Monday, 24 March 2014
Care.Data: In Their Own Words
As a follow-on from my Care.Data: Why Disabled People Should be Worried piece, Kingsley Manning, the Chair of HSCIC (the organisation charged with extracting our medical records from GPs and making them available both inside and outside the NHS) recently gave a speech to the National Health and IT Conference and Exhibition, and it's rather revealing. So, in his own words, this is what HSCIC wants to do in commercializing your medical records:
"It is however timely to point out that there is not necessarily any contradiction between the aims of a commercial organisation and the advancement of the nation's health and social care services. Many of the commercial information intermediaries who make use of our data releases are supporting NHS organisations to plan, transform and deliver their services.
With respect to the pharmaceutical industry, not only does it represent a major contributor to the UK economy, but they are also critical in developing new treatments. It would be perverse if we weren't to support their activities and their endeavours. There could be no better evidence of the effectiveness of health data, shared with us by the patients, than the contribution it makes to crucial break-through in treating deadly diseases.
Quite rightly however, the public are suspicious that these arrangements are in some way unfairly tipped in favour of the profit makers. This suspicion has been fuelled by our innocent lack of transparency. I have no doubt that HSCIC's predecessor organisations were intent on operating in the best interest of the patients of the NHS, but they were working at a different time and without the glare of public interest.
If we are to sustain public trust we not only need to demonstrate that their data is secure and that it is used effectively, but we need to be transparent in everything we do. The current arrangements governing the release of data are undoubtedly confusing and there is inadequate representation of the public voice in our decision-making."
You said it!
And on security:
"With respect to security, and in this I include not just cyber security but also the physical and human security threats, we are a facing a fundamental shift in the level of threat. When I become Chair of HSCIC, 9 months ago one of my first actions was to institute a review of our security arrangements. For more than 20 years I've been running organisations that have been handling sensitive data and I have lived in fear of a major security breach.
Despite that experience I was shocked by the pace and the scale of the developing security risk. Whilst I had been concerned with the lost disc or the stolen laptop, I had failed to appreciate the extent of the risk now posed, whether it's by highly organised, criminal hackers, extremely proficient and motivated activists, or foreign states or ideologically motivated interlopers.
The NHS is reliant on core national information infrastructure and dependent on highly, valuable data assets; we are not immune to these threats.
In the next few weeks we will therefore announce a major strengthening of both the security and IG frameworks for the whole health and social care system."
So if hackers can regularly breach NASA and the Pentagon, who holds out much hope for the good old NHS? Particularly with all the attention Care.Data has been getting, which has to add to the kudos of the first person to hack the system and make the hack public with a massive release of medical records somewhere on the darknet.
And what has the government done since the Care.Data story broke? They've voted down an attempt to make misuse of Care.Data a criminal offence and Jeremy Hunt has promised they won't be caught selling it to insurers again. They propose to do this by requiring there to be a healthcare benefit behind any Care.Data sale, but you can word just about anything to do with health data to have a healthcare benefit, even the SIAS release that brought this into the news could have been worded to claim it would have a healthcare benefit in analysing demographic linkages with particular illnesses, and still give exactly the analysis the insurance industry wanted on links between illnesses and postcodes, at worst they might have needed to hire someone else to do it for them.