NHS care.data still leaks like a sinking ship, but ministers set sail regardless

NHS chiefs are pressing ahead with an IT programme that will share identifiable patient records and GP data for uses including medical research, despite it being red-flagged as “unachievable” by a watchdog.

The NHS England care.data programme is among the major projects given the worst rating by the Cabinet Office’s Major Projects Authority review, alongside other NHS projects including the Health and Social Care Network (HSCIC) and NHS Choices.

The care.data programme was put on hold in February 2014 following a torrent of criticism which prompted a House of Commons select committee inquiry. Concerns included security and informed consent, the sale of data to commercial companies including insurers and “information intermediaries”, false claims that anonymity could be guaranteed and a complete lack of clarity on the scope and purpose of the project.

In fact the programme resembles a textbook example of the failures and problems that have bedevilled many government IT infrastructure projects. It was flagged red in the previous review and even now – years after the project began – the report remarks that the business case is still “in the progress of being developed”.

However, ministers are pressing ahead. Communications with patients from Blackburn with Derwen, the first care commissioning group to be selected for a trial, recently announced that care.data would be starting “at the end of June”. Three more areas are due to join this year, with the rest of England to follow after a satisfactory evaluation.

Re-arranging deckchairs

All of this would suggest that the many problems with care.data have been addressed – unfortunately not. Much has happened, very little of substance has changed, and most problems remain. The programme’s leader, Tim Kelsey, still thinks it was all just a communication problem, and that the benefits have been undersold.

One of the more visible changes is the creation of the National Information Board (NIB) within the Department of Health, focused on applying the benefits of data and information technology to the NHS. The somewhat overreaching sound to its name suggests that perhaps health minister Jeremy Hunt and Kelsey, chair of the NIB and the care.data Programme Board, and the NHS England’s national director of patients and information, know something we don’t about the government’s data sharing agenda. Yet the NIB data plan for the next five years barely acknowledge the many failures of the programme’s original plan.

Medical data might be safer strung on a lanyard than in a database.comedynose, CC BY

Transparency and oversight

The most promising step forward was the appointment of Dame Fiona Caldicott as the national data guardian in November 2014. Highly respected in the field of medical data ethics, her report in December raised 52 questions on care.data that needing answering.

We don’t know if they’ve been answered satisfactorily, because answers were drafted for a programme board meeting earlier this year and have not been made public – nor even shared with the care.data Advisory Group. This complete failure of transparency (never mind its promise to share papers and minutes) is one reason to hold little confidence in care.data or those running it.

Consent and information

The lack of informed consent for patients about what would be done with their data was the main reason given for putting the programme on hold. But this still hasn’t been fixed.

Some 700,000 people thought they had opted out of any sharing of their data for any non-clinical purposes. But the Health and Social Care Information Centre, which provides data and statistics on the NHS and under whose remit care.data falls, told parliament that these people would therefore miss out on some preventative, clinical screenings – contrary to assurances. And while this opt-out was promised by Hunt in 2013, HSCIC have indicated that they still don’t know how to enact it, and it has yet to be given any legal basis.

The same lack of legal basis applies to Caldicott’s role as national data guardian (now expected to begin in 2016 by NIB), the promised sanctions for abuse or misuse of health data, and the legal safeguards on data sharing promised following the 2014 public consultation.

Security and privacy

It looked as if, following the response to the Partridge Report of HSCIC data sharing, the approach to privacy and security issues relating to sharing with commercial organisations would improve. In practice, however, medical data is still shared with analytics firms, intermediaries and data brokers like Experian. Even proposals to restrict third parties' access to data to secure data facilities (similar to those for census data), which would alleviate many privacy concerns about misuse of highly sensitive individual-level personal data, are being watered down.

The debate on responsible use of medical data has evolved over the last few years, leading to the Nuffield Bioethics report on the use of healthcare data. Yet despite all the greater understanding we’ve gained, those cheerleading for large-scale commercial exploitation, including Kelsey and minister for life sciences George Freeman, haven’t changed their tune in the slightest. For example, they still advocate sharing genome data without acknowledging the privacy risks.

It’s the complete absence of any political will to divert the ship from this dangerous course that’s perhaps the biggest worry of all. Organisations well-versed in the issues such as medConfidential have suggested constructive solutions to salvage something from the care.data debacle; it seems no one in the Department of Health or NHS England is listening.

Eerke Boiten receives funding from EPSRC for the CryptoForma Network of Excellence on Cryptography and Formal Methods, and the Kent Academic Centre of Excellence in Cyber Security Research. He participated as an external reviewer in the 2015 Nuffield Bioethics report on Biological and Health Data, and is in a consortium bidding for EU Horizon 2020 funding in the eHealth area.