back to article Right, opt out everybody! Hated Care.data paused again

The UK government's gaffe-prone Care.data scheme has been paused once again, this time to review the opt-out process of the much-hated and delayed program. Health secretary Jeremy Hunt has asked data guardian Fiona Caldicott to provide advice on the wording for patient consent and ‘opt-outs’. The scheme was launched in 2013 …

  1. Trollslayer

    NHS IT projects

    Need I say more?

    My local practice sent out letters with a form so you could tick three boxes to opt out of all of this.

    1. Lobrau

      Re: NHS IT projects

      Would that my practice were so proactive.

      Had to go to the surgery and ask to not be included in the scheme. Poor girl on reception had to go and ask for help as she had no idea what I was on about.

      1. Gordon 10

        Re: NHS IT projects

        My practise was between those 2. Had to ask at reception but they showed you which boxes to tick.

        1. Anonymous Coward
          Anonymous Coward

          Re: NHS IT projects

          Had to ask at reception but they showed you which boxes to tick.

          Doesn't that depend on your preference? :)

          The stupid thing is that this is not even a hard problem to solve. If they had spend half a day thinking before they bollocksed up the worst approach in history there would not have been a problem. Even now the problem is actually fixable, but I doubt they'll get there: it involves the application of that dangerous thing called "logic" and an appreciation of people's rights.

    2. Anon the mouse

      Re: NHS IT projects

      My practice has opt out forms all around the waiting area for patients to fill in while they wait. They really don't like care.data.

  2. James 51
    Mushroom

    Is it time to put down this terminally ill scheme?

    Yes.

    1. Gordon 10

      Re: Is it time to put down this terminally ill scheme?

      No.

      The idea us right. Basically have full patient history across the NNhs. Execution is wrong.

      All staff with access need to attend privacy training and be aware it's a sackable offense to breach data protection.

      Unis and other research bodies need to sign up to a scheme where the penalties are 10% of the parent companies worldwide turnover.

      1. Doctor Syntax Silver badge

        Re: Is it time to put down this terminally ill scheme?

        "All staff with access need to attend privacy training and be aware it's a sackable offense to breach data protection."

        There are a couple of prerequisites for this. One is that it has to be a sackable offence and the other is that the employers need the balls to do the sacking.

      2. h4rm0ny

        Re: Is it time to put down this terminally ill scheme?

        >>"All staff with access need to attend privacy training and be aware it's a sackable offense to breach data protection."

        In practice, I do not believe this is sufficient for a couple of reasons. I was involved during CfH (Connecting for Health) as it was and was an active part of the pushback from Primary Care community on privacy issues. Apparently I can be extremely annoying so I try to use that power for good. Anyway, on questioning about what would stop someone looking up deeply personal information they weren't supposed to we got the following response (paraphrased):

        "Only approved people who have committed to our strict privacy policy will have access to the data".

        Sounded great until you realized that "approved people" meant every receptionist at every GP practice in the country, let alone all the other people above and beyond. Oh, and that "strict privacy policy" meant one more page in the pile of barely read documentation you hurriedly sign on your first day and then forget about. In practice, staff turnover can be pretty high and there's a constant churn of low-paid (underpaid, usually) people in and out of hospitals, GP practices, NHS walk-in centres and PCTs (Primary Care Trusts) and contractors... all of which need access to the very poorly segregated data sets of the system. You can say "make it a sackable offense" but I can say burglary is a criminal one, it doesn't mean that taking all the locks off all the houses isn't a very bad idea.

        Which brings us on to audit trails. When we pushed the CfH people on this we were told that access history was auditable. This seemed odd to me because I'd been poking at the system and had come across no audit system. For note, I had been able to access my own medical data at my registered practice (I tested with my own for ethical reasons, but this doesn't make a difference - there was no special permission granted because the name on the account I was using happened to match the name of a patient on a different system). Up came my records. So I pushed on how their audit system worked - what did it log, how could access history be viewed, what events raised alarms and who did they reach? That sort of thing.

        After a lot of pressing them, we were told that there wasn't an audit system, they didn't know exactly what data would be kept when there was, there were no current plans for triggering alerts (particularly hard to get response on that one as they kept saying there were but kept refusing to divulge them, which we took to mean that their "plans" were a line on a document somewhere saying 'we should do this'). And yet we had been told that there was an audit trail in place. They lied. And were nowhere close to being able to turn it intro truth, either.

        So whilst it may sound all well and good to say "staff need to be aware that its a sackable offense", what that really means in practice, is millions of low-paid, frequently temp'ing staff having full access to your medical history and personal information. And that of those close to you, as well. No-one ever called me up to ask why I was looking up the information of that patient (who happened to be me but could be anyone else) and nor ever would they. And if I had been someone wanting to know who the father of a child was, where my ex-partner was living, why my daughter or son had been to see a GP, if my boss had any interesting items on their medical history or any of a hundred other abuses of that information, nobody would ever know that I knew that from having sat at my NHS computer one day and looked. And they want to throw that open to innumerable people who have no reason to have access.

        Data security is not provided by a HR document mass-given to an ever-revolving tide of clerical staff and others. It begins with data segregation and you take it from there.

        1. Anonymous Coward
          Anonymous Coward

          Re: Is it time to put down this terminally ill scheme?

          Data security is not provided by a HR document mass-given to an ever-revolving tide of clerical staff and others. It begins with data segregation and you take it from there.

          Almost agree, but I'd place this earlier - it starts at the point of collection, and access to this information must be managed throughout the whole data lifecycle, from authorised collection to retention, use, maintenance, expiry and disposal. The next stage is properly managing the actors who have access to this information, either in specific or aggregated anonymised form, and that includes audit. Without defining clean, personally accountable access controls and auditing they should not even go near data.

      3. Anonymous Coward
        Anonymous Coward

        Re: Is it time to put down this terminally ill scheme?

        The idea us right. Basically have full patient history across the NNhs. Execution is wrong.

        Their process is wrong. They have everything in place to make this work properly whilst respecting patient's rights, but they're too stupid to put the puzzle pieces in the right order. Also, respecting rights is never an option if there is a later prospect of milking the thing by selling details. Making it possible for data sources (formerly known as human beings, aka, patients) to properly exercise control would damage that glorious future.

      4. Richard Jones 1
        Flame

        Re: Is it time to put down this terminally ill scheme?

        Having had the 'interesting' experience of being told that the scan I had not by then had revealed a terminal kidney cancer I feel that records might be a weak point in the NHS.

        Having attended a well know children's hospital near Holborn with a child only to have to wait for several hours along with many others because all the records were missing I feel records might not be a strong point in the NHS.

        Having a wife who travelled to the knee clinic only to find that the records were at the main hospital a situation only partially rectified when the records of her lung problems turned up having been fetched by taxi it would appear that there just might be some issues with NHS records.

        Having a child given a treatment with a possible side effect that often happens with those who have at least one specific condition, only for the GP to be mystified when she lost the ability to walk with wildly abnormal blood results, I think the NHS might have a data handling issue or two.that may play badly with the treatment of patients.

        Thus I have several concerns, information MUST be accurate and timely.

        Dangerous interactions MUST be traced, confirmed and flagged up to doctor script writers.

        Thus I have a foot in two camps, I want my data kept for my use and my families benefit no one else's.

        I also want epidemiological data available for the prevention of and management of illnesses.

        My problem is that I cannot trust that either objective will be reached, ever.

      5. Mary Hawking

        Re: Is it time to put down this terminally ill scheme?

        Gordon 10

        care.data is for *secondary purposes* - not direct patient care.

        1. Immenseness

          Re: Is it time to put down this terminally ill scheme?

          "Gordon 10 care.data is for *secondary purposes* - not direct patient care."

          This.

  3. FredBloggs61

    I am waiting for another consultant appointment, as one department only sent him a partial MRI report and he needs the full report to be able to reach a final decision on an operation.

    Linked data would have meant less delay, which in turn helps waiting lists get shorter.

    Win Win!

    1. AMBxx Silver badge
      Thumb Down

      This is the NHS

      Receiving somebody else's data is no help

    2. Lobrau

      A well-organised, secure database, accessible to physicians and staff, would be a great thing.

      But why allow such sensitive data to be sold to third parties? Without that fly in the ointment I'd have no trouble with the scheme.

      1. Anonymous Coward
        Anonymous Coward

        sold?

        From previous articles in El Reg, I seem to recall that the data will not be sold.

        The rules are that the data has to be provided for free. But it might be that the CD-ROM* has to be paid for by the private sector.

        * or based on HMRC family benefit experience, might need 2 CDs

        1. Anonymous Coward
          Anonymous Coward

          Re: sold?

          The rules were changed to ensure that if the manager is smart enough to realise the buyers might be up to no good then he can't sell your data to them. It he's too stupid then it's okay because he didn't think they might abuse your data.

        2. Anonymous Coward
          Anonymous Coward

          Re: sold?

          Apologies. The article I was thinking of was about HMRC, not NHS. ( tho in my defence, the article does mention NHS in passing)

          http://www.theregister.co.uk/2014/04/30/hmrc_floats_plans_to_sell_taxpayer_data_to_private_companies/

          1. glen waverley

            Re: sold?

            Bugger. Missed the edit window.

            hmrc_floats_plans_to_sell_taxpayer_data_to_private_companies

            http://www.theregister.co.uk/2014/04/30/hmrc_floats_plans_to_sell_taxpayer_

            data_to_private_companies/

        3. Immenseness

          Re: sold?

          http://www.wired.co.uk/news/archive/2014-02/07/a-simple-guide-to-care-data - it seems to depend on your definition of sold..

          From that:

          Is the data being sold?

          Approved organisations that access the data will have to pay a fee (of between £800 and around £10,000 depending on which dataset is accessed). Critics say this means your data is being sold, but HSCIC insists this is a processing cost and that it won't be making any profit -- it's merely covering costs (which might seem quite high). The companies that extract the data will be able to use it for profit-making initiatives.

          1. Anonymous Coward
            Anonymous Coward

            Re: sold?

            In other words they can sell it but they're currently not making much money until they're through the current stage and then they'll put the prices up when nobody's looking.

    3. Anonymous Coward
      Anonymous Coward

      good idea but

      in principle I am for this, but would you want <insert insurance company> phoning you up the next day and advising you your life insurance premiums just went up or were cancelled because you had a test, and your personal details appearing splashed all over the internet in a pseudonamised data dump which was pieced back together ? they are not doign this to make our lives better they are doing it to market medical data to third parties.

  4. h4rm0ny

    Look...

    The public do not want it because they dislike its goal. The clinicians don't want it because it's an implementation disaster. And the outsourced consultants and companies have made most of the money disappear into an unrecoverable void by now and so it's objective achieved as far as they're concerned. So as far as they're concerned the only ones who have anything to lose by this point are the politicians who have their name attached to it and nobody cares about them.

    So yes, kill it dead and strew its grave with garlic, crucifixes and a ten-foot block of concrete.

    1. h4rm0ny

      Re: Look...

      Missed my edit window, but of course I forgot - there are all those medical insurance and pharmaceutical companies drooling for the amount of data this can provide them, so I guess there really would be a loser if this got cancelled after all.

      Not a loser I care about personally, mind you.

      1. Anonymous Coward
        Anonymous Coward

        Re: Look...

        I'm sure the design and implementation of the scheme is protected from those medical insurance and pharmaceutical companies drooling. Have faith in our leadership, and those below them, who hold your data bucket. They know what they're doing!

        ...

        ok, sorry, getting a bit over the top there, a bit too... hysterical...

        but, BUT, keeping the face straight... no, I can't sorry!

  5. Aristotles slow and dimwitted horse

    Facepalm

    Tim Kelsey said: "We recognise that patients have concerns about data safety and we will do everything we can to protect their information and build their trust. But make no bones about it - WE ARE SELLING YOUR FUCKING DATA GODDAMIT!!! BY CHRIST WE ARE!!!! IN FACT, MY 2015 PERFORMANCE BONUS IS LINKED TO IT... SO FUCK YOU!!!!"

    So how about this Tim... and forgive me for thinking like a layman, or... someone who might perhaps dabble in complex data issues. How about... er... NOT SELLING OUR FUCKING DATA!!!!!

    Surely if, as you say in your statement, that you "will" do everything to protect patient data, then I'd naturally assume that the absolute most you can do is, err... to not share any of it with 3rd parties?

    Don't get me started on "building trust" either - I'm afraid the horse has well and truly bolted on that, because time after bloody time, the public services prove to the populace that they can't be trusted to tie their own shoes, let alone assure the public that they grasp the real world implications of getting this shit wrong.

    Again though, and just a thought... how about building trust by stating something like "We, the NHS take your personal health and personal health data seriously. We will never, EVER, sell your data to any 3rd party. For any price".

    I dunno. Something like that?

    1. Spanners Silver badge

      Re: Facepalm

      "We will never, EVER, sell your data to any 3rd party. For any price"

      How about an additional line - "and we won't give it away free to our chums and future employers either."

      1. Aristotles slow and dimwitted horse

        @ Spanners

        Sorry matey. As I said I'm just a layman... or someone who might dabble in complex data issues. An "ideas" man - so to speak ;-)

        I'm not into dictating the actual terms of the NHS rhetoric, so make up or append my starter for 10 with whatever floats your boat.

      2. Anonymous Coward
        Anonymous Coward

        Re: Facepalm

        "We will never, EVER, sell your data to any 3rd party. For any price"

        How about an additional line - "and we won't give it away free to our chums and future employers either."

        or do ANY horsedealing such as scrambling the headers and THEN selling it for the highest bidder?

        Frankly, I think we're naive to think they would even consider anything OTHER than selling it or passing to the "carefully selected partners".

  6. Whitter
    Devil

    Rogue employee

    Can $$$ info be extracted by an employee? Any employee?

    If so, its not secure. It's just waiting for the right bribe.

  7. speedbird007
    Unhappy

    I will not be a product

    I didn't realise that my GP practice was in one of the "pathfinder" groups so was too late to object. The practice had forms to download from their website but I stupidly forgot to post them in until after the deadline. I have been sh*****g myself expecting an onslought from insurance companies ever since.

    Now they have "paused" again I have a letter ready to go to the practce dissenting from any secondary use of patient identifiable data. Also to take whatever steps are necessary to ensure that my personal information is not uploaded and to record my dissent by whatever means possible.

    We need to talk about Jeremy...

    1. speedbird007

      Re: I will not be a product

      You can get opt out forms and a letter template from https://medconfidential.org/how-to-opt-out/#optout

  8. Anonymous Coward
    Anonymous Coward

    Yes. And lose those running it

    The appearance of dishonesty exceeds the appearance of incompetence and both tend toward a maximum.

    There are ways to do these things well, including distributed processing; quarterly accounts to subjects on who accessed what about you and what they asserted was their right and need.

    NHS net email has a security policy of lying about it as well. It isn't end to end encrypted, unless you accept the middle where it is decrypted stored and decrypted as being an end, and if you do you may think that justifies too many means.

  9. Bob Wheeler
    Trollface

    Wrong mental image....

    "The purpose of the Care.data pathfinder pilot has always been to help "...

    I thought that the pathfinder pilot's job was lead the bombing run.....

  10. Anonymous Coward
    Anonymous Coward

    to provide advice on the wording for patient consent and ‘opt-outs’

    How about a fucking "Opt-IN" as the default.. I'll wager about 1% of the populace would sign up.

    Wankers.

    Same goes to anyone who wants you to "Opt-out" which means you are automatically opted in unless you jump through fucking hoops to get your name / details off the shit lists...

    1. Anonymous Coward
      Anonymous Coward

      Re: to provide advice on the wording for patient consent and ‘opt-outs’

      you jump through fucking hoops to get your name / details off the shit lists...

      merely to confirm you use a valid address and you are human. Thus - very valuable asset.

  11. Graham Marsden
    Holmes

    "patients are provided with the necessary reassurance...

    "...to know and understand that information from their medical records will continue to be kept safe, secure and confidential"

    In other news, Satan has just been seen ice-skating to work.

  12. sysconfig

    "this time to review the opt-out process"

    Which should have been opt-in in the first place...

    1. MrT

      Re: "this time to review the opt-out process..."

      "...just enough to mean that all the opt-opts already made will be invalidated because of some minor changes to the required wording. Everyone who has already opted out will be back in the list, and to prevent any stress or worry we won't tell them. Thanks to our old school friends at SmaxoGlythkline for lending us their legal teams to sort that one out."

      Call me cynical...

  13. Anonymous Coward
    Anonymous Coward

    It is imperative we listen to the public and address

    yada yada yada, they always listen and address, then they fuck it up again. And again. And again. And... again. Again. And again.

    Are you bored yet? Well.

    1. Soap Distant

      Re: It is imperative we listen to the public and address

      "It is imperative we listen to the public and address..." means they're still wanking about with this despite the fact it's a disgraceful exercise in monetising patient data, but it's too valuable to leave alone it seems.

      It's disgraceful because it's conflated with the rather more sensible idea of sharing patient medical data with medical professionals involved with a patient's care, something that improves clinical safety. All without selling it on.

      @h4rmony - I can't speak for all clinical IT systems rolled out as part of CfH and broadly speaking, secondary care (Hospitals) IT is far more primitive than Primary (GPs for the uninitiated) but the systems I am familiar with have very robust audit trails. Nabbed that wrong 'un Shipman iirc.

      Sadly, I've gotta agree with the headline.

      SD

      1. Anonymous Coward
        Anonymous Coward

        Shipman and audit...

        No audit trail on Shipman's system, I think.

    2. Anonymous Coward
      WTF?

      Re: It is imperative we listen to the public and address

      but lessons have been learned, havent they?

  14. JohnMurray

    The point being missed is: The data IS going to be extracted from the GP even if you have opted out.

    Your opt-out only refers to after-extraction use. We all know that a politicians promises are worthless, so an assumption can be made that the opt-outs will eventually be ignored. Why else would The H&SC reform act contain very wide exemptions from the data protection act.

    Honest assumption: The opt-outs are going to be worthless.

    1. Adam 52 Silver badge

      Do you have a source for this "extraction will happen anyway"? I'm finding the documentation hard to discover and read.

  15. Henry Wertz 1 Gold badge

    Don't forget rental 8-)

    "We will never, EVER, sell your data to any 3rd party. For any price"

    Don't forget rental -- spammers used to do this. "We'll never sell your E-Mail address". They actually wouldn't sell it... they'd "rent" the E-Mail list out, and if the rentee just happened to copy it at that point, well....

    Two MAJOR problems here:

    1) The lack of audit trail. This is seriously stupid, I would opt out of a scheme like this.

    2) My understanding was once you were in the system, you wouldn't be able to opt out later? This is wrong. It's easy enough (if you opt out of electronic records) to have, say, your main doctor, print out your records, then (once they are back in paper form) stick them into a folder and have them delete the electronic records. This way if someone planned to abuse the system ("rent" or give away records to 3rd parties) you could opt out then.

  16. cantankerous swineherd

    public confidence would be enhanced by putting Kelsey at the back of the dole queue and keeping him there

    other NHS problems include that data sharing with police, local authority etc etc is now legal; secretary of state for health is legal owner of my health records and the insane idea that medical records are going to be accessible, by anyone, over the internet.

    I'm now being very very careful about what I tell my gp and assorted hangers on...

  17. Commswonk
    Alert

    Re: Don't forget rental 8-)

    "My understanding was once you were in the system, you wouldn't be able to opt out later? This is wrong. It's easy enough (if you opt out of electronic records)..."

    You mean like opting out of Ashley Madison?

    Good luck with this belief.

  18. JohnMurray

    http://www.hscic.gov.uk/article/4986/What-we-will-collect-if-you-opt-out

  19. Anonymous Coward
    Anonymous Coward

    Genuine question for those in the know ...

    Can I go to my GP (and anywhere else I've been treated, eg the local hospital) and withdraw any consent given or implied* to store my medical details on any computer system ?

    Put another way, can I go back to them, say "right, print out any electronic records, put them in the paper folders along with the rest of the paperwork, and remove all my records from all of your computer systems - other than perhaps just my identity and a note/flag to the effect that nothing else is to be stored" ?

    * I say implied, because I know for a fact that I have computer records with both my GP and the local hospital, but neither has at any time whatsoever even told me that they were creating computerised records - I can only assume that they've taken my use of their services as implied consent for this.

    As others have hinted, both here and in other threads, no it's clear that nothing I say to a medical professional is in any way confidential any more - then it certainly changes the relationship, and I can think of quite a few topic areas where people might rightly be "a bit less open" about discussing. Once you get to the point where people can't discuss their ailments/issues openly with their GP - then a significant chunk of what the NHS is supposed to be there for is out of the window.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like