back to article Privacy advocates left out of NHS 'oversight' board

Privacy advocates have been secretly expelled from the NHS's discussions group, while lobbyists backed by biotech corporations have kept their places at the table. The Advisory Group was established in March 2014, after the scheme's first collapse, as part of a process to get – which intends to …

  1. staringatclouds

    The Advisory Group was closed last year and replaced by a new Strategic Oversight Board, although the news of this is only contained in the minutes of the final meeting (PDF) chaired by Tim Kelsey, who has since fled the NHS to take up a director's role at the Australian medi-telco Telesta Health.

    Interesting note, Telestra Health are now making lots of money out of NHS data, and as Mr Kelsey is a director he can expect a fat bonus.

    I wonder if there's a connection between that and all the work he put in while working for the NHS to commercialise NHS data ?

    See also

  2. Rich 11 Silver badge
    Thumb Down

    What a bunch of...


  3. Wiltshire

    The NHS might still be public, but despite the talk of Open Data, access to the data has been privatised. Any attempt to get anything close to raw data for ( episodes and prescribing) runs into paywalls and "publication tariffs"

    1. annodomini2

      "The NHS might still be public..."

      Not for long.

  4. Bumpy Cat

    A note on "anonymous" data

    Any medical trial is going to have to include research data. This has to be anonymized or pseudonymized somehow. A key consideration is how easy it is to backtrack from the anonymous version to the real person - eg, a mother of X ethnicity who gave birth in Y hospital on Z date - this won't be hard to figure out! So some caution and thought has to go into the process.

    That said, medical research relies on this, so it is not something that can just be dismissed. The larger the scale of the trials/research (hello, the more research, and the more positive outcomes, that will result. It's not as simple as saying "This is not safe, so we cannot do it." I am actually reassured that Patients4Data has a strong academic representation - people in this sector are careful, since their professional certification is at risk if they mess up.

    1. theModge

      Re: A note on "anonymous" data

      That point does get lost: if this could be done well it really would be invaluable for research, which really could bring material benefits to people. That doing it well will need some time and thought seems reasonable: the balance between "impossible to de-anonymise" and "actually useful" is very fine indeed. It's easy to foresee a worst of both worlds where the data is released, it can be de-anonymised and it's still useless.

      The other problem is who is going to pay to anonymise it? I'm not familiar the with the format of the data, but how much of it can be automated? Or will you land up with humans removing all the names, places and dates (maybe converting the later to time spans)? I can see this taking a long time and thus costing a lot.

      1. cbars

        Re: A note on "anonymous" data

        Sure, I'll automate that for you! No problem! :) :) :)

        Just chuck my company £££'s/record and we'll sort that in [Jim, can you put an estimate in here? 6 months? Sounds good] 6 months!

        There is no way I'll sell my company to anyone else. There is also no way we can lose the data before we've anonymity [sic] it! :)

      2. JohnMurray

        Re: A note on "anonymous" data

        Not a problem. will have to anonymise it. The GP practice has no say, the entire data set is downloaded from the practice: All of it. The patient "opt-out" only comes into play at the HSCIC.

        Note that it will be illegal for the practice to allow the data to be captured against the data subjects instructions (DPA), AND illegal for them to not allow it to be captured (H&SCR act)

        Heads they lose: Tails they lose.

        1. Adam 52 Silver badge

          "opt-out" only comes into play at the HSCIC

          Is this fact or speculation?

          1. DocJames
            Big Brother

            Re: "opt-out" only comes into play at the HSCIC

            GPs appear unable to prevent the upload of data (from conversations on medical fora).

            I have no further facts, but that does reinforce the speculation.

        2. Anonymous Coward
          Anonymous Coward

          Re: A note on "anonymous" data

          "Not a problem. will have to anonymise it."

          If you read the whole details of the fiasco you will see that there are circumstances where the data does not have to be anonymised. if the secretary for health says its OK...

          so when one of his Chums in a pharma company says oi this data would be so much more use to us "in research" if there was a bit more personal information attached.......... OH OK then ........

          And the only safe guards that the data is not passed on and on when it has been exported to a 3rd party company is....."a Gentleman's agreement" LOAD OF SH*T

          1. JohnMurray

            Re: A note on "anonymous" data


      3. Graham Cobb

        Re: A note on "anonymous" data

        if this could be done well it really would be invaluable for research, which really could bring material benefits to people

        So, we need a two pronged approach: good anonymisation (but leaving data useful for research) combined with extremely strong privacy enforcement. There must be strong legal penalties against any deanonymisation attempt (however much it might help the research), starting with prison time for managers who allow it on their watch -- a very effective deterrent against white collar criminals, as the H&S industry has demonstrated. This must specifically criminalise any use of the data in marketing, insurance assessment, discrimination (housing, jobs, etc) or for any purpose other than the approved clinical research (with both criminal and civil penalties).

        The third leg of this stool has to be that individuals can still opt-out. If I am paranoid (clinically or otherwise), or I have a lot to lose (in the public eye?), or I just have a different trade-off between my risk and the benefit to society, then I must be able to opt-out of being included in any released data.

        Why is this so hard?

    2. Mike Shepherd

      Re: A note on "anonymous" data

      "Patients4Data has a strong academic representation - people in this sector are careful, since their professional certification is at risk if they mess up".

      To what "professional certification" do you refer? If you mean "reputation", it seems not to be enhanced by joining an organisation whose name appears intended to mislead.

      1. Bumpy Cat

        Re: A note on "anonymous" data

        Professional certification varies. I work at a university which engages in medical research, and work closely with a colleague who handles the compliance wrt medical data. People can lose their license to practice medicine, or lose their research job. Institutions can lose a set of research funding, or ALL research funding, or ALL access to research data. The risks are huge and people really do try to handle this properly.

        Of course, people being people, they make mistakes or take shortcuts. That's when the stick comes down.

        1. Anonymous Coward
          Anonymous Coward

          Re: A note on "anonymous" data

          BUT unless cabinet members and PM's Go to Jail for VERY long periods this will be a cut price outsourced sold to the lowest bidder affair and will leak like a sieve.

          Consultants i have seen in the last 5 years in hospitals across the country have not seen what i have many times. 2 surgeons who have both been practising for 20 years have only done 20 of the operation i had in their whole careers. so how anonymous can you make me when you add in age, ethnicity, etc etc.

          I am all for a paperless NHS with centralised medical records (funding was announced for this AGAIN at the weekend) as notes dont follow you and there are gaps left in medical history. BUT the data MUST be only for the use of Medical personnel ONLY involved in the treatment of that patient. UNLESS there is OPT IN Informed Consent given.

          1. JohnMurray

            Re: A note on "anonymous" data

            Define "medical personnel".

            One of my prescription items was altered by "a clinician", they refused to name who (I asked who had altered it).

            Upon accessing my summary care record online, I noted that details of prescribing, including who had prescribed the meds, or altered them, was available. The "clinician" who had altered it was the very nice young lady who sits behind the receptionists desk. Unfortunately, she had no access to full med records or she would have seen that the item she altered it to had given me problems in the past. But the new item saved the local CG £96/yr.

        2. chris 17 Bronze badge

          Re: A note on "anonymous" data

          @Bumpy Cat

          Mistakes are possible and will happen especially when the cost is far less than the perceived benefit, leading to temptation to bend the rules or find ways to wriggle out of possible infringement by claiming ambiguity.

          Instead of relying on companies and institutions, with a vested interest in exploiting the data, to play by the rules it's safer to not let them have the data and know they then can't misbehave.

          You can't get shot if there are no guns or ammo. There can't be any privacy problems if they don't have your data.

        3. Mike Shepherd

          Re: A note on "anonymous" data

          Since you spell "licence to practise" as " license to practice", I think you're talking from a foreign country, where the NHS does not operate.

        4. Intractable Potsherd Silver badge

          Re: A note on "anonymous" data @Bumpy Cat

          I sit on an NHS Research Ethics Committee, and I have to take your optimism with a huge pinch of salt. Our local hospital has several big research clusters, and yet we still get things like trial IDs consisting of a combination of initials or post-code plus date of birth, along with a claim that this is "anonymous"! There are other examples which, whilst not as head-slapping, show that data protection is something that has never been considered in any depth. Part of this is because healthcare professionals trust each other to look after data (no matter how displaced that might be)*, and have difficulty understanding that some people might have different aims and objectives.

          * Spend a bit of time in hospital and see how much information you can get about patients - it is frightening. The "magic curtain" around hospital beds is a great example - healthcare professionals I teach seem to be amazed that people can hear what is being said when the curtains are drawn ...

  5. Adair


    Big Data.

    Big Government.

    Big Business.

    As always, follow the money (and the power).

    Not to say there aren't good people of high ethical and moral integrity working in this area, and information that could potentially be enormously useful for managing national healthcare resources, BUT it is information that is also potentially very useful to people whose main interest is their own enrichment and an 'I'm alright Jack' attitude to the consequences of their actions on the wellbeing of others.

    Dilemma - what to do? Big ethics, or big money? Mmmmm.

  6. andrewj

    It's time these boards had representation from actual patients; not lobbyists with a vested interest, or nannying "advocates" .

    1. localzuk

      How might that be done? Those patients would form "groups", who would then likely fall into one of the 2 camps - after all, the representative has to have something their representing, and the groups aren't likely to form up with equal amounts for and against are they?

    2. DocJames


      It's time these boards had representation from actual patients; not lobbyists with a vested interest, or nannying "advocates" .

      A rather exact description of the Patient's Association. Essentially a pharma/private healthcare lobbyist group, but given their name regularly invited to give opinions as a "patient's representative". At some point the media will notice and give said organisation a good kicking. My popcorn has gone stale over the last few years though...

  7. Justin Clift

    Are we sure Martin Shkreli isn't involved?

    Patients4Data is exactly the kind of group he'd be into.

    And wow, could he ever monitise them to "further promote R&D"...

  8. Terry 6 Silver badge


    As noted in these web pages before, our governments ( not just this one, to be fair) do have a history of choosing to "consult" just the groups and individuals who have already expressed support for what they want to promote. My own hobbyhorse is about education/reading/phonics but the principle is always the same. Choose a policy that looks and sounds easy to explain to the public and keeps their friends in big business happy, then consult by appointing a chair who who already is committed to that policy. He or she will then broadly and widely appoint a panel who just happen to think the same thing. They will then take evidence from their friends and come to the conclusion that happens to be the same as they wanted it to be.

    A perfectly reasonable and logical way to do things if you start from the premise that anyone who disagrees is obviously too wrong to be consulted.

  9. Anonymous Coward
    Anonymous Coward

    Dear Biotech Corporations,

    I've had my tonsils out, i've been circumcised, i've been treated for knee and wrist problem and i've had treatment for a intermittent rash on the end of my knob.....thats it, thats all you get!

    Anonymous because you don't need my real name or address.

    1. SImon Hobson Silver badge

      Re: Dear Biotech Corporations,

      But given a large enough data set, they can probably pick you out anyway.

      That's the big problem, and real anonymisation isn't easy. I recall reading about some of the problems many years (decades) ago when technology was somewhat less advanced.

      So take your combination. Do a search and you find a dataset that includes not just you but a good few others. Modify the search a bit, and you get a different data set that also includes you - but the intersection of the sets is smaller. Keep running similar but different searches and eventually you find an intersection of one person - you.

      All without ever running a search that returns less than "quite a few" people.

      1. Adam 52 Silver badge

        Re: Dear Biotech Corporations,

        It's not even that hard. You can identify me from postcode and age band within 5 years because no one else my age lives in my street. You can identify me from postcode and job title for the same reason. Or postcode and income band. Or geodemographic classification, town and income.

        This is all with publically available data sets. With access to an Experian sales rep and a modest budget it's even easier.

        1. Intractable Potsherd Silver badge

          Re: Dear Biotech Corporations, @ Adam 52

          Following on from my comment above, this is one of the things researchers do not grasp. It is easy for identities to be matched via basic demographic data, and adding even part of a postcode makes the chances of an exact match trivial.

  10. David Roberts Silver badge
    Black Helicopters


    UK government and health care data has probably less public trust than Microsoft and W10.

    Comprehensive UK medical data is immensley valuable to US researchers - there is no equivalent in the US.

    Dip into Private Eye to estimate how trustworthy senior government officials with anything of value.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019