For a couple weeks, Radio 4’s PM has been sharing dreadful worries over care.data, an NHS initiative to collate our medical records into a single database. Every caller I’ve heard has complained, and is scared about their data. My own reaction is conflicted.
I used to work as an evangelist for a company that advocated open data. I believe that opening up data tends to enable progress. You know that quick-fire game where you say the first thing that comes to mind? If you said: “open data,”
I would say: “accountable government,” or “better research.”
Actually, I would probably say: “wait, what?” – I’m not as eloquent in real life without a text editor.
Also, a hero of mine, Ben Goldacre, wrote about care.data, pointing out that this data could absolutely save lives.
We learn how to save lives by studying huge datasets on the medical histories of millions of people. This information helps us identify the causes of cancer and heart disease; it helps us to spot side-effects from beneficial treatments, and switch patients to the safest drugs; it helps us spot failing hospitals, or rubbish surgeons; and it helps us spot the areas of greatest need in the NHS.
He highlights some of my conflict by saying that there are problems with the way the scheme has been launched, and it hasn’t taken into consideration the concerns we have about privacy, security and access. Dr. Goldacre concludes that we should watch and wait before opting out.
But I have decided to opt out of care.data, and tweeted about it quite strongly.
This is why.
They haven’t told me enough about who gets access to my private, medical information.
All the information you need to make your decision about whether you want to opt out of care.data is in a leaflet (link to pdf). And it says:
We will use information such as your postcode and NHS number to link your records from these different places. Records are linked in a secure system so your identity is protected.
Then, it says:
We sometimes release confidential information to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.
So, wait: Who are these researchers? When has this happened in the past? Who are the researchers you have in mind for the future? If I find out you’ve sold a bunch of care.data to a private company, will I be able to opt out then?
It doesn’t say.
In other news, The NHS sold health record information to a big insurance company.
Dr. Goldacre talks about health insurance concerns with care.data being a bit of a red herring. If you have private health insurance, you give them access to your records anyway. Right, but this is a different kettle of herring. I don’t trust the NHS not to sell this data to companies who exist to make a profit – because that is a fundamental conflict of interest. I don’t have a problem giving my own medical insurer (disclosure: I haven’t got any private health insurance) my medical history. But I do have a problem giving an unknown corporation access to my info.
Care.data risks are not laid out.
Information will be “pseudonymised,” which means that each record will be given a fake name. So Joe Bloggs will have the same medical history as me, but won’t be called Zach.
But, pseudonymised data has risks (read about inference attacks). It is possible (and it’s been done) to work out the link between a pseudo-human and a real person.
I also wonder what the leaflet says it will do to make sure the data is securely stored. Hmm…
We are very careful with the information and we follow strict rules about how it is stored and used, and have a thorough process that must be followed before any information can be shared.
Oh, that’s fine then. They promise to be careful with it.
So, I have a quick search for “NHS data leak.” What I find is story after story of bad things done with data by the NHS.
Is this a fair assessment? No. It’s a search of news stories using a leading query. Sorry. But I want to know about this. I want to know how the NHS will keep care.data safe, secure and out of the hands of unknown people.
From the way I understand it, the risks of data breaches or inference attacks tend to be small for most individuals. But they are not covered by the NHS Leaflet.
Opting out is the only stone I have to throw, isn’t it?
I want the NHS to look at its data more thoroughly. I want them to be able to do deep, important meta-analyses on health records, outcomes and practices. I want them to save lives through data.
But I don’t trust the way they’ve set up this scheme, and there doesn’t seem to be a better option than to opt out.
The scheme to put the data online has been delayed for 6 months, following criticism from some important bodies (like The Royal College of GPs, the British Medical Association and patient watchdog Healthwatch England).
Dr. Goldacre asks us to hold fire on opting out. Wait until closer to the time, and see what happens. But I’m not a GP (Ben is), I’m not a columnist (ditto), nor am I a member of a watchdog (I don’t think owning a spaniel counts, right?) I feel that my opt-out is as close to a protest vote as I’ve got.
Alongside this, a lot of people will forget to re-open the issue in 6 months. People collectively forget things – even important things. I think waiting is a bad idea because of this.
So, I used Fax Your GP to opt out.
Update, it looks like Ben Goldacre thinks it’s too much of a mess now.
— Ben OutdoorsOnly Goldacre (@bengoldacre) February 25, 2014