Care.data is an NHS England project to store all GP patient data in a central database housed by the Health and Social Care Information Center (HSCIC). There it was to be amalgamated with the HES data already housed, and made available to researchers (and effectively anyone who would pay for it). But the project was botched from the beginning. Patients were given insufficient and confusing information, including being told they could opt out when the could not. In the end, the government decided to delay the project (data was originally due to be uploaded next month) for six months.
It was subsequently learned that the PA Consulting management consultancy firm had earlier obtained 27 DVDs of HES data from HSCIC, and had uploaded that data to Google cloud for analysis under Google's BigQuery. "The alternative was to upload it to the cloud using tools such as Google Storage and use BigQuery to extract data from it… Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds," wrote PA Consulting at the time.
This caused further consternation, with privacy activists asking how interactive maps could be obtained from supposedly anonymized data. Two weeks ago Ross Anderson, chair at the Foundation for Information Policy Research; Phil Booth, coordinator at medConfidential; and Nick Pickles, director at Big Brother Watch, together filed a complaint with the ICO requesting that the issue now be examined in relation to the Data Protection Act.
"We request that you investigate the potential breaches of UK laws and regulations resulting from the uploading of patient data to Google's cloud services," says the complaint to the ICO. "This relates not just to the Data Protection Act 1998, but to the relevant NHS regulations and the relevant human-rights law (including I v Finland) as these all set the reasonable expectations that patients had when they supplied their information to the NHS, and thus are fundamental for fair processing."
Now the whole concept of sharing health data has suffered a further blow. The Times (paywall) yesterday reported that "Google has pulled out of a groundbreaking deal to include NHS data within its search results, blaming a 'toxic' backlash against controversial plans to link GP patient records." Google had been in secret talks with the NHS over plans to display hospital statistics against hospital searches, but abandoned the idea last month during the media storm over care.data, "which sources said made 'the atmosphere too toxic to proceed.'"
A Google spokesperson told The Times, "We think the secure use of data could provide real benefits for the NHS and for patients. It could help answer patients' queries about the best hospitals to treat their symptoms, with the shortest waiting times and so on. But this is an important matter that needs to be debated between the NHS, the Government and the public."
| Update: The PA Consultancy Group contacted Infosecurity with a statement: |
|
"PA works closely with the NHS to improve patient care and has done so for over 20 years. For example we have supported the National Orthopaedics Programme, and helped to reduce waiting times for NHS operations. Over the past two years we have run a project to show the NHS how insight can be quickly and cost-effectively generated from large volumes of health data, enabling better care for patients. PA signed a data sharing agreement to gain access to the Hospital Episode Statistics dataset from the Health and Social Care Information Centre. The dataset does not contain information that can be linked to specific individuals and is held securely in the cloud in accordance with conditions specified and approved by HSCIC. Access to the dataset is tightly controlled and restricted to the small PA project team. Our new approach to extracting insight from large volumes of data can help the NHS improve patient care. We have shown where services are needed most by patients and identified previously unseen side effects of drugs and treatments. Our approach protects patient confidentiality and allows insights to be derived at significantly lower cost, and a hundred times faster, than any traditional approach." |