I was invited today on twitter to say what I was worried will happen as a result of the care.data programme. I’ve written about this previously, and some of my concerns are laid out in those posts. But here’s a little list:
- I am worried that even the most robust and secure data security measures can fail, or be overridden. Patients’ identifiable data could be compromised.
- I am worried that there is a limit to how much users of the data could be restrained from making secondary, not-beneficial-to-patients, usage of data to which they are given access (Geraint Lewis, NHS Chief Data officer, was asked how, for instance, insurance companies would be prevented from doing this – he pointed to the Information Commissioner’s powers to impose Monetary Penalty Notices to a maximum of £500,000 for suitably serious contraventions of the Data Protection Act 1998. But a penalty for misuse of data will only be a net penalty if it outstrips profit from the usage.)
- I am worried that some people will avoid seeking medical treatment, particularly for sensitive or serious ailments, if they in turn worry about who might have access to their data.
- I am, in more general terms, worried about the lack of transparency that has surrounded the programme, and the lack of clear information. I am worried that, if the risks are so low and the benefits so high, why were initial attempts made to sneak this under the public’s radar?
- I am worried that the amassing of and use of personal data in itself carries risks.
- I am worried that I am wrong about all this, and that I am attacking a programme which will potentially deliver personal and societal benefits.
But, ultimately, I am not sure it is for me to say specifically what I am worried will happen. I don’t know specifically what will happen with a lot of things I worry about.
Surely it is for the proponents of care.data to say why I should be reassured. And I’m not.