The hated Care.data scheme was dysfunctional and undemocratic from the get-go, according to a new case study from wannabe boffins studying on Cambridge University's Masters of Public Policy programme.
The peer-reviewed case study is published in Technology Science, which describes itself as an open-access journal for those studying the conflicts arising between technology and society.
Billed as "award-winning" (although the award is internal, and better described as a class prize) the study, titled "Care.data and access to UK health records: patient privacy and public trust" looks at the multiple failures which have affected the scheme.
Digging into care.data, the researchers found that that the current programme is "highly problematic" and "faces multiple challenges due to its mismanagement and miscommunications, inadequate protections for patient anonymity, and conflicts with doctors."
They case study additionally criticises the "unsuitable" opt-out system, the "unclear criteria for accessing the collected health data", and "the risk it poses to the trust between patients and general practitioners."
The study was made as part of a systems course taught by the University of Cambridge's Professor Ross Anderson, and taught to probable Permanent Secretaries of the future - though the students are of a rich international stock.
Noting the care.data "fiasco", Professor Anderson described the team as telling "the story of how mismanagement, conflicts and miscommunication led to a failure of patient privacy on an industrial scale".
Talking to The Register, campaign group medConfidential's Phil Booth applauded the "very elegant language" of the report, and suggested focusing particularly on the following:
care.data was initially poised to be launched under the radar without democratic consultation or diverse viewpoints, then was subjected to multiple bodies of regulation in order to stay afloat, then came under increasingly greater scrutiny due to distrust.
"This is the starting point," said Booth, who approved of the case study, and drew attention to the part of the report which addressed how NHS England consistently insulated stake-holders from being able to address each other. "This is where care.data came from. I don't see how that can be undone, or how it can be fixed."
The study's authors wrote: "The care.data program reveals NHS England's top-down culture, ratifying decision-making according to its own desired outcomes."
They state there are three broad problem areas for the scheme:
- Management and communications: In the largest overhaul of the centralisation of health data, politicians and program managers pushed plans for collecting, storing, and selling national health and social care data without properly consulting stakeholders or informing the general public. As concerns about privacy have grown, the government’s response has been insufficient to address public concerns over data safety.
- Unrealistic expectations: Politicians and program managers categorize data as “anonymous” and “pseudonymous” to soothe concerns about patient identification. But in the technology world, data can rarely be fully anonymous. Data collected for medical research demands certain identifiers that can leave the data vulnerable to re-identification. Also, politicians and the public cannot be expected to sign away data to IT systems that evolve at a rapid pace. A “secure haven for data” today may not be so tomorrow.
- Legal complications: The Care.data program was launched in a contradictory regulatory landscape. GPs are legally torn between their duty to keep their patients’ records secure and their duty to transfer records to the Health and Social Care Information Centre (HSCIC) for the purpose of “improving patient care.” In addition, current statutes and codes applicable to stakeholders are not robust enough to prevent commercial and political actors from using medical data for financial gain.
The Register contacted NHS England regarding the study, and a spokesperson told us "There has been a change in the law so that patient information can only ever be used if it will benefit health and care.
"We are working with patients and GPs to communicate the benefits of the programme and to let them know they have the right to opt out if they want to. No patient information will be looked at until National Data Guardian Dame Fiona Caldicott is satisfied with the programme’s proposals and safeguards." ®