Not to want the NHS to share my confidential medical records?

[SusanC5]

I'm unhappy that any medical information that I share with my GP will be shared as from April this year I believe. My postcode and my NHS number could be released to "approved researchers".

I do not trust the NHS with my personal and confidential information.

AIBU?

The NHS is being broken down and sold off to private providers by stealth though, and we may not have an NHS in the future, by which time our personal data will be out of our hands and out of our control. If we had a robust, cohesive Labour government who were investing in the NHS, then I might think twice about sharing my data. I am not putting my records into the hands of private providers and "approved organisations" (they are not approved by me). There is not enough transparency and things aren't specific enough for me to hand my family's data over to these unknowns. Tread fucking carefully.

Cunty were you aware that that the labour government's connecting for health their big data base was going to go through without patients consent, where you aware that when they were told by privacy advocates
that people needed to be able to opt out that they were going to demand that patients wishing to opt out have an interview to explain their reasons, were you aware that they were going to outsource the work of inputting patients information onto the data base to India, that combined with the national identity scheme proves very much that labour were just as bad as the tories as handling our data - would you STILL share your data with them - I bloody wouldnt

Daisychain yes your name WILL be seen
see below - this was written by a GP

Personal confidential data - your identifiable Red data

In Release 1 of care.data, this information will only be released to those requesting it in an aggregated, anonymised or pseudonymised form, but a bit later on, from Release 2 of care.data onwards, it could be clearly identifiable as your information, and you will not be asked for your permission before your "Red" data is distributed.

While the Health and Social Care Act 2012 empowered the HSCIC to collect and hold confidential data compulsorily from GP surgeries, this did not include the power to distribute this data in an identifiable form without a legal justification such as individual patient consent or Section 251 of the NHS Act 2006.

Section 251 can and will inevitably be used to disseminate clearly identifiable information from care.data to other organisations - so bypassing any requirement to seek your consent. It grants the Secretary of State for Health the legal authority to do this, for both research and non research purposes.

The HSCIC already uses s251 exemptions to allow identifiable data, currently from HES, to be disseminated to commissioning groups and to other organisations, without seeking explicit patient consent.

The regulations that enable and control Section 251 are called the Health Service (Control of Patient Information) Regulations 2002.

Currently, the Confidentiality Advisory Group (CAG) meets to consider applications for access to identifiable data without patient consent under Section 251, as empowered by Regulation 5a of the Regulations, and makes recommendations to the SoS for Health for research applications. Releases under Reg 5a require both the approval of the SoS for Health and CAG.

However, Section b of Regulation 5 allows the Secretary of State to have sole power to release sensitive medical and personal information, which would include that sourced from care.data, for non research purposes. He/she may seek the advice of a research ethics committee, such as CAG, but is under no obligation to.

At present, it remains uncertain as to whether there will be truly independent scrutiny for applications to extract identifiable information from your care.data records without your explicit consent. Approval for research purposes might be considered by the CAG, but might well be considered by the HSCIC's own in-house advisory group, The Data Access Advisory Group (DAAG).

Two things are for certain though.

Researchers may well be "approved" - but they won't be approved by you.

And access to pseudonymised (potentially identifiable or Amber) information extracts have no requirement for advisory group consideration and approval, or independent oversight and scrutiny.

And yes people like me are seeing beyond the immediate we are looking to the future, they say they will only release personal data 'where the law allows' but laws will change - what the law wont allow today it will in a couple of years time, they say information will be shared if it's in the public interest, but who decides what that is - not the public

Re Research - Research uses of this specific GP care.data extract are not yet approved according to the Chief Data Officer on the project this week, though I agree documentation is conflicting. The care.data GPES is approved for commissioning.

I totally agree DaisyChain01, anonymised data or properly pseudonymised data under clinical governance should be used for research - but this care.data adds only 1 year of GP data - so why not ask for consent separately for patient confidential data use in research as would be commonly the ethical standard and good practice recommended for other research cohorts? We have to speak to GP practice to object, it could have been the reverse. HSCIC already has over 10 years of other health / hospital data. I know I've never been asked. Researchers can already access all this other data under ethics committees approval and so on, and can contact patients for trials only through their GP – a totally different governance process with GP clinician involvement. We should be able to give research access, without it having to go to BUPA and third parties for referring patients to go to private health providers. It's NHS owned data, about us NHS patients and NHS staff and locations, paid for by taxpayer money in a system which has cost us billions so we need to find a solution which works. For research and other purposes.

That use in research should be seen as quite separate from the other uses of data to third parties under HSCIC, data-recouping costs to commercial companies and intermediaries. HSCIC is not primarily about clinical research data at all. But about health intelligence data.

There should be nothing wrong ethically about assuming privacy and confidentiality. It is at the heart of a GPs training. It's not about not playing your part in the greater good, but not confusing too many purposes in an assumed blanket 'yes' which feels unethical. Especially for children, as their data is in forever if parents do nothing. And not all Mums are going to be informed.

TheABB yes, the points you make speak to my comment about not throwing the baby out with the bathwater.

As a society, we do need to find a way of using medical data for the common good without people losing their right to anonymity and privacy. I work in the field where ethics is a primary driver and can say hand on heart that there are currently good checks and balances in place in certain applications of clinical data usage (full informed consent is the cornerstone of what I do).

I agree wholeheartedly that the government officials are often culpable of wanton disregard as regards people's individual rights, they are invariably more interested in headline grabbers for self-serving purposes in their term of office. In other words, the decisions they make today are the thin end of the wedge and affect future generations.

What can individuals do? Engage with their GP first and foremost, as they will undoubtedly want to reassure and guide the patients in their practice. We have booked an appointment with our's to talk about this.

Also do a risk assessment of their family circumstances to decide "what does this data sharing mean to me and my family?"before automatically assuming it is all bad and that there is no good that can come from this. The internet can be our best friend in terms of finding stuff out, but it can also be our worst enemy, where it creates anxiety, confusion or mis-information. Not everyone has the time and energy to sift through the glut of information to make sense of it all (I am saying this as a researcher who has this human problem myself, Im not a computer I cant validate everything, and it does give me concern that others may also feel this way).

The good thing about Mumsnet is that it is a great way to raise awareness.

DaisyChain01 - thank you for what you do - we need research and ethics and medicine to work hand-in-hand - you mention the challenge of the misinformation on the Internet, and I totally agree.

What has surprised me, is that in part it has been permitted to be incorrect in many leading places in significant ways by the Dep of Health/HSCIC and they have failed to come out with clear answers to simple questions repeatedly, such as "is there a 100% opt out if I don't want my data shared for anything other than clinical care?" And as an example, the BBC article www.bbc.co.uk/news/health-25588544 took 4 days of requests to get them to remove that it was extracting anonymous data. And all over the place they have permitted the idea there is an opt-out, even in the parliamentary briefing Note: SN06781 it states " ...and how patients’ can opt out of having information from their medical records shared, through care.data." Which would lead us ordinarily to believe that we can ask that no data is shared beyond the GP practice, which is not the case. So the people on the project communications, engagement and leadership, should be the ones sifting through the web information glut and making sure it is all accurate. When the flyer is so obtuse, it can only create the impression that there is a deliberate lack of accuracy - there are people whose job it is - it shouldn't be up to mothers like me, to be telling project & the DH why their comms will fail and be ignored and then £2M later, we all agree the flyer is a waste of money for communicating simple clear facts. Even GPs only know what they have been told, and many don't know it overwrites the Summary Care Records choices, nor that it is not anonymous, or that it is compulsory. So because they have been given poor information, they cannot be expected to give out full facts either. And you shouldn't have been put in the position by all that, that you feel a need to take up clinical GP appt. time with the GP to get some good information, but you should have been able only to ask at Reception or on their 0300 456 3531 helpline for clear facts. Even if this project were to bring nothing but great things for public health, the communications and responsibility for its rollout has been dire. You can debate whether by design or not.

Where have the Secretary of State for Health and HSCIC leaders been whilst we patients are left with confusion? On TV or in the papers giving a clear and factual account of the plans for our health service and our data used in it? No. Signing a US Memorandum of Understanding to share data further and 'prime the UK market for US service providers': www.mumsnet.com/Talk/mumsnet_campaigns/1983765-Who-will-own-our-Health-data-in-a-future-NHS

It would be interesting to know what the ethics are of assumed consent and no opt out. You and your colleagues assume the right things as the cornerstone of what you do. I fear that our leaders, do not.

Even if this project were to bring nothing but great things for public health, the communications and responsibility for its rollout has been dire

Yes TheABB, I agree, the flyer is vague, high-level and ambiguous, it causes so many people to feel stressed and powerless - "it's a done-deal", but the opt-out is so damn convoluted to chase after, it puts the onus on hard-pressed, hard working families to sort out!

Ethics of assumed consent generally take place where the practicalities and administration of getting each and every person in the country affected by this (i.e. everyone!) to physically sign up to it are overwhelming. The government are there to provide adequate and timely information in advance, to inform the decision people need to take and they give the ability for the opt-out instead of opt in. The choice of "I am fine giving my data to valid research organisations" takes place unless the person proactively uses the opt-out of "no I am not fine, do not include me in this initiative").

It all seems so rushed, so poorly administered - if I and my colleagues worked like this, we'd be in serious breech and misconduct.

I happened to do a quick search and (hopefully to reassure people who have not seen this)

NHS Response to Guardian Story

The important sentence is as follows:-

It is vital, however, that this debate is based on facts, and that the complexities of how we handle different types of data are properly understood. Patients and their carers should know that no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC never profit from providing data to outside organisations

I know there are no guarantees in life, but maybe this will put people's minds at rest at least for the time being....

Well THIS is a fact
taken from this written by a GP care-data.info/

The HSCIC also says that identifiable (Red) data will be available to insurance companies - as long as those companies promise that they will not use it "for the purposes of selling or administering any kind of insurance", and as long as their reason for wanting the data was "to improve NHS patient care".

If as the NHS said no data will be made available to insurance companies for selling etc why not make it illegal for them to do so, why not say we will fine you millions if we find out you are misusing the information

No they ask them to PROMISE they wont do it and when the insurance companies do just that the NHS will throw up their hands in horror and say well they PROMISED they wouldn't do it and in the meantime Insurance companies are saving millions in refusing to pay out and making millions by selling their services.

And you think its going to put anyones mind at rest - dream on

Why would insurance companies want our info to "improve NHS patient care?"

They don't care for is do they?

Mrsdavidcaruso - then you are free to opt out.

It sounds like nothing that is said to you will make a difference, you have chosen your attitude.

I have previously declared my interest in NHS data as a researcher, but I would like to clear up a few assumptions (once again).

Care.data will not be used for research.

Data that is being used for research - and has been for nearly 20 years now is a completely different data extraction called GPRD - not CPRD. There has NEVER been a breach of confidentiality with GPRD/CPRD. I should know as I've used their data for nearly 20 years of research.

I too have concerns about care.data - but please, do not mix them up with a real research resource.

Research conducted on GPRD/CPRD is always high profile and useful to the NHS. I suggest anyone interested goes to their website.

GPs often also don't understand data extractions and this can lead to inflammatory and often inaccurate stories in their professional press - like GP Online and Pulse. The 40% of GPs who wish to opt out was from a Pulse poll of about 300 or so GPs. That is very different to nearly half of all GPs wanting to opt out. It might be useful for you to know that Pulse readers tend to be the more vocal and militant GPs and that most GPs no longer read that mag.

And, almost forgot - I seem to remember, about 10-15 years ago that there was a huge hoo-ha about insurance companies and the Human Genome. That was bollocks. Just as this is bollocks.

zeezeek thank goodness, the voice of reason

Similarly insurance companies and people with HIV/Aids - a similar hoo-ha, also bollocks.

Zeezeek I think I love you!

Thank you. It is not often that I say something on here that someone actually agrees with lol!!

So why if the Insurance angle is bollocks are they just being asked to promise they wont use it, why not make it illegal for them to use it
the answer is - they will use it.

And I am glad we have vocal and militant GPs if we didn't we would even have HAD a leaflet explaining we could opt out - thats not bollocks that is fact.

Daisy I have opted out I opted out in September when most people didn't even know about this

McFox I think the problem is three-fold
a) most patients didn't know all their data from hospitals is avaiable to anyone else other than those involved in their direct care - no matter how perfect governance and approvals process might be and how good it is used for - especially for example, as we've no idea what 'research' uses may be for our histology samples, can you use them too as biometric data or only IT info? - we have to get used to that idea, it's new for patients who've never seen your side of the fence until now - change needs good communication and time - two things badly lacking from the rollout
b) the assumed one-consent-for-all model - we may want to share for genuine research, but not use taxpayer money to help private commercial companies build their own databases for private healthcare for example - it's not all confidentiality scares - but principles and governance too - BUPA had data in 2012 - I'd like to know exactly what so we know if we trust the project to stick to its own stated principles
c) the project appears, rightly or wrongly, to deliberately want to avoid to answer basic questions on the objection process, and make it hard to opt out - cannot lead to trust = can be changed
d) they have no policy on data retention, cross border governance nor allow correcions if our record is wrong = all things which could and should be fixed

Let's hope it all gets fixed and worked out because it costs us billions, and we can't afford for it to fail. It just shouldn't be at absolutely all costs either. GPs/patients giving up patient confidentiality is a big deal.

Why not do us a case study of how you would use and get data (and histology?) for use in research, how ethics committee works and so on. We need some education, to improve understanding and our positive engagement and I've a feeling, we need to do it ourselves. :)

zeezeek - HSCIC feeds CRPD data www.cprd.com/partners/ and the two coexist right? So you want good data quality from care.data to make sure CRPD quality is good. What I don't get, is how they will get that, and allow opt out. (see p.11 tinyurl.com/pf5ncqa) "For those records without a match, a new ID or pseudonym will be created and the data retained for subsequent matching." Which is why I think the Nu90 code must still match on landing using the other 4 of the 8 . If it doesn't you'll end up with the same person being counted twice - once as a GP diabetes patient, and once as a hospital diabetes patient. Right? I think the idea of preventing identifiable data leaving the GP practice is misleading. I hope to get that clarified soon by project.

care.data is marketed in patient communications as to be used for research, which I assume is why Wellcome took out the colour ads across mainstream papers with 40 charities backing urging people to share their records, but seems that research may not yet be an approved purpose - all a little unclear. HES data is already held and already used in research, even if care.data isn't. It's just a label, all the data is/is going to the same CES storage, so research is very relevant still. Since HSCIC holds and releases biometric data, the genome question is very pertinent for future research www.hscic.gov.uk/bloodbankproject And will be increasingly as genomics is managed by the Genomics England project not HSCIC directly. As long as consent procedures are properly followed, just as have been so well done by CPRD, we should be invited if taking part in trials for example, and although you only get 1yr of care.data to start with, it will build, so it opens up a whole new arena of possibilities to you as a researcher for full pathway research. I think people would like to understand better the procedures for genome testing approval - is it always explicit, or is generic 'approval for use in research' enough for histology? As I understood it, from the MRC, explicit consent is not required for research with tissue from a living person after 1st Sept 2006 as long as the data is anonymised, or if it predates 1st Sept 2006? If you have insights, I'd really like to understand the procedures better.

Sensitive data such as HIV data is contained in CES / HES data, as is all medication, which is fairly condition-specific in rare cases. www.hscic.gov.uk/media/1592/HES-analysis-guide/pdf/HES_Analysis_Guide_Jan_2014.pdf so people with concerns in those areas are entitled to ask and understand that data is used and governed, especially with Theresa May's new law on HIV and visa access. Governance will be everything, and they need to clarify some of their procedures around that - like cross border and retention.

I think the biggest challenge for me, is that if you believe you have a choice to opt out completely via care.data, and in fact, the data already held is used anyway, how should I react to that? Data used in pseudonymised format is compulsory. I am surprised by that. And we don't have good grasp of what items are pseudonymised - the same every time, or bespoke?

I know for most people the decision is black or white. Clearly yes or no. And they may be not that interested in the details. But I don't think it's that simple, based on the objection, not opt out - and I want more data on how data is used in research. If you have insights, I'd be glad to hear them. I'm waiting on project for some info too, but it's very slow. Too many questions sorry. But I really am interested.

Interesting link

informationrightsandwrongs.com/2014/02/01/big-pharma-and-care-data

McFox: "Then good luck to you and please make sure to pat yourself on the back for making life-saving research all the harder."

I'm sure many people who have opted out want to help research but not at any cost. The way this has happened has been so smoke and mirrors that people can't trust the system. Can you really blame them for not wanting the system of sharing very personal data to be controlled by the same people who have strayed so far from their election promises that they are actively deleting their old records from the internet?

If this had been handled better and done transparently by people who could be trusted then yes, it could have done great things for medical research. As someone who gave blood for years, is on the organ donor register and who wants to work in biological R&D I am genuinely very sad and disappointed that it has been done in this way.

I am so confused by the latter half of this thread.

Can we opt out of sharing our information or not? If yes, how do we do it.

bump.

frog use this link
medconfidential.org/how-to-opt-out/ this will give you everything you need to opt out it has a letter and a form

please ensure that you make it clear to your surgery that it is care.data
you are opting out of not the summary care record.

If you want to opt put of SCR or your local NHS data base like vision 360 the you have to do that using different read codes.

You do not have to make an appointment and you do not have to explain your reasons - if you receptionist says they don't know anything about it thats bullshit this is a link to the guide your GP practise has been given (if they haven't thats not your problem)

www.england.nhs.uk/wp-content/uploads/2013/08/cd-guide.pdf

BTW do it soon upload begins in the spring this year

frogwatcher42 you can download an opt-out form from this website.

The NHS haven't included any opt-out forms on their own leaflet.