Those who fail to learn the lessons of history are condemned to repeat it. George Santayana
The signs have been there for a couple of months, but today it happened, Atos were axed from the Work Capability Assessment Contract by DWP Minister for Disabled People Mike Penning. In a statement that spends rather more time trying to blame Labour and Atos than looking at what actually went wrong, Penning announced that Atos will be replaced in early 2015 by a new contractor. Most Atos personnel are expected to transfer to this replacement, however in the longer term Penning anticipates using multiple contractors "to increase competition"
Tweets by the DWP's twitter account @DWPPressoffice stating "Aim is to drive up the number of WCA assessments and cut waiting time" make it clear that there is no intention to reform the WCA, even though disabled people are unanimous in stating that the core problem is the WCA itself, Atos were just the disablist topping.
The statement indicates that Atos will remain responsible for delivering the WCA until their early exit in 2015, though with a "remedial advisory team" pulling manager's strings.
So what does all this mean for those of us who have to live with the damage WCAs do?
The first thing to note is that they're only changing the monkey, not the organ-grinder. It has been clear for a long time that we have had a dual problem with WCA. Atos were the front-end of that problem, with major issues with the attitude of many of their customer-facing staff (the GMC found it necessary to remind Atos doctors that basic honesty was a professional requirement), and a management that was clearly not remotely interested in whether they were meeting basic needs around accessibility and the like, nor any interest in delivering continuous improvement. But behind that problem was the DWP, the structure of the WCA, and the structure of the WCA contract. Research by Kaliya Franklin revealed just how tight were the norms that Atos were contractually held to be DWP (who insist that a 'norm' is not a target, even if you're only allowed to use some of the WCA provisions for one patient in a thousand). And of course the WCA just kept getting harsher and harsher, with the introduction of the imaginary wheelchair, and a perverse insistence that one problem could not affect someone both physically and mentally. @DWPPressoffice's "drive up the number of WCA assessments" is a particularly ominous note when we know a major part of the problem with WCA has been rushed assessments that haven't looked into patient's situations with nearly enough knowledge or detail.
The only companies in a position to replace Atos are likely the other major outsourcing companies: Capita (busy destroying their own reputation on PIP and court interpreter contracts), G4S (already destroyed their reputation over failing to deliver security for the Olympics, then found to have defrauded the taxpayer over offender tagging - and that's without mentioning the forced sedation in South African prisons or the Australian refugee internment camps, or the deaths in care) and Serco (ditto on the offender tagging and the Australian internment camps, with a side dish of falsifying data on a GP out-of-hours service in Cornwall - a contract that was also axed early). Having seen Atos having their brand turned into a toxic nightmare for brutalising disabled people, none of these are likely to be over-eager to involve themselves in WCA, particularly if it is clear the root problems with the WCA are not being addressed. Equally it is clear that the WCA is now so toxic that Atos are willing to buy themselves out of it and take the reputational damage of having walked away/being kicked off a major national contract, rather than face the ongoing month-by-month, day-by-day damage that goes with being the WCA contractor. However, ultimately money is likely to talk. Capita are probably the company in the best position to take over the contract thanks to their involvement with PIP, however PIP delays are growing month by month (even though it is only addressing a fraction of the cases it was supposed to) and PIP may turn out to be even worse than WCA, but about the best that can be said for them is they haven't had the cases of fraud or abuse of people in their care that the other competitors have had.
Introducing multiple contractors likely has rather more to do with hopes of splitting the blame than Penning's claim he wants competition. By creating multiple targets he may hope to split the focus of the disability lobby, but that ignores the way that disabled people have honed their teeth on destroyed Atos's brand as they became media-savvy protesters through sheer necessity. What was done to Atos can be done to any other company that makes the same mistakes in dismissing the voice of disabled people. Facing the possibility of having your brand destroyed is bad enough for companies that already have image problems, facing that possibility for a fraction of the pot is not going to be a winning argument in their boardrooms. And equally, if there is no one company to take the blame, then DWP may find themselves even more directly in the firing line for WCA failures than they already are.
From the DWP point of view, certainly that of IDS and his coterie, the entire issue is likely timing and the election. By making a fuss of sacking Atos now, they likely hope to create an ideal cover story for everything wrong with WCA that will last them through the election. 'Yes, WCA is a mess, but it was Labour's fault, and see, we sacked Atos, the Great Satan, because we really care about those poor, inspiring, disabled people.' And then after the elections they'll be able to blame ongoing issues on 'teething problems' (and the current DWP ministerial crew will likely have moved on to new departments by then). Disabled people know that the truth is that unless there are radical changes to the WCA (such as scrapping it and having the patient's own GP or consultant write the report), then the same tragic catastrophe will repeat itself, particularly if the incoming company will have to do the same inappropriate test in the same inaccessible buildings with the same problematic staff, but IDS has always been a proponent of denying responsibility for whichever DWP fiasco is in the news this week.
Ironically, while Atos are being summarily kicked off WCA, they are being allowed to retain their PIP contracts, even though PIP shows signs of being an even worse car-crash than WCA - perhaps IDS and Penning want to have someone convenient to blame when PIP fails?
Thursday, 27 March 2014
Monday, 24 March 2014
Care.Data: In Their Own Words
As a follow-on from my Care.Data: Why Disabled People Should be Worried piece, Kingsley Manning, the Chair of HSCIC (the organisation charged with extracting our medical records from GPs and making them available both inside and outside the NHS) recently gave a speech to the National Health and IT Conference and Exhibition, and it's rather revealing. So, in his own words, this is what HSCIC wants to do in commercializing your medical records:
"It is however timely to point out that there is not necessarily any contradiction between the aims of a commercial organisation and the advancement of the nation's health and social care services. Many of the commercial information intermediaries who make use of our data releases are supporting NHS organisations to plan, transform and deliver their services.
With respect to the pharmaceutical industry, not only does it represent a major contributor to the UK economy, but they are also critical in developing new treatments. It would be perverse if we weren't to support their activities and their endeavours. There could be no better evidence of the effectiveness of health data, shared with us by the patients, than the contribution it makes to crucial break-through in treating deadly diseases.
Quite rightly however, the public are suspicious that these arrangements are in some way unfairly tipped in favour of the profit makers. This suspicion has been fuelled by our innocent lack of transparency. I have no doubt that HSCIC's predecessor organisations were intent on operating in the best interest of the patients of the NHS, but they were working at a different time and without the glare of public interest.
If we are to sustain public trust we not only need to demonstrate that their data is secure and that it is used effectively, but we need to be transparent in everything we do. The current arrangements governing the release of data are undoubtedly confusing and there is inadequate representation of the public voice in our decision-making."
You said it!
And on security:
"With respect to security, and in this I include not just cyber security but also the physical and human security threats, we are a facing a fundamental shift in the level of threat. When I become Chair of HSCIC, 9 months ago one of my first actions was to institute a review of our security arrangements. For more than 20 years I've been running organisations that have been handling sensitive data and I have lived in fear of a major security breach.
Despite that experience I was shocked by the pace and the scale of the developing security risk. Whilst I had been concerned with the lost disc or the stolen laptop, I had failed to appreciate the extent of the risk now posed, whether it's by highly organised, criminal hackers, extremely proficient and motivated activists, or foreign states or ideologically motivated interlopers.
The NHS is reliant on core national information infrastructure and dependent on highly, valuable data assets; we are not immune to these threats.
In the next few weeks we will therefore announce a major strengthening of both the security and IG frameworks for the whole health and social care system."
So if hackers can regularly breach NASA and the Pentagon, who holds out much hope for the good old NHS? Particularly with all the attention Care.Data has been getting, which has to add to the kudos of the first person to hack the system and make the hack public with a massive release of medical records somewhere on the darknet.
And what has the government done since the Care.Data story broke? They've voted down an attempt to make misuse of Care.Data a criminal offence and Jeremy Hunt has promised they won't be caught selling it to insurers again. They propose to do this by requiring there to be a healthcare benefit behind any Care.Data sale, but you can word just about anything to do with health data to have a healthcare benefit, even the SIAS release that brought this into the news could have been worded to claim it would have a healthcare benefit in analysing demographic linkages with particular illnesses, and still give exactly the analysis the insurance industry wanted on links between illnesses and postcodes, at worst they might have needed to hire someone else to do it for them.
Monday, 17 March 2014
Fit for Work?
Citizen's Advice are currently in the middle of a nationwide campaign on ESA (Employment and Support Allowance). ESA is paid to people who are unable to work due to disability and frequently the decisions that have been made about who does and doesn't qualify have been wrong leading to stressful reconsiderations and appeals. Many people have died after wrongly being found fit for work. Others have committed suicide due to incorrect decisions and/or the stress of the process. Citizen's Advice's campaign is called Fit for Work because they hope that if implemented the changes they're calling for will help make ESA fit for work (i.e. fit for purpose).
The campaign is calling for:
They are doing this in a variety of ways but I wanted to blog about one of them
CABs generate evidence about problems we see. And they have thousand and thousands of pieces relating to ESA if the evidence submitted just by the bureau I volunteer at is anything to go by (I'm both an adviser and a social policy coordinator so most of the evidence we generate I see before it gets sent to Citizen's Advice head office.). Those pieces are great for facts. What when wrong. When did it go wrong. How did that affect the client? But they aren't so good at the more human side of it, how did it make them feel? How did it effect their health? What happened next, how long did it take to resolve and how did that affect the client? (mostly because in my experience at least we rarely find out the long term outcome)
Citizen's Advice are looking for as many people as possible to share their own stories of ESA in their own words. What it means to live the ESA process. Whether they claim it, they volunteer for a CAB and have helped clients claim it, they've supported friends or family through the process or whatever reason.
These stories are being gathered on their blog and through the #FitForWork hashtag on twitter. More stories are still needed and can be submitted here.
The campaign is calling for:
- The Department of Work and Pensions (DWP) should listen to evidence from the health and social care professionals who know you best.
- The medical evidence required to make your case should be provided free of charge.
- The companies running the work capability assessments should be held accountable for poor quality assessments or bad customer service.
- The DWP should continue to pay people ESA while a second opinion is given on their application.
They are doing this in a variety of ways but I wanted to blog about one of them
CABs generate evidence about problems we see. And they have thousand and thousands of pieces relating to ESA if the evidence submitted just by the bureau I volunteer at is anything to go by (I'm both an adviser and a social policy coordinator so most of the evidence we generate I see before it gets sent to Citizen's Advice head office.). Those pieces are great for facts. What when wrong. When did it go wrong. How did that affect the client? But they aren't so good at the more human side of it, how did it make them feel? How did it effect their health? What happened next, how long did it take to resolve and how did that affect the client? (mostly because in my experience at least we rarely find out the long term outcome)
Citizen's Advice are looking for as many people as possible to share their own stories of ESA in their own words. What it means to live the ESA process. Whether they claim it, they volunteer for a CAB and have helped clients claim it, they've supported friends or family through the process or whatever reason.
These stories are being gathered on their blog and through the #FitForWork hashtag on twitter. More stories are still needed and can be submitted here.
Monday, 10 March 2014
Care.Data. Why Disabled People Should be Worried
In the eyes of the law, a
government department, a university researcher, a pharmaceutical company, or an
insurance company is as entitled to request and receive de-identified data for
limited access as a clinical commissioning group, as long as the risk that a
person will be re-identified from the data is very low or negligible.
Furthermore, all such organisations can make good use of the data. Access to
such data can stimulate ground-breaking research, generate employment in the
nation’s biotechnology industry, and enable insurance companies to accurately
calculate actuarial risk so as to offer fair premiums to its customers. Such
outcomes are an important aim of Open Data, an important government policy
initiative.
HSCIC Information Governance
Statement
When I wrote an article about the risks of Care.Data for
disabled people a fortnight ago I put it on my own blog, because I didn't think
it overlapped with the disability and benefits focus of Where's The Benefit.
Unfortunately the last fortnight has absolutely changed my mind. I now think
that not only is Care.Data one of the worst fiascos of the current government,
but that it represents a very real threat to disabled people and particularly
to the confidentiality of their medical records, so here is a briefing on Care.Data that hopefully will allow you to decide for yourself
whether Care.Data is something you need to opt-out of.
This is quite a long piece, and an incredibly messy tale of
woe, if you lack the spoons to read all the way through it, I suggest skipping
down to the (almost) last section What Should I Do Now, where I give a
recommendation on how to proceed.
What is Care.Data?
Care.Data (note the dot!) is a government scheme to
integrate hospital and GP medical records in order to make it available for
both NHS governance and planning, and research by outside organisations. This
will take the form of a huge database to be run by the Health and Social Care
Information Centre (aka HSCIC), an NHS agency that replaced the NHS Information
Centre (NHSIC) after the Health and Social Care Act 2012 set all this in
motion.
See A simple guide to Care.data for
a more in depth background at Wired (when a technology magazine files a health
service informatics story under 'Politics', you know things are in a mess).
There is also the comprehensive http://care-data.info/ which is run by a
concerned GP.
(N.B. Care.Data won't include all the consultant's letters,
scrawled doctor's notes and other stuff that tends to be haphazardly wedged
into whatever kind of folder your GP uses for your records, it will just be the
clinical codes that they type into their PC to indicate disagnoses,
prescriptions, consultants and the like.)
So That's Good, Right?
In theory, yes. The study of mass health data promises to be
absolutely revolutionary (and it's why personally I'm not quite giving up on
Care.Data yet). What is an interesting anecdote in one patient's records, such
as the slightly odd reaction I just had to Gabapentin, could become the key to
understanding a major risk, or a major opportunity, when extended across the
entire patient population of England - Scotland, Wales and Northern Ireland are
going their own way on this, and Dr. Margaret McCartney (who was behind an
excellent expose of the attitudes of Atos towards disabled patients) has an
article on why their approaches to the same issue are better, which is
available in the BMJ: Care.data: why are Scotland and Wales doing it differently? Potential uses which have been discussed include not just pure statistical
research, but using the data for recalls of medical devices (c.f. the 2011
breast implant scandal), and during healthcare emergencies. Less positive is
the potential applicability of the data to 'NHS commissioning', i.e.
privatisation.
So Why Am I Just Hearing About This?
Initially HSCIC seemed to be of the opinion that we
shouldn't worry our little heads about this. The NHS England National Director
for Patients and Information, Tim Kelsey, who has an extraordinarily convoluted
background in this story, has openly stated in the past that people using a
public service should not have the right to opt-out of sharing their data.
Having been thumped a few times by, amongst others, the Information
Commissioner's Office (ICO), responsible for enforcement of the Data Protection
Act (which incidentally Care.Data has partial immunity from), HSCIC agreed to
provide an opt-out and to send out a leaflet to every household in the country
explaining the issues with Care.Data. This leaflet was duly distributed by the
Royal Mail along with all the other junk mail, but most people either never
received it or never noticed it, and it was eventually revealed that, unlike
most other government mail shots, HSCIC had failed to sign up to the scheme
that overrides junk-mail opt-outs. Amongst the people who never saw it was,
rather ironically, the Information Commissioner who had insisted it be sent out
in the first place. Nor was ICO happy with the content, stating on Today
"We’re not sure without further explanation on the website and very clear
views, that people will understand what that means”, a statement Tim Kelsey was
forced to agree with. Which is hardly surprising as a leaflet supposed to brief
people on what Care.Data was, the risks, and how to opt out, consisted solely
of a PR puff-piece on how important Care.Data was, no mention of any risks, and
an unexplained statement saying that if people wanted to opt-out then they
should contact their GP
Assuming their leaflet was distributed at all, disabled
people then faced the problem of accessibility. There were Braille, Large Print,
Screen-Reader Friendly and Easy-Read versions of the leaflet available, which is good, better performance than we
are used to from DWP, but to know about the Accessible versions you had first
to read the small print on the non-accessible version of the leaflet.... How people
intellectually unable to give informed consent to Care.Data are intended to
proceed appears to have been left completely unaddressed.
There are inline links to the screen accessible versions in
the text above, for Braille you need to ring 0300 456 3531 or the text phone
number 0208 742 8620 and request the Better Information Means Better Care
leaflet, I believe a spoken word version should also be available through the
first number. Quickest turn around on delivery of a braille version I've heard of was 5 weeks, other people are still waiting.
The Fiasco Unfolds
The first domino to fall was on Tuesday 18th February, when
HSCIC announced that the gathering of Care.Data would be postponed from April
to October as there were a few concerns over whether people had been provided
with enough data. Computer Weekly, however reported Legal straits forced NHS delay on Care.Data,
suggesting that the inadequate information provided to patients meant HSCIC had
actually created a situation in which GPs might be in breach of the Data
Protection Act if they allowed Care.Data access to their records (even though
the Health and Social Care Act 2012 was supposed to have excluded Care.Data
from most DPA provisions). Disturbingly there are reports of at least one NHS trust threatening GPs that they would be in breach of contract if they did not opt patients in to Care.Data and that a GP had been ordered to take down a statement on his surgery web-site saying he was concerned with the scheme.
Next domino to fall was on Sunday 23rd February, and it was
a doozy. The Daily Telegraph reported that 13 years worth of all records of
hospital in-patient admissions from HES, the predecessor to Care.Data, 47m
records in all, had been sold to the 'Staple Inn Actuarial Society' (SIAS), which it turns out is a combination
of a) a trade body/professional society for actuaries (the people who do
big-data number crunching for the insurance industry), and b) a convenient
not-for-profit front for the insurance industry. The Telegraph went on to
reveal that the data had been analysed and combined with data from consumer
credit companies - meaning that they had been able to narrow cases down to at
least post-code areas, to allow insurers to review their prices for health
insurance in the case of various health issues (the threat warning sensors of
any disabled person who has ever tried to get travel insurance, never mind life
insurance, should be twitching already). SIAS's own report made it clear that
they had been able to identify individual patients, by saying they were able to
link multiple admissions, and then link those patients to consumer credit
information, which would have required at least partial post-code matching, but
this may have fallen a step short of full identification to a named individual.
The first response from HSCIC was that the story involved
their predecessors NHSIC and in any case was legal (first say it was someone
else's fault, then claim there isn't a problem anyway, absolutely classic Cover
Your Backside 101). The second response from HSCIC again emphasised that it was
NHSIC at fault (never mind NHSIC became HSCIC), but admitted the transaction
was illegal, though precisely how it was illegal it seemed to find impossible
to explain (it now appears they may not even have taken legal guidance on the
issue, so the legal situation is anyone's guess). HSCIC also tried to argue
that this was all right as SIAS is a not-for-profit organisation, seemingly
completely unaware that not-for-profits are often used as fronts for for-profit
organisations, such as in the case of, oh, SIAS and the insurance industry.
It was later revealed that SIAS paid precisely £2,220 (or should
that be 2,220 pieces of silver?) for the data, suggesting no-one in government
has the slightest idea of what this information would be worth to Big Pharma
and the like (Care.Data apparently charges on a cost-recovery only basis). I
don't like having my personal health information ripped off, having it ripped
off for a fraction of its value does not make me feel better.
Suggesting a carefully timed story on the part of the
Telegraph (and possibly a carefully timed leak by unknown parties), HSCIC was due
in front of the Health Select Committee on Tuesday 25th February to discuss
concerns over Care.Data, a session which was recorded and which is available
here. The
performance of Tim Kelsey, Max Jones, Director of Information and Data
Services, HSCIC, and Dr Dan Poulter, MP, Undersecretary of State for Health,
was thoroughly underwhelming (except when it was overwhelmingly arrogant),
whereas the privacy advocates who also appeared were clearly passionate over
patient confidentiality, openly accepting of the value of Care.Data and fully
on top of their briefs.
The appearance by the HSCIC team was a car-crash, the
minister appeared not to know his brief and all three were persistently evasive.
It rapidly became clear that they couldn't answer questions on what was
allowable because they hadn't yet written their code of practise (for a system
supposed to go live in April), something which was required by the Health and
Social Care Act 2012 when it created HSCIC and Care.Data. They blamed this on only
(only?!?) having had 10 months since taking over from NHSIC. When asked to
provide data on previous decisions by NHSIC they equivocated, despite it being
the predecessor organisation from which they acquired staff, facilities, and
records. When asked to provide access to NHSIC decision makers, who should
largely still be working for HSCIC they were even more equivocal. Amid all this
farce, being asked why, if it was a NHSIC decision, HSCIC had allowed their
logo to appear on the SIAS report, was almost lost in the background noise. One
particularly disturbing moment from the disability rights point of view was
when Barbara Keeley, MP for Worsley and Eccles South, raised the issue of data
referencing patient Mental Health being subject to substantial stigma, the
possibility it might end up with potential employers and therefore surely
requiring the same protection as AIDS or STD status, only to be told by Dr. Dan
Poulter "That's absolutely daft". When the HSCIC team protested that
any misuse of data would be subject to fines of up to £500,000 from the ICO, Barbara Keeley noted "That's
small change to Big Pharma." (Incidentally the ICO were recently lamenting
the inability of judges to understand the consequences of privacy breaches and
their refusal to impose realistic fines). The appearance culminated in the
witnesses being told by Rosie Cooper, MP for West Lancashire, that she had
already opted-out because, pointing at Kelsey, Poulter and Jones, "I don't
trust you."
To complete the farce, Public Health Minister Jane Ellison,
having told parliament the data released by the HSCIC was "publicly
available, non-identifiable and in aggregate form", none of which were
true, but amply demonstrating the lack of understanding of Care.Data at
ministerial level, had to raise a point of order the following day and
apologise for misleading parliament, (at least she did apologise, which is a
step up on the usual performance from IDS and the DWP).
As if one catastrophic data release wasn't bad enough, it
then became apparent on Monday 3rd March that an even worse one had occurred,
with PA Consulting (who have form for losing confidential government data,
having once lost a data-stick containing unencrypted data on every prisoner in the country) admitting that they had
uploaded the complete HES data-set onto Google in order to see what they could
do with it: NHS England patient data uploaded to Google servers Tory MP says. The fact that they were putting it onto data-servers that weren't protected by
UK or EU data-protection law, in likely breach of the Data Protection Act,
appears never to have crossed their tiny minds. Initial reports that the data
was un-pseudonymised and un-anonymised are now being denied, however reference
to producing maps from the data in PA Consulting's own report implies they had
at least partial postcode data available.
Care.Data cock-ups appear to be running about one story a
day at the moment: a company specialising in
geographic information systems (potentially just about a perfect platform for
breaking anonymisation) were offering access, for a price, to a system which
would show you which hospital people seeking particular treatments had
selected, with the implication that this was again HES data. HSCIC had them
take the system down, but it was then claimed that they were only using mock
data, which would make a) the fact they were charging for access, and b) the
fact that HSCIC could make them take it down, particularly bizarre. Another
company were offering HES data combined with their
information on what sort of people lived in a particular post code. Both these
operations would require at least partial post-code information to function,
raising definite re-identification worries.
After multiple requests in parliament, HSCIC were finally
forced to announce on 5th March that they would release an audit of all
information released by themselves or NHSIC, with the HSCIC data out in April
and NHSIC in May.
Amendments have now been proposed to the Care Bill to patch
up the Care.Data loopholes, but as the proposal allows releases "for the
purposes of the provision of health care" it doesn't actually rule much
out - even the SIAS case could have been phrased to imply it was to ensure people with particular illnesses weren't disadvantaged when applying for insurance.
Pseudonymisation, Anonymization and Re-Identification
When it comes to release of data HSCIC has adopted a
traffic-light system. "Green data" is anonymous or aggregated and
should be immune from re-identification; "Amber data" contains
individual data and is supposed to be pseudonymised before release, and
"Red data" is personal and confidential information which is supposed
to be anonymised if it is released at all. Both anonymisation and
pseudonymisation are supposed to prevent data being reverse-engineered to
reveal original identity, but the truth is that re-identification is possible,
and in fact the nature of health data will make this rather easier than with
other data sets due to the degree of individuality introduced by personal
patterns of disability and other health issues.
Identifiable data is only supposed to be released with
patient consent, however there is a provision to override this using a 'section
251 approval'. Even opting-out will not guarantee that data is inaccessible in
these cases as the data will be harvested from GPs and delivered into the
Care.Data database whatever your individual opted-in or -out status, it will
simply have a flag applied once there to state if you have opted-out, which
will restrict it from commercial and research disclosures, but not from a
'section 251 approval' or the law-enforcement back-doors into the database (it isn't clear if
these are using section 251 or another mechanism). Rather disturbingly it came
out during the session that there was a group within the NHS dedicated to
advising how to arrange a 'section 251 approval' and openly tweeting that it
can provide this service.
Transatlantic Data Sharing, Risks and Opportunities (for
Lawyers that is)
The Data Protection Act makes it illegal to export personal
data outside the European Economic Area (EU + EFTA), but
'Green' data doesn't count as it is aggregate not individual, and 'Amber' data might
be exportable given pseudonymisation. There is already a memorandum of understanding
in force between HSCIC and the US Department of Health with stated aims that
include 'Liberating Data and Putting It to Work' and 'Priming the Health IT Market'.
In theory data exported to the US, which has notoriously lax
data protection legislation, is protected under the Safe Harbor agreement
between the US and the EU, which mandates that US companies holding data on EU
citizens protect it to levels equivalent to EU law. Unfortunately the Snowden
revelations have made it clear that the NSA has a tendency to treat US
databases as an all-you-can-eat buffet, particularly if that data relates to
non-US citizens, and happily shares that data back with its partners in the
Five Eyes network (the US, UK, Canada, Australia and New Zealand). Cases of
confidential medical data of Canadian citizens turning up in the possession of
low-level US officials have already been noted (see Disabled woman denied entry to U.S. after agent cites supposedly private medical details).
In practise Safe Harbor may be no safer than Pearl Harbor on the morning of 7th
December 1941 and the EU is already considering suspending it to force
concessions from the Americans over the Snowden revelations.
Specific Risks for Disabled People
I mentioned I had an odd reaction to Gabapentin earlier. It
was actually so subtle I didn't identify it until I came off the drug and realised that there was a change in my behaviour, but in trying
to get my GP to understand what it was, and why I wasn't prepared to go back
onto Gabapentin, a note was made in my medical records, and that note was 'mild
depression'. Now I hadn't once told her I was depressed, I certainly wasn't
feeling any more down than usual, but my 'a psychologist would probably call it
a lack of agency' wasn't a description she was comfortable with (I'm not sure
she even understood it), even if it did describe the sudden fall-off in what I
was getting done. So my medical records now say I've had an incident of mild
depression, even though I haven't. There is a very real stigma attached to
depression in the wider community. It is absolutely normal for people to imply
that anyone with depression is inadequate, frequently tied into an allegation
that depression isn't a real disability, which no doubt is commonly extended to
any other disabilities the person in question may have.
God knows what other inaccuracies are in my medical records,
the physical bundle is about six inches thick, and there is the electronic data
on top. My GP often brings up potential diagnoses for my main disabilities
which were considered and discarded years ago, in some cases decades ago (I
stay with her because she's usually, eventually, willing to recognise that I'm
an expert patient and know exactly what I need). There is, as I understand it,
a theoretical right to examine your medical records and demand that
inaccuracies are corrected, but for many of us that may be a right that is
effectively impossible to enforce, for instance due to issues of Mental Health
or Learning Disabilities, never mind the potential damage in patient-GP
relations - always a worry for patients with long term disabilities.
Care.Data is supposed to pseudonymize (Amber data) or
anonymize (Red data) individual data. The particular problem faced by disabled
people over Care.Data is that many of us are uniquely identifiable by our
individual combinations of disabilities. Take me: I have Dyspraxia,
Hypermobility Syndrome, Chronic Pain Syndrome, and some of the symptoms of
Aspergers, though apparently I don't quite qualify as an Aspie. Now that
combination isn't unique, it's probably true for about half the hypermobile
types I know, but people with that combination living in my postcode, with my
age? Even if you broaden out the postcode (first three characters not all six)
and smudge the age into a range, you're probably not going to get more than one
hit. If you happen to know who my doctors are, then that data becomes even more
identifiable, whether it includes my name and NHS number or not.
This might seem like a fairly obscure concern, but disabled
people face massive discrimination in recruitment, making it a real concern as
to whether or not we declare our disabilities, or all of our disabilities. Some
we obviously have to declare, it's difficult to hide the crutches I walk into
the interview room with, but with invisible disabilities this becomes a more
nuanced decision. Declare, and somehow fail to get the job, or don't declare,
miss out on the legal protection that declaring gives, and face problems when
finally it becomes essential to declare? The 'Consulting Association' (and the
'Economic League' before them) famously ran a blacklist for major construction
companies such as MacAlpine and Balfour Beatty, listing potential employees who
were believed to be union activists, 'troublemakers', or dangerous radicals who
wanted health and safety provisions enforced, and this only stopped when they
were raided by the Information Commissioner's Office in 2009. It is reported
one manager working on the Crossrail project made 900 checks against the
blacklist in 2008 alone. With the open discrimination against disabled people
by many employers and recruiters it is easy enough to imagine someone with a
bootleg copy of Care.Data setting up a black-market disability check service for
recruiters and HR execs to access under the counter: 'He declared X, I wonder
if that's all? Depression? Oh, really? Well he's out, then...." Even
anonymization may not be enough to beat this, breaking anonymisation for one
record is difficult, for 65 million sets of records it's a minor automization
problem, or a business opportunity. If they do it from the States it isn't even
illegal.
The campaign group medConfidential have an article showing
what's being done with some of the data that has been released. Full identification from the information shown would be comparatively trivial
when done on a mass basis, or with background information on the individual in question.
Ben Goldacre gives an example of how to identify someone even
without a prominent disability in his article The NHS plan to share our medical data can save lives – but must be done right (the article is in favour of Care.Data but predates the Telegraph revelations,
Goldacre has to be complemented for admitting he was wrong in a second article Care.Data is in Chaos a week later)
GP Trust Issues
A point which has been raised by patient advocates, but seemingly
failed to gain any traction in the debate between 'the great and the good' is that
this system could result in a huge breakdown in trust between patient and GP.
There are already tensions in the system when insurers can insist on access to
medical records before issuing a policy, but the potential for outside
commercial bodies, law enforcement, or DWP to gain access to extremely private
medical data, such as AIDS or STD status, details of mental health or other
disabilities, and other information towards which stigma exists such as
abortions or teen pregnancy has the potential to cause irreparable loss of
trust. Just today I saw a suggestion that Care.Data, and potential exposure of the results to insurers, provided a good reason for refusing to take the blood test for dementia that was in the news.
They're Excluding AIDS and STDs, but Nothing Else?
Care.Data apparently recognises that compromising the confidentiality of medical data indicating
AIDS or STDs is potentially disastrous, so proposes to exclude it from release,
but, as noted earlier, when asked by
Barbara Keeley on the Health Select Committee if that exclusion
should not also be extended to mental health indicators, given the marked
stigma around them, Dr Dan Poulter, the junior health minister, responded
"That's daft!"
Disabled people will be well aware that it is not just AIDS
status, or MH status that may result in not just stigma but active
discrimination, it is the possession of any disability of any kind whatsoever.
HSCIC and the Department of Health appear either unaware of this, or simply not
to care. Disclosure of any disability information whatsoever has the potential
to stop a disabled person getting a job, or to destroy a career, and we urgently need
Care.Data to address that.
They Gave My Data to WHO?!?
Seeking to extend the organisations who can apply for access
to Care.Data, NHS England wrote: "applications may be considered by the HSCIC from all organisations, subject to their eligibility as determined through the HSCIC’s governance processes. Such organisations may include research bodies, information intermediaries, companies, charities and others."
DWP are reported to have applied for access to HES, the
Care.Data predecessor in order "to obtain access to confidential patient data to be
linked to information about employment, tax credits and benefits claims".
While it is possible that this was in pursuit of high level statistical
information, the wording appears to specifically indicate that this was a clear
attempt to gain access to individual medical records in order to cross-check
with data provided during Employment Support Allowance applications, Work
Capability Assessments, or DLA/PIP applications. Any discrepancy would likely
then be followed by sanctions, or, in the worst case, prosecutions. HMRC are
also reported to have requested and been refused access.
While it is encouraging that these initial requests were
refused, the problem for disabled people is that the desire to access Care.Data
on the part of DWP has been demonstrated, and HSCIC has shown a clear tendency
to approve rather than deny access, associated with a wish to further extend
the sharing of information. We cannot be sure that future attempts will be denied.
A Guardian article Police will have 'backdoor' access to health records despite opt-out, says MP,
reports that former Shadow Home Secretary David Davis has established in a
Parliamentary answer from Dr Dan Poulter that the
police 'and other government departments' will be allowed warrantless
access to Care.Data. 'and other government departments' most likely
means the National Crime Agency and the Security Services, but it could mean
DWP, or it could be extended to mean DWP. A backdoor for law-enforcement
agencies is also very likely to include HMRC, who were previously expressly denied
access to HES.
HSCIC have also stated: "Where informed consent is not
feasible, a legal basis allowing the sharing of confidential information should
be explored. ... Confidential information can be disclosed to support the
detection, investigation and punishment of serious crime." Releasing
information to support the detection of crime would appear to presuppose
use of Care.Data in fishing expeditions where no crime has been demonstrated to
exist.
Amongst other entities known to have applied for access to
HES, the Care.Data predecessor, are private healthcare companies BUPA and
Doctor Foster and the right-wing think-tank the Institute for Fiscal Studies.
Some of these were refused, some were passed on the nod without ever going to
the full authorisation committee. They do rather aptly demonstrate just how
interesting the data is to a range of commercial interests. And all the while
Big Pharma is waiting in the wings.
WHO Did You Say is Going to Extract the Data? Atos!?!
The contract to run the 'General Practice Extraction
Service', GPES, which will pull the Care.Data info out of GP's medical records
for transmission to HSCIC, has been given to Atos. In theory this should be an
automated process and shouldn't involve anyone at Atos looking at any
identifiable medical records, but in practise problems happen and programmers
may need to look at raw data to understand what the issue is, and they may do
that without ever realising it is an issue. In fairness to HSCIC they gave the
contract to Atos two years ago and probably didn't have a clue how toxic Atos'
reputation would be by now, but even allowing for that it is clear that just
the possibility of Atos and their medical records coming into contact will be
profoundly distressing to many disabled people. I'm certainly not happy with
it, and that is as a software engineer who understands it is an automated
process.
Interestingly the Atos CEO, Thierry Breton, is in the news after describing Big Data as "a digital gold mine, the oil of the future".
The Proof of the Problem is in the People
A few select quotes from the NHS side of the debate:
Tim Kelsey, NHS England National Director for Patients and
Information (and once upon a time founder of private health care informatics
company Doctor Foster, for 50% of which the NHS paid £12.5m):
"No one who uses a public service should be allowed
to opt out of sharing their records" Kelsey seems to have been forced
to back away from this statement in his role at the NHS, but it likely remains
his core belief, and that means any information governance system is likely to
gain only grudging support at best. And a system which isn't supported by the
man at the top is fatally compromised from the start.
"You can object and your data will not be extracted
and you can make no contribution to society" Kelsey answers a critic
on twitter and reveals that his thinking really hasn't changed very much, even
if he has been forced to make concessions.
"If 90 per cent of patients opt out of care.data,
we won't have an NHS." Ridiculous hyperbole is such a compelling
argument, particularly when made to the Health Select Committee, who
immediately call you on it.
Doctor Dan Poulter, Undersecretary of State for Health:
"That's absolutely daft" on being told that
there is a stigma surrounding Mental Health and that information on it needs to
be protected. (In fairness he was addressing the need to develop additional
information on MH, but he did it by dismissing the risk implicit in Care.Data).
HSCIC says access to individual patients records can "enable
insurance companies to accurately calculate actuarial risk so as to offer fair
premiums to its [sic] customers. Such outcomes are an important aim of Open
Data, an important government policy initiative." This is in its own
information governance assessment, which in effect means it thinks there should
be full disclosure of identifiable patient information to commercial entities
for their own gain, effectively no information governance whatsoever.
Interestingly Kelsey has been described by Ben Goldacre as having "drunk
more open-data Kool-Aid than anyone I've ever met".
Sarah-Jane Marsh, Chief Executive of Birmingham Children’s
Hospital, speaking on a panel with Tim Kelsey at Health and Care Innovation
Expo, just last week and after the fiasco became clear:
“Security trumps
patient safety every time. It is our duty to challenge this principle."
Er, no, it is your duty to implement both simultaneously!
Never Fear, Jeremy Hunt Will Save Us
Yeah, right, the Health Secretary has such an unblemished
record on commercialization of the NHS - never an opportunity missed - that it
seems odd that we should be reliant on him to put things right. Having watched
the fiasco unfold, Hunt has decided to ban the release of pseudonymized 'Amber'
data unless there are clear health benefits, and to ban the release of data
for commercial purposes, while subjecting HSCIC to audit by the ICO. The
problem is that HSCIC and its predecessor have repeatedly blurred, or
deliberately obfuscated, the barriers between commercial purposes and health
benefits, the SIAS release being a case in point. There is an upcoming EU
General Data Protection Regulation that should be less subject to ideological
bias towards business, however the Coalition, in the form of Lib Dem Justice
Minister Simon Hughes, have been trying to systematically weaken this. However
both of these fail to address the systematic security risks of concentrating
all patient data in a single national database, creating a Holy Grail for
hackers, security risks once the data is redistributed, and the
whole re-identification issue. A complete solution to the risks these are not. Also,
relying on Jeremy Hunt? Something of an oxymoron.
So What Should I Do Now ?
If you are a hopeless optimist like me, and see value in the
basic aims of Care.Data then hang on for a few months in the hope that HSCIC
pulls off a miracle and gets a proper system of governance in place. As this
involves 1) Jeremy Hunt, 2) Tim Kelsey and 3) HSCIC, all of whom are currently
in denial that there are governance issues at all, then just imagining the
possibility of a miracle is probably hopelessly optimistic, in which case
follow the instructions in the next two paragraphs at some point before Care.Data
goes live.
If you are a realist, concerned about your medical
confidentiality, concerned about any of the organisations listed above trying
to access your medical data, or worried that your health means that you may not
be in a fit state to make decisions in a few months, then my reluctant
recommendation is that you opt out now, and that you opt out the rest of your
family. There is an interesting ethical dilemma for anyone in a guardianship
position, and I wonder if that doesn't mean they are ethically obliged to
opt-out the person they are guardian to, whatever they decide for themselves.
Details of how to opt out of Care.Data are available at
several sites, the clearest explanation I've found, additionally offering the
opt-out letter in multiple formats, is on the Big Brother Watch site.
And Finally
If you read all of this, then you deserve a break, I
recommend the excellent Care.Data Downfall parody.
Tuesday, 4 March 2014
I just got a weird phone call...
Woman from my local Job Centre: We're just updating our notes. So what are your aims?
Me: I thought these kinds of questions were only for people in the Work Related Activity Group?
JC: No, we're asking people in the Support Group. It's because you're in the Support Group that we're doing this over the phone rather than asking you to come in in person.
Me: Well I don't have any aims. Given the state of my health, aspiring to do something would just be false hope.
JC: It says here that you're interested in stand up comedy...
Me: Yes, that's what I used to do before I became too ill to carry on.
JC: Was you like on TV? Or comedy clubs?
Me: I only got to do stand up for two and a half years before I became too ill to carry on. No-one makes it onto TV in only two and a half years.
JC: So, has your health deteriorated?
Me: Not really since my last Atos assessment in December 2012. I've gotten a couple of new diagnoses, but nothing significant.
JC: [slightly concerned] But you're OK though, right?
Me: Not really, no!
JC: OK. That's fine. If you ever come in here ask to see me, [name].
As Latentexistence says:
Edited to add: I should have mentioned that I didn't answer on the first go. During the 30 hours prior to this conversation, she'd tried to call 3 times while I was asleep.
Me: I thought these kinds of questions were only for people in the Work Related Activity Group?
JC: No, we're asking people in the Support Group. It's because you're in the Support Group that we're doing this over the phone rather than asking you to come in in person.
Me: Well I don't have any aims. Given the state of my health, aspiring to do something would just be false hope.
JC: It says here that you're interested in stand up comedy...
Me: Yes, that's what I used to do before I became too ill to carry on.
JC: Was you like on TV? Or comedy clubs?
Me: I only got to do stand up for two and a half years before I became too ill to carry on. No-one makes it onto TV in only two and a half years.
JC: So, has your health deteriorated?
Me: Not really since my last Atos assessment in December 2012. I've gotten a couple of new diagnoses, but nothing significant.
JC: [slightly concerned] But you're OK though, right?
Me: Not really, no!
JC: OK. That's fine. If you ever come in here ask to see me, [name].
As Latentexistence says:
@lisybabe Well that's worrying. They could easily make things much worse if they call some people.
— Tentacle Sixteen (@latentexistence) March 4, 2014
Edited to add: I should have mentioned that I didn't answer on the first go. During the 30 hours prior to this conversation, she'd tried to call 3 times while I was asleep.