Track Record
"[Kelsey] said that it was simply not true that "the state is going to do dastardly things" with centrally held GP medical records. "
And, of course, their track record bears this out.
NHS England's bosses and the government's health minister came under fire from MPs on Tuesday afternoon over the fudged and delayed plan to store patients' GP-held medical records with other data kept by hospitals in a centralised database. Tim Kelsey, the health service's patients and information national director, admitted …
I am convinced that the use of inmates on day release from Broadmoor Hospital to manage and develop Government software projects is not the world's greatest idea. It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function. I am convinced that this is the reason why almost all government projects have infinite cost overruns and the capacity to fail on their objectives. The "was it wasn't" illegal sale of hospital records for the princely sum of £2,500 will of course keep the NHS running for a long time; about 1 second did I hear?
I think this is the real problem.
I don't suppose for a minute that anyone at the NHS wants to do dastardly things. I also assume good faith on the part of most of the Government. But that isn't enough. We now don't trust any of our power structures in this country, after 5 decades of ineffectiveness and occasional magnesium flares of corruption.
Duck houses, the way failed politicians run away to well paid sinecures in Europe, Blair and his housing stock, Thatcher and her cover ups. We don't trust them any more. At all. Over anything.
So when they try to do something that /might/ need us to take a balanced view of why they are doing it, we can't. Because we suspect everything they do. We have become uber-cynical.
The shame is entirely theirs.
"He said if scattered pieces of such data could be assembled, like a jigsaw, to identify a specific individual, for example, then the firm responsible would face a fine of up to £500,000 from the Information Commissioner's Office."
Half a million cap on the fine, and no possibility of a custodial sentence. Compared to the value this data set has, half a million pound fine could simply be put down as the cost of doing business.
Once that data set has been re-identified and distrubuted, the damage is done.
500k puts the value of each record at arround 10p, I think the data is worth a bit more than that!
Perhaps they should really anonymise the data. Not pretend-anonymise. It is almost as if it was anonymised in a way that could easily be de-anonymised if wanted. I mean, birthdate, gender and full postcode. Never attribute incompetence to a government, when you can as easily attribute malignacy to it. Government employs enough people with univ degrees to get it right, to get it wrong has to be deliberate.
"But I believe that deliberate circumvention of the intent to keep the data anonymised should get you jailtime "
Not enough. Look at Murdoch and his vermin all bleating that they didn't know or they didn't do it deliberately. Proving otherwise is difficult, and could be enough to get the despicable liars (or incompetents) off the hook.
Far better to make people cupable for circumvention of privacy controls, without having to prove knowledge or intent. It then becomes the organisation's responsibility to have controls to ensure that they do not circumvent privacy requirements. Ignorance of the law is no defence - why should ignorance of the organisation breaching the law be a defence for those rewarded for responsible for running it?
The fine is for the company doing the dedupe, so you simply dissolve the company after you have sold the data to yourself.
The fine only applies to companies doing the dedupe if they are under UK jurisdiction, simply run the server in Boratistan and you are safe.
There is no fine for buying/selling/using the data afterwards
Problem is, once the genie is out of the bottle, or in this case, the data has been compromised, that is it. You can't get it back in.
With this in mind:
Do you trust the Government to successfully implement an IT project that manages data of such a private nature, akin to your financial data, to ensure that the safeguards are so watertight that even a malicious insider couldn't easily walk away with it?
If the answer is no then how can you agree to the proposals?
Not that I think *what* I think will make one jot of difference to the inevitable outcome. I will have to rely on incompetence to do the job for me. Worked with identity cards.
> just how much IT do you think a surgery has to do this
Don't most local surgeries outsource their IT already?
> You would need some kind of AI to work it out, or someone in the surgery who would spend their time reviewing and releasing data requests.
I'm not so sure pre-reviewing every request is entirely necessary. Decent security, restricted authentication tokens, comprehensive logging of every request, a clear audit trail, and stiff penalties for misuse, should be enough to deter most ne'er-do-wells from mucking about.
How often would such requests be done, anyway? Surely only when a patent's status changes - they move home, visit a doctor on holiday, require emergency treatment, etc. We're surely not talking 1,000 requests per second which need reviewing.
Want my data? Limit the postcode to area code (first 3/4 characters only), no date of birth, just age range accurate to decade, and no NHS number or other unique identifier. And then make it opt-in.
Otherwise, I will not only opt out, but also encourage everyone I know (and anyone else I can reach) to do likewise and spread the word further.
I have 2 conditions affecting 2% of the population. if these are independent ( research topic there straight away, contact me re informed consent) then I'm one special snowflake within 250 ordinary snowflakes.
now talk to me about re-identification. oh and I've "opted out", which seems to mean my data from the gp is going to be extracted to somewhere (in the UK?) by the nice people at atos. quite what happens after that? perhaps that nice history graduate from McKinsey could enlighten us?
"...NHS England would try to bring an end to concerns about care.data by talking about legal safeguards..."
Like passing a law criminalising the possession of patient data of those who have opted out by private companies, attempting to obtain, , or viewing, or encouraging others to obtain, or supplying data of those opted out. Criminalising the de anonymization of any NHS patient data by private businesses, or attempting to reconcile it with third party databases. Making those within the NHS responsible for the data criminally liable for allowing unauthorised 3rd party access, including someone handing over a password or allowing records to be viewed. Etc, etc. With decent custodial sentences attached.
Given the deliberate mendacity, hedging and incompetence to data, I won't hold my breath. The current half cocked attempts to deliver a back door fait accompli to the private sector will blow back very badly.
Bottom line: I'm very happy for my medical data to be used for the good of all. I'm not happy for it to be used as another asset to be sold off in the forced privatization of the NHS.
Ben Goldcare has a nice article in the Grauniad: http://www.theguardian.com/society/2014/feb/21/nhs-plan-share-medical-data-save-lives
Let's see what changes get made in the 6 months "consultation" period - and opt out if we're still not happy.
Ben Goldacre is now rather less optimistic. If you look at his tweets yesterday (@BenGoldacre), you'll see - it's the most vexed I've ever seen him.
And given his (guarded) optimism in that piece last Friday, it seems that care.data is sunk.
This post has been deleted by its author
...or just move to Scotland.
NHS Scotland has always been a separate body from the NHS in England & Wales and healthcare is already a devolved issue in Scotland.
Not sure that would be sufficient to delete/opt-out your NHS England & Wales data though?
Information Governance page at NHS Scotland:-
http://www.knowledge.scot.nhs.uk/ig.aspx