If you live in the UK, the chances are you’ve heard about the care.data debate. If you haven’t, this is about a change in how personal medical information is shared. As I understand it, originally GPs have been responsible for protecting information regarding their patients, in compliance with the Data Protection Act 1998. As such, personal data has been stored on secure servers protected by firewalls and passwords, and access is limited to members of the practice team, and on occasion other health care professionals (e.g. District Nurses) on a strict need-to-know basis. A limited amount of patient data is shared at local and national levels to help design health services, but this data is anonymised before it leaves the practice.
This system is being ‘revolutionised’ by care.data, a programme administered by the HSCIC (Health & Social Care Information Centre) which is extracting personal information about all patients in England to a national database. Complete records are being created for each patient in this database, containing not only their medical history, but also their date of birth, NHS number, postcode, and gender. The idea is that this database will help the NHS plan and improve services, and access to some of the contents will be sold to third parties. To be clear, care.data is not about sharing medical information between health care professionals as they will not have access to the database. If patients do not want their data to be extracted and sold on in these ways, they have to get in touch with their GP practice to formally opt out.
There are so many objections to this that it’s hard to know where to begin. Let’s start with patient consent/awareness. This programme has already received fierce criticism for inadequately informing patients of the coming changes, which has spurred the distribution of a leaflet entitled ‘Better information means better care’. It’s highly questionable that this leaflet can be considered to improve the situation, primarily because it says very little about the right to opt out, and does not contain an opt-out form, instead giving the impression that you have to make an appointment with your GP if you object to your information being shared. It might also be added that sending out leaflets is not an effective way of informing patients about such important changes to how their data is stored, because they tend to be discarded as junk mail, but that’s another matter.
By running an opt-out initiative, the HSCIC is assuming that it has the consent of all patients to collect and share personal medical information, but that’s arguably an outrageous assumption if it can be suggested that much of the country doesn’t fully understand what’s going on – and a recent BBC article says exactly that. It is undeniable that at the very least, communication regarding care.data has been confusing, and on that basis the programme should be halted until it can truthfully state that it has gained informed consent from all the patients within its database.
The next issue worth looking at is that of anonymity. The HSCIC states that patient privacy will be protected because names will not be stored, but as stated above the personal information to be extracted includes NHS number, date of birth, postcode and gender. Cross reference this information with something like the electoral roll, and BAM, say goodbye to anonymity. Remember that private organisations will be able to pay for access to data from care.data. It is claimed such data will be ‘pseudonymised’ when it is passed on in this way, but this will be outside your control. Given that withholding your name, but including your NHS number and date of birth is considered to be ‘protecting your privacy’, this worries me greatly. For further insight on how ‘anonymous’ data in care.data could be used to identify patients by third parties, check out this site: care-data.info
So, what is to be done? Well, nothing if you’re happy with your personal information being shared. If on the other hand you’re concerned, you need to get in touch with your GP practice and opt out.
This is hitting the news again today because a GP, Dr Gordon Gancz, has bravely decided to automatically opt-out all of his patients, requiring them to get in touch and opt-in if they do want their information to be extracted by care.data. He contacted all of his patients to make them aware of his decision, and gave them clear instructions and ample opportunity to opt-out. As a result he has been threatened by the NHS and fears losing his job. Apparently this is what happens if you stand up for informed consent, and it is ridiculous.
If you live in the UK, I urge you to take charge of your information by reading up about care.data, and then make your own decision about whether or not you want your details shared in this national database. Don’t let the HSCIC make the decision for you.