Privacy advocates have been secretly expelled from the NHS's care.data discussions group, while lobbyists backed by biotech corporations have kept their places at the table.
The care.data Advisory Group was established in March 2014, after the scheme's first collapse, as part of a process to get care.data – which intends to centralise patients' health and social care data so it can be packaged and sold to private corporations – up and running again.
As NHS England declared at the time: “Together we can get care.data absolutely right.”
However, while the Advisory Group's terms of reference (PDF) trumpeted how “efforts will be made to have broad representation” among those reporting to the NHS mandarins, it seems that the contributions of privacy campaigners from medConfidential and Big Brother Watch were not welcomed by the powers-that-be.
The Advisory Group was closed last year and replaced by a new Strategic Oversight Board, although the news of this is only contained in the minutes of the final meeting (PDF) chaired by Tim Kelsey, who has since fled the NHS to take up a director's role at the Australian medi-telco Telstra Health.
No mention of the Advisory Group's closure is visible on NHS England's website, which effectively keeps the secret by maintaining a page suggesting the group is active and involved in consultations despite the fact that it has been defunct for almost four months.
Questions asked in Parliament by Lord Hunt revealed the almost identical composition of the two talking shops. The only active members of the advisory group who were excluded from the new Strategic Oversight Board were the privacy campaigners.
It is not clear who at NHS England decided upon the invitation list, which was passed to the board's new chair, Lord Darzi.
Meanwhile, Patients4Data – a campaigning organisation financially supported by academia but also by seemingly every large British biotech firm – has managed to retain its place at the table. As noted by left-wing blog Political Scrapbook, Patients4Data until last year described George Freeman MP, the minister for life sciences, and former biomedical venture capital hangabout, as its “parliamentary founder” – in response to which Freeman's office denied having any “ongoing role or connection to the group.”
A recent study into the scheme carried out by the University of Cambridge found that care.data was “launched in a contradictory regulatory landscape” and wracked with “unrealistic expectations” regarding the potential for patient health and social care data to be sufficiently anonymised when shared.
The study noted:
Politicians and program managers categorize data as “anonymous” and “pseudonymous” to assuage concerns about patient identification. But in the technology world, data can rarely be fully anonymous. Data collected for medical research demands certain identifiers that can leave the data vulnerable to re-identification. Also, politicians and the public cannot be expected to sign away data to IT systems that evolve at a rapid pace. A “secure haven for data” today may not be so tomorrow.
Confidentiality issues had been included in “a review of standards of data security for patients’ confidential data across the NHS to be carried out by the Care Quality Commission (CQC)” announced by Health Secretary Jeremy Hunt last year.
Dame Fiona Caldicott, a regular go-to for reports and reviews of confidentiality in the use of NHS patient data, was tagged to contribute to the 2015 review “by developing clear guidelines for the protection of personal data against which every NHS and care organisation will be held to account.”
Talking to The Register, Phil Booth, coordinator at medConfidential said: “Last summer Jeremy Hunt asked for the Caldicott Review of consent, because, as long as NHS England neglect patient privacy, there will be no trust or confidence in their plans. Did someone forget about it yet again?”
The Register has contacted NHS England to ask about the mysterious state of the Strategic Oversight Board. We will update this story if we hear from them. ®
Sponsored: Ransomware has gone nuclear