A piece at The Conversation makes the claim that opposing Care.Data and other elements of NHS digitisation is Luddite. Now seeing as many of the people raising issues with Care.Data are either computer types or research scientists this seems a particularly odd claim, but I thought it was worth replying to it with the reasons I choose to raise issues with Care.Data,which is a very different thing from opposing it outright. I initially put those reasons in the comments to the article, but they're worth repeating here in their own right.
Care.Data has the potential to be massively useful, I notice several research projects with immediate relevance to friends and acquaintances just in a quick skim through the Register of Approved Data Releases published on 3rd April, I support the principle aim of Care.Data of accessing mass data in order to improve clinical care through research, yet I continue to have significant problems with the proposed implementation, to the point that I advocate people opting out if those problems are not addressed. I phrase my opposition to the current state of Care.Data around four issues: one a principle of medical ethics, one a principle of good science, the third based on personal experience of issues around disability and the fourth a concern so widespread that candidates will be running on that platform at the next General Election.
1) Medical ethics: Informed Consent is the basis of all medical treatment, HSCIC has attempted to avoid patient consent at every stage of the Care.Data process. It was only the insistence of the Information Commissioner's Office that has seen HSCIC make any attempt at patient contact or provide an opt-out at all, and discussion of these, by only mentioning the advantages of Care.Data and not the risks, has been patently inadequate. The Health Select Committee made their opinion of HSCIC's performance so far abundantly clear. Yet even the 3rd April publication of the Register of Approved Data Releases, a month after the shortcomings of their approach were made clear to HSCIC, only discusses the positive aspects of data release with no discussion of the risk to patient confidentiality, making it clear that it is intentional, and continuing, HSCIC policy to actively avoid discussion of these risks, rather than simply incompetence.
2) Good science: Risk analysis is a principle of good science, good systems engineering and good management, HSCIC has fallen clearly short on all fronts. It is abundantly clear that HSCIC does not want to discuss the risk of re-identification, whether on an individual or mass basis, because that would take Amber, pseudonymized, data back under the remit of the Data Protection Act, compromising their entire business model. Good risk management does not sweep existential risks under the carpet, it puts them at the front of management discussions and develops a plan to address them. Unfortunately the ICO response here has also been somewhat lacking, although I suppose it is possible that they may be engaged in a particularly strict reading of the Data Protection Act that believes a threat to re-identify pseudonymous data is only their concern once it has actually happened.
3) Disability issues: The issue of stigma around disability and illness is partially addressed by Care.Data in the proposal to exclude HIV and STD status, however the stigma issues around disability are much wider (far wider than the non-disabled population is generally aware), particularly around mental health, yet when the issue was raised at the Health Select Committee hearing junior health minister Dr Dan Poulter dismissed it with the words 'That's just daft'. Just daft to him, perhaps, but many disabled people (myself included) have had careers destroyed by the stigma around disability, and have faced hostile reactions from casual acquaintances and even just those we pass in the street. Worries around the risks of re-identification are very real, for many disabled people having a career depends on concealing the existence of some or all of the facets of their disabilities, Care.Data potentially compromises on a mass basis our ability to choose whether or not to disclose disability.
Equally we know that the Department of Work and Pensions have already made at least one proposal to access confidential medical data (a request for access to the Hospital Episode Statistics database at the centre of the current furore was turned down), at least two more attempts are in front of the Work and Pensions Select Committee at the moment (delivered at arms length by a company created under a DWP pilot), both of which appear to advocate access to GP patient records, in one case with the apparent intent of enforcing treatment as a condition of benefit receipt, together with further proposals for data-sharing with DWP under the general government-wide big-data initiative. Disabled people already have a deeply distrustful relationship with DWP due to the Department openly following a model of disability that faults disabled people if they do not recover from their disability within a year and due to it's shoot first, ask questions later model of benefit fraud investigation. For many people with mental health issues further intrusion by DWP into the doctor-patient relationship would make it difficult if not impossible to continue to access that service. I have already seen a disabled person state that they have concealed medical information from their GP due to fears of Care.Data leading to it being revealed.
The potential compromise of the trust between GP and patient extends into other areas, I have seen a convincing argument that patients being able to view their medical records will compromise the ability of domestic violence victims to be open with their GP as their abuser will potentially be able to police what was discussed by forcing them to provide access to their records. Similar privacy and breakdown of trust issues have been raised around teen pregnancies. These are very real concerns, and simply are not being addressed under the current model of Care.Data.
4) NHS Privatisation: It is very clear that many of the companies shown to be in receipt of patient data in the Register of Approved Data Releases are principally interested in the privatisation potential. Support of the NHS as a public, free at the point of delivery medical system is a principle of British society, and a wide range of the population feel that it is under threat, with the NHA Party proposing to run candidates on a pro-NHS platform at the next election. Release of Care.Data in pursuit of improved clinical research is one thing, release of Care.Data to the sharks circling the NHS is, for many of us, something else entirely.
Luddism? I don't think so.