back to article NHS refused to pull 'unfit for purpose' Care.data leaflet

The mishandling of the controversial Care.data scheme – intended to extract data from GP records and effectively share it with world+dog – was in part due to the refusal of NHS England to recall an ill-informed public leaflet from the printers, an independent oversight body has revealed. Care.data was supposed to begin in …

  1. Anonymous Coward
    Anonymous Coward

    Same old arrogance

    This "Nanny knows best" arrogance and refusal to listen to any critical voices is what provoked the backlash against care.data in the first place. How is the public meant to place any trust in them to handle our most personal data responsibly, when their attitude to to being open and honest is basically "too difficult - who cares"?

    1. Anonymous Coward
      Anonymous Coward

      Re: Same old arrogance

      It's only your personal data if it has your personal details on it.

      It doesn't and wouldn't have. Anonymised data is already used widely.

      How on else are you supposed to show the effective use of treatments and drugs without allowing people to analyse the data?

      People share a lot more data with Nectar cards and loyalty cards. They know where you've been, what date and what you've bought.

      1. Anonymous Coward
        Anonymous Coward

        Re: Same old arrogance

        It's only your personal data if it has your personal details on it.

        It doesn't and wouldn't have. Anonymised data is already used widely.

        What rubbish. The digests they would supply included ample location, age, etc information to enable the subject to be de-anonymised quite easily in conjunction with other publicly available data.

        1. Anonymous Coward
          Anonymous Coward

          @Credas

          At a previous employer we an anonymised external survey for comments on management. Given the small number of staff at each department it would have been simple to de-anonymised (how many years have you worked here, qualifications, age). Anyone taking part and giving straight answers were risking a lot.

          Anonymous - obviously

      2. Tom Wood

        Re: Same old arrogance

        Indeed, here's some anonymised data, there is no way you could possibly work out who these people are:

        Male, age 40-49, lives in SW1A area, occupation: prime minister

        Female, age 80-89, lives in SW1A area, occupation: head of state

        1. Snowman

          Re: Same old arrogance

          You jest but with county of residence and birthdate is enough to uniquely identify most of the people in the country. Other data can be pulled from different sources once a person is identified.

      3. Jason Bloomberg Silver badge

        Re: Same old arrogance

        It's only your personal data if it has your personal details on it.

        It doesn't and wouldn't have.

        A huge part of the problem was that it was not possible to tell if this was/is/would be true or not. It was very opaque as to what information was involved, who would have access to it, and what form it would take.

        In particular it was not clear whether signing-up was advantageous or not, or whether not signing-up would compromise the care one might receive in future.

        On the details provided it was impossible for anyone to make an informed decision as to what they should do.

        Additionally it was opt-in by default with no easy way to opt-out. And once opted-in there was no way to opt-out later. As noted, many people were not even aware of the proposals and what they were being opted in to because they did not receive notification, though possibly through binning it as an anonymous junk-mailshot which it appeared to be.

      4. Gordon 10 Silver badge
        FAIL

        Re: Same old arrogance

        @AC

        Come back when you understand what a jigsaw attack is Big Pharma shill.

        I don't think anyone has any objection to understanding the efficacy of treatments using this data but it should be driven by the NHS to get the maximum medical and commercial bang for the buck rather than used by Big Pharma and Insurance Companies to shaft us.

      5. Anonymous Coward
        Anonymous Coward

        Re: Same old arrogance

        "People share a lot more data with Nectar cards and loyalty cards. They know where you've been, what date and what you've bought"

        People are not opted in to loyalty cards by default, unlike the original Care.data plans. More importantly they're unlikely to suffer high insurance premiums (or refusal), or have their employment prospects affected by distribution of anonymised shopping basket data - plenty of people in a given postcode will buy bacon, butter and bread; very few will be Female, 50-59 and have breast cancer, high blood pressure and epilepsy.

        It might have escaped your attention that not everyone signs up to every data harvesting scam offered, or is your view merely skewed by vested interest?

      6. cantankerous swineherd

        Re: Same old arrogance

        stupid. the records include the NHS number, a unique identifier.

        thus the data can be deanonymised by anyone with access to the NHS demographics. in the long term this will leak out and essentially the entire dataset will be up for grabs.

        nice try at rapid rebuttal though.

        1. h4rm0ny
          Mushroom

          Re: Same old arrogance

          >>"thus the data can be deanonymised by anyone with access to the NHS demographics"

          You'll find the reply given on this one is that here are confidentiality agreements in place. I used to work for the NHS and back when they were rolling out the "Spine" and Connecting for Health (is CfH still a thing?), we raised Hell over access. The response was a very official sounding "only those bound by strict data confidentiality agreements will have access to the data". By which they meant every receptionist or medical secretary at any GP practice in the country could look up your records. I know - I tested it by looking up records that I had no right to access (they were MY OWN but I had no right to look them up in that role and the system did not know they were my own). The DoH people actually outright lied to us also. We were told that there was a system in place to track who had accessed which records. Not going to be, was. Under heavy questioning they finally admitted there wasn't any such monitoring and they had no time frame when it would be added (wasn't when I left the NHS).

          Thee are a lot of hard-working people in the NHS from around middle PCT level down. Above that, career-minded liars, mostly. Do NOT trust the government integration programmes for the NHS whatever they are called this month. I have direct experience of working with these people. They can and will lie when they can get away with it and their interests are NOT your interests.

          It would not in the least surprise me if the leaflet was deliberately sent to be printed prior to approval so that it would be "too late" to change. Incompetence is perfectly possible, but this is exactly the sort of sly shit I have seen from them in my time in the NHS.

          Nuclear, because that's what should happen to everyone above middle management level in the NHS and everyone in the DoH.

        2. Anonymous Coward
          Anonymous Coward

          Re: Same old arrogance

          Except that end users of the data will never see the NHS Number, just as they don't when they analyse Hospital Episode Statistics.

          Nice try at an uninformed rebuttal of a rebuttal though.

          1. nsld

            Re: Same old arrogance

            "Re: Same old arrogance

            Except that end users of the data will never see the NHS Number, just as they don't when they analyse Hospital Episode Statistics.

            Nice try at an uninformed rebuttal of a rebuttal though."

            Because of course those are the only two datasets they will ever look at.........

            With date of birth, postcode and gender its possible to cross match data sets and get a good level of accuracy and in less populous areas you can do it with even less specific data. I can pretty much guarantee that I am the only male born in my year of birth in my postcode so cross referencing from just that data would be simple.

            Actually having my NHS number is pretty irrelevent as its rarely if ever used outside the NHS but if you where an insurer and held my car or life insurance it would be simple to match that to my medical data with those "anonymous" data points.

          2. Anonymous Coward
            Anonymous Coward

            Re: Same old arrogance

            Hospital Episode Statistics another Government database that were we "opted in to" without our informed consent, and with rare conditions I guess it would still be possible using a jigsaw attack to find identifiable information.

            wasn't it the HIS data that was "sold" by NHSIC the predecessor of HSCIC http://www.theregister.co.uk/2014/03/06/nhs_information_body_hscic_promises_improvements_on_how_data_is_shared/

      7. Sir Sham Cad

        @AC Re: Loyalty cards

        1) I choose to give these people my data when I choose to present my loyalty card at the till. On a visit by visit basis. Care.data is opt out so you're in by default and you don't get to choose who gets what data about you.

        2) I am incentivised by the loyalty card company to give them my data with money off stuff and special offers on things I buy normally. In return the big supermarket chain might sell me more cheese and beer. With the care.data scheme I am not incentivised, the data recipients get all the benefit.

        3) Loyalty card schemes are not set up at taxpayers expense to benefit private companies.

        In fact I was unsure how I felt about the care.data scheme until you came up with that marvellous false equivalence and I had to think about it.

      8. nsld

        Re: Same old arrogance

        You might be vaguely anonymous in dense areas of population but out in the sticks with 1 or 2 houses per postcode its a different story.

        1. Anonymous Coward
          Anonymous Coward

          Re: Same old arrogance

          Good thing that postcode isn't the lowest level of granularity then isn't it. But down let that get in the way of some good old FUD.

      9. Captain Hogwash Silver badge

        Re: Nectar cards and loyalty cards

        Not everybody chooses to have these. Also, I note your reluctance to share your identity.

      10. TkH11

        Re: Same old arrogance

        This is complete rubbish. I asked questions to a government minister about the data being stored on the database. Your name, NI, NHS numbers are not being stored but there is sufficient information, including your date of birth and postcode to enable you to be identified.

        How many people live within your postcode that have the exact same date of birth as you? Probably none! And in most cases it will be none.

        For example, if years later you went to take out motor insurance, you have to provide your name, address, date of birth to your would be insurance provider, and let's assume that the government changes the rules (they do that all the time without asking us) and sell the data on, and the insurance company can access the medical record database, and link our insurance application or claim to the medical records database using the post code and date of birth, and then charge us a higher premium based on our medical history. This is wrong.

        Anonymised data? They want us to believe it is anonymised, and you fell for it.

      11. Anonymous Coward
        Anonymous Coward

        Re: Same old arrogance

        > How on else are you supposed to show the effective use of treatments and drugs without allowing people to analyse the data?

        Because people who participate in clinical trials:

        (1) OPT IN to them and GIVE THEIR CONSENT for the data collected WITHIN THE TRIAL to be used

        (2) Are not giving carte-blanche for their entire medical history to be sold to unspecified buyers for unspecified purposes at unspecified times

  2. James 51 Silver badge

    Netflix famously tried this once. Researchers were able to determine the sexuality of a lady whom they were able to identify despite the data being 'anonymous'. Let's not forget this isn't to improve your health. It will be used to push up insurance premiums, deny people jobs (the building industry ran a black list for years based on willingness to stand up for your rights so it's easy to see that spreading. Hmmm he had cancer and it has a 20 percentage chance of coming back, let's got for the other guy). Targeted advertising to from companies that hide the full picture about their drugs or don't have to prove the help in the case of implants. There are scenarios were sharing the data done properly would be a good thing but this is nothing like one of those scenarios.

  3. Ilmarinen

    "must try harder"

    "The report card at the end of the first year after the government’s acceptance of the Information Governance review reads: must try harder," it said.

    I'd rather that they tried a lot less. Just went away, maybe got proper jobs and stopped wasting our money on such things. We could do with much less Government and its mendacious control freaks.

    1. Anonymous Coward
      Anonymous Coward

      Re: "must try harder"

      A shame better government with fewer control freaks is too much to wish for.

    2. teebie

      Re: "must try harder"

      "Must try harder, further away from where they can do any harm"

    3. Terry 6 Silver badge

      Re: "must try harder"

      Currently, if I go to my local out-of-hours "drop-in" centre they don't have access to my medical records.

      So if a patient can't remember what medication they are taking, or the dosage, they can't just look it up.

      A sensible system for integrating NHS records would suit me fine.

      Sending my records out to their pals in big business is totally another situation.

      And I really do object to that.

      1. PJI

        @Terry 6: Re: "must try harder"

        Living abroad, I am not sure what a drop in centre is. It sounds like some sort of social or health support place. But surely, if one is really at significant medical risk, one is at liberty to inform staff oneself, with them being under a duty of confidentiality.

        It seems to me that there are several risks with health and other private data being release by the NHS or any other body, e.g.

        o Simple right to privacy. e.g. An astoundingly high number of people have genuine mental health problems, including schizophrenia and other difficult ones, that they manage to control with medical and psychological help, usually managing to lead normal, productive lives under the most difficult of conditions most of the time. Imagine if the wrong people got hold of such a person's medical history how they could destroy that person's life, not necessarily with any ill intent.

        o the temptation for cash-strapped or just greedy authorities to give ever more under ever easier conditions in return for support and sponsorship by big Pharma or any other commercial entity. People "in authority" have a strong tendency to forget that they are neither better than others nor infallible.

        o an increasingly intrusive government using it for "security" or "anti-abuse" or whatever purposes to track people, gain possibly useful information on people, innocent or not.

        o insurers for, say, cars private health life insurance or lenders of a mortgage or loan, claiming or getting access. Look at the frequent mistakes by credit agencies now and the devastating effects that can have. Health and other personal data is far more open to abuse and mistakes.

        o employers, potential landlords, employment agencies, journalists etc. getting access, legally or illegally (not hard, as the number of newspaper scandals, corrupt policemen and civil servants shows in recent "leaks").

        The unthinking commentator at the start of these comments is clearly not in IT nor indeed very well informed, or they would be aware that modern computing techniques can readily combine and analyse disparate data to produce great detail. Of course, one thing those techniques can not do is ensure that the user draws the right conclusions or behaves morally and correctly.

        Great Britain is a weird land: people protested long and loudly at the very idea of Identity cards, even simple, basic ones, while being quite happy to use passports, copies of bank statements and utility bills to provide the proof of identity needed for banking, car hire or just to buy a drink or cigarettes. They tolerate the greatest density of private and state cameras and officials filming them with wearable cameras, while the same people object to the public filming them or their buildings and transport.

        And now, it is awful how many let themselves be persuaded to allow use of personal data by bodies shown to be unable to manage it and others shown to be compulsive misusers of it because, just like the minorities in the USSR or Nazi Germany or McCarthyite USA, they've got nothing to hide.

        1. Jamie Jones Silver badge
          Thumb Up

          Re: @Terry 6: "must try harder"

          "Great Britain is a weird land: people protested long and loudly at the very idea of Identity cards, even simple, basic ones, while being quite happy to use passports, copies of bank statements and utility bills to provide the proof of identity needed for banking, car hire or just to buy a drink or cigarettes. They tolerate the greatest density of private and state cameras and officials filming them with wearable cameras, while the same people object to the public filming them or their buildings and transport."

          As a Brit, have an upvote.

          I think that will be my nomination for quote-of-the-year

        2. JayB

          Re: @Terry 6: "must try harder"

          "Great Britain is a weird land: people protested long and loudly at the very idea of Identity cards, even simple, basic ones, while being quite happy to use passports, copies of bank statements and utility bills to provide the proof of identity needed for banking, car hire or just to buy a drink or cigarettes. They tolerate the greatest density of private and state cameras and officials filming them with wearable cameras, while the same people object to the public filming them or their buildings and transport."

          Have an upvote for an elegant summation!

        3. Andrew Meredith

          Re: @Terry 6: "must try harder"

          >>Great Britain is a weird land: people protested long and loudly at the very idea of Identity cards, even simple, basic ones, while being quite happy to use passports, copies of bank statements and utility bills to provide the proof of identity needed for banking, car hire or just to buy a drink or cigarettes. They tolerate the greatest density of private and state cameras and officials filming them with wearable cameras, while the same people object to the public filming them or their buildings and transport.<<

          Being from that strange place we call "foreign" you probably don't know the detail behind the massive information land-grab euphemistically called "The UK ID Card".

          First off, it wasn't actually the card that was being objected to for the most part, it was the database behind it. If the cards were optional and stand alone (like in many countries) then they probably would have been able to jam it through. However, it was tending towards mandatory and could easily have become de-facto mandatory given its intended usage; and the database was .. well .. just obscene from a security point of view.

          Second it was punted as a "Gold Standard" identification document, but still only used the same 'leccy bill and birth certificate type proofs as its basis. This would mean that once someone had managed to subvert your card/database entry, THEY WERE OFFICIALLY YOU ! You couldn't even prove that you were you sufficient to be able to start the conversation about the fact your identity had been stolen as it wouldn't be *your* identity any more. That's what Gold Standard means.

          FarceBake, Nectar Cards etc etc are all optional, temporary and opt-in. Yes I give Morrisburies information every time I swipe their loyalty card; but if I don't want to for some reason, I don't have to.

          As for not objecting to the lunatic levels of physical and electronic surveillance we are subjected to ...... You do *read* El-Reg don't you ??! ;-)

      2. Baldie

        Re: "must try harder"

        This is a problem, and it came up a few times at a recent NHS Hack Day that I attended. But even if health systems were such that the drop-in centre and hospitals knew what your meds were, the situation were you to require social care is much worse. Completely different system run by local authorities, and often the providers (who will often be the ones actually administering the medication) are private companies to whom the work has been contracted out (at the lowest defensible rate). There is so much that can go wrong by the time they get their information.

        But back to the point of the article: this arrogance (and one might guess the individual concerned) has cost much, much more than stopping a print run. But compared with that the arrogance of asserting that an organisation such as HSCIC (with a history of privacy and hacking cock-ups) would be able to keep control of the data is much worse. And that ignores the issues of the effectiveness of anonymising the data, which has been shown to be totally useless, particularly when someone has more than one condition.

  4. Adrian Midgley 1

    the minutes have been refused

    to a FOI Act request on the grounds they are due for publication

    Overdue I think.

    The najor failing was the appearance of dishonesty and not listening to people who Di have a clue and/or entirely legitimate views.

    The business of sending things - usually a bit late - for mandatory or statutory checking for publucation and at the same time publishing them is pretty standard. I suspect it correlates with a criminal mind, even if the mind involved has not actually committed any overt detectable crimes.

    1. Halfmad

      Re: the minutes have been refused

      If the FOI was knocked back on those grounds, a review could have been requested and if still not satisfied a complaints to the ICO about it would probably have resulted in them being released pronto.

  5. Gerry 3

    The NHS notified only those who hadn't bothered to opt out of receiving junk mail. They knew full well that millions would never receive the mailshot, and that millions more wouldn't have fished it out of the rest of the junk mail mountain before binning it.

    The Care.data scheme must not be allowed to proceed until patients have received individual unbiased notification and given their full and explicit consent.

    1. Mike Pellatt

      And until the unique id is one-way mapped from the NHS number.

      Absolutely no need whatsoever for NHS numbers to be in the data - that's an open invitation for the data to be abused.

      1. Anonymous Coward
        Anonymous Coward

        I work within Information Governance (Not in England - we've nothing to do with this farce) and we'd never have permitted the NHS number or anything similar to be included.

    2. Alfred 2

      And

      "The Care.data scheme must not be allowed to proceed until patients have received individual unbiased notification and given their full and explicit consent"

      Gerry could I add

      And until a full explanation of what is happening to the data and any money made by selling it is given, and is easily available.

      1. Anonymous Coward
        Anonymous Coward

        Re: And

        "and any money made by selling it is given"

        NO money will be "made" from selling it, it will be so cheap per request that it will cost the HSCIC for each request and WE as the Tax Payer will pay the real cost. the only people to make money from it will be the companies DATA mining the information and combining it with other sources to "value add" and then on selling it.

  6. Anonymous Coward
    Anonymous Coward

    A shame to lose this

    The primary intention of care.data was to enable the huge volume of information in doctor's systems to be made available for researchers and others. I understand one of the first business cases for this data is actually billing - doctors charge the nhs for appointments and treatments and care.data would replace the existing interfaces.

    It has to be mentioned that the quality of data is very variable and often, especially with old data, very poor. For example, the "postcode" may be "Swindon", the patient date of birth 01-01-1900 and the gender not given. Such data would likely be ignored. A bigger problem is with the clinical codes used for describing illnesses (and treatment if I remember correctly). For example, the code for diabetes will have different values on different supplier systems, changes over time and may not be correctly assigned anyway.

    That aside, there is real medical value in this data. It would enable national scale queries such as how many appointments are made for an age range with diabetes versus one with copd. It would enable us to know where our money goes potentially leading to better targetting of at risk groups. Another query would be to create a cohort based on those that have copd and have taken drug x long term. There is the potential to identify common side affects (by determining other apparently unrelated medications or treatments given).

    As always huge debate is raised by a minority when the majority doesn't give a toss. If I apply for a life insurance policy, it is already based on statistical assumptions; potentially those assumptions will be better in the future.

    1. Peter Gathercole Silver badge

      "it is already based on statistical assumptions" @AC

      Yes. Broad statistical assumptions, but risk is still shared, and insurance companies are unlikely to deny cover except in very specific cases.

      But being able to mine exact information about individuals allows them to say "I would not touch this guy with a barge pole", whereas previously, they would have had to have taken effectively a gamble on whether the whole demographic they were in was a risk.

      What happens at the moment is that if someone is in a particular risk group, they will probably be offered more expensive insurance, whereas if the insurer had specific information (which may not actually have been told to the patient as it may be detailed clinical information), they could turn round on an individual-by-individual basis and just say no.

      And I would hazard to suggest that they would not say why an individual had been refused because of 'data protection' issues.

      The whole concept of insurance is shared risk. If the insurance companies were able to decide to only offer insurance on things that they knew were unlikely to happen (the flip side of refusing to insure for things that they could tell were more likely to happen because of detailed individual information), then there is no real risk, and they would just take the money and laugh!

    2. Paw Bokenfohr

      Re: A shame to lose this

      "As always huge debate is raised by a minority when the majority doesn't give a toss."

      Yes, but that's because the minority here understands what can happen with this if it's badly managed and unprotected - those of us that work in IT - but the majority don't understand what "big data" is capable of, they don't understand how awful this scheme was.

      So, the minority has to educate them. We did. They listened. The government and the NHS were forced to back track.

      Democracy (and an educated populace) wins!

      Huzzah!

    3. Anonymous Coward
      Anonymous Coward

      Re: A shame to lose this

      "As always huge debate is raised by a minority when the majority doesn't give a toss. "

      Read medConfidential.org and you will see that the Police already make great use of the NHS Back Office Demographics Service to find people who are of interest to them. Once the Police have access to everyone's entire medical history (mission creep happens, especially starting in the names of National Security and Protecting the Children and then like RIPA being expanded to investigation of dog-poo and allocation of school places!) what use will they make of that access? Just as at present the Met Police automatically gets a copy of an arrested person's Oyster card records "just in case there is anything of interest in them", and most police forces get a copy of the arrested person's telephone and internet records "just in case ...", do you not think it likely that Mr Plod will demand complete medical records "just in case ..."? And that those records will stay on the Police National Computer for ever, because there will be no statutory scheme requiring their deletion.

      The Stasi had incomplete records because they had to rely on informants and on paper record keeping systems. Now that both of those errors have been corrected, do you not see how efficient the system can become?

      The majority who don't give a toss at present will wake up one day and wish they had. By then it will be too late.

  7. JimWin

    Opt out?

    There was a standard opt-out document available some time ago. I completed mine and gave it to my GP.

    I've never had any receipt or any other form of acknowledgement. I wonder if such requests were respected or ignored. My guess is the latter.

    1. Anonymous Coward
      Anonymous Coward

      Re: Opt out?

      There was a standard opt-out document available

      Not that I saw available from the GOVT or NHS directly they were from 3rd party groups or GP practices individually,

      There was NOT one of the "MIS" Information leaflet sent out by HSCIC as that would have been too easy for every one to fill it in and show a huge middle finger to the plan.

      As its not there it takes more work and those who may want to opt out but didnt know how or are too busy or lazy would not get round to doing it where as if the form had been on the document mailed then there would have been a resounding response.

      I also didnt get a written reply from my GP despite requesting one. as for Hospitals i give them a letter when registering that says they dont have my permission to supply any of my information even if anonymised to any other organisation and specifically HSCIC.

      Im thinking of sending a data protection subject access request to the HSCIC along with my £10 to see if they have complied. but then they have me on file and that will be logged and sold and inferences made from that fact :-(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019