Important information for NHS patients in England

[TerriDowty]

In the next few weeks, information that you share with your GP will be
extracted from surgery records and stored on centralised NHS systems
with your identifying details still attached. From there, it will be
made available for administrative, research and other purposes. The
government has claimed that your records will be ‘anonymised’ before
they are handed over to anyone else, but this is not true. There are
several circumstances in which data that identifies patients will be
made available, including to administrators.

Once your information has been uploaded, neither you nor your GP will
have any control over who it is shared with, who has access or what is
done with it. You will not be consulted, nor will you be asked for
consent. Uploads will take place automatically every month.

When you next visit your GP, you may see a small poster headed ‘how
information about you helps us to provide better care’. This is how NHS
England is explaining its plans to you and it is misleading. It does not
give you full details of the information that will be collected - which
includes your date of birth, postcode, ethnicity and NHS number - and it claims that information will not identify you.

Further down the poster you will see the words ‘you have a choice’. What
this actually means is: if you do not want personal and confidential
information to be taken from your medical record every month, the onus
is on you to opt out of the scheme. If you don’t do so, it will be
assumed that you consent to the extraction.

You can download an opt-out letter to complete and send to your GP from the medConfidential website:
medconfidential.org/how-to-opt-out/

You will also find more detailed information about the scheme – known as ‘care.data’ – on the website: medconfidential.org

Please tell all of your friends, family and colleagues about this
scheme, or forward this information to them. It's very important that
everyone knows they must take action if they don’t want their
information to leave their GP’s surgery.

It's on my record that I want no part of this. However, I'm still nervous that they'll do it anyway. Do you think I need to keep checking?

HSCIC is a government body and none of those items contain personal data. They also state they will not release data about rare diseases due to the possibility of identification.

Bespoke extract - containing personal confidential data: A one-off extract tailored to the customer’s requirements of specified data fields containing patient identifiable data, sensitive data items or both.

apologies, missed that. They can only get that data if they have:

1. patient permission
2. Section 251 permission, which needs to be reviewed by an independent body to ensure they need the personalised data

None of this is new (section 251 became law in 2001), and researchers use this currently with hospital and GP data sets. All this is doing is centralising the datasets.

The entire point of this thread is that patient permission is not being properly sought.

Consent is being assumed unless patients opt out.

And many of those who are not opting out appear not to have a scooby what they're being "consented" to: complete confusion between Summary Care Records and care.data.

The Information Commissioner has already been up in arms about this and stated that GPs/HSCIC are in breach of the Data Protection Act for failing to obtain informed consent.

All this is doing is centralising the datasets... and selling it to insurance companies and other interested bodies.

And BTW, I don't find salami-slicing very impressive.

You know the thing:

Step 1) This isn't a change, because it's only a change of principal but the practice hasn't changed.

Step 2) This isn't a change, because it's only a change of practice but the principal hasn't changed - its still what we established with Step 1.

Thank you for this thread. I was wondering what happened to the care.data programme.

I can't believe they are trying to sneak the whole thing in again, without telling people, properly about it.

Ditto all variants of:

This isn't a change, these records were always held on paper, so it's no different to hold them on computer databases which can be copied, lost, sold, illegally accessed, or munged for fishing expeditions.

Yes, is there still any point to opting out? I will do it on Monday if so.

You can still opt out.

Lots of good information on MedConfidential, which seems up-to-date. Here's the link again: medconfidential.org/how-to-opt-out/

It also includes a form or letter you can download and send to your GP. They should mark your record with the opt-out codes and that should be it.

Thank you, Pausing. I'll print off one form per member of my family and take them to the GP reception on Monday.

BTW, I'm gutted about care.data.

I love the idea of data being used properly and with permission for the furtherance of public-good health research. It's a shame care.data doesn't meet either criterion.

I've given explicit permission for bits of my medical data to be used in particular medical studies. I've also refused it for some studies where the methodology was highly suspect or the researching company was hoping to patent subjects' genetic material. Er, no guys, it's mine.

It just seems like a step too far to me. I understand that information can be valuable but am a bit NIMBY about it. I don't want admin assistants and utter non medical randoms reading my medical history.

I'm puzzled by this.

The whole thing was put on hold for at least 6 months. It's yet to be resurrected as far as I know.

When it is, it's been promised that this time- unlike the trial before- everyone will receive the paperwork so they can opt out.

I don't understand why some people here are panicking- unless this has been moved forward and is going ahead with no notice.

can someone explain please?

eek I don't like it not being anonymised at source!

According to that MedConfidential, four areas were recently announced for roll-outs:

Leeds (3 CCGs: West / North / South and East)
Blackburn with Darwen CCG
West Hampshire CCG
Somerset CCG

random it can't be anonymised at source because, for the data to be useful, they need to link your GP and hospital data so they get a full record of symptoms, treatment and outcome.

And in fact it's never anonymised, just pseudonymised, as HSCIC's list of products shows.

Ie your identity exists at HSCIC, but under your id number rather than your legal name.

The difference between true anonymity and pseudonymity is the difference between MNHQ announcing "one MNer has fleas" and announcing "PausingFlatly has fleas."

One could argue that MNHQ hasn't given anything away because I am "anonymous" as PausingFlatly - but of course a lot of people only speak to me as PausingFlatly, and now know something personal about me.

And a different bunch of people would, if they had my aggregated posts on MN, recognise PausingFlatly as the RL person they know. It would be even easier if they knew RL-me was posting on MN and came actively looking for me.

so the form that was linked to here...

if we complete it and hand it in to drs, how do we know they have actioned it?

How do we know it's not been binned or is lurking in the 'in tray'?

And do we address it to the Practice Manager or a GP?

I'm addressing mine to the Practice Manager. I think it should be possible to ask the receptionist a week or two later if the codes are visible on the file.

If you're really concerned about that and having difficulty, the nuclear option would be to make a Subject Access Request under the Data Protection Act to ask for a printout of that information on your file, which they may charge for. But that's quite a hasslesome thing to do to a GP practice.

The reason I want to opt out is because practically every government ( and particularly NHS) computer system has a history of not working properly or being compromised in terms of security.

Billions have already been wasted on a system that was not fit for purpose.

Add to this the fact apart from hacking risks, selling on info to other parties and inevitable human error, then it's not a safe system.

The idea that our lives could be endangered by not being in the system is ludicrous- if you turn up at A&E at death's door, unless you have a severe allergy or existing condition in which case you should wear a Medi- alert , then the drs should be able to treat you! I can think of very few if any conditions where a dr would need to search your entire medical records before treating you for a life threatening condition. A&E is for complete emergencies - usually heart attacks, road traffic accidents, broken bones, burns and bleeding.

pinkfrocks, are you clear which database(s) you're declining consent for?

Summary Care Record = your medical record with your name on it, computerised and shared within the NHS (and now NHS-branded private contractors), to provide you with healthcare wherever you are in the UK

care.data = your medical record with your name replaced by an id number, held by HSCIC and sold to medical researchers, drugs companies, insurance companies, etc. Completely unrelated to you receiving healthcare.

No not clear whatsoever :)
I have received no info about it from anyone (yet)

I was waiting for the information to be sent as the government promised after the fiasco before when loads of people incl me didn't receive the information.

The only info that I am aware of is the prospect of a centralised computer base containing all my medical records that can be accessed by NHS staff- and which may be sent to 3rd parties.

Which of the 2 you list is this?