Margaret McCartney, a general practitioner in Glasgow, writes in the British Medical Journal: Why is care.data, the government’s flagship NHS patient data programme in England, floundering? It’s consent, stupid. Most citizens who were asked hadn’t heard of the scheme. Consent to upload individuals’ medical records was sought by sending a leaflet, which was typically lost among a heap of pizza delivery menus. People who had opted out of receiving junk mail did not get it at all. The few who read the leaflet would have found that it didn’t even mention “care.data.” Also, it was heavy on assumed benefits (“find more effective ways of preventing, treating and managing illnesses”) but light on potential harms. It did not mention who would handle the data extraction (Atos), that records could be sold to private sector businesses, or the risk of re-identification by third parties and how this would be mitigated.