back to article NHS England tells MPs: 'The state isn't doing dastardly things with GP medical records'

NHS England's bosses and the government's health minister came under fire from MPs on Tuesday afternoon over the fudged and delayed plan to store patients' GP-held medical records with other data kept by hospitals in a centralised database. Tim Kelsey, the health service's patients and information national director, admitted …

COMMENTS

This topic is closed for new posts.
  1. Eponymous Cowherd
    Big Brother

    Track Record

    "[Kelsey] said that it was simply not true that "the state is going to do dastardly things" with centrally held GP medical records. "

    And, of course, their track record bears this out.

    1. Anonymous Coward
      Anonymous Coward

      Re: Track Record

      > And, of course, their track record bears this out.

      Even if this government did have a spotless record in this regard and kept rigidly to their word, could they guarantee that the next government would do the same? Or the one after?

      1. Eponymous Cowherd

        Re: Track Record

        Its a moot point. We know this lot aren't above giving citizens a damn good probing and selling the results, and the Labour lot were worse.

  2. Richard Jones 1
    Holmes

    Broadmoor Has To Answer

    I am convinced that the use of inmates on day release from Broadmoor Hospital to manage and develop Government software projects is not the world's greatest idea. It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function. I am convinced that this is the reason why almost all government projects have infinite cost overruns and the capacity to fail on their objectives. The "was it wasn't" illegal sale of hospital records for the princely sum of £2,500 will of course keep the NHS running for a long time; about 1 second did I hear?

    1. Anonymous Coward
      Anonymous Coward

      Re: Broadmoor Has To Answer

      It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function.

      Funny, you could be talking about MPs there.

  3. Ocular Sinister

    Of course the state isn't doing dastardly things!

    They've all been contracted out so that government can make claims like this, with the added bonus that you can't find out what's going on because they are exempt from Freedom of Information requests.

    1. Robert E A Harvey

      Re: Of course the state isn't doing dastardly things!

      I think this is the real problem.

      I don't suppose for a minute that anyone at the NHS wants to do dastardly things. I also assume good faith on the part of most of the Government. But that isn't enough. We now don't trust any of our power structures in this country, after 5 decades of ineffectiveness and occasional magnesium flares of corruption.

      Duck houses, the way failed politicians run away to well paid sinecures in Europe, Blair and his housing stock, Thatcher and her cover ups. We don't trust them any more. At all. Over anything.

      So when they try to do something that /might/ need us to take a balanced view of why they are doing it, we can't. Because we suspect everything they do. We have become uber-cynical.

      The shame is entirely theirs.

  4. Anonymous Coward
    Anonymous Coward

    Awesome. Attempt to guilt-trip the population into saving your nefarious scheme.

    Two words for Kelsey, first begins with F, second begins with O

  5. nichomach

    Technically, they're not...

    ...*doing* nefarious things, since the nefarious things have already been done.

  6. Grahame 2

    Fine then.

    "He said if scattered pieces of such data could be assembled, like a jigsaw, to identify a specific individual, for example, then the firm responsible would face a fine of up to £500,000 from the Information Commissioner's Office."

    Half a million cap on the fine, and no possibility of a custodial sentence. Compared to the value this data set has, half a million pound fine could simply be put down as the cost of doing business.

    Once that data set has been re-identified and distrubuted, the damage is done.

    500k puts the value of each record at arround 10p, I think the data is worth a bit more than that!

    1. Grahame 2

      Re: Fine then.

      decimal point error, oops

      500,000 / 43,000,000 = ~a fine of 1p per record (maximum)

      I suspect this data is worth much more than that to insurers.

    2. Chris Malme

      Re: Fine then.

      Now if it was 500K per per patient affected, then that might be something.

      But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime - for anyone involved, from the techies to the managers and directors involved.

      1. John Smith 19 Gold badge
        Thumb Up

        @Chris Malme

        "Now if it was 500K per per patient affected, then that might be something."

        Now that's more like it.

      2. JohnMurray

        Re: Fine then.

        Perhaps they should really anonymise the data. Not pretend-anonymise. It is almost as if it was anonymised in a way that could easily be de-anonymised if wanted. I mean, birthdate, gender and full postcode. Never attribute incompetence to a government, when you can as easily attribute malignacy to it. Government employs enough people with univ degrees to get it right, to get it wrong has to be deliberate.

      3. Anonymous Coward
        Anonymous Coward

        Re: Fine then.

        "But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime "

        Not enough. Look at Murdoch and his vermin all bleating that they didn't know or they didn't do it deliberately. Proving otherwise is difficult, and could be enough to get the despicable liars (or incompetents) off the hook.

        Far better to make people cupable for circumvention of privacy controls, without having to prove knowledge or intent. It then becomes the organisation's responsibility to have controls to ensure that they do not circumvent privacy requirements. Ignorance of the law is no defence - why should ignorance of the organisation breaching the law be a defence for those rewarded for responsible for running it?

        1. Richard Taylor 2
          Facepalm

          Re: Fine then.

          Apparently Ms Wade did not realise that phone hacking was illegal - honest.....

    3. Yet Another Anonymous coward Silver badge

      Re: Fine then.

      The fine is for the company doing the dedupe, so you simply dissolve the company after you have sold the data to yourself.

      The fine only applies to companies doing the dedupe if they are under UK jurisdiction, simply run the server in Boratistan and you are safe.

      There is no fine for buying/selling/using the data afterwards

  7. Anonymous Coward
    Anonymous Coward

    Do you trust the Government to oversea a sucessful IT scheme?

    Problem is, once the genie is out of the bottle, or in this case, the data has been compromised, that is it. You can't get it back in.

    With this in mind:

    Do you trust the Government to successfully implement an IT project that manages data of such a private nature, akin to your financial data, to ensure that the safeguards are so watertight that even a malicious insider couldn't easily walk away with it?

    If the answer is no then how can you agree to the proposals?

    Not that I think *what* I think will make one jot of difference to the inevitable outcome. I will have to rely on incompetence to do the job for me. Worked with identity cards.

    1. JohnMurray

      Re: Do you trust the Government to oversea a sucessful IT scheme?

      I think they´re trusting ATOS. What could be wrong with that?

  8. John G Imrie

    One big database

    I've never understood why it has to be 'one big database'. Why not define communication and anonymization protocols that can be run at the GP's surgery so only the minimum amount of data requested can be accessed.

    1. Otto is a bear.

      Re: One big database

      Nice idea, just how much IT do you think a surgery has to do this, and what constitutes the minimum amount of data. You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.

      1. Raumkraut

        Re: One big database

        > just how much IT do you think a surgery has to do this

        Don't most local surgeries outsource their IT already?

        > You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.

        I'm not so sure pre-reviewing every request is entirely necessary. Decent security, restricted authentication tokens, comprehensive logging of every request, a clear audit trail, and stiff penalties for misuse, should be enough to deter most ne'er-do-wells from mucking about.

        How often would such requests be done, anyway? Surely only when a patent's status changes - they move home, visit a doctor on holiday, require emergency treatment, etc. We're surely not talking 1,000 requests per second which need reviewing.

    2. JohnMurray

      Re: One big database

      The data is extracted as-is. Even the opt-out only refers to the data when it is on HSCIC system.

      You can bet your ass that the opt-out is worth less than an ice creams lifespan in a volcano.

  9. Tromos

    Want my data? Limit the postcode to area code (first 3/4 characters only), no date of birth, just age range accurate to decade, and no NHS number or other unique identifier. And then make it opt-in.

    Otherwise, I will not only opt out, but also encourage everyone I know (and anyone else I can reach) to do likewise and spread the word further.

    1. Grahame 2

      Even redacted that much could still be re-identified if details of a few previous addresses where included. Include data such as time off work / hospital stays, more pieces of the jigsaw fall into place, the list goes on.

    2. Anonymous Coward
      Anonymous Coward

      Given the rarity of quite a few medical conditions, or more saliently combinations of conditions, even this is nowhere near enough.

      1. Anonymous Coward
        Anonymous Coward

        I have 2 conditions affecting 2% of the population. if these are independent ( research topic there straight away, contact me re informed consent) then I'm one special snowflake within 250 ordinary snowflakes.

        now talk to me about re-identification. oh and I've "opted out", which seems to mean my data from the gp is going to be extracted to somewhere (in the UK?) by the nice people at atos. quite what happens after that? perhaps that nice history graduate from McKinsey could enlighten us?

  10. Crisp

    Turns out that the data is going to be handled by ATOS healthcare.

    And that's me opting out straight away.

    1. TitterYeNot
      Thumb Up

      Re: Turns out that the data is going to be handled by ATOS healthcare.

      @Crisp - Thanks for the heads up, wasn't aware that those incompetent parasites were involved.

      I was 90% sure I was going to opt out before learning that, now 100% sure...

  11. Zog_but_not_the_first
    Big Brother

    Reassurance

    Like finding a dodgy-looking character testing your doors and windows who reassures you that “It’s just a security check for your safety and privacy”.

    Well, I’m reassured.

  12. Thomas 4

    Time out a second here, Skippy

    "If 90% of people opt out, we won't have an NHS."

    Logically, the fact that we have an NHS now means that either this data harvesting system is active now, or this statement is a load of complete bollocks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Time out a second here, Skippy

      I think he meant to say "If 90% of people opt out, I won't have a job."

      1. Allonymous Coward

        Re: Time out a second here, Skippy

        And this would be a bad thing...?

    2. Kane
      Big Brother

      Re: Time out a second here, Skippy

      "Later, during the hearing, Kelsey made what some critics may consider to be an outrageous claim. He said: "If 90 per cent opt out [of care.data], we won't have an NHS.""

      To me, that didn't sound so much like a claim, as it did a warning.

      1. MrT

        Grabbing that much...

        ...the collective cough would be deafening.

    3. Ken Hagan Gold badge

      Re: Time out a second here, Skippy

      Logically, the fact that he made this statement, despite it being patently untrue, means the one thing that any intelligent observer now knows is that the scheme's backers feel the need to spout outrageous lies to keep their ship afloat. It's that bad.

  13. HereWeGoAgain

    Legal safeguards

    "the legal safeguards he insisted were already in place in the Health and Care Act 2012."

    They are in effect non-existent. They can be changed at will by another act of parliament.

    1. Anonymous Coward
      Anonymous Coward

      Re: Legal safeguards

      Yes, and they were cheeky bastards for even planning data collection before security is crystal clearly defined, because people must have informed consent; I saw nothing which gave me confidence in that data sewer, so have already opted out.

      F'em!

  14. Anonymous Coward
    Anonymous Coward

    I was born yesterday?

    "...NHS England would try to bring an end to concerns about care.data by talking about legal safeguards..."

    Like passing a law criminalising the possession of patient data of those who have opted out by private companies, attempting to obtain, , or viewing, or encouraging others to obtain, or supplying data of those opted out. Criminalising the de anonymization of any NHS patient data by private businesses, or attempting to reconcile it with third party databases. Making those within the NHS responsible for the data criminally liable for allowing unauthorised 3rd party access, including someone handing over a password or allowing records to be viewed. Etc, etc. With decent custodial sentences attached.

    Given the deliberate mendacity, hedging and incompetence to data, I won't hold my breath. The current half cocked attempts to deliver a back door fait accompli to the private sector will blow back very badly.

  15. SeanEllis
    Megaphone

    Private interests

    Bottom line: I'm very happy for my medical data to be used for the good of all. I'm not happy for it to be used as another asset to be sold off in the forced privatization of the NHS.

    Ben Goldcare has a nice article in the Grauniad: http://www.theguardian.com/society/2014/feb/21/nhs-plan-share-medical-data-save-lives

    Let's see what changes get made in the 6 months "consultation" period - and opt out if we're still not happy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Private interests

      That's the real bloody tragedy. I imagine most people are happy to contribute, but not happy to line others pockets for a pittance or make a rod for their own backs with future insurers, employers etc etc.

    2. Mark #255

      Re: Private interests

      Ben Goldacre is now rather less optimistic. If you look at his tweets yesterday (@BenGoldacre), you'll see - it's the most vexed I've ever seen him.

      And given his (guarded) optimism in that piece last Friday, it seems that care.data is sunk.

      1. Anonymous Coward
        Anonymous Coward

        Off-Topic: Eyesore.

        I just looked at the Ben Goldacre Twitter webpage and all I can say is what an eyesore. I can't remember the last time I saw anything that bad.

      2. Dr Stephen Jones

        Re: Private interests

        Too little too late from Goldacre, who has been a cheerleader for the scheme, and was telling everyone who objected we were Luddites or idiots as recently as a week ago. He supported the extraction six months ago when there was no patient opt-out at all.

  16. This post has been deleted by its author

  17. James Boag

    Man The lifeboats

    You can always move to Scotland and vote yes, Problem solved !

    1. Anonymous Coward
      Anonymous Coward

      Re: Man The lifeboats

      ...or just move to Scotland.

      NHS Scotland has always been a separate body from the NHS in England & Wales and healthcare is already a devolved issue in Scotland.

      Not sure that would be sufficient to delete/opt-out your NHS England & Wales data though?

      Information Governance page at NHS Scotland:-

      http://www.knowledge.scot.nhs.uk/ig.aspx

  18. John Smith 19 Gold badge
    Gimp

    "Start the slurping and we'll do the "code of conduct" later."

    Because really it's not like the patients own their data, is it?

    That's the attitude of a data fetishist.

    1. Code Monkey
      Big Brother

      Re: "Start the slurping and we'll do the "code of conduct" later."

      And this is exactly why I've opted out. Not that I'd trust these bastarts with a code of practice either.

      [dons tinfoil hat]

  19. Anonymous Coward
    Anonymous Coward

    Tim Kelsey: If 90 per cent of patients opt out of care.data, we won't have an NHS.

    But the care.data data isn't used for medical care, so how could opt outs end the NHS?

    Someone is being economical with the actualité, but who?

  20. Otto is a bear.

    What do you want from the NHS

    Do you want any healthcare professional to be able to access your complete medical record before treating you, or to guess what a GP might be treating you for, or another hospital out of your area.

    Do you want the NHS to be able to analyse health data for trends to identify disease or side effect trends, so that research funds can be applied.

    If you do, then how do you think the NHS can do this without a single data structure to interrogate, be it distributed or centralised.

    I have little trust in politicians, or indeed health service managers, but a lot of trust in healthcare professionals, with good reason, having had to repeat my medical history verbally many times over the past few years, I would much prefer that this data is available to any doctor who needs to treat me, just in case I forget a detail. I also don't want to carry a usb stick or card around with me that has that data on it, or authorises access, being human I would forget them.

    Oh, and you might also want to think about the full consequences of Insurance Companies seeing everybody's heath records, not that I want them too, but you are required to disclose known medical conditions when you take out a policy. In some cases also during a policy, for example car insurance, failure to do that would invalidate your insurance. The Insurance companies might well find that their client pool drops dramatically, along with profits and revenue.

    1. Code Monkey
      Thumb Down

      Re: What do you want from the NHS

      This is not about mistrusting the healthcare professionals. It's mistrusting the management wonks - either now or in a few governments' time who will flog this off to the highest bidder.

      Sooner or later they will fuck the nation over massively with this. They will.

    2. Brenda McViking

      Re: What do you want from the NHS

      I don't think many people will have a problem with medical data being used for life-saving medical research. What I have a major problem is the selling of this data to the private sector for commercial gain. Those two areas have been lumped together for care.data, which is why it's a farce to begin with.

      Secondly, the rhetoric coming from those in charge of the project just shows they haven't a clue - this project, in order to work, needs complete transparency, and for the rules on how data is used to be clear. On the first point, they've already bungled, by refusing to explain decisions that led medical data be sold to insurance companies due to companies "re-branding" (whether that particualr act is actually damaging to peoples interests is debateable, but the refusal to explain IS definitely damaging) and on the second, nothing exists.

      And it's going to be implemented by ATOS. Now I know that you're going to have to use a big provider for this, but jeez, anyone but ATOS...

      You seem to misunderstand what Care.data is about. It's not about sharing your medical records inside the NHS, it's about sharing medical records with 3rd parties outside the NHS. Your data is already available to the professionals within the healthcare service. Staying opted-in will not change the fact that you're asked to repeat your medical history every time you see a doctor or healthcare professional.

    3. dervheid

      Re: What do you want from the NHS

      And thirdly

      If all the insurance companies have access to everyones medical records, where does your presumption that "The Insurance companies might well find that their client pool drops dramatically, along with profits and revenue" fit in.

      What it's more likely to lead to is many more people being refused motor insurance altogether, but continuing to drive anyway, or only being able to get insurance via a few specialist insurers who actually take the time to understand the 'risks', which the big companies almost certainly won't do. Take it from someone with experience in that respect; the big insurance companies are only interested in low risk customers.

      More uninsured drivers = higher premiums all round = more profits for the insurance companies. Win/Win for them, Lose/Lose for us.

      And that would be applicable across ALL sorts of insurance. Got 'free' travel insurance with your bank account? You can bet that noone will cover you for any pre-existing medical conditions

    4. Swarthy

      Re: What do you want from the NHS @Otto is a bear.

      I have previously proposed a solution to a fair few of your hopes for care.data, but being on the wrong side of the pond... Yeah.

      My proposal: A Smart card-ish device with a good encryption standard to hold your medical records; with emergency info printed on it (allergies, etc) it gets reviewed whenever you go to the Doc/A&E, and then updated with your treatment. NHS can offer a "Back-up" service to provide a replacement for a lost/stolen card, and they can run analysis on those who use the service. There should also be a method wherein your GP can make a backup for those who do not want to be analyzed. Read/Write capabilities should be regulated as medical equipment, with the associated costs, to keep snooping/malfeasance to a minimum.

      This, I believe, would allow the data portability (data ubiquity, if you will) that care.data is supposed to deliver with the added benefit of the individual to control their data.

    5. Anonymous Coward
      Anonymous Coward

      Re: What do you want from the NHS

      "Do you want any healthcare professional to be able to access your complete medical record before treating you, or to guess what a GP might be treating you for, or another hospital out of your area."

      Amazingly, unbelievably, that is the one thing that ISN'T included in what's being visited upon us, although the very limited, rather slanted material provided by the NHS appears to imply it is the case although its never explicitly stated. The quite separate "summary care record" provides health professionals with a very limited view of your allergies and prescribed medication, but thats it.

      " - The information uploaded to care.data will not be made available to health professionals providing your treatment, but to universities, pharmaceutical companies and commercial organisations

      - care.data does not concern clinical care, it is an administrative and research database"

      Thats from brief.care-data.info , which is written by a GP, and seems to provide more detail and clarity over what is and isn't being done that the lamentable NHS blurb - they do after all have an interest in bigging up the value to patients.

      Perhaps get your facts straight before spouting.

    6. Anonymous Coward
      Anonymous Coward

      Re: What do you want from the NHS

      You are either ignorant, an idiot or a troll.

      The care.data will not be used for medical treatment, that data channel is already present, it will be use for Big Data mining, and that can be very dangerous without strict and clearly defined /existing/ rules; there are no effective /existing/ rules..... it's FUBAR.

  21. dervheid
    FAIL

    Tim Kelsey

    What a complete and utter prick.

    care.data has to be the biggest con and betrayal of Doctor/patient confidentiality EVER conceived.

    Hopefully the NHS in Scotland will not go down this oudious route.

  22. iansn

    Who's data

    None of these morons in Government or the NHS understand that it is not their data, it is MY medical record, private and personal. Its is about me, for me and future treatments and would be best kept by me. If I lose it it is MY problem. If I opt in it is my choice, it should not be about opting out. No matter how much the data is anonymized, if the patient DOB sex and practice in which the data was obtained, the other half of the data can be obtained from the local government agencies. It can never be anonymous simply by reason of that fact. There is no point in having any central database if records do no not contain age, sex and location when researching any disease or condition. If I dont not want people to have access to this that must be the default.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who's data

      have to agree, however the labour party sold us down the river. they passed a law saying medical records belong to the secretary of state for health, currently Jeremy cunt.

      no political party is proposing to repeal that.

      even if they did, the law could be reenacted. answers on a postcard please.

  23. Graham Marsden
    FAIL

    "If 90 per cent opt out [of care.data], we won't have an NHS."

    Then how the *FUCK* did we manage to have one for the last half-century??

  24. James Gosling

    Google would love this data...

    Imagine all the erectile disfunction products they could sell to a truly targeted audience. Or maybe madam would like some spot cream for her acne, Dear Sir... about that pimple on your ass...

  25. Tsung
    FAIL

    Opt out, isn't really opt-out at all.

    I thought when you opt out it doesn't actually remove your data in any way. Instead they "tag" it with a "code" that means "don't look at me". Anyone who wants to use the data for "other" purposes isn't going to give too hoots about the opt out code. If anything it will make your record more interesting as you clearly have something you want to hide!

  26. OffBeatMammal

    just wondering...

    How many MPs have opted out?

    1. Anonymous Coward
      Anonymous Coward

      Re: just wondering...

      I think you can rely on the fact that MPs will be exempt from this, given what happened to Gordon Brown.

  27. John B Stone

    Secure forever for you and close relatives?

    Even if the system is secure now, it has to stay secure for your entire lifetime and probably your children's lifetime too - as your medical history is useful in predicting around 50% of your parent's/sibling's/children's susceptibility. Though that likely excludes the more embarrassing personal medical history but not the insurance issues.

    And therefore if you opt out but the records of your parents/siblings/children who haven't are ever cracked then perhaps 50% of your info can be inferred.

    Would you bet on tech not being able to break current encryption in 20, 40, 60 years time?

    1. arrbee

      Re: Secure forever for you and close relatives?

      Following on from this - what are they doing with the data of people who have died since GP records were computerised, and what will they do with my opted-out data after I've popped my clogs ?

  28. DocJames

    a doctor writes...

    As has been posted above: this is a data grab for Big Finance and Big Pharma.

    It has NOTHING at all to do with clinical care.

    And for all the imaginary situations whereby "instant access to full medical records" would prevent some kind of irreparable medical harm: bollocks. I cannot remember a situation where I have required this, or have heard of it happening to a colleague, or a friend of a aunt of a colleague. I find it hard to imagine a plausible situation where this would be required. There are no published case reports, let alone observational studies of this problem. With some guesstimates based on my personal experience and using the rule-of-three, for p<0.05 there could be harm to at most 0.006% of those presenting to inpatient medical care.

    Non-IT related rant follows:

    What would be useful is if those receiving health care and taking medication could take as much interest in their treatment as, say, the engine size and fuel efficiency of their car. Or the current form of their preferred sports team, along with how the manager should improve things, or the present storyline(s) of their favourite soap, or indeed ANYTHING ELSE that people seem to feel are entirely reasonable things to know all about. If your health is important to you, you should probably pay some attention to it.

    And breathe.

    (If your health is not important to you now, it might well be in the future if you need to come and meet me. Your choice.)

  29. Telecide

    Are we talking about the same IT experts....

    ....who have neglected to put into place a plan to upgrade more than 1 million NHS computers from Windows XP, at a cost of $200 per desktop for the first year, going up to $400 in the second and $800 in the third year? I'm not saying that the XP state of affairs would prevent the care.data scheme from going ahead (especially since the total isn't all GP-related) but it'll make it all the more interesting - £120million for Year 1 to stay as they are, with all of the additional challenges that the continued use of an out-dated operating system brings.

This topic is closed for new posts.