NHS record sharing opt-out

shop deals on amazon
Shop deals on ebay
Advertise with us
The Homebrew Forum

Help Support The Homebrew Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
O

oldbloke

Regular.
Joined
Mar 16, 2011
Messages
300
Reaction score
18
Friend of mine is a GP and reckons we should all opt out
Another friend does various IT stuff (including security) for organisations that deal with the NHS, and sometimes the NHS itself, and reckons there's no chance the data will be secure after sharing
And it's not being anonymised, it's being pseudonymised, which is pants, basically.

Quick easy opt-out:
https://www.faxyourgp.com
 
The fact that its pseudonymised means that re-identifying the patient requires the data to be re-combined to track back. That will be illegal and although there are occasional times where companies wilfully act illegally (e.g. phone hacking) they are very rare. The fact that its possible is a safeguard as if research highlights patients who need contacting for medical reasons its possible for the NHS to recombine the data and contact them. As it stands if a company is hell bent on acting illegally then they already have the ability to employ hackers to steal this data so I don't see the risks of wilfully acting illegally as being any more significant than already exists.

The data has been collated and used to spot trends and highlight problems for years without incident the fact that it could be sold to drugs companies and universities IMO should be seen as a positive. As it stands the NHS does no medical research, it conducts clinical trials paid for by drugs companies and that's about it. The better the data that R&D departments of companies and universities has to work with the better the outcome tends to be.

The fact that the data is being paid for is only right as the drugs companies will do better because of it, but so will the patients so its a win win situation IMO.

The situation with data being sold to insurance companies is slightly more tricky, but insurance is a business which works on risk. So if there are highlightable trends that show increased or decreased risk factors then thins like life and term assurance premiums and key man cover are likely to reflect that, both up and down as companies compete for business. Basically it will take out a lot of the data.

I understand the concerns but I've spent some time reading up on this after listening to a good debate on R4 about it and it strikes me that there is a lot of tin foil hat paranoia going on which could well stand in the way of some significant advances in medical research. What is privacy anyway? Cookies track our movements online, if you have a loyalty card supermarkets know your preferred brand of condom, credit referencing agencies know if you were late paying your store card bill in March 2007. Cancer Research UK and other leading medical research charities are urging us not to buy into this knee jerk reaction by opting out and I'm with them on this.
 
Jeltz said:
...I understand the concerns but I've spent some time reading up on this after listening to a good debate on R4 about it and it strikes me that there is a lot of tin foil hat paranoia going on which could well stand in the way of some significant advances in medical research.
Click to expand...

I'm not totally against it in principal but I am with the way it has been implemented, communicated and how difficult it is to opt out.
 
That was my first reaction, however I was considering what would happen if research identified say 7,000 "records" with a significantly increased risk of Pancreatic cancer which is one of those that is treatable if caught early.

Now if that happened but there was no way of tracing back the information then its a hugely wasted opportunity. It would be a case of we know they are out there but we don't know who, that would lead to a massive influx of people contacting their GP wondering if they are one of the 0.01% of the population affected and place an even greater burden on the NHS.

Where as if that data can be re-combined and those 7,000 people contacted, tested, monitored and treated early if they develop the cancer then that has surely got to be the way to go. Not only for the benefit of the patient but also as its generally cheaper to treat something than manage a terminal condition through living with it and on into palliative care.

My wife has Arthritis and as had since her late 30's, my brother in law died at 58 from cancer, my father had heart disease. I'm in favour of better medical research and as far as I'm concerned the theoretical risk of breaches in privacy from illegal activity is less than the potential benefit to society.
 
I was in two minds for a long time - lots could usefully be done with some analysis of the pooled data.
But in the end, given Snowden etc, I feel the pseudonymisation will be ineffectual. The data will end up with people I'd prefer not to have it, and they'd know whose it was.
And some of them will be the health insurance companies controlling access to all but most basic medical needs after the current dismantling and commercialisation of the NHS.
A little paranoid, perhaps. But, maybe not.
 
But the health/life insurance companies won't pay out if you don't disclose everything that's in those records anyway!

This stuff is pretty benign IMO. The sad thing is that the scenario that Jeltz puts forward about them finding stuff out that will directly help you is, as I understand it, not going to happen.

To benefit directly from your own data it would only contribute to the statistical analysis that identified a trend or pattern, then that template given back to the NHS an applied would highlight you personally. I don't think there would be any way that tracking back through the pseudo-anonymity, you would have to be re-identified by the model produced as tracking back is just too dangerous from the Data Protection angle.

It might help you though, you just never know. I'm staying in unless I hear some really credible threat.
 
Jeltz said:
That was my first reaction, however I was considering what would happen if research identified say 7,000 "records" with a significantly increased risk of Pancreatic cancer which is one of those that is treatable if caught early.

Now if that happened but there was no way of tracing back the information then its a hugely wasted opportunity. It would be a case of we know they are out there but we don't know who, that would lead to a massive influx of people contacting their GP wondering if they are one of the 0.01% of the population affected and place an even greater burden on the NHS.

Where as if that data can be re-combined and those 7,000 people contacted, tested, monitored and treated early if they develop the cancer then that has surely got to be the way to go. Not only for the benefit of the patient but also as its generally cheaper to treat something than manage a terminal condition through living with it and on into palliative care.

My wife has Arthritis and as had since her late 30's, my brother in law died at 58 from cancer, my father had heart disease. I'm in favour of better medical research and as far as I'm concerned the theoretical risk of breaches in privacy from illegal activity is less than the potential benefit to society.
Click to expand...

I'm with you on this one.

While I don't think insurance companies will ever adjust down, only up, I don't really believe there is such a thing a privacy anymore in the sense that if anyone wants to know something they'll be able to get it whether legally or illegally, and there doesn't seem to be a whole lot done if someone acts illegally.

I think that something positive could come from this sharing of information in terms of improved treatments. For now, I'm in.

Dennis
 
If anyone hasn't yet made up their mind I would recommend you read the comments on the NHS article here - http://www.nhs.uk/NHSEngland/thenhs/rec ... -data.aspx

It raises many more questions that you know will result in a total clusterfeck.

ATOS (as in 'They don't give') are rewarded with another multi-million pound contract after some previous epic failures.
Sorry but I must be getting more skeptical when I think that big pharmas are not after this data for the good of mankind :roll:
Data security is just not taken seriously in this county I'm afraid.
 
anthonyUK said:
Sorry but I must be getting more skeptical when I think that big pharmas are not after this data for the good of mankind
Click to expand...

No, you aren't. The big pharmas are in it for the shareholders. It just so happens that they generate profit to pay the divvies from stuff that does benefit mankind. Basic premise of the slim majority of businesses. Produce stuff that people want such as to turn a profit.

Insurance companies are, of course, excluded from this definition as they are just a bunch of robbing f**kers. Mostly legalised robbery, often state sponsored robbery!
 
I'm in Wales, so my privacy is still intact.

Had I still been in England I'd have opted out, for the very simple reason I do not trust HM Govt to keep any data secure, the fewer places they hold data on me the better.

As to trusting big business, please, grow up if you think any big business has any individual's best interests at heart, they exist for one reason only, to make money, from their perspective we exist only to supply them with that money.
 
So why give us the choice to opt out if it's so secure? Which government agency is ensuring security compliance is being met, until I have some assurance that my data is being treated securely I'm out.

That is not an argument against the benefits of what the data could bring, I don't understand what they are, nor have I been presented with any (other than in this thread), therefore it seems like plain old fashioned common sense in this data age to opt out of most 'tracking' via electronic means.

Why have they decided to opt us in by default and made it difficult for us to opt out? I believe I have to contact my GP and ask them to opt me out or something, it's all done by stealth.

Why not opt us out by default and then ask us if we want to be opted in and then provide some good arguments for doing so?

You only have to look at the cluster that is HMRC at the moment to realise that the introduction of new systems without proper controls and testing being in place beforehand cause havoc (ref RTI).

It's not necessarily the 'NHS' or the companies that legally access your data that might be a problem, it's the custodians of the data who happen to be commercial IT Services companies that just implement systems at lowest (read long-term highest) cost, loss of data it happens time after time because of incompetent management throughout government departments and the companies that serve those departments. Also remember that service contracts change on a regular basis between different companies, quality can suffer leading to more data breaches.

The NHS is an underfunded, undermanaged behemoth with a history of failures, IT failures and data breaches are endemic in government, even those agencies with the highest levels of security suffer major and publicly embarrasing data leaks, no department can be trusted to look after my data.

I have the choice, therefore I'm out............I'm out until someone convinces me to opt back in (or government takes my choice away).

:thumb:
 
I've opted out, but it was a close decision because there ought to be many benefits.
#1, the original idea was that any medical professional you consult would have access to your full notes. But you don't really need a huge central database for this. What they should have done years ago, instead of trying to build huge central systems, is set up a data transfer protocol - like the way the web is actually mostly just a transfer protocol. Then GPs, hospitals, etc, could have used any cheap client and request data over the net just like asking for a web page. A few security safeguards and bingo.
#2, once you have all the data in one place you can notice things like cancer clusters near certain industries etc, and try to do something about it
#3, you might spot the next Harold Shipman a bit sooner (etc)
#4, you could track epidemics more easily
#5, other stuff - you can imagine quite a lot of useful stuff, if it were ever to get funded.
But in the end, I don't trust it to be done right. Yeh, my credit card usage etc can be datamined to find out quite a lot about me, but there's no reason to make it any easier.
 
oldbloke said:
... you don't really need a huge central database for this. What they should have done years ago, instead of trying to build huge central systems, is set up a data transfer protocol - like the way the web is actually mostly just a transfer protocol. Then GPs, hospitals, etc, could have used any cheap client and request data over the net just like asking for a web page...
Click to expand...
Nice idea, but you absolutely need a central database. Let's say you're a doctor, and it's been so busy some of your patients are about to breach the 4 hour wait limit. The patient in front of you has travelled around in the past and has medical records in 10 different organisations. Are you really going to log in to 10 *different* systems with 10 *different* layouts and navigation systems, all requiring *different* usernames and passwords, many of which might have expired and require a password reset from overworked techs who aren't going to get around to it for another 4 hours? You could not train every doctor to use every clinical system in the country, and if you don't, they'll miss something important. If the patient has a popular name such as "John Smith", imagine sifting through 10 systems for all the data for the one sitting in front of you and no other "John Smith".

In a central system, you'd only need to login once and maintain one account, and all of the patient records will have been linked ahead of time, using the National NHS Number which you should find on your GP registration card. When you register with your GP, they register you on a national system.

The NHS has been trying to put in semantic transfer protocols for some time now. They used EDIFACT for a while, with limited success. There is a messaging protocol called HL7, which covers demographics and administration well, but isn't comprehensive enough with clinical payloads to treat all diseases.

oldbloke said:
... A few security safeguards and bingo...
Click to expand...
Security is a big challenge - there's a private network but there is a very large attack surface. There are staff joining and leaving all the time. There is a central chip-and-pin system but it only works on a few systems.
 
CaptainMallard said:
oldbloke said:
... you don't really need a huge central database for this. What they should have done years ago, instead of trying to build huge central systems, is set up a data transfer protocol - like the way the web is actually mostly just a transfer protocol. Then GPs, hospitals, etc, could have used any cheap client and request data over the net just like asking for a web page...
Click to expand...
Nice idea, but you absolutely need a central database. Let's say you're a doctor, and it's been so busy some of your patients are about to breach the 4 hour wait limit. The patient in front of you has travelled around in the past and has medical records in 10 different organisations. Are you really going to log in to 10 *different* systems with 10 *different* layouts and navigation systems, all requiring *different* usernames and passwords, many of which might have expired and require a password reset from overworked techs who aren't going to get around to it for another 4 hours? .
Click to expand...
.[/quote]

How many different webserver architectures are there? Does my browser care? No.

Obv it's nothing like as simple as I maybe made it sound, but I don't believe it need be insurmountably difficult.

For one thing, continuing the "My GP is my primary link to health services" paradigm we've had so long, whoever treats you would send updates to the GP's computers. All you'd need centrally would be a patientID<->GPid lookup
 
The problem is that the NHS is not a National organisation as the name might imply. In reality it is a collection of hundreds of separate organisations, loosely organised under the umbrella of the National Health Service. As a result each organisation has built their own computer system to suit their particular needs depending on what area they operate. GP surgeries are in fact private businesses that get their funding from a local funding source depending on the numbers of patients registered. What used to be the Primary Care Trusts, but now devolved into Clinical Commissioning Groups. Which are a collection of GP surgeries in a group which control the purse strings. The idea being that this will control costs. GP's actually control over 80% of total NHS spending. The theory is that by making them more accountable it will reduce costs by deterring individual GP's and practices from commissioning expensive treatments.

The Conservative plan would be to privatise the NHS if they thought they could get away with it. Be under no illusions that David Cameron et al give one hoot for the NHS as a national institution, despite the rhetoric. It's all about making money. And there is a lot of profit to be made in the medical industry if the people with all the money could get their grubby mitts on the NHS. The recent changes were supposed to do this via the back door. And to an extent have cracked the door open.

That's the backdrop to this issue. I work in the NHS and am totally against the current plan. The ideals are laudable and would if implemented properly be a benefit to us all. I'm glad the start of this has been put back by 6 months. If it wasn't for the opposition by mainly GP's and other inside bodies the system would be starting in a few weeks time. As a total cynic when it comes to, especially Conservative, government meddling with the NHS I don't trust them one bit. And neither should you. As a practitioner working in mental health I can see the benefits of a national system. People with mental health issues are a very mobile group and it would be of benefit to the patients if I could access patient records no matter where they had moved from. Their care would be more consistent. For those that don't know, all health care is split into what is called primary and secondary care. Primary as the name might suggest is GP care. Secondary is more specialist care provided by hospitals and community services that patients are referred to by their GP. They are totally separate from each other. Basically the GP pays the secondary provider for their service. But I digress. Even locally primary care providers and secondary care providers do not have shared information systems. I can't access GP records and they can't access our records. The computer systems are worlds apart in design, scope and the needs of each system. So it would be very difficult not to say expensive to join all these systems together. Mainly because my needs differ so much from GP needs and visa versa.

When it comes to research there is a lot of research going on in all fields of medicine. Mainly university based and some of it is funded by drug companies, but by no means all. Charities and other non commercial groups probably make up the bulk of the funding available. And you as tax payers do spend some of your tax money on research funding, channeled via groups such as NICE and the DoH National Institute for Health Research. To say that little research goes on within the NHS is misleading. The NHS staff on the ground are very involved in research, both by recruiting patients and recording data. They may not be the main doers as they don't have the time, but they are very much behind a lot of research going on. Locally we always have a number of different research project going on and individual Trusts promote and value the input.

Already a lot of trend data is gathered in the NHS. Most is publicly available as minimum data sets. More I'm sure would be useful to see patterns and trends. But do we need to sell our health data to commercial interests. No matter how anonymised it is. To me this is yet another way for commercial interests to get a bigger foot in the door. I have opted out and intend to remain opted out until I know that my data is being shared for the right reasons. The common good of the people. Not the commercial interests of the few.
 
A 3rd friend, who knows more about IT than I managed to learn in 35 years in the industry (including security), says:

"
CARE.DATA IS NOT ANONYMISED.

EVEN THE DATA THAT THE NHS CLAIMS IS ANONYMISED IS NOT ANONYMISED. THEY DON'T EVEN UNDERSTAND THE BASICS OF ANONYMISATION OF DATA.

I've worked on anonymisation and handling of clinical data for thirty odd years and what the NHS is proposing is a pathetic travesty of how it should be done.
"


Elsewhere he gives more detail:
"
This is the UK Gov summary of how to look after personal information. Although it refers to MoD personal data, it is the de-facto guidance for any government organisation tasked with looking after personal data. Note that the NHS is proposing to suck about 53,000,000 records from GP Surgeries. That is far in excess of the 100,000 records suggested as the level at which data should be regarded as IL5 (equivalent to secret) and would in the eyes of most security professionals qualify this data as IL6, requiring the highest levels of security both physical and technical.

The NHS does not appear to be following this guidance. In fact from the public statements made by the NHS staff who want access to this data they don't even seem aware of the existence of Cabinet Office guidance on handling personal data.

https://www.gov.uk/.../ISN_201001_Perso ... ndling.pdf
"
 
oldbloke said:
How many different webserver architectures are there? Does my browser care? No.
Click to expand...
Oh, for a modern browser based system! Most of our systems are client server. We even have some character based systems, which we access through a telnet client! We'd love to go out and buy a new system, but clinical systems are so specialised, there isn't a lot of competition. Software wears in rather than wearing out, so developers are loath to throw away a working application that took 10 years or more of incremental development, just to adopt the latest technology, that might turn out to be a fad. One of our (former) suppliers tried that, and got it wrong. Equally, why go J2EE for a total user base of less than 6 people, and no more than 2 concurrent users?

Our browser based systems give us a different problem. Most were designed for IE7 or earlier and the suppliers have not certified their apps against IE9 or Chrome, except for the ones who designed their apps for these browsers, and they won't certify on IE7. This makes PC roll outs a nightmare for the desktop team.

And now everyone wants to go mobile, and yet none of our apps work on Safari.

oldbloke said:
Obv it's nothing like as simple as I maybe made it sound, but I don't believe it need be insurmountably difficult.
Click to expand...
"Anything is possible given enough time and resources". I've stopped believing this. We paid a developer to build a clinical system. We invited two senior consultants from the department to describe how the system should work, and they had very different, contradictory opinions. They argued and argued and were convinced their way was right and the other consultant was wrong. We were embarrassed to sit and watch them fight. Eventually, one got up and stormed out - so we built the system according to the remaining consultant. Egos; stubbornness and pride are very powerful opponents. And who has more pride than the gods who work life-saving miracles every day?

oldbloke said:
For one thing, continuing the "My GP is my primary link to health services" paradigm we've had so long, whoever treats you would send updates to the GP's computers.
Click to expand...
We've been trying to put this in for years, so we could save a fortune on printing and postage. Most GP surgeries can't afford dedicated IT staff, but a few have banded together to form a consortium, pool their funds and buy a system in. I think we're paperless on fewer than 6 GP surgeries.


Healthcare IT isn't easy. I doubt the implementation team will get it right, so I've opted out.
 
You must log in or register to reply here.

Similar threads

Chippy_Tea
Donald Campbell's Bluebird returning to Coniston decades after fatal crash
Replies
5
Views
347
Chippy_Tea
Chippy_Tea
Chippy_Tea
Entire UK facing gales and downpours as Storm Isha blows in
2 3
Replies
44
Views
2K
Spike.
Spike.
D
My very first brew - sharing experience
Replies
8
Views
1K
Griff097
Griff097
gingerneil
My (almost!) first AG brew day...
2
Replies
25
Views
3K
Agentgonzo
Agentgonzo
BrewersFriend
See What’s New at Brewer’s Friend- NEW apps, improved features and MORE!
Replies
0
Views
467
BrewersFriend
BrewersFriend

Latest posts

Back
Top