time to inform people about “ the benefits of using the information, what safeguards are in place, and how people can opt out if they choose to,” officials said.
The Department of Health has grown increasingly concerned in recent weeks that NHS England has not sufficiently reassured the public – nor the medical profession – about how the care.data programme would benefit patients. Critics have also warned that the private data, which will be held centrally in a “pseudonymised” form, could be vulnerable to hackers who would be able to identify individual patients.
The data, with identifiable features removed, will also be routinely available to third parties, including private healthcare companies and privacy campaigners have warned that patients will have no way of knowing who is handling their data.