Thursday 27 March 2014

#Atos Axed, But Will Their Replacement be Any Better?

Those who fail to learn the lessons of history are condemned to repeat it. George Santayana

The signs have been there for a couple of months, but today it happened, Atos were axed from the Work Capability Assessment Contract by DWP Minister for Disabled People Mike Penning. In a statement that spends rather more time trying to blame Labour and Atos than looking at what actually went wrong, Penning announced that Atos will be replaced in early 2015 by a new contractor. Most Atos personnel are expected to transfer to this replacement, however in the longer term Penning anticipates using multiple contractors "to increase competition"

Tweets by the DWP's twitter account @DWPPressoffice stating "Aim is to drive up the number of WCA assessments and cut waiting time" make it clear that there is no intention to reform the WCA, even though disabled people are unanimous in stating that the core problem is the WCA itself, Atos were just the disablist topping.

The statement indicates that Atos will remain responsible for delivering the WCA until their early exit in 2015, though with a "remedial advisory team" pulling manager's strings.

So what does all this mean for those of us who have to live with the damage WCAs do?

The first thing to note is that they're only changing the monkey, not the organ-grinder. It has been clear for a long time that we have had a dual problem with WCA. Atos were the front-end of that problem, with major issues with the attitude of many of their customer-facing staff (the GMC found it necessary to remind Atos doctors that basic honesty was a professional requirement), and a management that was clearly not remotely interested in whether they were meeting basic needs around accessibility and the like, nor any interest in delivering continuous improvement. But behind that problem was the DWP, the structure of the WCA, and the structure of the WCA contract. Research by Kaliya Franklin revealed just how tight were the norms that Atos were contractually held to be DWP (who insist that a 'norm' is not a target, even if you're only allowed to use some of the WCA provisions for one patient in a thousand). And of course the WCA just kept getting harsher and harsher, with the introduction of the imaginary wheelchair, and a perverse insistence that one problem could not affect someone both physically and mentally. @DWPPressoffice's "drive up the number of WCA assessments" is a particularly ominous note when we know a major part of the problem with WCA has been rushed assessments that haven't looked into patient's situations with nearly enough knowledge or detail.

The only companies in a position to replace Atos are likely the other major outsourcing companies: Capita (busy destroying their own reputation on PIP and court interpreter contracts), G4S (already destroyed their reputation over failing to deliver security for the Olympics, then found to have defrauded the taxpayer over offender tagging - and that's without mentioning the forced sedation in South African prisons or the Australian refugee internment camps, or the deaths in care) and Serco (ditto on the offender tagging and the Australian internment camps, with a side dish of falsifying data on a GP out-of-hours service in Cornwall - a contract that was also axed early). Having seen Atos having their brand turned into a toxic nightmare for brutalising disabled people, none of these are likely to be over-eager to involve themselves in WCA, particularly if it is clear the root problems with the WCA are not being addressed. Equally it is clear that the WCA is now so toxic that Atos are willing to buy themselves out of it and take the reputational damage of having walked away/being kicked off a major national contract, rather than face the ongoing month-by-month, day-by-day damage that goes with being the WCA contractor. However, ultimately money is likely to talk. Capita are probably the company in the best position to take over the contract thanks to their involvement with PIP, however PIP delays are growing month by month (even though it is only addressing a fraction of the cases it was supposed to) and PIP may turn out to be even worse than WCA, but about the best that can be said for them is they haven't had the cases of fraud or abuse of people in their care that the other competitors have had.

Introducing multiple contractors likely has rather more to do with hopes of splitting the blame than Penning's claim he wants competition. By creating multiple targets he may hope to split the focus of the disability lobby, but that ignores the way that disabled people have honed their teeth on destroyed Atos's brand as they became media-savvy protesters through sheer necessity. What was done to Atos can be done to any other company that makes the same mistakes in dismissing the voice of disabled people. Facing the possibility of having your brand destroyed is bad enough for companies that already have image problems, facing that possibility for a fraction of the pot is not going to be a winning argument in their boardrooms. And equally, if there is no one company to take the blame, then DWP may find themselves even more directly in the firing line for WCA failures than they already are.

From the DWP point of view, certainly that of IDS and his coterie, the entire issue is likely timing and the election. By making a fuss of sacking Atos now, they likely hope to create an ideal cover story for everything wrong with WCA that will last them through the election. 'Yes, WCA is a mess, but it was Labour's fault, and see, we sacked Atos, the Great Satan, because we really care about those poor, inspiring, disabled people.' And then after the elections they'll be able to blame ongoing issues on 'teething problems' (and the current DWP ministerial crew will likely have moved on to new departments by then). Disabled people know that the truth is that unless there are radical changes to the WCA (such as scrapping it and having the patient's own GP or consultant write the report), then the same tragic catastrophe will repeat itself, particularly if the incoming company will have to do the same inappropriate test in the same inaccessible buildings with the same problematic staff, but IDS has always been a proponent of denying responsibility for whichever DWP fiasco is in the news this week.

Ironically, while Atos are being summarily kicked off WCA, they are being allowed to retain their PIP contracts, even though PIP shows signs of being an even worse car-crash than WCA - perhaps IDS and Penning want to have someone convenient to blame when PIP fails?

Monday 24 March 2014

Care.Data: In Their Own Words


As a follow-on from my Care.Data: Why Disabled People Should be Worried piece, Kingsley Manning, the Chair of HSCIC (the organisation charged with extracting our medical records from GPs and making them available both inside and outside the NHS) recently gave a speech to the National Health and IT Conference and Exhibition, and it's rather revealing. So, in his own words, this is what HSCIC wants to do in commercializing your medical records:

"It is however timely to point out that there is not necessarily any contradiction between the aims of a commercial organisation and the advancement of the nation's health and social care services. Many of the commercial information intermediaries who make use of our data releases are supporting NHS organisations to plan, transform and deliver their services.

With respect to the pharmaceutical industry, not only does it represent a major contributor to the UK economy, but they are also critical in developing new treatments. It would be perverse if we weren't to support their activities and their endeavours. There could be no better evidence of the effectiveness of health data, shared with us by the patients, than the contribution it makes to crucial break-through in treating deadly diseases.

Quite rightly however, the public are suspicious that these arrangements are in some way unfairly tipped in favour of the profit makers. This suspicion has been fuelled by our innocent lack of transparency. I have no doubt that HSCIC's predecessor organisations were intent on operating in the best interest of the patients of the NHS, but they were working at a different time and without the glare of public interest.

If we are to sustain public trust we not only need to demonstrate that their data is secure and that it is used effectively, but we need to be transparent in everything we do. The current arrangements governing the release of data are undoubtedly confusing and there is inadequate representation of the public voice in our decision-making."

You said it!

And on security:

"With respect to security, and in this I include not just cyber security but also the physical and human security threats, we are a facing a fundamental shift in the level of threat. When I become Chair of HSCIC, 9 months ago one of my first actions was to institute a review of our security arrangements. For more than 20 years I've been running organisations that have been handling sensitive data and I have lived in fear of a major security breach.

Despite that experience I was shocked by the pace and the scale of the developing security risk. Whilst I had been concerned with the lost disc or the stolen laptop, I had failed to appreciate the extent of the risk now posed, whether it's by highly organised, criminal hackers, extremely proficient and motivated activists, or foreign states or ideologically motivated interlopers.

The NHS is reliant on core national information infrastructure and dependent on highly, valuable data assets; we are not immune to these threats.

In the next few weeks we will therefore announce a major strengthening of both the security and IG frameworks for the whole health and social care system."

So if hackers can regularly breach NASA and the Pentagon, who holds out much hope for the good old NHS? Particularly with all the attention Care.Data has been getting, which has to add to the kudos of the first person to hack the system and make the hack public with a massive release of medical records somewhere on the darknet.

And what has the government done since the Care.Data story broke? They've voted down an attempt to make misuse of Care.Data a criminal offence and Jeremy Hunt has promised they won't be caught selling it to insurers again. They propose to do this by requiring there to be a healthcare benefit behind any Care.Data sale, but you can word just about anything to do with health data to have a healthcare benefit, even the SIAS release that brought this into the news could have been worded to claim it would have a healthcare benefit in analysing demographic linkages with particular illnesses, and still give exactly the analysis the insurance industry wanted on links between illnesses and postcodes, at worst they might have needed to hire someone else to do it for them.

Monday 17 March 2014

Fit for Work?

Citizen's Advice are currently in the middle of a nationwide campaign on ESA (Employment and Support Allowance).  ESA is paid to people who are unable to work due to disability and frequently the decisions that have been made about who does and doesn't qualify have been wrong leading to stressful reconsiderations and appeals.  Many people have died after wrongly being found fit for work.  Others have committed suicide due to incorrect decisions and/or the stress of the process.  Citizen's Advice's campaign is called Fit for Work because they hope that if implemented the changes they're calling for will help make ESA fit for work (i.e. fit for purpose).

The campaign is calling for:

  • The Department of Work and Pensions (DWP) should listen to evidence from the health and social care professionals who know you best.
  • The medical evidence required to make your case should be provided free of charge.
  • The companies running the work capability assessments should be held accountable for poor quality assessments or bad customer service.
  • The DWP should continue to pay people ESA while a second opinion is given on their application.


They are doing this in a variety of ways but I wanted to blog about one of them


CABs generate evidence about problems we see.  And they have thousand and thousands of pieces relating to ESA if the evidence submitted just by the bureau I volunteer at is anything to go by (I'm both an adviser and a social policy coordinator so most of the evidence we generate I see before it gets sent to Citizen's Advice head office.).  Those pieces are great for facts.  What when wrong.  When did it go wrong.  How did that affect the client?  But they aren't so good at the more human side of it, how did it make them feel? How did it effect their health?  What happened next, how long did it take to resolve and how did that affect the client? (mostly because in my experience at least we rarely find out the long term outcome)

Citizen's Advice are looking for as many people as possible to share their own stories of ESA in their own words. What it means to live the ESA process. Whether they claim it, they volunteer for a CAB and have helped clients claim it, they've supported friends or family through the process or whatever reason.

 These stories are being gathered on their blog and through the #FitForWork hashtag on twitter.  More stories are still needed and can be submitted here.




Monday 10 March 2014

Care.Data. Why Disabled People Should be Worried


In the eyes of the law, a government department, a university researcher, a pharmaceutical company, or an insurance company is as entitled to request and receive de-identified data for limited access as a clinical commissioning group, as long as the risk that a person will be re-identified from the data is very low or negligible. Furthermore, all such organisations can make good use of the data. Access to such data can stimulate ground-breaking research, generate employment in the nation’s biotechnology industry, and enable insurance companies to accurately calculate actuarial risk so as to offer fair premiums to its customers. Such outcomes are an important aim of Open Data, an important government policy initiative. 
HSCIC Information Governance Statement

When I wrote an article about the risks of Care.Data for disabled people a fortnight ago I put it on my own blog, because I didn't think it overlapped with the disability and benefits focus of Where's The Benefit. Unfortunately the last fortnight has absolutely changed my mind. I now think that not only is Care.Data one of the worst fiascos of the current government, but that it represents a very real threat to disabled people and particularly to the confidentiality of their medical records, so here is a briefing on Care.Data that hopefully will allow you to decide for yourself whether Care.Data is something you need to opt-out of.

This is quite a long piece, and an incredibly messy tale of woe, if you lack the spoons to read all the way through it, I suggest skipping down to the (almost) last section What Should I Do Now, where I give a recommendation on how to proceed.

What is Care.Data?

Care.Data (note the dot!) is a government scheme to integrate hospital and GP medical records in order to make it available for both NHS governance and planning, and research by outside organisations. This will take the form of a huge database to be run by the Health and Social Care Information Centre (aka HSCIC), an NHS agency that replaced the NHS Information Centre (NHSIC) after the Health and Social Care Act 2012 set all this in motion.

See A simple guide to Care.data for a more in depth background at Wired (when a technology magazine files a health service informatics story under 'Politics', you know things are in a mess). There is also the comprehensive http://care-data.info/ which is run by a concerned GP.

(N.B. Care.Data won't include all the consultant's letters, scrawled doctor's notes and other stuff that tends to be haphazardly wedged into whatever kind of folder your GP uses for your records, it will just be the clinical codes that they type into their PC to indicate disagnoses, prescriptions, consultants and the like.)

So That's Good, Right?

In theory, yes. The study of mass health data promises to be absolutely revolutionary (and it's why personally I'm not quite giving up on Care.Data yet). What is an interesting anecdote in one patient's records, such as the slightly odd reaction I just had to Gabapentin, could become the key to understanding a major risk, or a major opportunity, when extended across the entire patient population of England - Scotland, Wales and Northern Ireland are going their own way on this, and Dr. Margaret McCartney (who was behind an excellent expose of the attitudes of Atos towards disabled patients) has an article on why their approaches to the same issue are better, which is available in the BMJ: Care.data: why are Scotland and Wales doing it differently? Potential uses which have been discussed include not just pure statistical research, but using the data for recalls of medical devices (c.f. the 2011 breast implant scandal), and during healthcare emergencies. Less positive is the potential applicability of the data to 'NHS commissioning', i.e. privatisation.

So Why Am I Just Hearing About This?

Initially HSCIC seemed to be of the opinion that we shouldn't worry our little heads about this. The NHS England National Director for Patients and Information, Tim Kelsey, who has an extraordinarily convoluted background in this story, has openly stated in the past that people using a public service should not have the right to opt-out of sharing their data. Having been thumped a few times by, amongst others, the Information Commissioner's Office (ICO), responsible for enforcement of the Data Protection Act (which incidentally Care.Data has partial immunity from), HSCIC agreed to provide an opt-out and to send out a leaflet to every household in the country explaining the issues with Care.Data. This leaflet was duly distributed by the Royal Mail along with all the other junk mail, but most people either never received it or never noticed it, and it was eventually revealed that, unlike most other government mail shots, HSCIC had failed to sign up to the scheme that overrides junk-mail opt-outs. Amongst the people who never saw it was, rather ironically, the Information Commissioner who had insisted it be sent out in the first place. Nor was ICO happy with the content, stating on Today "We’re not sure without further explanation on the website and very clear views, that people will understand what that means”, a statement Tim Kelsey was forced to agree with. Which is hardly surprising as a leaflet supposed to brief people on what Care.Data was, the risks, and how to opt out, consisted solely of a PR puff-piece on how important Care.Data was, no mention of any risks, and an unexplained statement saying that if people wanted to opt-out then they should contact their GP

Assuming their leaflet was distributed at all, disabled people then faced the problem of accessibility. There were Braille, Large Print, Screen-Reader Friendly and Easy-Read versions of the leaflet available, which is good, better performance than we are used to from DWP, but to know about the Accessible versions you had first to read the small print on the non-accessible version of the leaflet.... How people intellectually unable to give informed consent to Care.Data are intended to proceed appears to have been left completely unaddressed. 

There are inline links to the screen accessible versions in the text above, for Braille you need to ring 0300 456 3531 or the text phone number 0208 742 8620 and request the Better Information Means Better Care leaflet, I believe a spoken word version should also be available through the first number. Quickest turn around on delivery of a braille version I've heard of was 5 weeks, other people are still waiting.

The Fiasco Unfolds

The first domino to fall was on Tuesday 18th February, when HSCIC announced that the gathering of Care.Data would be postponed from April to October as there were a few concerns over whether people had been provided with enough data. Computer Weekly, however reported Legal straits forced NHS delay on Care.Data, suggesting that the inadequate information provided to patients meant HSCIC had actually created a situation in which GPs might be in breach of the Data Protection Act if they allowed Care.Data access to their records (even though the Health and Social Care Act 2012 was supposed to have excluded Care.Data from most DPA provisions). Disturbingly there are reports of at least one NHS trust threatening GPs that they would be in breach of contract if they did not opt patients in to Care.Data and that a GP had been ordered to take down a statement on his surgery web-site saying he was concerned with the scheme.

Next domino to fall was on Sunday 23rd February, and it was a doozy. The Daily Telegraph reported that 13 years worth of all records of hospital in-patient admissions from HES, the predecessor to Care.Data, 47m records in all, had been sold to the 'Staple Inn Actuarial Society'  (SIAS), which it turns out is a combination of a) a trade body/professional society for actuaries (the people who do big-data number crunching for the insurance industry), and b) a convenient not-for-profit front for the insurance industry. The Telegraph went on to reveal that the data had been analysed and combined with data from consumer credit companies - meaning that they had been able to narrow cases down to at least post-code areas, to allow insurers to review their prices for health insurance in the case of various health issues (the threat warning sensors of any disabled person who has ever tried to get travel insurance, never mind life insurance, should be twitching already). SIAS's own report made it clear that they had been able to identify individual patients, by saying they were able to link multiple admissions, and then link those patients to consumer credit information, which would have required at least partial post-code matching, but this may have fallen a step short of full identification to a named individual. 

The first response from HSCIC was that the story involved their predecessors NHSIC and in any case was legal (first say it was someone else's fault, then claim there isn't a problem anyway, absolutely classic Cover Your Backside 101). The second response from HSCIC again emphasised that it was NHSIC at fault (never mind NHSIC became HSCIC), but admitted the transaction was illegal, though precisely how it was illegal it seemed to find impossible to explain (it now appears they may not even have taken legal guidance on the issue, so the legal situation is anyone's guess). HSCIC also tried to argue that this was all right as SIAS is a not-for-profit organisation, seemingly completely unaware that not-for-profits are often used as fronts for for-profit organisations, such as in the case of, oh, SIAS and the insurance industry. 

It was later revealed that SIAS paid precisely £2,220 (or should that be 2,220 pieces of silver?) for the data, suggesting no-one in government has the slightest idea of what this information would be worth to Big Pharma and the like (Care.Data apparently charges on a cost-recovery only basis). I don't like having my personal health information ripped off, having it ripped off for a fraction of its value does not make me feel better.

Suggesting a carefully timed story on the part of the Telegraph (and possibly a carefully timed leak by unknown parties), HSCIC was due in front of the Health Select Committee on Tuesday 25th February to discuss concerns over Care.Data, a session which was recorded and which is available here. The performance of Tim Kelsey, Max Jones, Director of Information and Data Services, HSCIC, and Dr Dan Poulter, MP, Undersecretary of State for Health, was thoroughly underwhelming (except when it was overwhelmingly arrogant), whereas the privacy advocates who also appeared were clearly passionate over patient confidentiality, openly accepting of the value of Care.Data and fully on top of their briefs.

The appearance by the HSCIC team was a car-crash, the minister appeared not to know his brief and all three were persistently evasive. It rapidly became clear that they couldn't answer questions on what was allowable because they hadn't yet written their code of practise (for a system supposed to go live in April), something which was required by the Health and Social Care Act 2012 when it created HSCIC and Care.Data. They blamed this on only (only?!?) having had 10 months since taking over from NHSIC. When asked to provide data on previous decisions by NHSIC they equivocated, despite it being the predecessor organisation from which they acquired staff, facilities, and records. When asked to provide access to NHSIC decision makers, who should largely still be working for HSCIC they were even more equivocal. Amid all this farce, being asked why, if it was a NHSIC decision, HSCIC had allowed their logo to appear on the SIAS report, was almost lost in the background noise. One particularly disturbing moment from the disability rights point of view was when Barbara Keeley, MP for Worsley and Eccles South, raised the issue of data referencing patient Mental Health being subject to substantial stigma, the possibility it might end up with potential employers and therefore surely requiring the same protection as AIDS or STD status, only to be told by Dr. Dan Poulter "That's absolutely daft". When the HSCIC team protested that any misuse of data would be subject to fines of up to £500,000 from the ICO, Barbara Keeley noted "That's small change to Big Pharma." (Incidentally the ICO were recently lamenting the inability of judges to understand the consequences of privacy breaches and their refusal to impose realistic fines). The appearance culminated in the witnesses being told by Rosie Cooper, MP for West Lancashire, that she had already opted-out because, pointing at Kelsey, Poulter and Jones, "I don't trust you."

To complete the farce, Public Health Minister Jane Ellison, having told parliament the data released by the HSCIC was "publicly available, non-identifiable and in aggregate form", none of which were true, but amply demonstrating the lack of understanding of Care.Data at ministerial level, had to raise a point of order the following day and apologise for misleading parliament, (at least she did apologise, which is a step up on the usual performance from IDS and the DWP).

As if one catastrophic data release wasn't bad enough, it then became apparent on Monday 3rd March that an even worse one had occurred, with PA Consulting (who have form for losing confidential government data, having once lost a data-stick containing unencrypted data on every prisoner in the country) admitting that they had uploaded the complete HES data-set onto Google in order to see what they could do with it:  NHS England patient data uploaded to Google servers Tory MP says. The fact that they were putting it onto data-servers that weren't protected by UK or EU data-protection law, in likely breach of the Data Protection Act, appears never to have crossed their tiny minds. Initial reports that the data was un-pseudonymised and un-anonymised are now being denied, however reference to producing maps from the data in PA Consulting's own report implies they had at least partial postcode data available.

Care.Data cock-ups appear to be running about one story a day at the moment: a company specialising in geographic information systems (potentially just about a perfect platform for breaking anonymisation) were offering access, for a price, to a system which would show you which hospital people seeking particular treatments had selected, with the implication that this was again HES data. HSCIC had them take the system down, but it was then claimed that they were only using mock data, which would make a) the fact they were charging for access, and b) the fact that HSCIC could make them take it down, particularly bizarre. Another company were offering HES data combined with their information on what sort of people lived in a particular post code. Both these operations would require at least partial post-code information to function, raising definite re-identification worries.

After multiple requests in parliament, HSCIC were finally forced to announce on 5th March that they would release an audit of all information released by themselves or NHSIC, with the HSCIC data out in April and NHSIC in May. 

Amendments have now been proposed to the Care Bill to patch up the Care.Data loopholes, but as the proposal allows releases "for the purposes of the provision of health care" it doesn't actually rule much out - even the SIAS case could have been phrased to imply it was to ensure people with particular illnesses weren't disadvantaged when applying for insurance. 

Pseudonymisation, Anonymization and Re-Identification
When it comes to release of data HSCIC has adopted a traffic-light system. "Green data" is anonymous or aggregated and should be immune from re-identification; "Amber data" contains individual data and is supposed to be pseudonymised before release, and "Red data" is personal and confidential information which is supposed to be anonymised if it is released at all. Both anonymisation and pseudonymisation are supposed to prevent data being reverse-engineered to reveal original identity, but the truth is that re-identification is possible, and in fact the nature of health data will make this rather easier than with other data sets due to the degree of individuality introduced by personal patterns of disability and other health issues.

Identifiable data is only supposed to be released with patient consent, however there is a provision to override this using a 'section 251 approval'. Even opting-out will not guarantee that data is inaccessible in these cases as the data will be harvested from GPs and delivered into the Care.Data database whatever your individual opted-in or -out status, it will simply have a flag applied once there to state if you have opted-out, which will restrict it from commercial and research disclosures, but not from a 'section 251 approval' or the law-enforcement back-doors into the database (it isn't clear if these are using section 251 or another mechanism). Rather disturbingly it came out during the session that there was a group within the NHS dedicated to advising how to arrange a 'section 251 approval' and openly tweeting that it can provide this service.


Transatlantic Data Sharing, Risks and Opportunities (for Lawyers that is)

The Data Protection Act makes it illegal to export personal data outside the European Economic Area (EU + EFTA), but 'Green' data doesn't count as it is aggregate not individual, and 'Amber' data might be exportable given pseudonymisation. There is already a memorandum of understanding in force between HSCIC and the US Department of Health with stated aims that include 'Liberating Data and Putting It to Work' and 'Priming the Health IT Market'.

In theory data exported to the US, which has notoriously lax data protection legislation, is protected under the Safe Harbor agreement between the US and the EU, which mandates that US companies holding data on EU citizens protect it to levels equivalent to EU law. Unfortunately the Snowden revelations have made it clear that the NSA has a tendency to treat US databases as an all-you-can-eat buffet, particularly if that data relates to non-US citizens, and happily shares that data back with its partners in the Five Eyes network (the US, UK, Canada, Australia and New Zealand). Cases of confidential medical data of Canadian citizens turning up in the possession of low-level US officials have already been noted (see Disabled woman denied entry to U.S. after agent cites supposedly private medical details). In practise Safe Harbor may be no safer than Pearl Harbor on the morning of 7th December 1941 and the EU is already considering suspending it to force concessions from the Americans over the Snowden revelations.

Specific Risks for Disabled People

I mentioned I had an odd reaction to Gabapentin earlier. It was actually so subtle I didn't identify it until I came off the drug and realised that there was a change in my behaviour, but in trying to get my GP to understand what it was, and why I wasn't prepared to go back onto Gabapentin, a note was made in my medical records, and that note was 'mild depression'. Now I hadn't once told her I was depressed, I certainly wasn't feeling any more down than usual, but my 'a psychologist would probably call it a lack of agency' wasn't a description she was comfortable with (I'm not sure she even understood it), even if it did describe the sudden fall-off in what I was getting done. So my medical records now say I've had an incident of mild depression, even though I haven't. There is a very real stigma attached to depression in the wider community. It is absolutely normal for people to imply that anyone with depression is inadequate, frequently tied into an allegation that depression isn't a real disability, which no doubt is commonly extended to any other disabilities the person in question may have.

God knows what other inaccuracies are in my medical records, the physical bundle is about six inches thick, and there is the electronic data on top. My GP often brings up potential diagnoses for my main disabilities which were considered and discarded years ago, in some cases decades ago (I stay with her because she's usually, eventually, willing to recognise that I'm an expert patient and know exactly what I need). There is, as I understand it, a theoretical right to examine your medical records and demand that inaccuracies are corrected, but for many of us that may be a right that is effectively impossible to enforce, for instance due to issues of Mental Health or Learning Disabilities, never mind the potential damage in patient-GP relations - always a worry for patients with long term disabilities.

Care.Data is supposed to pseudonymize (Amber data) or anonymize (Red data) individual data. The particular problem faced by disabled people over Care.Data is that many of us are uniquely identifiable by our individual combinations of disabilities. Take me: I have Dyspraxia, Hypermobility Syndrome, Chronic Pain Syndrome, and some of the symptoms of Aspergers, though apparently I don't quite qualify as an Aspie. Now that combination isn't unique, it's probably true for about half the hypermobile types I know, but people with that combination living in my postcode, with my age? Even if you broaden out the postcode (first three characters not all six) and smudge the age into a range, you're probably not going to get more than one hit. If you happen to know who my doctors are, then that data becomes even more identifiable, whether it includes my name and NHS number or not.

This might seem like a fairly obscure concern, but disabled people face massive discrimination in recruitment, making it a real concern as to whether or not we declare our disabilities, or all of our disabilities. Some we obviously have to declare, it's difficult to hide the crutches I walk into the interview room with, but with invisible disabilities this becomes a more nuanced decision. Declare, and somehow fail to get the job, or don't declare, miss out on the legal protection that declaring gives, and face problems when finally it becomes essential to declare? The 'Consulting Association' (and the 'Economic League' before them) famously ran a blacklist for major construction companies such as MacAlpine and Balfour Beatty, listing potential employees who were believed to be union activists, 'troublemakers', or dangerous radicals who wanted health and safety provisions enforced, and this only stopped when they were raided by the Information Commissioner's Office in 2009. It is reported one manager working on the Crossrail project made 900 checks against the blacklist in 2008 alone. With the open discrimination against disabled people by many employers and recruiters it is easy enough to imagine someone with a bootleg copy of Care.Data setting up a black-market disability check service for recruiters and HR execs to access under the counter: 'He declared X, I wonder if that's all? Depression? Oh, really? Well he's out, then...." Even anonymization may not be enough to beat this, breaking anonymisation for one record is difficult, for 65 million sets of records it's a minor automization problem, or a business opportunity. If they do it from the States it isn't even illegal.

The campaign group medConfidential have an article showing what's being done with some of the data that has been released. Full identification from the information shown would be comparatively trivial when done on a mass basis, or with background information on the individual in question.

Ben Goldacre gives an example of how to identify someone even without a prominent disability in his article The NHS plan to share our medical data can save lives – but must be done right (the article is in favour of Care.Data but predates the Telegraph revelations, Goldacre has to be complemented for admitting he was wrong in a second article Care.Data is in Chaos a week later)

GP Trust Issues

A point which has been raised by patient advocates, but seemingly failed to gain any traction in the debate between 'the great and the good' is that this system could result in a huge breakdown in trust between patient and GP. There are already tensions in the system when insurers can insist on access to medical records before issuing a policy, but the potential for outside commercial bodies, law enforcement, or DWP to gain access to extremely private medical data, such as AIDS or STD status, details of mental health or other disabilities, and other information towards which stigma exists such as abortions or teen pregnancy has the potential to cause irreparable loss of trust. Just today I saw a suggestion that Care.Data, and potential exposure of the results to insurers, provided a good reason for refusing to take the blood test for dementia that was in the news.

They're Excluding AIDS and STDs, but Nothing Else?

Care.Data apparently recognises that compromising the confidentiality of medical data indicating AIDS or STDs is potentially disastrous, so proposes to exclude it from release, but, as noted earlier, when asked by  Barbara Keeley on the Health Select Committee if that exclusion should not also be extended to mental health indicators, given the marked stigma around them, Dr Dan Poulter, the junior health minister, responded "That's daft!" 

Disabled people will be well aware that it is not just AIDS status, or MH status that may result in not just stigma but active discrimination, it is the possession of any disability of any kind whatsoever. HSCIC and the Department of Health appear either unaware of this, or simply not to care. Disclosure of any disability information whatsoever has the potential to stop a disabled person getting a job, or to destroy a career, and we urgently need Care.Data to address that.

They Gave My Data to WHO?!?


DWP are reported to have applied for access to HES, the Care.Data predecessor in order "to obtain access to confidential patient data to be linked to information about employment, tax credits and benefits claims". While it is possible that this was in pursuit of high level statistical information, the wording appears to specifically indicate that this was a clear attempt to gain access to individual medical records in order to cross-check with data provided during Employment Support Allowance applications, Work Capability Assessments, or DLA/PIP applications. Any discrepancy would likely then be followed by sanctions, or, in the worst case, prosecutions. HMRC are also reported to have requested and been refused access.

While it is encouraging that these initial requests were refused, the problem for disabled people is that the desire to access Care.Data on the part of DWP has been demonstrated, and HSCIC has shown a clear tendency to approve rather than deny access, associated with a wish to further extend the sharing of information. We cannot be sure that future attempts will be denied.

A Guardian article Police will have 'backdoor' access to health records despite opt-out, says MP, reports that former Shadow Home Secretary David Davis has established in a Parliamentary answer from Dr Dan Poulter that the police 'and other government departments' will be allowed warrantless access to Care.Data. 'and other government departments' most likely means the National Crime Agency and the Security Services, but it could mean DWP, or it could be extended to mean DWP. A backdoor for law-enforcement agencies is also very likely to include HMRC, who were previously expressly denied access to HES.

HSCIC have also stated: "Where informed consent is not feasible, a legal basis allowing the sharing of confidential information should be explored. ... Confidential information can be disclosed to support the detection, investigation and punishment of serious crime." Releasing information to support the detection of crime would appear to presuppose use of Care.Data in fishing expeditions where no crime has been demonstrated to exist.

Amongst other entities known to have applied for access to HES, the Care.Data predecessor, are private healthcare companies BUPA and Doctor Foster and the right-wing think-tank the Institute for Fiscal Studies. Some of these were refused, some were passed on the nod without ever going to the full authorisation committee. They do rather aptly demonstrate just how interesting the data is to a range of commercial interests. And all the while Big Pharma is waiting in the wings.

WHO Did You Say is Going to Extract the Data? Atos!?!

The contract to run the 'General Practice Extraction Service', GPES, which will pull the Care.Data info out of GP's medical records for transmission to HSCIC, has been given to Atos. In theory this should be an automated process and shouldn't involve anyone at Atos looking at any identifiable medical records, but in practise problems happen and programmers may need to look at raw data to understand what the issue is, and they may do that without ever realising it is an issue. In fairness to HSCIC they gave the contract to Atos two years ago and probably didn't have a clue how toxic Atos' reputation would be by now, but even allowing for that it is clear that just the possibility of Atos and their medical records coming into contact will be profoundly distressing to many disabled people. I'm certainly not happy with it, and that is as a software engineer who understands it is an automated process.

Interestingly the Atos CEO, Thierry Breton, is in the news after describing Big Data as "a digital gold mine, the oil of the future". 

The Proof of the Problem is in the People

A few select quotes from the NHS side of the debate:

Tim Kelsey, NHS England National Director for Patients and Information (and once upon a time founder of private health care informatics company Doctor Foster, for 50% of which the NHS paid £12.5m):

"No one who uses a public service should be allowed to opt out of sharing their records" Kelsey seems to have been forced to back away from this statement in his role at the NHS, but it likely remains his core belief, and that means any information governance system is likely to gain only grudging support at best. And a system which isn't supported by the man at the top is fatally compromised from the start.

"You can object and your data will not be extracted and you can make no contribution to society" Kelsey answers a critic on twitter and reveals that his thinking really hasn't changed very much, even if he has been forced to make concessions.

"If 90 per cent of patients opt out of care.data, we won't have an NHS." Ridiculous hyperbole is such a compelling argument, particularly when made to the Health Select Committee, who immediately call you on it.

Doctor Dan Poulter, Undersecretary of State for Health:
"That's absolutely daft" on being told that there is a stigma surrounding Mental Health and that information on it needs to be protected. (In fairness he was addressing the need to develop additional information on MH, but he did it by dismissing the risk implicit in Care.Data).

HSCIC says access to individual patients records can "enable insurance companies to accurately calculate actuarial risk so as to offer fair premiums to its [sic] customers. Such outcomes are an important aim of Open Data, an important government policy initiative." This is in its own information governance assessment, which in effect means it thinks there should be full disclosure of identifiable patient information to commercial entities for their own gain, effectively no information governance whatsoever. Interestingly Kelsey has been described by Ben Goldacre as having "drunk more open-data Kool-Aid than anyone I've ever met".

Sarah-Jane Marsh, Chief Executive of Birmingham Children’s Hospital, speaking on a panel with Tim Kelsey at Health and Care Innovation Expo, just last week and after the fiasco became clear:
“Security trumps patient safety every time. It is our duty to challenge this principle." Er, no, it is your duty to implement both simultaneously!

Never Fear, Jeremy Hunt Will Save Us

Yeah, right, the Health Secretary has such an unblemished record on commercialization of the NHS - never an opportunity missed - that it seems odd that we should be reliant on him to put things right. Having watched the fiasco unfold, Hunt has decided to ban the release of pseudonymized 'Amber' data unless there are clear health benefits, and to ban the release of data for commercial purposes, while subjecting HSCIC to audit by the ICO. The problem is that HSCIC and its predecessor have repeatedly blurred, or deliberately obfuscated, the barriers between commercial purposes and health benefits, the SIAS release being a case in point. There is an upcoming EU General Data Protection Regulation that should be less subject to ideological bias towards business, however the Coalition, in the form of Lib Dem Justice Minister Simon Hughes, have been trying to systematically weaken this. However both of these fail to address the systematic security risks of concentrating all patient data in a single national database, creating a Holy Grail for hackers, security risks once the data is redistributed, and the whole re-identification issue. A complete solution to the risks these are not. Also, relying on Jeremy Hunt? Something of an oxymoron.

So What Should I Do Now ?

If you are a hopeless optimist like me, and see value in the basic aims of Care.Data then hang on for a few months in the hope that HSCIC pulls off a miracle and gets a proper system of governance in place. As this involves 1) Jeremy Hunt, 2) Tim Kelsey and 3) HSCIC, all of whom are currently in denial that there are governance issues at all, then just imagining the possibility of a miracle is probably hopelessly optimistic, in which case follow the instructions in the next two paragraphs at some point before Care.Data goes live.

If you are a realist, concerned about your medical confidentiality, concerned about any of the organisations listed above trying to access your medical data, or worried that your health means that you may not be in a fit state to make decisions in a few months, then my reluctant recommendation is that you opt out now, and that you opt out the rest of your family. There is an interesting ethical dilemma for anyone in a guardianship position, and I wonder if that doesn't mean they are ethically obliged to opt-out the person they are guardian to, whatever they decide for themselves.

Details of how to opt out of Care.Data are available at several sites, the clearest explanation I've found, additionally offering the opt-out letter in multiple formats, is on the Big Brother Watch site.

And Finally

If you read all of this, then you deserve a break, I recommend the excellent Care.Data Downfall parody.

Tuesday 4 March 2014

I just got a weird phone call...

Woman from my local Job Centre: We're just updating our notes. So what are your aims?
Me: I thought these kinds of questions were only for people in the Work Related Activity Group?
JC: No, we're asking people in the Support Group. It's because you're in the Support Group that we're doing this over the phone rather than asking you to come in in person.
Me: Well I don't have any aims. Given the state of my health, aspiring to do something would just be false hope.
JC: It says here that you're interested in stand up comedy...
Me: Yes, that's what I used to do before I became too ill to carry on.
JC: Was you like on TV? Or comedy clubs?
Me: I only got to do stand up for two and a half years before I became too ill to carry on. No-one makes it onto TV in only two and a half years.
JC: So, has your health deteriorated?
Me: Not really since my last Atos assessment in December 2012. I've gotten a couple of new diagnoses, but nothing significant.
JC: [slightly concerned] But you're OK though, right?
Me: Not really, no!
JC: OK. That's fine. If you ever come in here ask to see me, [name].

As Latentexistence says:



Edited to add: I should have mentioned that I didn't answer on the first go. During the 30 hours prior to this conversation, she'd tried to call 3 times while I was asleep.