Last week, after months of (over)thinking about it, I sent my GP a letter, based on the excellent template by the tireless MedConfidential refusing consent for identifiable data from my electronic medical records to be transferred to the Health and Social Care Information Centre (HSCIC).
I won’t rehearse the eloquent arguments against the current care.data proposals that you can read on MedConfidential’s site, and elsewhere (for instance GP Neil Bhatia’s excellent site). Nor will I rehearse arguments in favour. I have written about the subject in the past, and I don’t want to add to the general clamour. What I do want to say is why I have opted-out:
- I’ve been struck by the inaccuracy and disingenuousness of the information which is being given to us in support of care.data. We are told, for instance, that “Your date of birth, full postcode, NHS Number and gender rather than your name will be used to link your records in a secure system, managed by the HSCIC. Once this information has been linked, a new record will be created. This new record will not contain information that identifies you”. This is cleverly worded: it does not say (because it would not be true) that this data will be anonymised, but it certainly tries to give that impression.
- I have, ever since I first became aware of this issue, noted that there has been a lack of openness on the part of proponents. This has manifested itself in many ways, and people should be aware that the current leafleting campaign (as flawed as it is – note that it is not personally addressed to individuals, but simply sent to households, and doesn’t contain a form enabling people to opt-out) would not have come about were it not for concerns raised about this lack of openness.
- I’ve noted the emotive campaign launched by leading charities in support of the campaign. But I’ve also noted the response by MedConfidential which highlights that the charities’ campaign doesn’t draw attention to secondary usage of the information gathered, which could potentially be by pharmaceutical and other commerical companies, universities and other academic organisations, information intermediaries and think-tanks. On a general level, I do not think that amassing of personal data can ever be without potential risks and drawbacks, some of which include – the risk of breaches of data security, the risk of people failing to seek medical advice because of privacy fears, commercial use – and none of which are addressed in the charities’ campaign.
- Finally, and, for me, crucially, if I fail to opt-out now, I’ve lost my chance – my data once uploaded cannot be deleted. However, opting out now does not preclude opting in in future. So, should I subsequently become convinced that societal and individual benefits from this amassing of electronic personal data outweigh my strong concerns about privacy and consent, I can change my mind in a way I couldn’t if I failed to opt out now.
informationrightsandwrongs 
I have a half-written blog about which I was portentously going to call ‘No’, and it is about why I was opting out. There’s nothing I was going to say that you haven’t said here, and I wouldn’t have put it as clearly. Thanks for doing a better job.
As long as a person has the insight, it’s amazing how quickly, when you’re set free, the scales fall *completely* from your eyes. We ARE lions led by donkeys after all.
Watch Ross Anderson’s comments in the video linked from his article here http://www.lightbluetouchpaper.org/2013/12/31/crypto-festival-video/ 24 mins in
A response from the Wellcome Trust
Patient records are both personal and sensitive. People must be confident that their personal information will be kept confidential, and there must be no surprises about how health data may be used. We are therefore pleased that the NHS is finally communicating with all households about this important topic.
To augment the NHS leaflets, medical research charities decided to work together to highlight why researchers need access to patient data. Our campaign focuses solely on the research uses – which is our main interest. We recognise that research is not the only possible use of patient information and so we encourage people to find out more about the other uses from the NHS. Many of these other uses, whether for NHS planning or public health monitoring, are also crucial for the work of the medical charities that support the campaign. For example, Cancer Research UK uses data about cancer statistics to help commissioners, local government and MPs find out what is happening in their region in cancer and to influence change. Arthritis Research UK cites the importance of the National Joint Registry, which allows vital comparison of the effectiveness of hip replacements and other joint replacement implants.
We are not hiding the fact that researchers who want to access patient information may be from universities, research institutions or industry, conducting research funded by the Government, charities or pharmaceutical companies. What is important to recognise is that all researchers must meet the same requirements of ethical review, and provide the same guarantees that they will not breach confidentiality – wherever they are from. The pharmaceutical industry has an essential role to play in the development of drugs that will help us all. Industry researchers need access to the best possible data to help them do that in the safest way.
You mention that the charity campaign is emotive. We want to ensure as many people as possible are talking about how their data might be used, and finding out more – so they can make their own decision whether to opt out or not. If an emotive image helps to achieve that, we have no regrets.
“all researchers must meet the same requirements of ethical review, and provide the same guarantees that they will not breach confidentiality”. And the guarantees are worth very little. The NHS had at least 5 Data Protection breaches a week between 2008 and 2011 http://www.bigbrotherwatch.org.uk/files/NHS_Breaches_Data_Protection.pdf – and those are only the breaches which were actually identified and admitted to, and even then only from a subset of NHS Trusts, the rest of which wouldn’t provide the information; so much for openness and data sharing, which apparently is only for the little people.
“we encourage people to find out more about the other uses from the NHS”… and the NHS has proved a very poor source indeed of information on those other uses. Their leaflet didn’t discuss the regular use of identifiable data under section 251, which will almost inevitably go ahead; they haven’t mentioned that the Secretary of State needs no approval from any ethics committee to distribute the data; they haven’t mentioned access by the police http://www.pulsetoday.co.uk/your-practice/practice-topics/it/caredata-will-allow-police-access-to-patient-records-without-informing-gps/20005800.article who themselves are a major concern for Data Protection breaches http://www.bigbrotherwatch.org.uk/Police_databases.pdf ; they haven’t mentioned access by social services who will be using the HSCIC database from 2015.
Why should we be open with our data if you and the NHS aren’t open about these other uses to which the data will be put, and about the substantial risk of data protection breaches?
Of course it is absolutely right to consider the research needs for the sick and vulnerable who need our care. But not at the expense of all the vulnerable whom the campaign won’t reach, and all our children’s right to data privacy, to confidentiality and not only in their lifetime. Will you tell Peter and all his generation, that you were not prepared to stand up to commercial strategists and gave away the most intimate knowledge of the children’s lifestyle and future health to commercial data mining, without a second thought? I want to support research, but with active opt in consent as is done so well in the majority of research projects and required by ethics committees the world over. Not through a rushed botched assumption such as care.data. Asking us seems like an after thought. Perhaps it was?
For the Wellcome Trust from Helen Wilkinson The Big Opt Out Campaign Medical Confidentiality Campaign
A few years ago I was under the care of two related Consultants at UCLH one of whom was involved in a pan London longitudinal reserach study covered I believe by Sec 251. These researchers contacted me three weeks before I was due to related major surgery which was arranged by the second Consultant. The nature of the research could have meant I changed my mind over my much needed major surgery.
I made a formal complaint to UCLH which found its way to board level as the Trust Board knew nothing about the research as Consultant had neglected to inform them.
The whole situation was incredibly distressing.
You constantly failure to acknowledge the immense harm and distress Sec 251 and researchers can do by contacting patients completely inappropriately.
For this reason care.data, SUS, HES and research generally should opt in ONLY.
I am a researcher and I support research. The current system of research governance in the UK requires me to design a study with an important question in mind: would a reasonable person believe that the information I seek about them is necessary to answer my research question, and would giving me permission to know important and otherwise confidential facts about them (and sometimes their family members and others) have bad consequences for them.
Obtaining informed consent is expensive and time-consuming, and missing data gets in the way of good research. The promise of anonymization of large data sets seems to be the answer and of course, we trust both ethics committees and researchers to do the right thing. But we know from other areas of life that these promises are sometimes illusory, that it is often quite easy to identify individuals from large data sets, and that policy and regulatory frameworks can rapidly change in ways that lead to disadvantage.
This means that I will probably ask my GP not to hand over private information about my health and healthcare so that it can be used by all and sundry without my knowledge and consent. That means that I will continue to be able to speak with her openly. It also means that she will not need to guard what is recorded in her notes against some future text mining data crawler program ranging over the free text comments on behalf of an insurance company or government department.
CRM-
Sorry, I fail to see WHY the possibility of a “….text mining data crawler program ranging over the free text comments on behalf of an insurance company or government department.” SHOULD alarm anyone?
Who cares, and why should they? Why on earth would anyone want to dig out data on any individual, it just isn’t going to happen, and probably wouldn’t be possible anyway. You’d undermine data integrity because you are afraid of unspecified consequences? Perhaps you personally have a good reason, I don’t wish to know about that, but the chances of anyone else having a genuinely good reason to worry are minute to non existent.
It’s Life. How do you sleep at night knowing that your private passwords and data are all over the Banking system? For goodness sake, procedures work unless they don’t and there’s no point in worrying.
And as for your “private information” I challenge that concept – it is I who shall be paying for your care when you are too sick to pay for your own NI contributions, and you who shall be paying for mine. If you are that interested in whether i masturbate, you don’t have to spend weeks correlating medical records on the off chance I’ve discussed it with my GP, you can just ask.
We all swim in the same goldfish bowl, there is no privacy in nature, except in human nature, ie your own head. I wish you WOULD keep your private paranoia private, but if you must spray these irrational fears about all over the internet then you surely can’t expect me to put up with your mess without complaint?
I note with interest before posting that my email will never be made public…….so they say ….:-)
I opted out before they’d even sent me the leaflet. Why anyone on this planet would trust this government (and their big business private heath buddies who are hell bent on privatising everything and lining their pockets), with their most personal and private data, is utterly beyond me. You want to use my most sensitive personal data I have data for research? Then ask for my consent.
Pingback: care.data – what am I worried will happen? | inforightsandwrongs
Pingback: The care.data leaflet campaign – legally necessary? | inforightsandwrongs
Pingback: Opting patients out of care.data – in breach of data protection law? | inforightsandwrongs