One of the most cynical mantras ever to emerge from UK politics was the idea that “this would be a good day to bury bad news”, an appalling sentiment expressed by a government press officer as the Twin Towers collapsed on 9/11.
The press officer in question paid for the line with her job, but the basic sentiment remains, as evidenced yesterday when, with all eyes focused on the long-awaited Chilcott Report into the Iraq War, the government quietly scrapped its controversial NHS care.data program.
As the mainstream media struggled to digest the 2.6 million words in the Chilcott Report, the Department for Health opportunistically published the Review of Data Security, Consent and Opt-Outs, from national data guardian (NDG) Dame Fiona Caldicott
The idea behind care.data was to create a single database containing healthcare information on every NHS patient in the UK. This was a source of controversy from the start, with critics citing privacy and security concerns, while others warned that data might end up being sold off to private sector firms.
It was halted by ministers in February 2014, less than a fortnight before the first patient records were due to be extracted, after complaints that patients had not been sufficiently informed about the scheme. The Caldicott review was commissioned as a direct result.
For her part, Dame Fiona concludes that trust in the way personal data is used by the NHS has been “eroded” and efforts must be made to engage with citizens and show them the benefits of data sharing, saying:
Everyone who uses health and care services should be able to trust that their personal confidential data is protected. Unfortunately trust in the use of personal confidential data has been eroded and steps need to be taken to demonstrate trustworthiness and ensure that the public can have confidence in the system.
My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests. Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring. They must be offered a clear choice about whether they want to allow their information to be part of this.
The Caldicott review has been the tipping point for cancellation of the once-flagship scheme. Health minister George Freeman confirmed:
In light of Dame Fiona’s recommendations, NHS England has taken the decision to close the care.data program.
But he indicated that the government intends to return to the basic idea behind the scheme:
The government and the health and care system remain absolutely committed to realising the benefits of sharing information, as an essential part of improving outcomes for patients. Therefore this work will now be taken forward by the National Information Board, in close collaboration with the primary care community, in order to retain public confidence and to drive better care for patients.
Dame Fiona has produced an eight point model of fundamental principles and beliefs that needs to underpin any future iteration of a care.data-type scheme:
- Patients are protected by law so their data can never be used for marketing or insurance purposes, without their consent.
- Information is essential for high quality care, but patients ask healthcare provider not to pass on particular information to others involved in providing care.
- Information is essential for other beneficial purposes and helps helps the NHS and social care organisations to provide the right care in the right places as well as enabling research to develop better care and treatment.
- Patients have the right to opt out.
- An opt-out will be respected by all organisations that use health and social care
information and applied across the health and social care system.
- Explicit consent will continue to be possible for participation in specific projects, for exampe, even if a patient has generally opted out.
- The opt-out will not apply to anonymised information.
- Arrangements will be made to cover exceptional circumstnaces, such as over-riding public health interest or a legal requirement to share information.
For the opt-out, the recommendation is for a two-part consent/opt-out approach which would allow an individual to opt out of her or his data being used for purposes connected with providing local services and running the NHS and social care system. In a separate decision, the individual would be able to opt out of her or his data being used to support research and improve treatment and care.
Dame Fiona also calls for widespread public consultation around the consent/opt-out approach and recommends that alongside the consultation, there should be further testing to find out whether people would prefer to have more than one choice, and to develop the wording of the question.
On the subject of the technology underpinning care.data, the Caldicott review emphasizes:
Technology brings huge benefits: reducing the process burden on users, speeding up services and connecting disparate information to enable better quality of care. It also makes it possible to record every time that people’s personal confidential data is accessed and used, allowing for audit so that correct processes can be enforced.
However, technological advance has the effect of making the potential impact of breaches greater, both in terms of the quantity of people’s data affected and the amount of information at risk. It is essential that the security benefits of technology are used to counteract the security risks that technology can bring.
Due to the growing threat from external cyber-attacks, Dame Fiona identifies the need to tackle the issue under three leadership principles:
- People: Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles.
- Process: Ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses.
- Technology: Ensure technology is secure and up-to-date.
From a technology perspective, that means:
- No more use of unsupported operating systems, software or internet browsers. The review noted that some local IT systems in the health and social care sector are ageing, unsupported by their providers and simply not designed to feature modern security controls or to cope with large volumes of data and multiple users.
- There must be a strategy in place for protecting IT systems from cyber-threats and that strategy has to be based on a proven cyber security framework, such as Cyber Essentials, and be revisited at least once a year,
- IT suppliers must be held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.
Ignoring the appalling cynicism of using the smokescreen of Chilcott to can a flagship controversial program, Dame Fiona's conclusions and recommendations are uniformly sound.
The basic idea behind care.data is solid enough in a data-driven world in search of modern healthcare, but the potential for abuses must be addressed. Above all, the case for information sharing needs to be made to the general public and the argument won before going any further.
It's welcome that tech suppliers are going to be held accountable for data in their care. On the upside for the vendor community, the recognition that so many NHS systems are built on out-of-date tech means a lucrative sales opportunity.