Tuesday 18 February 2014

NHS information sharing “crisis”: what next?

I feel quite sorry for the NHS officials who are tasked with delivering the project to share NHS patient information more efficiently. They are dedicated professionals, trying to implement what I think is a good idea.

But they are now caught up in a public campaign, which appears to be growing in terms of media coverage, designed to highlight the potential drawbacks of the scheme, and to radically change it. Evidently, “crisis talks” are now taking place to determine what to do next.

Have NHS officials done enough to persuade the majority of the population that there is little to fear from the project? The Privacy Impact Assessment recently published by NHS England asserts that the risks are manageable. It complements the PIA published last year by the Health & Social Care Information Centre (HSCIC), which (surprise, surprise) contained the same message. To be fair, though, the HSCIC’s document focussed less on the potential risks, and more on the privacy safeguards.

Where does this leave us?

It leaves us in a state where a policy decision now needs to be made on whether to delay / abandon the implementation of the scheme (which is penciled in for next month), or whether to carry on regardless. But how much more publicity is required before it is considered that patients have been appropriately informed about the scheme and their right not to participate in it? And who is empowered to say “stop”?

Perhaps some pressure will be placed on the ICO to issue a “go / no-go” pronouncement. But we all know that the ICO is very keen not to stifle innovation, and in any event it is likely to wish NHS England and the HSCIC to receive any negative publicity that would result from such a decision, rather than allow any criticism to focus on the role of the regulator.

NHS England’s PIA was pretty realistic about how the data sharing scheme was likely to resonate with the public. It made the point that there will always be supporters and opponents:  

“In summary, people who conclude that the net impact of care.data on privacy will be positive are very likely to be supportive of the programme. Even people who feel the impact will be detrimental to privacy may recognise that the potential benefits of care.data using data from patient records are great, and may therefore feel they are justified ethically on that basis. However, some people may believe that any use of patient identifiable data without explicit patient consent is unacceptable. These people are unlikely to be supportive of care.data whatever its potential benefits and may object to the use of personal confidential data for wider healthcare purposes.

The HSCIC will be processing data on behalf of NHS England and we have detailed the information governance and pledges in relation to care.data. The HSCIC PIA concludes 'While the HSCIC is new, its functions, including the safe and secure processing of data are well founded, tried and tested in previous constituent organisations. The patient, and therefore protecting patient confidentiality, is at the heart of everything we do'. NHS England is committed to working in partnership with the HSCIC and shares this view.”

One lesson I’ve taken from this saga is that PIAs can be extremely useful tools for people who are keen to take snippets of text and use them out of context. But how useful a document will they become if they all have to be cleared by an organisation’s PR team before they can be formally published?

Another lesson I suspect the Government will take from this saga is that it should postpone proposals for new data sharing legislation until after the next General Election, as such an initiative is hardly likely to be a vote winner.