back to article Top Brit docs wade into GP data grab row, demand 'urgent' NHS England talks

Pressure is mounting on NHS England to stall its incoming data grab of GP-stored medical records, after another health body said that the government needed to improve public awareness of the controversial scheme. A stronger campaign was demanded from top doctors at the British Medical Association on Monday. The care.data plan …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    My wife (NHS nurse) and I (NHS IT tech) received ours a while ago, looked at each other and ticked Opt out after a second or so's consideration, then returned it.

    Question is, who do you contact to confirm your Opted status?

    1. Z-Eden

      I believe you're supposed to submit the form to your GP. At least, that's what I did.

    2. Gavin Jamie

      Are you sure what you opted out of?

      There was a mailshot about the Summary Care Record which would have taken place over the last two years or so. This came with an opt-out form and was reply paid. From what I remember it was purple. This is the record that could be accessed for your health care e.g. in an A&E department or emergency GP service at the weekends or evenings.

      Care.Data is completely separate. It will not be available to people treating you. Leaflets only came out in the second half of January this year and did not feature an opt out form (there are several good suggestions for forms around here). However opting out of the SCR will not have any effect on this extraction. This needs to be done separately.

      Be sure which one you have opted out of.

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      I doubt that you ticked opt out

      If only because the leaflet they so helpfully sent through the junk mail didn't have anywhere you could actually do that. As others have said, you may be thinking about the Summary Care Record, which is another thing entirely, and for which they did provide an opt-out form.

      The best place to go I've found is www.care-data.info which gives quite a bit more info, as well as links to opt-out forms you can send to your GP.

      1. Tom Chiverton 1

        Re: I doubt that you ticked opt out

        Although https://www.faxyourgp.com/ makes it even easier.

    5. Yet Another Anonymous coward Silver badge

      >.Question is, who do you contact to confirm your Opted status?

      The address is clearly stated in the bottom of a locked filing cabinet, in a disused lavatory, in a basement, marked beware of the leopard...

    6. Will 30

      You must be thinking about something else - there was no box to tick nor form to return on the flyer which has been sent recently.

    7. Vimes

      I'm still waiting to be told about this, despite going to see the consultant and doctor on a fairly regular basis.

      Now they claim they're going to wait 6 months so they can communicate the advantages more effectively (note the convenient lack of any mention of the disadvantages nor any attempt at fixing the holes - it's difficult to see how this whole mess could ever be in our best interests).

      More effective communication? Don't make me laugh - so far in my case there has been zero communication (effective or otherwise).

  2. Z-Eden

    I've managed to put in an opt-out form using the advice given from the excellent Light Blue Touchpaper blog. Here's the article with an opt-out form download:

    http://www.lightbluetouchpaper.org/2014/01/08/opting-out-of-the-latest-nhs-data-grab/

  3. James Boag

    Good job well done !

    What do you mean bad job, As far as i can see the Government scum have played a blinder with this one, No one know, no one redacts their info, Tories sell your data to their mates in the insurance biz Sorted.

    Glad i live in Scotland :)

  4. Anonymous Coward
    Anonymous Coward

    Eddys in the Space-Time Continuum

    I have to go to the Doctor's again before March and certainly intend to deliver my opt-out letter; so assuming that I do, I still think if this goes ahead 'on schedule' (won't that make a change!), the Government should be prosecuted over it.

    Guess it's a long time since I read 'The Hitchhiker's Guide' because that comparison is so apropos I'm slightly ashamed it didn't occur to me!

  5. Steve Renouf
    FAIL

    The Biggest Fail is the usual one...

    It should be OPT-IN! by default!

    1. Captain Hogwash

      Re: The Biggest Fail is the usual one...

      You say fail but they knew exactly what they were doing - see post from James Boag

      above.

  6. Graham Marsden
    Big Brother

    See this website for details of what's happening and how to opt out...

    http://www.care-data.info/

    I've also written to my MP asking him and his colleagues to get this whole nonsense put on hold until we get a proper say in what happens to our private data!

    http://www.theyworkforyou.com

    1. Kane Silver badge
      Thumb Up

      Re: See this website for details of what's happening and how to opt out...

      My GP's surgery had a stack of leaflets made up from the details supplied on www.care-data.info, which the nice lady at reception had to resupply because everyone in front of me had taken a copy. These had the "fill in details" section on them already there to be filled in, very handy.

      Just thought I would share.

  7. Anonymous Coward
    Anonymous Coward

    What's the SOP for children born after this database has gone live?

    1. Winkypop Silver badge
      Big Brother

      Relax

      Their implanted RFID chips will be scanned as they leave the hospital...

  8. Tom Chiverton 1

    Don't forget to pop in to Manchester next week for a talk on this very topic !

    http://www.meetup.com/ORG-Manchester/events/164318842/

    Phil Booth from http://medconfidential.org will be on hand to answer all your questions, along with someone from the ICO.

  9. David Roberts Silver badge

    Presumably if you are away (gap year) or moved areas or abroad and haven't told your old surgery then your records will be slurped?

    I do hope that records at the old surgery when you have moved to a new surgery will be marked as such and not extracted

  10. The BigYin

    I just opted out

    No way I am letting the government sell my deeply private information for a quick profit.

    More info here: http://optout.care-data.info/

  11. Livinglegend
    FAIL

    Lock, stable, horse, bolted

    ... in any order, if 'ministers have said that they will learn from the mistakes of the care.data pamphlet drop' .is anything to go by.

  12. IDoNotThinkSo

    No leaflet here

    I have definitely not received any leaflet in the post, combined with junk mail or not. Nor has anyone else I know in the local area.

    1. Fihart

      Re: No leaflet here

      ditto

  13. Jason Bloomberg Silver badge

    OPT OUT

    The best option I can see is to opt out and I would advise everyone to do the same.

    Any worry that this may be the wrong option can be set aside by noting that we will be given (or can demand) a right to opt-in later. I cannot see any government saying they will leave those who did not initially sign-up for what they say is good for us languishing in that plight. That would be electoral suicide.

    They can have our opt-ins when they have convinced us it is good for us.

  14. Warm Braw Silver badge

    Article 8, ECHR

    Under article 8 of the ECHR, we're supposed to have a right to privacy. Indeed this seems to be the main reason the Snowden revelations have caused so much blustering amongst politicians - they're not really worried about terrorists knowing they're under surveillance, they're worried that knowledge of "lawful" activities that are in fact likely contrary to Article 8 will result in a direct legal challenge that could probably succeed.

    I'm pretty sure we have an Article 8 right not to have our poorly-anonymised medical records passed to the NSA and sold to Big Pharma and the insurance industry, but because of what we now know, we can be pretty sure that attaching an opt-out label to the data will simply call it out for special attention. It certainly won't have any other effect.

    Nevertheless, I'd encourage everyone to at least go through the motions of opting out - at least it's then explicit that we're not quite so fond of constant surveillance as the spooks building their FacelessBook seem to imagine.

    Unfortunately, I suspect more people would be enraged at the thought of foreigners underwriting our human rights than that of sharing the details of their treatment for erectile dysfunction.

    1. Anonymous Coward
      Anonymous Coward

      Re: Article 8, ECHR

      If you read the privacy impact assessment here:

      http://medconfidential.org/wp-content/uploads/2014/02/2014-01-27-PIA-care-data.pdf

      you'll also see that on page 13 it says you have a right to object to your data being processed under section 10 of the Data Protection Act (DPA). The opt-out being offered by care.data (which is what you'll get if you inform your GP using the forms being discussed - and operates by placing special codes in your GP data) isn't the same thing. It is being offered as an opt-out but will in fact still allow some use to be made of your private data. As such it is a con.

      Everyone should actually be insisting on the full opt-out which is their right under the DPA.

  15. Dr Dre

    NHS blocking the NHS

    Trying to access the link to the care.data website in your article, from a PC on my desk on the NHS network brings up a series of dire warnings...

    Warning: Questionable Internet use policy

    UsrViewBlocked_warn

    Reason: Downloads site

    Site: https://dl.dropboxuserco...156524/caredata/index.htm

    The organisation’s Internet access and usage policy suggests you should not be visiting this website. Transferring data to an external website may infringe the internet usage policy. Please think very carefully before proceeding. If in doubt, please contact a member of the Information Governance Team or refer to the specific policies on the intranet.

    So - I'm not going to be able to opt-out from work - and neither are a million other people.

    1. Tom Wood

      Re: NHS blocking the NHS

      The care-data.info website is an unofficial website and is nothing to do with the NHS. It was written by a GP in Hampshire. The opt-out form he provides is an example only. You can opt opt by writing to your GP.

      1. JetSetJim Silver badge

        Re: NHS blocking the NHS

        Or try https://faxyourgp.com/ - this site, linked to from the one blocked, will fax them your opt-out.

  16. Turtle

    Approved.

    "Amber data are only made available under a legal contract to approved analysts for approved purposes."

    So, provided they're willing to pay, the data is pretty much available to anyone for any purpose.

    1. Juillen 1

      Re: Approved.

      No, it's not. Approved purposes are medical research. And the data is pseudonymised (i.e. if you're not inside the NHS, which has this data anyway in this form, it's not readily identifiable).

      Insurance companies and profit makers get Green data, which is pre-aggregated.

      1. Credas Silver badge
        FAIL

        Re: Approved.

        No, it's not. Approved purposes are medical research. And the data is pseudonymised (i.e. if you're not inside the NHS, which has this data anyway in this form, it's not readily identifiable).

        Insurance companies and profit makers get Green data, which is pre-aggregated.

        You're sure about that, are you? Is that what the law restricts them to, or is that just what their policy is this week? Clue: it's the latter.

        1. Anonymous Coward
          Anonymous Coward

          Re: Approved.

          and much play being made of how it's han criminal hoffence to reidentify the data. can't see that stopping the police or big pharma or the Murdoch rags.

          1. Anonymous Coward
            Anonymous Coward

            The problem with pseudonymised/anonymised medical data

            is that it will still be able to identify you better than your name.

      2. Anonymous Coward
        Anonymous Coward

        Re: Approved.

        "it's not readily identifiable" - +1 for weasel wording.

        as for the data only being visible to those "inside the NHS" - no thanks. what happens at the GP stays at the GP, it doesn't get strewn around 300,000 employees of the NHS. and what, pray, /is/ the NHS these days? virgin? crapita?

        6 month delay is good news, but will be used for propaganda of the anonymised type which the beeb are faithfully regurgitating. NHS number, anyone?

  17. Shonko Kid
    Holmes

    " were tucked in with junkmail "

    It's almost as if they didn't want you to opt out.

    Perhaps they should put the forms in a locked filing cabinet, in the disused basement, with the 'beware of the leopard' sign....?

    1. Anonymous Coward
      Anonymous Coward

      Re: " were tucked in with junkmail "

      Yes, the opt-out (instead of opt-in), the lack of information and the absence of an official opt-out form clearly weren't an oversight, or even the usual gross incompetence. They were calculated and deliberate. This is data rape, pure and simple.

  18. ragnar
    Thumb Up

    Thanks El Reg, I wouldn't have had a clue otherwise. We've certainly never received the flyer!

  19. John Lilburne Silver badge

    Screw them. I don't recall having been sent anything. I certainly won't have read it if it was sent. It's been years since I've been to the quack. I'm certainly not downloading a form to fill in and post elsewhere, certainly not the doctors surgery as whilst I know where it is I don't the address.

    Best solution is to print-screen the form add a tick in whatever they are calling the 'fuck off' box these days, and emailing it as an attachment to whomever is the current political gobshite that is in charge of the NHS. Let that arsehole deal with it.

  20. MR J

    Never Received

    I had been expecting this so kept waiting, It has not come through my post box. I asked and no one on my street has had it. Granted, due to cuts in the postal service last year we only get a postman about twice a week now and it is rarely the same person, so my guess is that these "inserts" are still sitting at the post office.

    Last year I got a letter that was 13 months old, they had found hundreds of bags of stolen mail but were afraid to tell people about it, so the majority of it is STILL sitting in my local postal depot!.

    They should OPT everyone OUT, and then send out the leaflets to let people Opt IN...

  21. SeanEllis
    Black Helicopters

    Submitted an opt-out to my GP yesterday

    Using the form downloadable on the right of this page: http://medconfidential.org/how-to-opt-out/

  22. Zog_but_not_the_first Silver badge
    WTF?

    Milking the sheep

    Maybe the Gov regard NHS patients like Facebook members. "If you're not paying for the product, you are the product". Except we are. And we're not.

  23. Tom 38 Silver badge

    the pamphlets that were sent out to 26.5 million households in England in January were tucked in with junkmail such as pizza menus and gym membership flyers.

    I think it says something about the area I'm living in that I only get fast food menus and no gym membership flyers.

    1. Yet Another Anonymous coward Silver badge

      Perhaps once they access to your medical data they will be better able to tune their advertising?

      Then they will know from your svelt physique and low cholesterol to only send you gym membership and no pizza menus

      1. Tom 38 Silver badge

        No, they'd send me more pizza menus, plus vouchers for an extra large doner pizza with extra cheese and jalapenos :/

  24. phil dude
    Coat

    yes minister....

    was like a training video...

    P.

  25. Oldfogey
    Stop

    (Temporary) Win!

    Just been announced that the programme will be delayed 6 months.

    "Will not be changed in any way, this is a chance to explain it better"

    So still opt out, but more time to get friends and relatives to do so.

  26. JassMan Silver badge

    The worst thing

    is that the politicians are still lying about this data and saying we don't need to worry becuase it is stored in an anonymous database. LIE! It is on partially anonymised when your data is sold on.

  27. Will 28

    There are rumours that you're not fully opting out anyway

    According to the following: http://medconfidential.org/how-to-opt-out/ , opting out just removes some more information from what they send, it doesn't stop them sending it.

  28. Anonymous Coward
    Anonymous Coward

    Hello....err Barry, I'm calling from Bobs Medical Appliance warehouse

    About that embarrassing, err, problem of yours....

  29. Grease Monkey

    Did I really hear a pundit on the news last night state that there has never been a leak of personal data from the NHS?

    Unfortunately I was watching on a plain vanilla TV so I couldn't rewind to check, but it certainly sounded like it. Not the sort of expert the news media should be relying on.

  30. Anonymous Coward
    Anonymous Coward

    A medical researcher's perspective...

    Hello, long time lurker, first time poster.

    First off, i will declare that I work in medical research (academic, not commercial), so could be considered to have an interest in this issue. Judge me as you will...

    I have followed this story for the last 18 months or so, from a number of different outlets. The REG gives good coverage, but the comments are always (perhaps unsurprisingly) biased against this and similar 'big data' medical research programs.

    I understand the concerns that data will be lost, and based on previous experience of public sector data handling (think laptops left on trains, un-encrypted USB sticks lost) I have genuine sympathies.

    However, I think a lot of the objections are based on misunderstandings, or just plain bad information. I will try to deal with these in a rational manner, but look forward to some spirited debates on these points.

    Generally, the objections fall in to the following categories.

    1. What is actually happening?

    The NHS is one of the biggest creators, collectors, and users of data in the UK. Every time you interact with it, a record is kept. Prescriptions, GP appointments, outpatient clinics, you name it, it's recorded somewhere.

    At the moment, all of this information is kept on an almost unimaginably complex range of databases, excel spreadsheets, and paper records.

    Trying to get all of this information together in one place, ready and fit for use by the NHS as and when it is needed has taken decades. Merging all of these information streams is the ultimate goal of an accurate, secure and effective NHS IT/IM system. We are still years from this.

    The Care.Data program wants to merge two massive data sets. The secondary care data set, which is updated every time you see a consultant, or admitted to hospital, and the primary care data set, which is updated every time you see your GP or practice nurse. At the moment, the data is collected and stored, but never linked.

    Lets just take a minute to think about this. The NHS, a system set up to look after you from cradle to the grave cannot share information between your GP and your Consultant... This is mind blowing! What happens when you are taken to A+E, and the consultant is trying their best to save your life, but can't access your primary care records (previous illnesses, allergies, do no resuscitate request etc) for want of an electronic link to them

    Thankfully, this situation has been partially addressed, by the introduction of the care Summary Care Record, which provides a concise record of your medical history to medical staff in A+E. As a point of interest, it took 5 years of debate to get final agreement that the summary care record was a good thing, That's not 5 years to think about it, plan it and make it happen. That's 5 years to agree that it was a good idea!

    However, the summary care record does not address the main issue, that primary and secondary care do not routinely share health information about patients, something almost unthinkable in a 21st century health service!

    2. Why should i trust them with my data, when the public sector loses data all the time?

    Fair point. The public sector has a fairly poor record. Thankfully, medical research has a better history of securely handling data than the rest of the public sector, as the sharing of information is based on the concept of informed consent, something that is hard to get, and even harder to regain when trust is lost. Ask anyone who works in medical research, how many regulations they have to follow, and how hard it is to to get informed consent. After all that work, they are very focused on retaining the security of the data and the trust of their patient.

    3. What data will be shared?

    The purpose of the linking in Care.Data is to allow the linkage of data from primary care (what you saw your GP about, what they gave you for it, what your healthcare outcome was), with data from secondary care (did you end up having to go in to hospital for the problem you saw your GP about, did the drug work?).

    In practice, this will mean that the Health & Social Care Information Centre (HSCIC) will run database queries at each GP practice, which will copy previously agreed data (things like DOB, address, sex, medical read codes, drug read codes, etc) and then link this with their secondary care records, building a bigger health record for each person.

    By linking these two massive data sets together, it will allow approved academic researchers to carry out Longitudinal research, looking for patterns across a massive data sets. It is important to stress that the data shared with these approved researchers will be anonymised, in that they will not contain identifiable data like name, dob, address, postcode etc. Researchers are aware of Jigsaw attacks on anonymised data sets (we've tried a few on our own data to check that our arrangements are strong enough), so are willing to make some accommodations to prevent this. Where potentially identifiable details like dob/postcode are needed, researchers will be able to work with substitutes like age range (18-30, 31-45, 46-65) and partial postcode (Like EH1 rather than EH1 3BG). This along with other arrangements should make it sufficiently hard to identify individuals that it is almost impossible.

    Early work on this (albeit on a far smaller scale, circa 1 million people in Scotland), has already improved the healthcare of NHS patients, identifying healthcare inadequacies linked to postcode, age, mental status. The potential for this is almost endless, observing patterns of drug reactions, allowing the establishment of causation rather than correlation. If we are allowed to harness the power of such large data sets (albeit with robust controls), why should a small number of possible problems (which can be mitigated or prevented) be allowed to stop the possible gains for patients?

    4.Who the data will be shared with.

    Again, a lot of the concerns raised about this issue are based on misunderstandings and 'miss-information'. Access to anonymised data for medical research is already tightly regulated, in statute and in local regulations. I routinely have to apply for access to hospitalisation data for patients who have already given me informed consent to see their records. The forms we have to fill in every 3 months take days to fill in, and that doesn't even include the cost of the secure system we had to set up, and the training/declarations undertaken by our staff and associates. All of this detracts from our ability to carry out research, but reassures us that data (even the anonymised data) is treated very carefully, and only shared with appropriate people/organisations.

    Private companies are not routinely going to be given access to this data. Only in rare occasions where they are funding collaborative research (carried out by academics), will they have any access to the anonymised data. They will NOT be given free access, or access to any identifiable data, and the 'Tories' are not planning on selling of the un-anonymised data to their chums in the insurance industry. This has been in the works for years, long before the latest government got in to power, so please don't let your skewed political agenda get in the road of a project with such huge potential for human good.

    5.The opt-in/opt-out debate.

    This is another contentious area. If they chose the opt out, it ensures that the majority are included in the 'link', something that will only add to the power of the data set produced, helping spot patterns, improve treatment, and pick up more effective drug treatments quicker than ever before. Saying that, it does kind of go against the concept of informed consent, but on something of this scale, I think that the potential benefits to the NHS and to humanity far outweigh the potential losses or damage to any one individual or group, so could quite legitimately be argued as the best option for society as a whole. Dangerous talk from a libertarian...

    As a counter-balance, if you want to opt-out, write to your GP telling them this. They will insert a read code in to your primary care record, which when the Health & Social Care Information Centre run their data query against your record, will mark it as one to NOT to be copied. This will happen everytime until you ask for the read code to be removed. Hope that helps.

    1. Jason Bloomberg Silver badge

      Re: A medical researcher's perspective...

      medical research has a better history of securely handling data than the rest of the public sector, as the sharing of information is based on the concept of informed consent, something that is hard to get, and even harder to regain when trust is lost.

      Very true but informed consent is notably absent in what people are being opted into. Opting out is made as difficult as possible and it simply isn't being explained clearly.

      You have done a pretty good job presenting a case for; so why could the government not do an equally good job? The suspicion must be that they deliberately chose not to, do not want to, and that suggests there is something we are not being told, something they don't want us to know, and is a good enough reason alone to be highly suspicious.

      Private companies are not routinely going to be given access to this data... the 'Tories' are not planning on selling of the un-anonymised data to their chums in the insurance industry.

      I. and I suspect others, would like to see some guarantee of that. Call us untrusting, paranoid, whatever, and that is okay, we are entitled to be. It is for the government to convince us that what you say will be the case.

      1. Anonymous Coward
        Anonymous Coward

        Re: A medical researcher's perspective...

        Most people who are worried are not worried about medical researchers, but about the secondary use of the data that is not being ruled out explicitly. Weasel words from politicians and others trying to pretend there is no data protection issue just put people off and while it may be a laudable attempt to do something good, the sneaky, underhand and duplicitous way it has been attempted to slip it past unnoticed just breeds mistrust of all the other assurances given.

        Even the opt out appears not opt you out of the big database, just to opt you out of having your personal identifiers attached. Jigsaw attacks may not be possible today but I'd put money on it that in a few years with ever increasing computing power and ever increasing big databases, cross referencing will make short work of that.

        From http://medconfidential.org/how-to-opt-out/

        "Where patients have objected to the flow of their personal confidential data from the general practice record, the HSCIC will receive clinical data without any identifiers attached (i.e. anonymised data).

        i.e. the intention is to still to extract information from the medical records of people who had opted out, just not with their NHS number, postcode, date of birth and gender attached.

        This is not what any reasonable person would understand by opt out – if you opt out, no information from your medical record should leave your GP practice."

        1. Anonymous Coward
          Anonymous Coward

          Re: A medical researcher's perspective...

          -i.e. the intention is to still to extract information from the medical records of people who had opted out, just not with their NHS number, postcode, date of birth and gender attached.-

          That's the thing though. If it contains no identifiable data (NHS number, name, full postcode or DOB) it is no longer 'Your' data. It is anonymised and will be aggregated in to a larger data set, making it far harder to carry out an effective jigsaw attack.

          I really am unclear why people are concerned about anonymised data being taken and used for this purpose?

          If you need any persuassion on the power of this type of science, i strongly advise the tech savvy audience to watch some of Isaac Kohane's lectures on the subject. This one is a great example of the power of using big data to cure public health issues that affect Millions across the world. http://www.youtube.com/watch?v=P5O66e8r2QM

        2. AWESOME
          Go

          Re: A medical researcher's perspective...

          As a footnote, i would strongly recommend that any of you who have any doubts over the potential of projects like care.data take 10 minutes to watch this presentation by Dr Isaac Kohane, who is leading the way on health record linkage in the US.

          http://www.youtube.com/watch?v=P5O66e8r2QM

          It really is inspirational what a little bit of technology, hard work, and good will between competing interests can do in the health care setting.

          We have the single biggest healthcare system in the world. If the yanks can do such amazing work with 10 million people's records, can you imagine what the NHS could do with 60 million records?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019