NHS Care.Data 2.0: What Should It Look Like?

network scan machine fingerprint privacy security © Bruce Rolff Shutterstock biometrics

Sooraj Shah says the NHS needs to be transparent and act swiftly so that patients can reap the rewards

The Care.data programme still lives on – albeit not with the same name, and as the NHS has made clear it will be using resources that it put into this project up until now for future data-sharing initiatives.

The scheme was launched in a bid to allow primary care data from GP practices to be shared with the Health and Social Care Information Centre (HSCIC) and clinical care groups (CCGs), and eventually matched with secondary care data, anonymised and shared with researchers.

But there was controversy over who the NHS will exactly be sharing the data with, and how it would be notifying patients of this. Privacy campaigners insisted that there should be an opt-out for patients – but the NHS managed to make a mess of this too, with a £1m leaflet campaign which failed to raise awareness, and many patients who had opted-out still having their data shared.

Déjà vu

The NHS logo on a signThere is a striking similarity about the way the NHS has seemingly shelved Care.data.

Several years ago, an internal review by the NHS information centre (NHS IC) found that it made “significant lapses” in recording the release of data to private companies between 2005 and 2012.

Within that period, 588 data releases were made to 178 private-sector organisations which didn’t include charities, for the alleged purpose of “analytics, benchmarking and research”.

Just ahead of the report, dubbed the ‘Data Release Review’ being published, the NHS information centre was renamed the Health and Social Care Information Centre (HSCIC). Care.data was subsequently launched by NHS England, and was run by HSCIC. Now that Care.data has been dropped – you guessed it – HSCIC has been renamed NHS Digital. It seems as if the toxic brand associated with Care.data also transferred over to HSCIC. The reason for changing its name twice? To dissolve any responsibility of sharing data with private companies, and start fresh.

So what should the NHS do now?

What is clear is that the NHS hasn’t been transparent through the whole Care.data process. Merely moving away from the brand name of Care.data and working on a project behind the scenes is likely to cause even more controversy and ill-feeling if and when details leak about any such project. The NHS should have learnt from its mistakes of the Care.data programme, and it should work with privacy campaigners to ensure everything it is doing is in the interests of patients. There is no doubt that the NHS needs to improve the way it shares data, because this will in-turn improve the health service, and benefit its patients. However, patients need to know what data is being shared and who it is being shared with, and they should have the option to opt-out.

This means the NHS needs to make every patient aware of the project or projects, and of their choices. In order to do that, it must simplify the wording of the opt-outs; most of the material that the NHS has on its Type-1 and Type-2 opt-outs is overly complicated. The opt-outs should be made electronically, and as once suggested by @Marcus_Baw, they should look more like this:

Image Marcus Baw
Dame Fiona Caldicott proposed a new opt-out mechanism based on either a single question or two linked questions, but she failed to indicate a favourable option which has delayed any new programme further. This delay has an impact on the health service; the NHS needs a model to be able to share data, and it needs its patients on board. It needs to act swiftly, so that UK citizens – and not private companies – can start reaping the rewards.

Take our cybersecurity of 2016 quiz here!