Reg readers: Don't assume anything when sharing health data

Debate exhibits chronic distrust of policy makers, Big Pharma, and insurance companies

Register Debate This week's Register Debate tussled over the motion Assumed consent is the right approach for sharing healthcare patients' data, beyond their direct care. The results are in, and as you can see, we have a clear winner.

JavaScript Disabled

Please Enable JavaScript to use this feature.

It's possible that there are more intimate forms of personal data than our health records. However those generally arise purely as a result of our personal choices.

But we all generate medical data, and the sharing of it beyond the needs of our "immediate care" – for example with researchers, governments, and commercial organisations getting access to it – is something that affects us all. So, the proposition that "Assumed consent is the right approach for sharing patients' data, beyond their direct care" was always going to provoke a strong reaction among Reg readers, many of whom would have intimate knowledge of how data can flow to unintended destinations.

Let's remind ourselves of how the debate played out.

Dr Katherine Hanks, a GP in Australia, was the first to step into the arena in support of the proposition. She reminded us that GPs are well versed in issues of consent and ethics. While, of course, individual "privacy needs to be robustly defended, this does not necessarily mean that health data can't be aggregated and securely anonymised to further medical and social research."

And she added: "It's important to remember that assumed consent is still informed consent: patients are told that they are assumed to have consented to the sharing of their data for use in metadata analysis and, should they wish to opt out, how to do so. Assuming consent does not displace personal rights, it simply creates a presumption in favour of a public good." In the end, "When it comes to public health, we need to lean towards favouring collective benefits because ultimately, individuals will reap the benefits."

The first commenter out of the traps was Little Mouse who was heavily upvoted for saying: "Unfortunately, I simply don't trust those responsible to treat my data so that it is used for the common good. 'Assumed consent', as I understand things, means giving your consent for your records to be shared around & sold on to pretty much anyone at all who wants."

Flocke Kroes suggested a practical alternative: "Do not share the data at all. Keep it on an air gapped system. Run the queries on the system and return a graph of number ill versus age or a low res heat map of disease incidence. In practice the UK government (blue or red) leaps at every opportunity to become even more untrustworthy. This sort of project should be kept on hold at least until they grow up."

Which sparked a fiery sub debate about capitalism v communism – if you have something that's valuable, isn't it a moral duty to charge as much as you can for it?

Naturally things strayed into organ donor consent. And fuel shortages. As well as previous health mis-steps. All of it relevant, if you care to read the comments.

There were a few supporters for the proposition. Chris Evans pointed out: "I'm nearly finished treatment for Prostate Cancer (They say the treatment should 'cure' me). I had a friend (half my age) who died of cancer last week leaving a wife and two young children. If my medical history could help others I'd be more than glad. They do need to make sure the safeguards are strong and there will probably be breaches, but to help my fellow citizens it seems a no brainer to me."

Veteran privacy campaigner Phil Booth stepped in on Tuesday, making the argument that "Assuming consent for non-care uses of your medical information is not like implied consent for your own care."

It certainly doesn't mean "also handing your most sensitive health details to marketers who sell products to anywhere in the NHS (not just you). It certainly doesn't automatically include you in experiments without your knowledge or permission, whether on the type of treatment you or others get, how well or badly it goes – or, as is increasingly the case, to train AIs or develop mutant algorithms." And on a purely practical level in the UK, Phil argued, promised safeguards have yet to be delivered.

How did this go down with the readers? Well, Sorry, you cannot reuse an old handle attracted lots of reader love for saying: "The writer is spot on 'Why does consent even need to be assumed?' Because the government knows full well that express consent would rarely be given, so it uses the oxymoron of 'assumed consent'. Newsflash: if it's assumed, it isn't consent."

Getting very practical, Jmch pointed out that: "Anyone working with datasets knows that anonymised data can easily be de-anonymised. The higher the level of detail in a dataset, the easier it is to find unique points that can trace back to individuals."

And Citizen of Nowhere added: "This. And the fact that datasets can be combined and once they are, what appeared 'securely' anonymous in only one of them may not remain so after the data is combined."

On a completely different note, ibmalone took issue with Phil's use of the phrase "mutant algorithm", suggesting it actually lets policy makers off the hook. "Whatever the algorithm in question, it hasn't crawled out of the sea in some 50's B movie."

But are there technical reasons to question at least the current setup in the UK?

One Anonymous Coward said they worked in the NHS and are responsible for handing over patient data to nonprofit organisations run by doctors to provide anonymous datasets for future studies of rare diseases: "If you have a complex and rare disease you should assume your data has been harvested for storage in a research registry."

And how might those who suffer from the rare disease feel? Step forward our third contributor, Dominic Nutt, a patient advocate and health campaigner specialising in medical innovation.

He pointed out that society is happy to hand over personal data for debatable rewards – while accepting that this general position didn't apply to the Reg readership.

More specifically, he argued: "I am a type-1 diabetic. My antibodies attacked cells on my pancreas. I was also diagnosed with a rare cancer, which, if – or more likely when – it comes back it will be incurable." Sharing data, he said, "will change the way research – currently based on the diminishing returns of randomised clinical trials – takes place."

Dom even shone a light on tech hackery in the diabetic community, pointing out: "We combine our insulin pumps which have a Bluetooth facility, with our constant glucose monitoring (CGM) systems... [And] by working together, and sharing data, we... have worked a hack whereby our CGMs automatically speak to our insulin pumps and adjust our doses for us, leaving us free to carry on as normal without having to intervene every five minutes."

One Anonymous Coward said they would no doubt feel the same as Dominic in his position: "But with respect, that's not what the debate is about... This is – perhaps slightly simplistically – about all your, and everyone else's, medical data being available to anyone for any purpose if you fail to opt out."

And alain williams pointed out: "What is the cost & to whom? … To someone who illegally re-identifies his data which is then sold there is money to be made but there is little cost if this act is found; maybe at worse a fine for his corporation. If there were large personal fines then someone who re-identifies data might not do this. Part of the problem is that most re-identification is hidden behind corporate doors."

vtcodger, a type 2 diabetic, took a broader view, expressing sympathy with Dominic's situation but adding: "Should it be available to scumbag marketers (is there any other kind of marketer?) Hell no. And speaking only for myself, I'm in favor of jail time – lots of it – for those marketing types who will inevitably try to pierce the veil of anonymity."

ST cryptically added: "here comes the fear argument If you don't give us your patient data, they will have to cut off your arms and legs. Sadly, the fear argument still works."

It fell to yours truly to wade in against the proposition on Thursday, suggesting that while assumed consent works in theory, it doesn't in practice. At least not yet. While the UK's NHS has set a great example to the world in many areas, it has consistently failed to put forward a compelling argument why we should trust it to securely handle our data. Looking further afield, the US's biometric programme in Afghanistan gives an abject lesson in how tech policies can be overtaken by events on the ground. So, given that debates don't usually have a "not yet" option, the answer has to be no.

But that wasn't a strong enough no for many readers.

Citizen of Nowhere said it was "Difficult (for me at least) to fathom how someone who specifically points out the potentially lethal results of data of/about Afghanis collected under the previous regime falling into the hands of the Taliban and still comes the conclusion 'Not Yet' rather than 'Not Ever' in answer to the question being polled." Some objections were framed, shall we say, more strongly.

But forthright as the reactions were to all our contributors, they were also generally well informed, serving up lots more food for thought. It's just possible to hypothesise that those who were broadly supportive of the proposal were more likely to have personal experience of illness or health concerns. But, of course, that's not the sort of data we capture at The Register.

What we can show is that, in the end, the medical arguments failed to trump the privacy and confidentiality arguments. The Reg readership voted overwhelmingly against the proposal. ®

Broader topics

Other stories you might like

  • Google keeps legacy G Suite alive and free for personal use

    Google has quietly dropped its demand that users of its free G Suite legacy edition cough up to continue enjoying custom email domains and cloudy productivity tools.

    This story starts in 2006 with the launch of “Google Apps for Your Domain”, a bundle of services that included email, a calendar, Google Talk, and a website building tool. Beta users were offered the service at no cost, complete with the ability to use a custom domain if users let Google handle their MX record.

    The service evolved over the years and added more services, and in 2020 Google rebranded its online productivity offering as “Workspace”. Beta users got most of the updated offerings at no cost.

    Continue reading
  • GNU Compiler Collection adds support for China's LoongArch CPU family
    MIPS...ish is on the march in the Middle Kingdom

    Version 12.1 of the GNU Compiler Collection (GCC) was released this month, and among its many changes is support for China's LoongArch processor architecture.

    The announcement of the release is here; the LoongArch port was accepted as recently as March.

    China's Academy of Sciences developed a family of MIPS-compatible microprocessors in the early 2000s. In 2010 the tech was spun out into a company callled Loongson Technology which today markets silicon under the brand "Godson". The company bills itself as working to develop technology that secures China and underpins its ability to innovate, a reflection of Beijing's believe that home-grown CPU architectures are critical to the nation's future.

    Continue reading
  • China’s COVID lockdowns bite e-commerce players
    CEO of e-tail market leader JD perhaps boldly points out wider economic impact of zero-virus stance

    The CEO of China’s top e-commerce company, JD, has pointed out the economic impact of China’s current COVID-19 lockdowns - and the news is not good.

    Speaking on the company’s Q1 2022 earnings call, JD Retail CEO Lei Xu said that the first two years of the COVID-19 pandemic had brought positive effects for many Chinese e-tailers as buyer behaviour shifted to online purchases.

    But Lei said the current lengthy and strict lockdowns in Shanghai and Beijing, plus shorter restrictions in other large cities, have started to bite all online businesses as well as their real-world counterparts.

    Continue reading
  • Foxconn forms JV to build chip fab in Malaysia
    Can't say when, where, nor price tag. Has promised 40k wafers a month at between 28nm and 40nm

    Taiwanese contract manufacturer to the stars Foxconn is to build a chip fabrication plant in Malaysia.

    The planned factory will emit 12-inch wafers, with process nodes ranging from 28 to 40nm, and will have a capacity of 40,000 wafers a month. By way of comparison, semiconductor-centric analyst house IC Insights rates global wafer capacity at 21 million a month, and Taiwanese TSMC’s four “gigafabs” can each crank out 250,000 wafers a month.

    In terms of production volume and technology, this Malaysian facility will not therefore catapult Foxconn into the ranks of leading chipmakers.

    Continue reading
  • NASA's InSight doomed as Mars dust coats solar panels
    The little lander that couldn't (any longer)

    The Martian InSight lander will no longer be able to function within months as dust continues to pile up on its solar panels, starving it of energy, NASA reported on Tuesday.

    Launched from Earth in 2018, the six-metre-wide machine's mission was sent to study the Red Planet below its surface. InSight is armed with a range of instruments, including a robotic arm, seismometer, and a soil temperature sensor. Astronomers figured the data would help them understand how the rocky cores of planets in the Solar System formed and evolved over time.

    "InSight has transformed our understanding of the interiors of rocky planets and set the stage for future missions," Lori Glaze, director of NASA's Planetary Science Division, said in a statement. "We can apply what we've learned about Mars' inner structure to Earth, the Moon, Venus, and even rocky planets in other solar systems."

    Continue reading
  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading

Biting the hand that feeds IT © 1998–2022