back to article NHS England tells MPs: 'The state isn't doing dastardly things with GP medical records'

NHS England's bosses and the government's health minister came under fire from MPs on Tuesday afternoon over the fudged and delayed plan to store patients' GP-held medical records with other data kept by hospitals in a centralised database. Tim Kelsey, the health service's patients and information national director, admitted to …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Big Brother

Track Record

"[Kelsey] said that it was simply not true that "the state is going to do dastardly things" with centrally held GP medical records. "

And, of course, their track record bears this out.

21
0
Anonymous Coward

Re: Track Record

> And, of course, their track record bears this out.

Even if this government did have a spotless record in this regard and kept rigidly to their word, could they guarantee that the next government would do the same? Or the one after?

7
0
Silver badge

Re: Track Record

Its a moot point. We know this lot aren't above giving citizens a damn good probing and selling the results, and the Labour lot were worse.

6
0
Bronze badge
Holmes

Broadmoor Has To Answer

I am convinced that the use of inmates on day release from Broadmoor Hospital to manage and develop Government software projects is not the world's greatest idea. It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function. I am convinced that this is the reason why almost all government projects have infinite cost overruns and the capacity to fail on their objectives. The "was it wasn't" illegal sale of hospital records for the princely sum of £2,500 will of course keep the NHS running for a long time; about 1 second did I hear?

11
0
Silver badge

Re: Broadmoor Has To Answer

It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function.

Funny, you could be talking about MPs there.

14
0

Of course the state isn't doing dastardly things!

They've all been contracted out so that government can make claims like this, with the added bonus that you can't find out what's going on because they are exempt from Freedom of Information requests.

18
0
Silver badge

Re: Of course the state isn't doing dastardly things!

I think this is the real problem.

I don't suppose for a minute that anyone at the NHS wants to do dastardly things. I also assume good faith on the part of most of the Government. But that isn't enough. We now don't trust any of our power structures in this country, after 5 decades of ineffectiveness and occasional magnesium flares of corruption.

Duck houses, the way failed politicians run away to well paid sinecures in Europe, Blair and his housing stock, Thatcher and her cover ups. We don't trust them any more. At all. Over anything.

So when they try to do something that /might/ need us to take a balanced view of why they are doing it, we can't. Because we suspect everything they do. We have become uber-cynical.

The shame is entirely theirs.

7
0
Anonymous Coward

Awesome. Attempt to guilt-trip the population into saving your nefarious scheme.

Two words for Kelsey, first begins with F, second begins with O

14
1

Technically, they're not...

...*doing* nefarious things, since the nefarious things have already been done.

2
0

Fine then.

"He said if scattered pieces of such data could be assembled, like a jigsaw, to identify a specific individual, for example, then the firm responsible would face a fine of up to £500,000 from the Information Commissioner's Office."

Half a million cap on the fine, and no possibility of a custodial sentence. Compared to the value this data set has, half a million pound fine could simply be put down as the cost of doing business.

Once that data set has been re-identified and distrubuted, the damage is done.

500k puts the value of each record at arround 10p, I think the data is worth a bit more than that!

21
0

Re: Fine then.

decimal point error, oops

500,000 / 43,000,000 = ~a fine of 1p per record (maximum)

I suspect this data is worth much more than that to insurers.

5
0

Re: Fine then.

Now if it was 500K per per patient affected, then that might be something.

But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime - for anyone involved, from the techies to the managers and directors involved.

15
0
Gold badge
Thumb Up

@Chris Malme

"Now if it was 500K per per patient affected, then that might be something."

Now that's more like it.

4
0
Silver badge

Re: Fine then.

The fine is for the company doing the dedupe, so you simply dissolve the company after you have sold the data to yourself.

The fine only applies to companies doing the dedupe if they are under UK jurisdiction, simply run the server in Boratistan and you are safe.

There is no fine for buying/selling/using the data afterwards

1
0

Re: Fine then.

Perhaps they should really anonymise the data. Not pretend-anonymise. It is almost as if it was anonymised in a way that could easily be de-anonymised if wanted. I mean, birthdate, gender and full postcode. Never attribute incompetence to a government, when you can as easily attribute malignacy to it. Government employs enough people with univ degrees to get it right, to get it wrong has to be deliberate.

2
0
Silver badge

Re: Fine then.

"But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime "

Not enough. Look at Murdoch and his vermin all bleating that they didn't know or they didn't do it deliberately. Proving otherwise is difficult, and could be enough to get the despicable liars (or incompetents) off the hook.

Far better to make people cupable for circumvention of privacy controls, without having to prove knowledge or intent. It then becomes the organisation's responsibility to have controls to ensure that they do not circumvent privacy requirements. Ignorance of the law is no defence - why should ignorance of the organisation breaching the law be a defence for those rewarded for responsible for running it?

3
0
Bronze badge
Facepalm

Re: Fine then.

Apparently Ms Wade did not realise that phone hacking was illegal - honest.....

1
0
Silver badge

Do you trust the Government to oversea a sucessful IT scheme?

Problem is, once the genie is out of the bottle, or in this case, the data has been compromised, that is it. You can't get it back in.

With this in mind:

Do you trust the Government to successfully implement an IT project that manages data of such a private nature, akin to your financial data, to ensure that the safeguards are so watertight that even a malicious insider couldn't easily walk away with it?

If the answer is no then how can you agree to the proposals?

Not that I think *what* I think will make one jot of difference to the inevitable outcome. I will have to rely on incompetence to do the job for me. Worked with identity cards.

16
0

Re: Do you trust the Government to oversea a sucessful IT scheme?

I think they´re trusting ATOS. What could be wrong with that?

4
0
Silver badge

One big database

I've never understood why it has to be 'one big database'. Why not define communication and anonymization protocols that can be run at the GP's surgery so only the minimum amount of data requested can be accessed.

10
0
Bronze badge

Re: One big database

Nice idea, just how much IT do you think a surgery has to do this, and what constitutes the minimum amount of data. You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.

0
1
Bronze badge

Re: One big database

> just how much IT do you think a surgery has to do this

Don't most local surgeries outsource their IT already?

> You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.

I'm not so sure pre-reviewing every request is entirely necessary. Decent security, restricted authentication tokens, comprehensive logging of every request, a clear audit trail, and stiff penalties for misuse, should be enough to deter most ne'er-do-wells from mucking about.

How often would such requests be done, anyway? Surely only when a patent's status changes - they move home, visit a doctor on holiday, require emergency treatment, etc. We're surely not talking 1,000 requests per second which need reviewing.

0
0

Re: One big database

The data is extracted as-is. Even the opt-out only refers to the data when it is on HSCIC system.

You can bet your ass that the opt-out is worth less than an ice creams lifespan in a volcano.

2
0
Bronze badge

Want my data? Limit the postcode to area code (first 3/4 characters only), no date of birth, just age range accurate to decade, and no NHS number or other unique identifier. And then make it opt-in.

Otherwise, I will not only opt out, but also encourage everyone I know (and anyone else I can reach) to do likewise and spread the word further.

14
0

Even redacted that much could still be re-identified if details of a few previous addresses where included. Include data such as time off work / hospital stays, more pieces of the jigsaw fall into place, the list goes on.

3
0
Anonymous Coward

Given the rarity of quite a few medical conditions, or more saliently combinations of conditions, even this is nowhere near enough.

4
0
Anonymous Coward

I have 2 conditions affecting 2% of the population. if these are independent ( research topic there straight away, contact me re informed consent) then I'm one special snowflake within 250 ordinary snowflakes.

now talk to me about re-identification. oh and I've "opted out", which seems to mean my data from the gp is going to be extracted to somewhere (in the UK?) by the nice people at atos. quite what happens after that? perhaps that nice history graduate from McKinsey could enlighten us?

3
0
Silver badge

Turns out that the data is going to be handled by ATOS healthcare.

And that's me opting out straight away.

23
0
Bronze badge
Thumb Up

Re: Turns out that the data is going to be handled by ATOS healthcare.

@Crisp - Thanks for the heads up, wasn't aware that those incompetent parasites were involved.

I was 90% sure I was going to opt out before learning that, now 100% sure...

1
0
Big Brother

Reassurance

Like finding a dodgy-looking character testing your doors and windows who reassures you that “It’s just a security check for your safety and privacy”.

Well, I’m reassured.

10
0

Time out a second here, Skippy

"If 90% of people opt out, we won't have an NHS."

Logically, the fact that we have an NHS now means that either this data harvesting system is active now, or this statement is a load of complete bollocks.

22
0
Anonymous Coward

Re: Time out a second here, Skippy

I think he meant to say "If 90% of people opt out, I won't have a job."

9
0

Re: Time out a second here, Skippy

And this would be a bad thing...?

0
0
Big Brother

Re: Time out a second here, Skippy

"Later, during the hearing, Kelsey made what some critics may consider to be an outrageous claim. He said: "If 90 per cent opt out [of care.data], we won't have an NHS.""

To me, that didn't sound so much like a claim, as it did a warning.

1
0
MrT
Bronze badge

Grabbing that much...

...the collective cough would be deafening.

0
0
Gold badge

Re: Time out a second here, Skippy

Logically, the fact that he made this statement, despite it being patently untrue, means the one thing that any intelligent observer now knows is that the scheme's backers feel the need to spout outrageous lies to keep their ship afloat. It's that bad.

2
0

Legal safeguards

"the legal safeguards he insisted were already in place in the Health and Care Act 2012."

They are in effect non-existent. They can be changed at will by another act of parliament.

9
0
Anonymous Coward

Re: Legal safeguards

Yes, and they were cheeky bastards for even planning data collection before security is crystal clearly defined, because people must have informed consent; I saw nothing which gave me confidence in that data sewer, so have already opted out.

F'em!

0
0
Anonymous Coward

I was born yesterday?

"...NHS England would try to bring an end to concerns about care.data by talking about legal safeguards..."

Like passing a law criminalising the possession of patient data of those who have opted out by private companies, attempting to obtain, , or viewing, or encouraging others to obtain, or supplying data of those opted out. Criminalising the de anonymization of any NHS patient data by private businesses, or attempting to reconcile it with third party databases. Making those within the NHS responsible for the data criminally liable for allowing unauthorised 3rd party access, including someone handing over a password or allowing records to be viewed. Etc, etc. With decent custodial sentences attached.

Given the deliberate mendacity, hedging and incompetence to data, I won't hold my breath. The current half cocked attempts to deliver a back door fait accompli to the private sector will blow back very badly.

8
0
Megaphone

Private interests

Bottom line: I'm very happy for my medical data to be used for the good of all. I'm not happy for it to be used as another asset to be sold off in the forced privatization of the NHS.

Ben Goldcare has a nice article in the Grauniad: http://www.theguardian.com/society/2014/feb/21/nhs-plan-share-medical-data-save-lives

Let's see what changes get made in the 6 months "consultation" period - and opt out if we're still not happy.

11
1
Anonymous Coward

Re: Private interests

That's the real bloody tragedy. I imagine most people are happy to contribute, but not happy to line others pockets for a pittance or make a rod for their own backs with future insurers, employers etc etc.

9
0

Re: Private interests

Ben Goldacre is now rather less optimistic. If you look at his tweets yesterday (@BenGoldacre), you'll see - it's the most vexed I've ever seen him.

And given his (guarded) optimism in that piece last Friday, it seems that care.data is sunk.

14
0
Anonymous Coward

Off-Topic: Eyesore.

I just looked at the Ben Goldacre Twitter webpage and all I can say is what an eyesore. I can't remember the last time I saw anything that bad.

0
0

Re: Private interests

Too little too late from Goldacre, who has been a cheerleader for the scheme, and was telling everyone who objected we were Luddites or idiots as recently as a week ago. He supported the extraction six months ago when there was no patient opt-out at all.

0
0
Bronze badge
Pirate

"trust me"

Sure, like we could trust the DVLA to reserve its database for legitimate law-enforcement purposes, and not sell anything to private parking pirates.

18
0

Man The lifeboats

You can always move to Scotland and vote yes, Problem solved !

3
0
Anonymous Coward

Re: Man The lifeboats

...or just move to Scotland.

NHS Scotland has always been a separate body from the NHS in England & Wales and healthcare is already a devolved issue in Scotland.

Not sure that would be sufficient to delete/opt-out your NHS England & Wales data though?

Information Governance page at NHS Scotland:-

http://www.knowledge.scot.nhs.uk/ig.aspx

1
0
Gold badge
Gimp

"Start the slurping and we'll do the "code of conduct" later."

Because really it's not like the patients own their data, is it?

That's the attitude of a data fetishist.

4
0
Big Brother

Re: "Start the slurping and we'll do the "code of conduct" later."

And this is exactly why I've opted out. Not that I'd trust these bastarts with a code of practice either.

[dons tinfoil hat]

3
0
Anonymous Coward

Tim Kelsey: If 90 per cent of patients opt out of care.data, we won't have an NHS.

But the care.data data isn't used for medical care, so how could opt outs end the NHS?

Someone is being economical with the actualité, but who?

8
0

Page:

This topic is closed for new posts.

Forums