Reg readers: Don't assume anything when sharing health data
Debate exhibits chronic distrust of policy makers, Big Pharma, and insurance companies
Register Debate This week's Register Debate tussled over the motion Assumed consent is the right approach for sharing healthcare patients' data, beyond their direct care. The results are in, and as you can see, we have a clear winner.
It's possible that there are more intimate forms of personal data than our health records. However those generally arise purely as a result of our personal choices.
But we all generate medical data, and the sharing of it beyond the needs of our "immediate care" – for example with researchers, governments, and commercial organisations getting access to it – is something that affects us all. So, the proposition that "Assumed consent is the right approach for sharing patients' data, beyond their direct care" was always going to provoke a strong reaction among Reg readers, many of whom would have intimate knowledge of how data can flow to unintended destinations.
Let's remind ourselves of how the debate played out.
Dr Katherine Hanks, a GP in Australia, was the first to step into the arena in support of the proposition. She reminded us that GPs are well versed in issues of consent and ethics. While, of course, individual "privacy needs to be robustly defended, this does not necessarily mean that health data can't be aggregated and securely anonymised to further medical and social research."
And she added: "It's important to remember that assumed consent is still informed consent: patients are told that they are assumed to have consented to the sharing of their data for use in metadata analysis and, should they wish to opt out, how to do so. Assuming consent does not displace personal rights, it simply creates a presumption in favour of a public good." In the end, "When it comes to public health, we need to lean towards favouring collective benefits because ultimately, individuals will reap the benefits."
The first commenter out of the traps was Little Mouse who was heavily upvoted for saying: "Unfortunately, I simply don't trust those responsible to treat my data so that it is used for the common good. 'Assumed consent', as I understand things, means giving your consent for your records to be shared around & sold on to pretty much anyone at all who wants."
Flocke Kroes suggested a practical alternative: "Do not share the data at all. Keep it on an air gapped system. Run the queries on the system and return a graph of number ill versus age or a low res heat map of disease incidence. In practice the UK government (blue or red) leaps at every opportunity to become even more untrustworthy. This sort of project should be kept on hold at least until they grow up."
Which sparked a fiery sub debate about capitalism v communism – if you have something that's valuable, isn't it a moral duty to charge as much as you can for it?
Naturally things strayed into organ donor consent. And fuel shortages. As well as previous health mis-steps. All of it relevant, if you care to read the comments.
There were a few supporters for the proposition. Chris Evans pointed out: "I'm nearly finished treatment for Prostate Cancer (They say the treatment should 'cure' me). I had a friend (half my age) who died of cancer last week leaving a wife and two young children. If my medical history could help others I'd be more than glad. They do need to make sure the safeguards are strong and there will probably be breaches, but to help my fellow citizens it seems a no brainer to me."
Veteran privacy campaigner Phil Booth stepped in on Tuesday, making the argument that "Assuming consent for non-care uses of your medical information is not like implied consent for your own care."
It certainly doesn't mean "also handing your most sensitive health details to marketers who sell products to anywhere in the NHS (not just you). It certainly doesn't automatically include you in experiments without your knowledge or permission, whether on the type of treatment you or others get, how well or badly it goes – or, as is increasingly the case, to train AIs or develop mutant algorithms." And on a purely practical level in the UK, Phil argued, promised safeguards have yet to be delivered.
How did this go down with the readers? Well, Sorry, you cannot reuse an old handle attracted lots of reader love for saying: "The writer is spot on 'Why does consent even need to be assumed?' Because the government knows full well that express consent would rarely be given, so it uses the oxymoron of 'assumed consent'. Newsflash: if it's assumed, it isn't consent."
Getting very practical, Jmch pointed out that: "Anyone working with datasets knows that anonymised data can easily be de-anonymised. The higher the level of detail in a dataset, the easier it is to find unique points that can trace back to individuals."
And Citizen of Nowhere added: "This. And the fact that datasets can be combined and once they are, what appeared 'securely' anonymous in only one of them may not remain so after the data is combined."
On a completely different note, ibmalone took issue with Phil's use of the phrase "mutant algorithm", suggesting it actually lets policy makers off the hook. "Whatever the algorithm in question, it hasn't crawled out of the sea in some 50's B movie."
But are there technical reasons to question at least the current setup in the UK?
One Anonymous Coward said they worked in the NHS and are responsible for handing over patient data to nonprofit organisations run by doctors to provide anonymous datasets for future studies of rare diseases: "If you have a complex and rare disease you should assume your data has been harvested for storage in a research registry."
And how might those who suffer from the rare disease feel? Step forward our third contributor, Dominic Nutt, a patient advocate and health campaigner specialising in medical innovation.
He pointed out that society is happy to hand over personal data for debatable rewards – while accepting that this general position didn't apply to the Reg readership.
More specifically, he argued: "I am a type-1 diabetic. My antibodies attacked cells on my pancreas. I was also diagnosed with a rare cancer, which, if – or more likely when – it comes back it will be incurable." Sharing data, he said, "will change the way research – currently based on the diminishing returns of randomised clinical trials – takes place."
Dom even shone a light on tech hackery in the diabetic community, pointing out: "We combine our insulin pumps which have a Bluetooth facility, with our constant glucose monitoring (CGM) systems... [And] by working together, and sharing data, we... have worked a hack whereby our CGMs automatically speak to our insulin pumps and adjust our doses for us, leaving us free to carry on as normal without having to intervene every five minutes."
One Anonymous Coward said they would no doubt feel the same as Dominic in his position: "But with respect, that's not what the debate is about... This is – perhaps slightly simplistically – about all your, and everyone else's, medical data being available to anyone for any purpose if you fail to opt out."
And alain williams pointed out: "What is the cost & to whom? … To someone who illegally re-identifies his data which is then sold there is money to be made but there is little cost if this act is found; maybe at worse a fine for his corporation. If there were large personal fines then someone who re-identifies data might not do this. Part of the problem is that most re-identification is hidden behind corporate doors."
vtcodger, a type 2 diabetic, took a broader view, expressing sympathy with Dominic's situation but adding: "Should it be available to scumbag marketers (is there any other kind of marketer?) Hell no. And speaking only for myself, I'm in favor of jail time – lots of it – for those marketing types who will inevitably try to pierce the veil of anonymity."
ST cryptically added: "here comes the fear argument If you don't give us your patient data, they will have to cut off your arms and legs. Sadly, the fear argument still works."
It fell to yours truly to wade in against the proposition on Thursday, suggesting that while assumed consent works in theory, it doesn't in practice. At least not yet. While the UK's NHS has set a great example to the world in many areas, it has consistently failed to put forward a compelling argument why we should trust it to securely handle our data. Looking further afield, the US's biometric programme in Afghanistan gives an abject lesson in how tech policies can be overtaken by events on the ground. So, given that debates don't usually have a "not yet" option, the answer has to be no.
But that wasn't a strong enough no for many readers.
Citizen of Nowhere said it was "Difficult (for me at least) to fathom how someone who specifically points out the potentially lethal results of data of/about Afghanis collected under the previous regime falling into the hands of the Taliban and still comes the conclusion 'Not Yet' rather than 'Not Ever' in answer to the question being polled." Some objections were framed, shall we say, more strongly.
But forthright as the reactions were to all our contributors, they were also generally well informed, serving up lots more food for thought. It's just possible to hypothesise that those who were broadly supportive of the proposal were more likely to have personal experience of illness or health concerns. But, of course, that's not the sort of data we capture at The Register.
What we can show is that, in the end, the medical arguments failed to trump the privacy and confidentiality arguments. The Reg readership voted overwhelmingly against the proposal. ®