Patient records to be made available to the private sector and other researchers

[Midas]

https://www.theguardian.com/society/2021/jun/01/gps-urged-to-refuse-to-hand-over-patient-details-to-nhs-digital

Privacy campaigners and doctors have raised the alarm about plans, led by the Department of Health and Social Care, to put the medical histories of more than 55 million patients into a new database where they will be made available to the private sector and other researchers.

NHS Digital has said the new General Practice Data for Planning and Research (GPDPR) system will reduce the burden on GP practices and create a valuable data source for pharmaceutical and public policy research. The agency says the data, which will include information on patients' physical, mental and sexual health, will be anonymised.

If you're a bit confused by what "anonymised" means NHS Digital has explained that it actually means pseudonymised, which actually means de-personalised, and it looks like THIS:

Using the terms in the diagram, the data we collect would be described as de-personalised. NHS Digital will be able to use software to convert the unique codes back to data that could directly identify you in certain circumstances, and where there is a valid legal reason.

Doctors fear that the automatic transfer of medical records will undermine the trust patients have in them, according to Dr Ameen Kamlana, one of the Tower Hamlets GPs taking part in the action.

"There's an immense amount of good that can come from responsible and secure use of public data, public health records," Kamlana said. "However, our issue here with this particular proposal is that it's been rushed through. There has been no public information campaign to inform the public about the plans, and in order to allow them to decide for themselves whether they are happy about it.

"Essentially what's being asked for here is people's entire health record, so everything that we've coded in people's records from the time of their birth to the time of their death, including their physical, mental and sexual health, including their health-related concerns with family and work and including their drug and alcohol history.

"Essentially all your most intimate private details of your life is being asked to be handed over and we were concerned that the public aren't aware of what's being done."

The Independent chimes in:

That's the kind of information that insurance and pharmaceutical companies, for example, would kill for. It has a monetary value as there is only one place where this information is held. In effect, the NHS is the monopoly information provider. Medical bodies have been consulted and are lukewarm about the idea, stressing the legal obligation that practitioners have to comply.

Another step closer towards privatisation?

I don't want ANYONE knowing about my weird inner ear, even if it has been de-personalised or pixellated or whatever they do to it.

Fuck's going on?

[Huxleys Babkins]

Fair play to the cunt who came up with something as brazen as "GPDPR". It's like calling a pro-child labour group Barnardoes.

[Sebastian Cobb]

Bit of discussion on it here: https://www.cookdandbombd.co.uk/forums/index.php/topic,87295.0.html

[Midas]

Bit of discussion on it here: https://www.cookdandbombd.co.uk/forums/index.php/topic,87295.0.html

Ahh sorry, didn't see that. Even on CaB this seems to have passed me by...

[Zetetic]

there is only one place where this information is held.

This isn't true, and there are already ways for third parties to get their hands on GP data.

(I mean, the fucking point of extracting data from GPs is precisely that this data isn't currently held in one place in the English NHS. In the first place it's held by 7,000+ private contractors.)

[BlodwynPig]

Just tell the public that those 7000 contractors are foreign contractors, immigrant contractors and this will never get off the ground

[TrenterPercenter]

Deal with this stuff all the time and it is the direction of travel.  If you want better services then you need the data I'm afraid.

Now who is given this data and to what purpose it is used is of course the important thing but no doubt people will just see all of this as bad.

EDIT: Ah already see Z has made this point in the other thread.

[bakabaka]

This has been a repeated problem with the cancer research projects I'm a patient representative for. We're lucky if one person in the group has any idea about how their system works, let alone the difference between anonymising and depersonalising. And as it's my job to speak for the public I always tend towards the anonymous is good side. I also tend to push for 'sending data to the USA is dangerous' as that appears to be the public impression.

Well, that and the fact that the first time I was patient rep. the American research (and medical insurance) company who wanted to join the project insisted that the data be de-anonymised but wouldn't give a reason why. When we pointed out that this would be illegal they pushed again but finally accepted we wouldn't be persuaded. But when the contract finally came through, it was back in there and in the end they backed out, delaying the whole project by a year.

[Zetetic]

I meant to follow up with up with an example:

I've written the only two 'ViD mortality reports for a particular vulnerable group in my country, produced in large part beyond my normal working hours because I felt it was the right thing to do.

GPs hold a list of these vulnerable people. I'm not allowed to use that list in the NHS proper.

However, I am allowed to use that list via a third party database outside of the NHS. But the contractual conditions of using that database include that I'm not allowed to do anything with the data that might upset a GP - which might well include publishing any kind of death data at a level that might allow it to be linked with a small set of practices and how they look after patients. (There's a bit more to this here around prescribing of certain drugs to this group, but I'm not going to go into that.)

So, instead, I have to cobble together my own list of this vulnerable group based on their contacts with NHS-run services - inpatient stays, that sort of thing. (Which has a whole bunch of problems with it, including biasing the data towards people who've been seriously ill at least once in their lives.)

[Zetetic]

the difference between anonymising and depersonalising

Not helped by academics routinely lying, and using "anonymous" or "anonymising" to mean "pseudonymised".

[TrenterPercenter]

Not helped by academics routinely lying, and using "anonymous" or "anonymising" to mean "pseudonymised".

Lying is bit presumptuous most are likely just unaware and sure that might be a failing in training of them and their institution but the attitude of most "data involved" people isn't really helpful to the vast majority of researchers that are spinning several plates and having to learn much more than a load of data procedures.

[TrenterPercenter]

And as it's my job to speak for the public I always tend towards the anonymous is good side.

Why? I mean other than the principle of data rights of an individual to be anonymous but what are other concerns here? What do people think will happen if they are identified?

As soon as you make anything truly anonymous you remove all possibilities of longitudinal research and make it incredibly difficult to enter people into studies in the first place.  Which is great if you want less chances of someone being identified but you are also creating less chance for research that might help improving treatments.

The principle is about being informed about what happens to your data; what is can and can't be used for.  It's really weird how some many people view anonymity as essential when it comes to things that are in the public interest to do with health yet will access platforms like Facebook etc... and give away more data than any health researcher could dream of.

[Sebastian Cobb]

Surely it's their choice what they feed their data into. You seem to think you have an inalienable right to this data, the people whom it's about seem to disagree. It's precisely this sense of entitlement that erodes trust and motivates people to opt out of things altogether.

This seems a bit like the "ah but you use google!" argument that implies one can't be against mass state surveillance.

[bakabaka]

Why? I mean other than the principle of data rights of an individual to be anonymous but what are other concerns here? What do people think will happen if they are identified?

The main one that comes up time and again is insurance. Insurance companies view this data as a way to lower their risks and increase their profits[nb]individuals who are at higher risk will have to pay more or be denied insurance, while standard rates won't fall despite lower average risk.[/nb]

Most of the research I'm involved in is to do with things like looking for signs of future cardiac problems in the initial MRI scans taken of cancer patients, with the hope of being able to highlight and help those more at risk. This is where Big Data can be very useful - spotting patterns of behaviour that don't require all the patient's medical history. But if the data is not anonymised and is sold on the open market, it opens up the individuals to all sorts of exploitative and punitive behaviour.
From personal experience, it's rather upsetting for someone at a call centre knowing that you have less than 3 months to live when you have no idea.

[TrenterPercenter]

Surely it's their choice what they feed their data into. You seem to think you have an inalienable right to this data, the people whom it's about seem to disagree.

This seems a bit like the "ah but you use google!" argument that implies one can't be against mass state surveillance.

Nope; as I said other than

the principle of data rights of an individual to be anonymous

There is a lot of paranoia around data; just like their is around vaccines and if you want to "inform" people then that is a two-way process.  The fact is if people don't donate their data then treatments don't improve, that means more people in pain, suffering or dying.  This seems to be conveniently omitted from discussions around this.

If you want to inform people so they can make decision then that needs to be honest and include all of the pros and cons not what often is just a few peoples obsessive paranoia about "data".  I'm asking what are the concerns what how do you think this data that is being collected is going to negatively impact on yours and others lives.  I'm interested that is all.

[Sebastian Cobb]

It's not really obsessive paranoia when records are centralised and detail vast histories; sure there's legislation now to prevent abuse but what about if things take a turn rightwards and such laws get repealed? What if privatisation continues and this information is used to drive up insurance premiums? What if the security services start demanding access to it and use it against dissenters?

I guess the difference is scope, if you're asked 'can we use this information about your condition for research (or to aid a trial)' the scope is relatively clear and narrow. That is not true of big centralised databases.

[Zetetic]

Security services already have access to this information. (They wouldn't even have to go to the practice, I suspect - you absolutely could do this via GPES in England, although it's more fiddly than the proposed setup.)

[Sebastian Cobb]

Well replace 'security services' with 'dog shit inspectors' then, that's who can look at stuff thanks to RIPA, which has since been widened by May.

[TrenterPercenter]

The main one that comes up time and again is insurance. Insurance companies view this data as a way to lower their risks and increase their profits[nb]individuals who are at higher risk will have to pay more or be denied insurance, while standard rates won't fall despite lower average risk.[/nb]

Thanks bakabaka;

The data that NHS Digital is talking about is depersonalised; that means it cannot be individualised to a person; this is different from anonymous because to be truly anonymous would me never collecting any identifiable data which you need for consent; these identifiable bit of data can be held somewhere separate from the trial or study data but you can still be linked to it.  NHS Digital is saying they are using software manage this coding and decoding

It states this is data they are collecting;

data on your sex, ethnicity and sexual orientation
clinical codes and data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals and recalls, and appointments, including information about your physical, mental and sexual health
data about staff who have treated you

remember this data is not "attached" to anything identifying you rather it has been separated from it via de-identification software.

So it is anonymous for all intents and purposes.

I have a caveat here as what is "information about your physical, mental and sexual health mean"? is this data that might contain your name? well that would seem to make a mockery regarding bothering to de-identify you in the first place so I presume (presume but don't know) that this must be some other coded data.

What is an insurance company going to do with this data? Well they will be able to better calibrate their calculations around average life span etc for certain conditions; and as it is with all insurance there are winners and losers here; but they are not going to be able personally raise rates on individuals; it could even lead to lower rates for some groups.

I work with data and I'm not interested in insurance models btw but that is just what insurance is; betting. They pre-screen and legally take you to court/invalidate your claim if you they have good reason to believe you have lied here but the idea that NHS Digital can just hand your medical history to insurance companies so they can hike up your insurance is, well it could happen but it is illegal isn't it.

Most of the research I'm involved in is to do with things like looking for signs of future cardiac problems in the initial MRI scans taken of cancer patients, with the hope of being able to highlight and help those more at risk. This is where Big Data can be very useful - spotting patterns of behaviour that don't require all the patient's medical history. But if the data is not anonymised and is sold on the open market, it opens up the individuals to all sorts of exploitative and punitive behaviour.
From personal experience, it's rather upsetting for someone at a call centre knowing that you have less than 3 months to live when you have no idea.

But what if your data was de-indentified/de-personalised as is the case here? There seems to be (not saying you) but this belief that NHS Digital are selling your identifiable details when the whole point of the diagrams and information is to show you how they are not doing this.

[Sebastian Cobb]

Do diagrams stop extremely skilled data scientists from re-identifying/re-personalising data by pooling information from multiple sources?

[Zetetic]

I think the reidentification stuff is mostly irrelevant, to be honest (because of the practical limitations of making use of personal data), and actually distracts from the real problems of third parties using data without consent, which is that they can make generalisations about groups of people - with diagnoses, from certain towns, from certain backgrounds etc. - without their involvement.

[TrenterPercenter]

It's not really obsessive paranoia when records are centralised and detail vast histories; sure there's legislation now to prevent abuse but what about if things take a turn rightwards and such laws get repealed? What if privatisation continues and this information is used to drive up insurance premiums? What if the security services start demanding access to it and use it against dissenters?

I guess the difference is scope, if you're asked 'can we use this information about your condition for research (or to aid a trial)' the scope is relatively clear and narrow. That is not true of big centralised databases.

Lots of records are centralised already!? This is a new thing; it's yeah but what if? What if a rightwing government comes in and forces us all to have microchips implanted? or starts mercilessly exterminating the infirm in the street?.  Not sure what this has to do with NHS Digital trying (in largely good faith) to create a repository of data to help researchers create better treatments for people.

What if everyone had such unhealthy levels of paranoia about data and no one ever donated blood anymore in case their data was used for purposes that we don't quite know but assume must be bad, it's big after all, and at some point, probably, in the future,  some possible as yet unhatched big data frenzied government started using it? What happens then?

[Zetetic]

And the attempt to delineate university researchers from for-profit organisations is irrelevant - the universities are lost anyway. Oxf*rd or Sw*nsea controls access to QR*s**rch or S**L because they want to control the funding and personnel and - at best - safeguard their reputation (noting that most people haven't heard of either those projects...) - they'll happily work with drug companies or insurers.

[Zetetic]

Anyone heard of https://spire.scot/ ?

Oh.

[TrenterPercenter]

I think the reidentification stuff is mostly irrelevant, to be honest (because of the practical limitations of making use of personal data), and actually distracts from the real problems of third parties using data without consent, which is that they can make generalisations about groups of people - with diagnoses, from certain towns, from certain backgrounds etc. - without their involvement.

Exactly; but this is different issue from "me being personally identified" so completely relevant to the conversation about anonymity.  How big data is used is the important thing i.e. we love the NHS and one of the reasons is the our surgeons because they are in a nationalised system treats lots of people of all walks of life not just rich people; it makes them better surgeons because of their exposure.  It is same with data if we share data then it collective power can be used for good; like improving outcomes for patients or bad penalising areas for poor health conditions, which is of course is the same data required to direct resources to these areas that have poorer health outcomes.

It is these protections that need to be kept an eye on with people challenging the "uses" of the data not that data is by default and in the first place.

[TrenterPercenter]

And the attempt to delineate university researchers from for-profit organisations is irrelevant - the universities are lost anyway. Oxf*rd or Sw*nsea controls access to QR*s**rch or S**L because they want to control the funding and personnel and - at best - safeguard their reputation (noting that most people haven't heard of either those projects...) - they'll happily work with drug companies or insurers.

Yes but they will still not be selling individual personal data so they can be personally sold higher rates of insurance.  Most universities work with drug companies and of course some drugs are life saving things for some people.  This is all such base why of looking at things.  Not saying there isn't problems and that protections aren't important but there is a bigger picture here that needs to be told rather than just "they are watching you".

[TrenterPercenter]

Do diagrams stop extremely skilled data scientists from re-identifying/re-personalising data by pooling information from multiple sources?

No have to read the bit of text that is directly above it rather than just gawp at the diagram out of context. 

[TrenterPercenter]

You can literally grow an anti-research movement if you like; the time is now; just like the anti-vaxxers; people are hardwired to respond to perceived threats. I'm not sure that anything good comes of doing this though.

[Midas]

I s'pose my belief is that (in a world of my wildest delusions) individuals should have self-determination to decide how their data is collected, stored, analysed or otherwise used, regardless of how noble the intentions behind collecting it are. I'm not part of an "anti-research movement", I simply wanted to (somewhat facetiously) vent my anxiety that executing this without people's informed consent is unethical.

Anyway, is it just me or is anyone else experiencing déjà vu?

[Sebastian Cobb]

Lots of records are centralised already!? This is a new thing; it's yeah but what if? What if a rightwing government comes in and forces us all to have microchips implanted? or starts mercilessly exterminating the infirm in the street?.  Not sure what this has to do with NHS Digital trying (in largely good faith) to create a repository of data to help researchers create better treatments for people.

What if everyone had such unhealthy levels of paranoia about data and no one ever donated blood anymore in case their data was used for purposes that we don't quite know but assume must be bad, it's big after all, and at some point, probably, in the future,  some possible as yet unhatched big data frenzied government started using it? What happens then?

I mean, I literally work on medical devices, and have previously worked on widely used media systems that had big 'insights' teams pooling all sorts of data that on the face of it doesn't seem very sensitive but when combined definitely fucking is, I'm not just a paranoid fantasist, the more I work with technology the less I think pooling information into vast silos with no granularity over how the information is used is a good idea.

And on the blood thing, it seems like you've been able to take that perfectly well without NHS Digital up until now, perhaps keep doing that?

You can literally grow an anti-research movement if you like; the time is now; just like the anti-vaxxers; people are hardwired to respond to perceived threats. I'm not sure that anything good comes of doing this though.

If only recent history were able to tell us about the dangers of data-driven technocrats. If only there were some sort of regime in living memory where people collected lots of information about their citizens and it turned out quite bad for people.