Not to want the NHS to share my confidential medical records?

[SusanC5]

I'm unhappy that any medical information that I share with my GP will be shared as from April this year I believe. My postcode and my NHS number could be released to "approved researchers".

I do not trust the NHS with my personal and confidential information.

AIBU?

Thanks all.

I have now filled out the form & sent to my gp. I am somewhat suspicious that they won't do anything with it so I'll check again later this week.

Miscellaneous I know what you mean. You can bet there won't be any kind of receipt or message to inform you that your request has been processed!

The HSCIC does not collect information itself - it is a safe haven where data can be linked safely - as CPRD does for the HES and primary care data. Both sets of data are pseudonymised - coded - so that they can be linked, but only the GP practice or the hospital providing the HES data can tell who the patient is. Obviously, in cases of very rare diseases, where only a few people have the condition, then there is a risk that the patients' identity will become known. I admit that I do not know what the best thing to do would be in this situation. All I can re-iterate is that I have never had sufficient information provided to me to identify a patient - I work in a field of a common condition.

The HSCIC also collects information for GPs QOF payments through GPES. This is also anonymous. And it will act as a repository (the best analogy I can find) for care.data information.

If the read codes that stop data being shared are applied to that patient's electronic record, then the information does not leave the surgery. It is not extracted. As far as I know, there are various options available to the patient about the level of restrictions that can be applied. I can't remember what they are though.

As for the insurance issue - as I said before, when the human genome project was started there was a lot of scare stories about insurance companies being able to access a person's genetic information and use it to decide whether or not to give them insurance. This was bollocks. 15 years on it is not happening. It won't happen now.

As I also already mentioned, the 40% of GP's was actually 40% of about 400 GPs who responded to a PUlse survey - so, actually, less than 200 GPs. It is a well known fact that Pulse is often inflammatory and scare-mongering. It is the DM of the GP world and most of the GPs I know take it with a large pinch of salt.

The leaflet arrived wrapped in junk mail so many would not have been read.
I rang the surgery to opt out and was told to put it in writing and deliver to them, so many more would not do that.
I do not trust my chaotic surgery to opt me out and assume that my records will be sold to anyone who asks for them.

so you keep saying but let me take you up on a couple of points

First of all you have a vested interest in research as it pays your wages so forgive me if I take what you say with a pinch of salt

You say you do not have sufficient information in your job to identify patients so what, other people doing the same type of work as you do WILL have this information

It is not true that only the GP or hospital providing the data can tell who the patient

Release 1 of care.data, this information will only be released to those requesting it in an aggregated, anonymised or pseudonymised form, but a bit later on, from Release 2 of care.data onwards, it could be clearly identifiable as your information, and you will not be asked for your permission before your "Red" data is distributed.

While the Health and Social Care Act 2012 empowered the HSCIC to collect and hold confidential data compulsorily from GP surgeries, this did not include the power to distribute this data in an identifiable form without a legal justification such as individual patient consent or Section 251 of the NHS Act 2006.

Section 251 can and will inevitably be used to disseminate clearly identifiable information from care.data to other organisations - so bypassing any requirement to seek your consent. It grants the Secretary of State for Health the legal authority to do this, for both research and non research purposes.

The HSCIC already uses s251 exemptions to allow identifiable data, currently from HES, to be disseminated to commissioning groups and to other organisations, without seeking explicit patient consent.

The regulations that enable and control Section 251 are called the Health Service (Control of Patient Information) Regulations 2002.

Currently, the Confidentiality Advisory Group (CAG) meets to consider applications for access to identifiable data without patient consent under Section 251, as empowered by Regulation 5a of the Regulations, and makes recommendations to the SoS for Health for research applications. Releases under Reg 5a require both the approval of the SoS for Health and CAG.

However, Section b of Regulation 5 allows the Secretary of State to have sole power to release sensitive medical and personal information, which would include that sourced from care.data, for non research purposes. He/she may seek the advice of a research ethics committee, such as CAG, but is under no obligation to.

At present, it remains uncertain as to whether there will be truly independent scrutiny for applications to extract identifiable information from your care.data records without your explicit consent. Approval for research purposes might be considered by the CAG, but might well be considered by the HSCIC's own in-house advisory group, The Data Access Advisory Group (DAAG).

Two things are for certain though.

Researchers may well be "approved" - but they won't be approved by you.

And access to pseudonymised (potentially identifiable or Amber) information extracts have no requirement for advisory group consideration and approval, or independent oversight and scrutiny.

I find your comment that you cant remember what the read code options are frankly surprising from someone who is trying to convince others to not opt out as the information has already been given in links that I and others have posted on this thread and which you obviously have not bothered to read.

As for Insurance companies again I ask why when they are going to be given red data have they not been told its ILLEGAL to use this information to administer or sell insurance, why have they only been asked to promise they wont, the fact that they may not have done so in the past would depend on what information they have been given IE patients name, DOB etc or the laws governing this information is different, but then its not a question of what they have done in the past, its what they will do in the future, laws WILL change ethics WILL change, technology WILL change and what they can and cannot do with this data WILL CHANGE.

So you say only a few GPS will in fact opt out - it could be that some GPs will pay lip service and not admit they will opt out maybe they are worried about this

www.gponline.com/News/article/1229152/GPs-face-investigation-patients-opt-data-sharing/

Mrsdavidcaruso

Yes, of course I have a vested interest. Over the last 20 years my research has contributed greatly to ways to manage a serious chronic condition. My research has also contributed to NHS guidelines being changed so that patient care and the management of that condition is improved. To do that I have used anonymised patient data and, to continue making advances in the management and treatment of that condition, I need to continue to have access to anonymised (or pseudonymised) patient data.

If you wish to opt out, then fine. It is your right.

But don't, for one minute, think that your data is not used for legitimate and useful purposes.

I don't care what you do about care.data. I only care about the data that is collected for research, but even then, I can see that there is a need for aggregated data to be used for commissioners to decide which services are needed for local people.

I fully admit that the government and the DH have got the messages wrong - I have my own feelings about this government and personally can't wait until 2015 when we get rid of them - but CPRD has been going for a long time. It is safe, it is private and it has done a lot of good.

If you think its just THIS government who play fast and loose with personal data then you really need to look at Labours track record

Take the Connecting for health the NHS date base pre conservatives
first of all patients were not going to be able to opt put (much like care.data at first) then we could opt out but would have to have an interview and explain our reasons before being allowed to, then of course after privacy advocates and the ICO got involved we could opt out - OH and they were going to send the data to India to be inputted - oh yes lets wait until 2015 and see what Labour will do with our information.

Oh and by the way you missed the bit where I have said (about 5 times now) I opted out in SEPTEMBER.

Mrsdavidcaruso - I don't understand why you are getting so angry with me. All I have tried to do is explain this logically. You have opted out - as is your right. Why are you attacking me for having a different view to yours?

Your postcode and ethnicity is not going to be included WholeLottaRosie in the extractions for research. Even for the care.data - these data will not be included - it will be your NHS number. It is a well known fact that postcodes are classed as patient identifiable data as for some postcodes there is only one house!

I find Dr May's and Dr Bhatia's letters here particularly interesting:

www.theguardian.com/society/2014/feb/02/nhs-medical-records-care-data

As Dr Bhatia says, and what I have said, there is a difference between CPRD and care.data. Please do not allow your distrust of the latter to have an impact on the former.

zeezeek you have not explained anything logically only from the point of view of your employers the people who pay your wages - in other words one sided

Did you know the concept of having medical records on a data base was first mooted in the 1980s at that time technology was in its infancy, people were worried then that employers and insurance companies would be given access to this information - its was said at the time it would never happen NEVER HAPPEN yet here we are 30 odd years on and identifiable information is going to be given to insurance companies who will then PROMISE not to use it (yeah right), what next? employers being given the information without having to worry about the pesky DPA access to medical records legislation.

I dont care what you can see now in your job or what you use it for now I care about what happens in the future when all the data is uploaded and its too late for people to opt

sooo would they be able to use it against you? for example if you have a history of depression would potential employers be able to not hire you? what if you have had cancer would you get loads of info from health people about special diets? what if? what if? what if? ive a medical condition called graves disease it sounds really bad but ive lived worked and had three children with it over the last 16 years it wont be fair if im seen to be a disease not a person

deakymom - the short answer is yes possibly if sensitive information about you is used for purposes other then for treating your medical condition.

At the moment if an employer or a potential employer wishes to get information about you they have to ask, they have to make you aware of our rights under the access to medical records reg, that means that you have the right to see ANY medical report your GP is going to send to an employer before it is sent to them and that report should ONLY have information pertaining to the request, in other words if you have been off sick for a specific illness the report should only contain the information about that illness, if it is a new employer then the report should only contain general information about your fitness to work and any on going medical conditions that may stop you from working or a condition that makes it dangerous for you to do a certain job

If the report contains information about some aspect of your medical condition that you don't want your employers knowing about or is not relevant you can ask your GP to amend it the GP will still send the report but they can (and do) inform your employer that some information has been deleted (but not what) on your instructions.

If you work for a multi-million company like a bank or a supermarket
then yes it is possible that they could afford to buy the data and employ people who are able to extract this data and cross reference with their own employee base or information held about a job applicant.

Even a smaller company could employ a company who is able to extract the data for them for a fee.

Now I am not saying this will happen as soon as everyones data is uploaded, I am talking about the possibilities.

When you look at some of the bumf it says they will share your data where the law allows, on 4th February 2014 that law does not allow your employer to access this information and use it to discriminate against you, will you have that protection on 4th February 2015/2016/2017? your guess is as good as mine as I have said time and time again. its not just a question of what they are going to do with the data NOW or what someone is using this data for NOW but its what they will use it for in the future that worries me.

As you have made your mind up to opt out that's fine.

Other people might not and it is only fair to give a balanced picture.

I'm not arguing with you. You have your opinions and I have mine.

zeezeek, trying to provide a balanced view, i.e. dissent from the inflammatory, scare-mongering opinions displayed here, is not welcomed, even when the opinions come from the likes of you and I who need access to anonymised/pseudonymised patient data in order to be able to perform research which impacts positively on healthcare delivery and patient outcomes.

I'm sure that you, like me, do this work because you want to make a difference to peoples lives by furthering medical advances, so it is very frustrating. I'm damn sure that the same people who are up in arms and attacking us for viewing this move in a positive light would more than happily take advantage of said research should they or their family fall ill.

That a bad job has been done of communicating this is clear, and its vital that people understand (and trust) the system otherwise people will opt out, and the ability to manage care more effectively is diminished.

i think you can say you don't want info to be shared.

McFox zeezeek - research is valued and appreciated - we all know someone who we wish could've had earlier treatment or been cured that research helps achieve. And it only happens because of individuals (like you) who want to make a difference, so thank you for that. You hit the nail on the head when you mention the communication: it's sad that the good, altrustic and well governed process in research is mixed in with the new 'monetisation' of health data through HSCIC. And that is driven by the govt policy of wealth creation, required by every public body (ref Deregulation Bill). It's this, I object to first. And second, that we need a Govt. definition of 'research' as our pseudonymised data is compulsory - no complete opt out - see q16 www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Documents/Patient%20FAQs%202014.pdf - so I want to know what my pseudonymised data will be used for. So far, neither HSCIC nor NHS England will tell me. And that is not fair processing. GPs can't tell us, because they don't know. I'm not advocating opt out - I'm campaigning for more information. If some individuals have conscientious objections to some kinds of research, I believe it is reasonable to think they should be able to opt out of all their data being used in it. Informed consent, is at the heart of what you do, not this HSCIC-led assumed version. More information is good for research AND confidentiality camps - one should not exclude the other, it's not them and us - we need to co-exist for progress. We need to understand the big picture. www.mumsnet.com/Talk/mumsnet_campaigns/1983765-Who-will-own-our-Health-data-in-a-future-NHS

Just thought I would post this box three is very interesting

Bespoke extract - containing personal confidential data
A one-off extract tailored to the customer’s requirements of specified data fields containing patient identifiable data, sensitive data items or both.

www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf

Interesting link mrsdavid. I'm in Scotland so not a problem here but I was horrified to read in my GP magazine about the threat to penalise GPs if they opt too many people out. Talk about big brother.

TheABB - thank you. It is good to know that the efforts of researchers are appreciated by some.

There is too much that is misinterpreted and misunderstood with this issue - that is the fault of the media, both the general one and the GP own publications.

But we all live in a free country and if people want to opt out of any extraction for any reason, then they have the right to do so - and also present their argument. I would just like to reserve the right to give my side, and others like me, without personal attacks.

zeezak you say its a free country yet I and other people have demonstrated time and time again that this data was going to be extracted without people being able to opt out, the only reason why people are being informed about it now is that the ICO and privacy advocates forced them to - thats not what I call a free country sorry

I am not personally attacking you but I find your stance that because YOU cant get patient identifiable data then no-one else can very blinkered and one sided. Please feel free to have a look at the 'price list' I linked to.

All I ask is that you allow other people to freely make up their mind. I am neither blinkered or one sided. I am a patient too, remember. I also a mother, daughter, wife and sister of patients. I would not put my family in a position where their data would be freely available to all and sundry.

There is always a danger of hacking with all and any computer systems. This includes the data held in your practice and your hospital, your bank and so on. Hacking is an illegal act.