A recent Guardian story has caused yet another kerfuffle about data privacy and the care.data programme. The story has been widely repeated elsewhere, stoking paranoia about the incompetent government's inability to keep our medical records private even when we object to the sharing of the records to third parties. But the story is inaccurate, paranoid bollocks as any journalist with the wit to read the original source should have realised.
The original Gruaniad story was headlined:
NHS details released against patients' wishes, admits data bodyand claimed:
The body responsible for releasing NHS patient data to organisations has admitted information about patients has been shared against their wishes, it has emerged. Requests by up to 700,000 patients for details from their records not to be passed on, registered during preparations for the creation of a giant medical database, have not been met.
Many other media outlets repeated the same story, often just referencing the Guardian. ArsTechnica, for example, told it like this:
The Health and Social Care Information Centre (HSCIC) has admitted to MPs that the medical details of 700,000 patients could have been shared to organisations and companies, despite the fact that those patients opted out from NHS England's medical database Care.data.Their source was the Guardian. They proceeded to traduce the competence of the HSCIC and stoke more fear that the system is incapable of handling data confidentially. They also repeated the accusation that the data had been sold to insurance companies though the Guardian subsequently redacted this claim from the online article.
The problem is that the author of the story was too keen to get a shock headline to bother to read the actual evidence presented by Kinglsey Manning (the HSCIC's chair) to the Health select Committee. The crucial paragraph in the actual letter says:
In February 2014 the Care.Data Programme was 'paused' and since that date no data extraction from GP systems has been undertaken as part of that programme. In the absence of any such extraction, the HSCIC had no information from the Programme, either on the objection preference of any individual who has registered a Type 1 or Type 2 objection with their GP, or the number of individuals who have done so.The rest of the clarification points out that the real problem isn't about data being released when patients have objected (care.data hasn't released any data, i'll repeat that in capitals for other journalists who assume the Guardian does fact checking, NO DATA HAS BEEN RELEASED). The problem is that the way objections were originally going to be processed would result in patient data not being shared with anyone, even things like national screening programmes who need to contact patients to tell then they are due for screening. In other words it is hard to differentiate your objection to sharing your data with evil private capitalists or researchers from the need to share your data with beneficent public sector doctors who need your data to give you better care. And it is a future problem not a current one as the HSCIC hasn't started the programme properly yet.
My purpose here is not to pretend that the HSCIC is totally competent and whiter than white. They are not. The care.data programme has not been handled well and their administrative processes are a mess. To be fair on them this is mostly because they are dreadfully underfunded because, after all, why would we need high quality data to work out which drugs work, or which surgeons don't kill too many patients, or which ways of running the NHS lead to higher quality care: we can rely on trading clichés via newspaper headlines for doing that. And newspaper headlines don't cost the government money, unlike high quality secure data.
But it is worth pointing out that, for all its faults, the HSCIC has never harmed patients by releasing their data to people who shouldn't have it. The Partridge Report on the shoddy administration of HSCIC data released couldn't actually find any examples of harm. Yet the HSCIC take the flak even for things they didn't do (GPs and Hospitals leak your identifiable personal data fairly regularly in ways which are sometimes harmful yet little attention seems to be devoted to that serious problem in comparison to the acres of newsprint devoted to care.data. And the Health Select Committee tends to blame the HSCIC for leaks cause by GPs and Hospitals even though it clearly isn't their fault).
The HSCIC needs to do a better job. Public confidence in the use of medical data is vital to ensure the NHS has the data necessary to improve care and become more productive. And it should get the funding it needs to do whatever it takes to achieve this.
There is plenty in the various repositories of NHS patient data that can be used to improve the NHS. And the NHS is not so close to perfection that it doesn't need to improve. The HSCIC has a vital role to play in making joined up data available to the people who will analyse it to drive better quality and higher productivity. they need to do a better job of making data available while keeping it secure and they need the funding to achieve those goals and the funding to persuade the public that they are balancing confidentiality and improvements to care.
But it is shoddy journalism and poor research to accuse them of releasing data against patient choices when they haven't released any data. And this paranoia seriously damages the ability of the NHS to learn how to improve the quality and productivity of the care it offers.