Care.data is the name given to the controversial central database due to hold all records and health data for all NHS England's patients, drawn from both hospital and GP files; and to be made available, effectively, to anyone willing to buy it. When the Guardian ran a headline in January claiming "NHS patient data to be made available for sale to drug and insurance firms," it was rapidly rebutted by NHS England’s Chief Data Officer, Dr Geraint Lewis.
"Patients and their carers," said Lewis, "should know that no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC [the organization that will hold and control the database] never profit from providing data to outside organizations.” MedConfidential, an organization campaigning against care.data immediately pointed out that one of the stated benefits is to "enable insurance companies to accurately calculate actuarial risk so as to offer fair premiums to its customers;" and that NHS England has published a price list and has stated that "additional customer organizations may include: Universities and other academic research organizations, Commercial companies..."
Earlier this week, despite previous public assertions that care.data would be secure, and that any patients who do not wish to be identified to third parties would be adequately protected by pseudonymization, the Telegraph published details of NHS England's own risk assessment. It included, “While there is a privacy risk that the analysts granted access to these pseudonymized flows could potentially re-identify patients maliciously by combining the pseudonymized data with other available datasets (a technique known as a jigsaw attack) such an attack would be illegal and would be subject to sanction by the Information Commissioner’s Office.”
Critics of the scheme have pointed out that criminals tend not to follow the law.
Given this amount of confusion and criticism over what is actually happening, NHS England has perhaps unsurprisingly decided to delay implementing the scheme by six months. In a statement yesterday it announced that it would delay the scheme until the Autumn; would "develop additional practical steps to promote awareness with patients and the public;" would look into "further measures that could be taken to build public confidence;" and would start a small voluntary test exercise.
This is not rethinking the project – it is an attempt to repair a public relations disaster. Neither the general public nor doctors themselves seem to know what care.data is about. When this writer asked his own GP about it, the GP hadn't even heard of care.data. Faced with such confusion and lack of understanding, Tim Kelsey (national director for patients and information at NHS England) said yesterday, “NHS England exists for patients and we are determined to listen to what they tell us. We have been told very clearly that patients need more time to learn about the benefits of sharing information and their right to object to their information being shared. That is why we are extending the public awareness campaign by an extra six months.”
Critics of the scheme are pleased, but not necessarily satisfied. "This is not the end of the issue," wrote Big Brother Watch in a blog post. "We have significant ongoing concerns regarding the care.data scheme, both in terms of how patients have been told about what is happening and the long term privacy implications of creating a new database and releasing data that could be used to re-identify patients."
Phil Booth, coordinator of medConfidential, said, “This delay will mean nothing if the care.data programme is not overhauled to provide patients with a clear and constantly updated picture of exactly who will have access to their data, why and what for. The entire scheme could do with a radical dose of transparency.”