Integrity failures in database surveillance and like schemes

Margaret McCartney, a general practitioner in Glasgow, writes in the British Medical Journal: Why is, the government’s flagship NHS patient data programme in England, floundering? It’s consent, stupid. Most citizens who were asked hadn’t heard of the scheme. Consent to upload individuals’ medical records was sought by sending a leaflet, which was typically lost among a heap of pizza delivery menus. People who had opted out of receiving junk mail did not get it at all. The few who read the leaflet would have found that it didn’t even mention “” Also, it was heavy on assumed benefits (“find more effective ways of preventing, treating and managing illnesses”) but light on potential harms. It did not mention who would handle the data extraction (Atos), that records could be sold to private sector businesses, or the risk of re-identification by third parties and how this would be mitigated. doesn’t care enough about consent

Rowena Mason writes in The Guardian: The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded “dangerous” by tax professionals and “borderline insane” by a senior Conservative MP. Despite fears that it could jeopardise the principle of taxpayer confidentiality, the legislation would allow HMRC to release anonymised tax data to third parties including companies, researchers and public bodies where there is a public benefit. According to HMRC documents, officials are examining “charging options”. The government insists that there will be suitable safeguards on personal data. But the plans, being overseen by the Treasury minister David Gauke, are likely to provoke serious worries among privacy campaigners and MPs in the wake of public concern about the government’s scheme – a plan to share “anonymised” medical records with third parties.

HMRC to sell taxpayers’ financial data

Bryan Glick writes in Computer Weekly: The government has formally ended the troubled e-Borders programme, four years after it cancelled a £750m contract for the IT project, although its intended functions have been incorporated into a new, broader project to secure the UK’s borders. Charles Montgomery, director general of the UK’s Border Force, told a meeting of the Home Affairs Select Committee on Tuesday 11 March 2014 that e-Borders had been “terminated”. But Home Office officials were subsequently keen to point out that although the e-Borders name is no longer used, all the intended aims of the programme have been merged into the the Border System Programme (BSP), an initiative launched in January 2013. At the time BSP was put out to tender, the Home Office told Computer Weekly it was separate to e-Borders, but its scope has since been expanded. The e-Borders programme was first commissioned in 2003 to […]

Government finally ends e-Borders programme

Laura Donnelly writes in the Daily Telegraph: On Thursday the board of HSCIC announced that it will conduct an immediate audit of all data ever disclosed by the central NHS authorities. In April it will disclose details of the data released by HSCIC. Details of data released by its predecessor organisation are expected to be published the following month. The report will set out what was released and why, and in future, records of such decisions will be released quarterly. Officials said they were taking the steps in order to “improve the transparency of its decision-making and build public trust in its actions.” They said the measures were being introduced following the concerns raised by MPs last week The audit will be led by Sir Nick Partridge, a Non-Executive Director on the HSCIC Board and former Chief Executive of the Terence Higgins Trust.

Review to probe sale of NHS medical data

Jon Hoeksma writes in EHI magazine: Health leaders gathered in Manchester for the Healthcare Innovation Expo look set to have their future-gazing overshadowed by the disarray over, after a truly disastrous week for the open data initiative. A fortnight ago, NHS England was forced to announce a six-month delay to the project to link the Hospital Episode Statistics to other databases and make the information available to researchers and others, after a public outcry about the lack of consultation on the plans. But the commissioning board had begun a fight back in defense of the programme, with a major communications campaign promised in an otherwise fraught session at the Commons’ health select committee, and tough new legislation unveiled by health secretary Jeremy Hunt. Despite this, by the end of the week, and its chief architect and champion Tim Kelsey, NHS England’s director of patients and information, was being […]

A bad week in the bunker for

Ben Goldacre writes in The Guardian: I am embarrassed. Last week I wrote in support of the government’s plans to collect and share the medical records of all patients in the NHS, albeit with massive caveats. The research opportunities are huge, but we already knew that the implementation was chaotic, with poor public information, partly because the checks and balances on who gets access to data – and how – have not yet been devised or implemented. When you’re proposing to share our most private medical records, vague promises and an imaginary regulatory framework are not reassuring. Now it’s worse. On Monday, the Health and Social Care Information Centre admitted giving the insurance industry the coded hospital records of millions of patients, pseudonymised, but re-identifiable by anyone with malicious intent, as I explained last week. These were crunched by actuaries into tables showing the likelihood of death depending on various […] is in chaos. It breaks my heart

Conrad Quilty-Harper writes for the Daily Mirror: The launch of a controversial database which would centralise access to GP surgeries healthcare records has been delayed from April until Autumn. Why? Let’s start at the beginning, this stuff is quite complicated. What is The NHS wants to share data collected at GP surgeries about individual patients so researchers can find ways to improve healthcare and generally make the NHS more efficient. Since 1989, researchers have been able to request hospital episode statistics including billions of records from hospital visits. will open up the data behind about 300 million patient consultations every year at GP surgeries. The controversial bit is that this involves using identifiable information — like people’s date of birth, full postcode, NHS number or gender — to connect the data together. The NHS says the data is protected, but people are still worried about the implications for […]

Why should you care about

Nick Triggle writes for the BBC: There comes a point when the weight of criticism becomes so much that the dam bursts. For NHS England – and its project – that point was reached on Tuesday. When you have a group of bodies as disparate as the British Medical Association, privacy campaign group Big Brother Watch and the Association of Medical Research Charities united in their condemnation, you know you have a problem. The organisation has defused the problem for now by agreeing to delay the data-sharing project by six months. But how did it get to this point? After all, the concept of the giant database has the backing of almost the entire medical community, many charities and some of the most influential patient groups. How did it go so wrong?

Charlie Cooper writes for the Independent: Controversial plans to trawl patient records from every GP surgery in England have been put on hold, amid concerns from doctors and ministers that the public have not been properly informed about how their private data will be used. The programme, which was scheduled to begin collecting the confidential information from GPs in April, will now be delayed until the autumn, NHS England has announced. The pause will allow the NHS more time to inform people about “ the benefits of using the information, what safeguards are in place, and how people can opt out if they choose to,” officials said. The Department of Health has grown increasingly concerned in recent weeks that NHS England has not sufficiently reassured the public – nor the medical profession – about how the programme would benefit patients. Critics have also warned that the private data, […]

Victory for privacy as NHS database is delayed

Nigel Praities writes for Pulse: A substantial number of GPs are so uneasy about NHS England’s plans to share patient data that they intend to opt their own records out of the scheme, reveals a Pulse snapshot survey. The survey of nearly 400 GP respondents conducted this week found the profession split over whether to support the scheme, with 41% saying they intend to opt-out, 43% saying they would not opt-out and 16% undecided. The snapshot survey gives the first indication of GP opinion over the scheme, and comes as leaflets with information about the programme are in the process of being sent to every household in England.

Over 40% of GPs intend to opt themselves out of ...

Lis Evenstad writes for EHI magazine: A leading privacy campaigner has condemned NHS England’s £1m leaflet drop about for not including an ‘opt-out’ form. Phil Booth, co-founder of the medConfidential campaign, told EHI that the leaflet, which is supposed to inform patients about the programme and advise them that they can opt-out, said the failure to include an easy way for them to do this was “ridiculous”. “There’s no opt-out form in the leaflet. This is ridiculous. If you’re going to send out this you have to include an opt-out form,” he said. The leaflet drop is part of a £2m public awareness campaign being run by NHS England and the Health and Social Care Information Centre about, which will expand the Hospital Episode Statistics and link them to other healthcare data sets, starting with information extracted from GP practices. An estimated 22m homes will receive a leaflet […] campaign leaflet slammed

SA Mathieson writes in The Register: One of the first things Britain’s home secretary Theresa May did on taking office was to abolish the previous government’s identity cards scheme. But while she made ID cards history, she is in the process of extending Britain’s range of identity document checks. Britain may be a country without ID cards, but British officialdom has plenty of reasons for requiring your papers, please – usually a passport or a driving licence – other than for crossing a border or driving a vehicle. May’s immigration bill, published in October, will among other things, require private landlords to check whether prospective tenants are allowed to live in Britain, on pain of £3,000 fines. According to the Residential Landlords’ Association, which says 82 per cent of its members oppose the measure, it will mean everyone renting will have to show papers, including Britons – with landlords having […]

Thought you didn’t need to show ID in the UK? ...

The Observer publishes an exchange of letters between Malcolm Rifkind and Henry Porter. Mr Porter opens: Dear Sir Malcolm A few years ago we were on the same panel talking about Labour’s plans for the ID card and the threat to personal privacy that it entailed. You had to leave, so did not hear my words about personal privacy being the defining quality of a free society. I have little doubt you would have agreed with them, for what I said was uncontroversial to any democrat. You were in opposition then. Today, as the Snowden revelations show the extent to which the American and British governments are spying on their citizens, you are sounding a very different note – one that is surprisingly authoritarian for the head of parliament’s intelligence and security committee, which after all is charged with representing the public in the oversight of the secret activities of […]

Henry Porter v Malcolm Rifkind: surveillance and the free society

Madlen Davies writes in Pulse: The responsibility for informing patients about the controversial extracts scheme, in which identifiable data will be extracted from GP records and sent to the Health and Social Care Information Centre, will fall solely on GPs after NHS England ruled out a national publicity scheme. In a move criticised by campaigners, NHS England said that it will engage with patient, voluntary and charity groups to support raising awareness, offer ‘regional support’ and will set up a website for patients, but will not run a national publicity campaign. Instead, it will be GP practices’ responsibility to inform patients about the changes, and provide them with information on how they can raise an objection to their data being shared, NHS England said. A range of materials has already been jointly produced with the HSCIC, BMA and RCGP to support this, it added. Pulse reported earlier this month that […]

NHS managers rule out publicity campaign for controversial data extract ...

Madlen Davies writes in Pulse: Private companies and researchers will be able to access data from GP records for £1, under plans revealed by NHS England to radically reduce the cost and boost the availability of information about patients available outside the NHS. The body’s chief data officer has revealed he wants to reduce the costs for companies to access NHS datasets, from around £20,000 to £30,000 currently, to just £1. NHS England said the data would be used to identify where improvements and efficiencies could be made in the NHS and that only approved companies would have access to the data. But the GPC has raised concerns that private companies would have access to NHS patient data ‘on the cheap’. Phil Booth of MedConfidential provides some commentary: The government’s announcement today that private companies are to be given access to patient data for the princely sum of £1, is […]

Private companies set for access to patient data for just ...