NHS care.data still leaks like a sinking ship, but ministers set sail regardless

‘We’re not sinking, we’re just naturally low in the water.’ boat by Roberto Castillo/shutterstock.com

NHS care.data still leaks like a sinking ship, but ministers set sail regardless

‘We’re not sinking, we’re just naturally low in the water.’ boat by Roberto Castillo/shutterstock.com

NHS chiefs are pressing ahead with an IT programme that will share identifiable patient records and GP data for uses including medical research, despite it being red-flagged as “unachievable” by a watchdog.

The NHS England care.data programme is among the major projects given the worst rating by the Cabinet Office’s Major Projects Authority review, alongside other NHS projects including the Health and Social Care Network (HSCIC) and NHS Choices. The project to build an essential component of this was found by the National Audit Office to be incomplete and represented a “loss of public funds”.

The care.data programme was put on hold in February 2014 following a torrent of criticism which prompted a House of Commons select committee inquiry. Concerns included security and informed consent, the sale of data to commercial companies including insurers and “information intermediaries”, false claims that anonymity could be guaranteed and a complete lack of clarity on the scope and purpose of the project.

In fact the programme resembles a textbook example of the failures and problems that have bedevilled many government IT infrastructure projects. It was flagged red in the previous review and even now – years after the project began – the report remarks that the business case is still “in the progress of being developed”.

The NAO paid an interim visit in 2013 to monitor problems with the GP data extraction system (GPES), which manages the provision of data to NHS and third parties. This week their final report stated that GPES was significantly delayed, unlikely to ever provide the NHS-wide service planned, and led to costs more than tripling.

However, ministers are pressing ahead with care.data anyway. Communications with patients from Blackburn with Derwen, the first care commissioning group to be selected for a trial, recently announced that care.data would be starting “at the end of June”. Further delays are likely given what we now know about the readiness of the software. Three more areas are due to join this year, with the rest of England to follow after a satisfactory evaluation.

Re-arranging deckchairs

The care.data project’s imminent start might suggest that its many problems have been addressed – unfortunately not. Much has happened, very little of substance has changed, and most problems remain. The programme’s leader, Tim Kelsey, still thinks it was all just a communication problem, and that the benefits have been undersold.

One of the more visible changes is the creation of the National Information Board (NIB) within the Department of Health, focused on applying the benefits of data and information technology to the NHS. The somewhat overreaching sound to its name suggests that perhaps health minister Jeremy Hunt and Kelsey, chair of the NIB and the care.data Programme Board, and the NHS England’s national director of patients and information, know something we don’t about the government’s data sharing agenda. Yet the NIB data plans for the next five years barely acknowledge the many failures of the programme’s original plan.

Medical data might be safer strung on a lanyard than in a database. comedynose, CC BY

Transparency and oversight

The most promising step forward was the appointment of Dame Fiona Caldicott as the national data guardian in November 2014. Highly respected in the field of medical data ethics, her report in December raised 52 questions on care.data that needing answering.

We don’t know if they’ve been answered satisfactorily, because answers were drafted for a programme board meeting earlier this year and have not been made public – nor even shared with the care.data Advisory Group. This complete failure of transparency (never mind its promise to share papers and minutes) is one reason to hold little confidence in care.data or those running it.

Consent and information

The lack of informed consent for patients about what would be done with their data was the main reason given for putting the programme on hold. But this still hasn’t been fixed.

Some 700,000 people thought they had opted out of any sharing of their data for any non-clinical purposes. But the Health and Social Care Information Centre, which provides data and statistics on the NHS and under whose remit care.data falls, told parliament that these people would therefore miss out on some preventative, clinical screenings – contrary to assurances. And while this opt-out was promised by Hunt in 2013, the NAO report tells us the parts of the GPES software dealing with opt-outs have yet to undergo any testing. It’s not only the implementation that lags far behind the promises: as things stand, the opt-out also still lacks any legal basis.

The same lack of legal basis applies to Caldicott’s role as national data guardian (now expected to begin in 2016 by NIB), the promised sanctions for abuse or misuse of health data, and the legal safeguards on data sharing promised following the 2014 public consultation.

Security and privacy

It looked as if, following the response to the Partridge Report of HSCIC data sharing, the approach to privacy and security issues relating to sharing with commercial organisations would improve. In practice, however, medical data is still shared with analytics firms, intermediaries and data brokers like Experian. Even proposals to restrict third parties' access to data to secure data facilities (similar to those for census data), which would alleviate many privacy concerns about misuse of highly sensitive individual-level personal data, are being watered down.

The debate on responsible use of medical data has evolved over the last few years, leading to the Nuffield Bioethics report on the use of healthcare data. Yet despite all the greater understanding we’ve gained, those cheerleading for large-scale commercial exploitation, including Kelsey and minister for life sciences George Freeman, haven’t changed their tune in the slightest. For example, they still advocate sharing genome data without acknowledging the privacy risks.

It’s the complete absence of any political will to divert the ship from this dangerous course that’s perhaps the biggest worry of all. Organisations well-versed in the issues such as medConfidential have suggested constructive solutions to salvage something from the care.data debacle; it seems no one in the Department of Health or NHS England is listening.