background preloader

Care.data analysis

Facebook Twitter

Care Data: the Cons. Jon Baines explains the dangers and potential unlawful nature of the care data initiative, which he sees as a massive threat to fundamental rights of privacy.

Care Data: the Cons

In 2010 MP George Freeman, who has a background in medical-research venture capitalism, said 'we are sitting on billions of pounds-worth of patient data. A simple guide to Care.data - NHS health data sharing initiative Care.data ex... You might have missed the leaflet that would have come through your letterbox last month explaining Care.data, but all 26 million households in England were supposed to have been sent one.

A simple guide to Care.data - NHS health data sharing initiative Care.data ex...

It was titled "better information means better care" and looked much like any other bit of junk mail. However, the leaflet's contents are extremely important and shouldn't be ignored. Is selling our medical data to insurers a crime - or not? As more revelations emerge about the sale of our hospital data to the insurance industry, misleading claims that a massive expansion in data collection is totally safe, are failing to convince.

Is selling our medical data to insurers a crime - or not?

As NHS England continues to pour out new claims over what may lawfully be done with patient data, the result is not so much clarity as more confusion. NHS England’s senior managers are not helping - apparently by-passing governance structures and providing knee-jerk responses in their efforts to defuse public concern. Suspicions were first raised by an NHS information governance assessment released in August 2013, which stated: “In the eyes of the law, a government department, a university researcher, a pharmaceutical company, or an insurance company is as entitled to request and receive de-identified data for limited access as a clinical commissioning group…”.

Examples of Misuse of Private Data. We are in an age of “Big Data”, “Open Data” and the intended and unintended sharing and misuse of such data.

Examples of Misuse of Private Data

This blog post is intended to collect some examples and notes to contribute to the task of informing the public about some of the issues that need to be considered and addressed. It is not acceptable that big business and government agencies continue to decide on how such data is collected, stored, used, monetized and transferred to third parties without a more informed public debate. There are valid and important social uses of data held by governments, companies, service providers and individuals. Opting out of the latest NHS data grab. January 8th, 2014 at 22:23 UTC by Ross Anderson The next three weeks will see a leaflet drop on over 20 million households.

Opting out of the latest NHS data grab

NHS England plans to start uploading your GP records in March or April to a central system, from which they will be sold to a wide range of medical and other research organisations. MedConfidential. Big Pharma and care.data. Patients’ identifiable medical data will end up in the hands of large pharmaceutical companies, under the care.data initiative.

Big Pharma and care.data

With “Big Pharma” beholden to shareholders, and its abysmal record on transparency, is this another reason to consider opting out? We are often told by those publicly defending the care.data programme (I’m thinking particularly of NHS Chief Data Officer Geraint Lewis, and NHS National Director for Patients and Information Tim Kelsey, who at least are prepared to engage with critics – although the latter has a habit of resorting to personal attacks at times) that patients’ identifiable/amber/pseudonymised data will not be made available to commercial organisations to use for their own purposes. So, we are told, it cannot be used for the purposes of selling or administering any kind of insurance, or for marketing purposes. As the pdf of FAQs, to which we are often referred (by Geraint in particular) says.

Why I’ve opted-out of care.data. Hospital records sold to insurance companies – in breach of the Data Protecti... I’ve asked the ICO to assess whether the sale of millions of health records to insurance companies so that they could “refine” their premiums was complaint with the law I’m about to disclose some sensitive personal data: I have been to hospital a few times over recent years…along with 47 million other people, whose records from these visits, according to reports in the media, were sold to an actuarial society for insurance premium purposes.

Hospital records sold to insurance companies – in breach of the Data Protecti...

The Telegraph reports. Care.data – what am I worried will happen? I was invited today on twitter to say what I was worried will happen as a result of the care.data programme.

care.data – what am I worried will happen?

I’ve written about this previously, and some of my concerns are laid out in those posts. But here’s a little list: But, ultimately, I am not sure it is for me to say specifically what I am worried will happen. ICO blog: NHS patient information and the Data Protection Act. By Dawn Monaghan 27 January 2014 The health sector always provides a wealth of data protection challenges, but without doubt the one currently at the forefront of most peoples’ minds are the changes to how patient information in England could be used by NHS bodies and others, with a view to improving care and health services.

ICO blog: NHS patient information and the Data Protection Act

With personal data at the centre of the new scheme, it’s no surprise that the ICO is being asked questions about how the Data Protection Act (DPA) applies to the scheme. It’s a complex legal area, and the way in which the DPA applies is different at each stage of the process, but this blog will try to explain it. (I’ll assume some understanding of what the scheme is about, but if you're looking for a simpler outline, then try this infographic).

Let’s quickly run through the key parties, from a DPA perspective. GPs holding personal information about patients is nothing new and is covered squarely by the DPA. The care.data leaflet campaign – legally necessary? Readers of this blog [sometimes I imagine them1] may well be fed up with posts about care.data (see here, here and here).

The care.data leaflet campaign – legally necessary?

But this is my blog and I’ll cry if I want to. So… Doyen of information rights bloggers, Tim Turner, has written in customary analytic detail on how the current NHS care.data leafleting campaign was not necessitated by data protection law, and on how, despite some indications to the contrary, GPs will not be in the Information Commissioner’s firing line if they fail adequately to inform patients about what will be happening to their medical data. He’s right, of course: where a data controller is subject to a legal obligation to disclose personal data (other than under a contract) then it is not obliged, pace the otherwise very informative blogpost by the Information Commissioner’s Dawn Monaghan, to give data subjects a privacy, or fair processing notice.

Tim says, though Like this: Like Loading... And another thing – 2040 information law blog. When Hubris Meets Over-Promotion — igb.posthaven. Yesterday, the Health Select Committee met to discuss the Caredata project. It was a shocking thing to watch. The first part was interesting but unexciting. Phil Booth (Medconfidential, ex-No2ID) and Nick Pickles (Big Brother Watch) outlined the concerns about the identifiability of data when combined with other data sets, issues of consent and issues of safe processing and transparent policies around release. Sharmila Nebhrajani (AMRC) and Peter Weissberg (BHF) made a strong case for the benefits of processing data for public health while admitting that the execution of this project left a lot to be desired.

Chand Nagpaul for the RCGP presented the issues confronting GPs, particular confidentiality with patients and responsibilities as data controllers, while again making it clear that the project has a whole has massive potential benefits. This was not true of the second part. What did we learn? It's to be hoped that the HSC follow through.

And Dan Poulter? Ian. NHS has a huge responsibility to protect care.data, and it's not off to a goo... NHS data: take more care. The first rule when communicating a project with an element of risk is honesty. The people behind care.data – the scheme to link all patient data from across the NHS, including for the first time GP records – either failed to realise that not everyone whose data was to be hoovered up would like it, or chose not to tell them the whole truth. Last week, after hundreds of GPs threatened to boycott the process because of fears about who would use the data and for what, the scheme was put on hold for at least six months while an attempt is made to create some trust around the system.