care.data
Paul Taylor
According to the front page of yesterday’s Guardian, the NHS is to start selling our confidential medical records. Every doctor has a duty to keep patient-identifiable data secure, and only share it as far as is in the patient’s immediate best interests. At the same time, in order to run healthcare organisations or to carry out medical research, it is necessary to compile statistics about diseases and treatments. It therefore makes sense for some information collected in the course of caring for patients to be made more widely available – shared with managers, bureaucrats and researchers – but only if it is anonymised.
In 1997, a company called Source Informatics had the idea of buying data on GPs’ prescribing habits from pharmacists and selling it to drug companies. The Department of Health, concerned that GPs might be so effectively targeted by the drug marketing people that the public purse would suffer, tried to outlaw the practice of selling anonymised patient data. The DH’s lawyers argued that to anonymise the data, the pharmacists first had to access it, which constituted using the not-yet-anonymised data for a purpose to which the patient had not consented. The Court of Appeal wasn’t convinced and ruled that data which can no longer be associated with an individual is not personal data and not subject to the same protections. Given where we now are, it is interesting that they specifically declined to be drawn on the question of whether this kind of trade in patient data was in the public interest.
What happens, though, if data which ‘can no longer be associated with an individual’ can somehow be reassociated with that individual? In 1997, a US agency handed over data it believed to be anonymised describing the medical histories of 135,000 employees of the state of Massachusetts. The data included zip code, sex and date of birth. In Massachusetts you can also buy the voter registration list, which contains those three pieces of information. By linking the two datasets, the medical histories of almost all the named individuals could be ascertained. A recent review of policy in this area by Fiona Caldicott concluded that ‘deidentified but still potentially identifiable data’ should be collected and made available for research and other purposes only within ‘accredited safe havens’. The newly created Health and Social Care Information Centre (HSCIC) is one such safe haven which can, for a fee, provide reputable researchers with strictly controlled access to data collected from GPs and hospitals.
The current government is, to a quite extraordinary extent, convinced that there is money to be made in patient data. Last year, David Willets announced the creation of the £20 million Farr Institute of Health Informatics Research; Jeremy Hunt described the proposal to sequence 100,000 genomes and link them with electronic health records as ‘bigger than the internet’; and David Cameron spoke glowingly of the potential of such research at the launch of a new institute for big data and drug discovery at Oxford University. One reason they are so hopeful is, oddly, that they see the increasingly disintegrated NHS as a potentially integrated source of data, immensely attractive to Big Pharma. Already hospitals have to provide detailed information about their activity to HSCIC in order to get paid. From this year GPs are also being required to upload information about their patients to the HSCIC’s database, known as care.data.
The reason this is making headlines now is that the government was obliged to offer patients the choice to opt out from care.data. Two million pounds has been spent on leaflets that have been bundled with pizza flyers and minicab cards and pushed through letterboxes over the last few weeks. A small number of privacy campaigners – these are busy times for privacy campaigners – are trying to highlight the risks of reidentification. Some GPs have said they will refuse to upload data, even though they are legally required to. Some GPs are actively encouraging patients to opt out. Some of the claims being made here are quite dramatic, so it is worth stating that: names, addresses and obvious identifiers are being removed; access to data in safe havens is strictly controlled; and attempting to reidentify an individual from care.data would be a criminal offence under the Data Protection Act.
Last year the Wellcome Trust published a survey of public attitudes to the use of health in research. Most of us are broadly in favour. Most of us broadly trust the NHS to look after our data well. We want to benefit from the new treatments that such research aims to develop. One concern stands out, though: people don’t like the idea of their data being used to make money, or at least not if the making of money is the primary goal.
Comments
In other words, I don't accept the assurances about controls on access to data and I certainly don't believe that removing names and addresses is enough to anonymise the data.
Commercial data exists in vast amounts: think of the internet service providers plus google for starters. The mere existence of that data was enough for government agencies in the US and the UK to want to get access to it.
Pharmaceutical companies don't just do research, they also have marketing departments which want to do targeted marketing. They have commercial relationships with other companies. The basic setup of this is that commercial companies will have access on a research basis. The barrier to stop other uses is unavoidably weak.
Second, if the NHS is concerned about the efficacy of various treatments, I would respectfuly point out that this whole initiative is based on a false premise, and that is that the medical profession has a general procedure for assessing the efficacy of any treatment. It is not generally a Standard Operating Procedure within medicine (certainly not general practice) to monitor how effective various treatments are. The only way that a physician knows if the treatment is innefective is if that it does not work, and the patient re-appears for further treatment.
My third reservation concerns confidentiality, and there are three components to this. First. the initiative claims that it will not be possible to identify individuals from the information that is uploaded. This is ingenuous to the point of being mendatious. How many people of my age, with exactly my medical conditions, are there in my Post Code? My guess would be only one or two at most! Second, it is also quite likely that this information would be available to 'NHS staff': this would comprise several hundred thousand people, and this really means everybody.
Third, the data will be available to 'carefully selected researchers', and this must mean commercial enterprises. Anybody with any knowledge of Big Pharma' would be justifiably suspicious of this. It would be reassuring, of course, if large pharmaceutical companies were out more open about releasing the results of their researchers than they are at the moment. As far as I know, not many pharmaceutical companies have followed the lead of GSK in this.
These are just a few misgivings. One could go on about the coding the records, information being available to insurance companies, data security (pace Bradley Manning and Edward Snowden) and whether the software will actually work at all!