You are hereBlogs / dr-no's blog / The Emperor’s New Data

The Emperor’s New Data

Posted by Dr No on 09 October 2014

emperor_new_data.jpgSome six months after care.data1, the contentious plan to upload personal medical data held by GPs to big-daddy mainframes, was stalled to allow a FF style listening exercise, care.data2 has been announced. The Information Emperor, Tim Kelsey, insists NHS England has listened, and heard – ‘heard, loud and clear’ – but it seems to Dr No that instead of hearing the waves of discontent crashing on the beach, all NHS England has heard is the wind rushing through the night. Getting on for two million patients registered at ‘pathfinder’ practices will have their GP records, including date of birth, NHS number and postcode, uploaded to big-daddy, with the default being opt-in unless the patient explicitly opts out. Since care.data1 had GP records, including date of birth, NHS number and postcode, uploaded to big-daddy, with the default being opt-in unless the patient explicitly opted out, nothing key appears to have changed. The only high profile change, which does nothing to change itself, is that, instead of a bungled central promotion, will be now be promoted by GPs, many of whom, we may note in passing, are not happy to be cast as the Emperor’s new goons.

As a jobbing epidemiologist, Dr No can see the scientific appeal of For researchers, it makes longitudinal studies, studies that follow individual patients over time, much easier, with the added bonus that all manner of extra medical and lifestyle data about the patient come bundled with the package. Like a child before a Christmas tree, the epidemiologist in Dr No sees a dazzling array of glittering lights, sparkling gems and enticing parcels, a gorgeous tree of knowledge reaching up to the ceiling.

With a truth fairy on top. The other less childish Dr No sees another tree of knowledge reaching not just to the ceiling, but beyond, into the darkness of the attic, where unseen gloved hands extend from the shadows to pluck at the forbidden fruit. Were we ever to see those hands, we would see that they are dressed in the liveries of ‘indirect care’ – a bizarre Caldicott oxymoron that includes, amongst other ‘activities’, ‘financial audit’ and ‘risk prediction and stratification’.

Personal, recall, includes your date of birth, NHS number and postcode, meaning that those who gain access to personal not only know where you live, but who you are. Across England, back-room Billys in NHS boiler rooms will eagerly steam open the envelope of your medical records, and will know, after they have done their ‘financial audits’ and ‘risk prediction and stratification’, what illnesses you have, how much you have cost the NHS, and are likely to the cost the NHS. They will also almost always know too whether you smoke, what you drink and if you are overweight. Unless, that is, you ate all the pies, and then told your GP porkies.

Naturally, access to personal is wrapped up in a strict approvals process, and can only happen in a so-called ASH – a rather unfortunate acronym, given that ash normally only occurs after something has gone up in smoke – or ‘accredited safe haven’. Back in March, the HSJ reported that some 57 organisations had registered their intention to become ASHs, with around 45 approved, 21 of them CCGs. We can be pretty sure that since March, a lot more smoke has gone up, and a lot more ASHs have been scattered round the country.

This about to happen explosion of personal medical data is unprecedented. In a perfect world where security never failed and the intentions of all were good, we might welcome and what it offers. But the world is not perfect, and, according to Genesis, never was after the forbidden fruit on another tree of knowledge were plundered. The Ancient Greek version of the tree of knowledge is Pandora’s Box. In both myths, one bad call caused a lot of subsequent trouble. Somebody, somewhere, is trying to tell us something.

Had the Emperor’s new data been genuinely different, in particular by changing the default to opted out, Dr No might have considered buying in at least to the idea, on the basis that an explicit opt-in implies consent, insofar as we don’t, or at least shouldn’t, sign anything we don’t understand. But the retention of the default opt-in reeks to Dr No of a persistent cavalier attitude to our personal medical data that does not bode well for the future. Sadly, care.data2 is the Emperor’s new data. Dr No is going to opt out.


Hmmm. Apart from causing GPs a lot of unnecessary work I cannot see what has changed. Obviously it should be an opt-in scheme and the data should be properly anonymised at source. I have not checked, but I assume the identifiable data will still be sold to any organisation that has an interest in it.

KT - The most alarming, at least to Dr No, bit that he wrote was the second part of the penultimate but one sentence. These guys don't get it, nor do they care.

Worth noting that in a parallel development showing another example of a cavalier disregard for patient confidentiality, Can't Quite Cope's new GP inspection regime includes access to patients' medical records without consent. There's the usual bleating from CQC about needing to assure quality bleat bleat but there is no way that looking at a few medical records (0.1% of all the records?) can be expected to make a meaningful contribution to an assessment. This looks more like medical record pornography to Dr No, with perhaps a few CQC Roundheads getting a stiffy along the way, while at the same time demonstrating to the rest of us yet another grievous example of the cavalier attitude our 'authorities' have to our medical confidentiality these days.

More generally, there seems to be a trend towards believing 'big data' belongs to government and corporations. Properly anonymised, maybe, but when the data contain* personal identifiers, it's an entirely different kettle of fish - or should that be patients?

*Dr No has decided that the English word 'data' can be singular or plural; he has used plural here not because of some Latin fetish but because the data referred to here can also be thought of as 'data-sets' ie there is more than one, so plural. The earlier 'big data', on the other hand, is more of a unitary concept, so singular.

Having opted out of care data 1, do I need to opt out again?

Short answer is 'don't know'. Theoretically once we have opted out our notes should be tagged 'refusenik' (with a flashing S.P.E.C.T.R.E logo appearing on our records to alert CQC inspectors that this one's a bad boy/girl) but whether it remains that way Dr No cannot be sure, so it might be wise to ask your GP. That said, if we've already explicitly opted out of care.data1, and our GP 'accidentally' opts us in to care.data2, then there are going to be some red faces at the surgery when we find out...

If I might be able to have another pop at medical ethicists (aka bioethicists). Governments and corporations are being encouraged (not that they need much encouragement)to do a

Yes that's right, doctors should take care of each and every thing for this. He should prescribe the best treatment to cure them.
onlineslotscasinos ca wizard oz slots

Dr No has had to turn new comments off. Please use twitter instead