Care.data – an in-depth check-up on NHS England's controversial bid to join up health data
Care.data – which aims to improve health outcomes by linking GP data with hospital admissions and other patient information – has been dogged by concerns about consent and data security. Two years after it was first announced, Colin Marrs gives this major government programme a check-up
Each year, schemes reviewed by the Major Projects Authority are awarded a traffic light rating indicating progress against their goals. Fortunately, for those struggling with the subtleties of such a system, a written explanation of each of the categories is also published. The justification for a red light award is stark: “Successful delivery of the project appears to be unachievable. There are major issues with project definition, schedule, budget, quality and/or benefits delivery, which at this stage do not appear to be manageable or resolvable.”
The care.data scheme aims to improve England’s health outcomes by increasing the amount of patient data that can be studied. Such is the determination at the top of the NHS that the aim is worth pursuing that officials have ignored the red light that was allocated to the project in June. But rather than slamming their foot to the floor, they have adopted a revised, more careful approach to this vast and complex scheme – aiming to learn from initial mistakes. Despite this, some experts are still predicting a car crash further down the road.
The philosophy behind care.data is straightforward. Since the 1980s, the NHS has gathered information about every admission to hospital. The Health & Social Care Information Centre collates and anonymises the data, with researchers using it to assess the quality of hospital care, plan NHS services and research new treatments. However, contact with GPs is not currently covered – a gap the programme intends to fill.
Care.data head to leave NHS England for private sector role
Care.data pilots delayed until January
CQC chief David Behan urges clarity over patient data after HIV clinic leak
A 21st century NHS: procuring to meet the aims of a National ‘for Health’ Service
The project’s champions say the rewards on offer could be transformational for society. In early 2014, Tim Kelsey, national director for patients and information at NHS England (now departing the organisation for the private sector) addressed the health select committee. “Our ignorance of what happens to people outside hospitals is one of the key reasons why, at the moment, sadly, England has one of the lowest cancer survival rates in Europe,” he said. “Care.data is not just about research. Care.data is also about genuinely saving lives in the NHS.”
Under care.data, information such as referrals, NHS prescriptions, family history, vaccinations, blood test results, body mass index and smoking/alcohol habits would be collected and sent to HSCIC. It would be packaged up with patient identifiers, including date of birth, postcode, NHS number and gender. The information would then be linked with data already collected from hospital visits and stripped of the identifiers before being released to researchers.
In late 2013, NHS England produced a leaflet intended to be sent to all homes, informing the population about the project. A copy of the leaflet was sent to health data watchdog, the Independent Information Governance Oversight Panel (IIGOP). According to its 2014 annual report, the panel immediately found that the leaflet was “not fit for purpose”. It recommended clearer emphasis that people could opt out and that this decision would not impact their direct care.
However, there was a problem. Ignoring the panel recommendations, NHS England pushed ahead regardless. The IIGOP said it was “informed that it had already been sent to the printers and would not be recalled”. To compound the problem, the leaflets were not delivered to two thirds of households, and were thrown away by many people who did receive them in the mistaken assumption they were junk mail.
The national press waded in. A Guardian article reported that information would be made available to insurers, pharmaceutical groups and other private sector health companies. If that wasn’t enough to strike fear into readers’ hearts, the article also said that these firms would be able to re-identify patients using their medical data contained in their own databases. At the height of the furore, one Daily Mail article managed to make comparisons with Wikileaks, and Stalinist Russia, within a few lines.
GPs, meanwhile, were unsure over their legal responsibilities. On one hand, data protection law required them to properly inform their patients about the data extractions. On the other hand, the Health and Social Care Act 2012, in effect, mandated the submission of data to the HSCIC. “It seems to me naïve to say the least that one would launch a project of that nature without properly engaging with GPs,” says Professor Martin Richards, the chair of a working group on data use set up by Nuffield Council on Bioethics.
After the British Medical Association raised concerns and questions about care.data were asked in parliament, NHS England bowed to the inevitable and, on the eve of the first planned data extraction, it postponed the project. Kelsey announced that data collection would begin in the autumn, “to allow more time to build understanding of the benefits of using the information, what safeguards are in place and how people can opt out if they choose to”.
Kelsey also said that the project would be piloted with a small number of GP practices to test the quality of the data. In October last year, NHS England announced that between 100 and 500 practices would be involved – on a voluntary basis – in Leeds, Somerset, West Hampshire and Blackburn with Darwen. Originally pencilled in for May, the pilots have yet to begin, with only 121 practices currently signed up.
In the meantime, the MPA report, which emerged in June, listed the range of ongoing problems which stand in the way of delivery. It said the programme still had not clarified, agreed and communicated its scope, nor had it appointed a full-time senior responsible owner. It added that the programme board did not have a clear role and responsibilities, finances were unclear and key personnel had not been recruited.
A spokesperson for NHS England points to the fact that the MPA’s conclusions were based on information from September last year. “Since then a lot of work has been done on the programme,” she says. “A subsequent review undertaken in February of this year reported the care.data programme as Amber/Red, reflecting the progress made.”
Actions taken by the NHS in the wake of the aborted launch have included engaging with almost 3,000 people at more than 145 local and regional meetings, the spokesperson says. “We have also continued to meet with HealthWatch, the British Medical Association, the Royal College of GPs, charities and the research community at a national level.” The NHS has also established an advisory group including medical and data privacy organisations.
The NHS also says that it has improved its communication processes. In pathfinder areas, each adult affected is set to receive a personally addressed letter, an information booklet and a form from their GP telling explaining the programme and how they can opt out if they want to. A baseline survey by polling firm Ipsos MORI has been carried out in the pathfinder areas and will be carried out again as soon as these communications have been sent out to patients, the spokesperson adds.
However, as the NHS admits, the pilots cannot be launched until Dame Fiona Caldicott, the National Data Guardian and chair of IIGOP, expresses her satisfaction with the programme’s proposals and safeguards. In a statement to Civil Service World, the NHS says this approval is now not expected until January. “We are not keeping to artificial deadlines and will send out the letters when the time is right,” the spokesperson says.
However, Phil Booth, co-ordinator of medical data privacy campaign group medConfidential, says that arrangements surrounding data protection are still unsatisfactory. He is unhappy with amendments to the wording of the Care Act made last year which were introduced to allay fears that patient data would be used for commercial and marketing purposes. These changes mean that the HSCIC can only share data for the “purposes of the provision of health care or adult social care or for the promotion of health”.
“This definition is far too vague, and we can see from HSCIC releases that hospital data is still being released to companies who could use it for commercial purposes,” Booth says. He says that further directions are expected which could help to clarify the situation. “We need to see these directions laid before parliament to clearly define which organisations data can legally be released to and the sanctions that would be imposed for misuse.”
A row is also still raging about the degree to which individuals would be able to be identified from the “anonymised” HSCIC data. Booth says: “If, for instance, Jeremy Corbyn’s wife fell over and broke her arm and her visit to hospital was reported in the press, it would not take much work for someone with the care.data information to spot her and find out her whole medical history.”
Professor Richards says that there is no technical fix to this problem. “You can’t do a more thorough anonymisation – the value of the data is that it is describing the personal attributes of individual patients.” Such a conclusion makes clarity over who is receiving the data even more crucial, he says. “You simply have to restrict who uses the data to people who are only going to use it for medical research,” he says.
However, The NHS dismisses concerns over reidentification, saying that “it is very unlikely that patients could be identified from information that is shared. As the information that we will collect under care.data will not contain names or full addresses, anyone attempting to identify individuals would need to go to great lengths to do so, breaching the Data Protection Act.” It adds that data sharing agreements with data recipients would also provide an extra layer of protection.
The issue of patient consent also has the potential to be a fly in the ointment. The NHS hopes its new communications strategy will limit the numbers deciding to opt-out of the care.data project. However, figures released by the Department of Health in July showed that around 1.8% of patients in practices taking part in the pilot scheme have already opted out of record sharing before the project’s communications have even launched.
Aisling Burnand, chief executive of the Association of Medical Research Charities, says those running the project need to be sure that they win the hearts and minds of patients. “I believe UK citizens are altruistic,” she says. “They give blood and organs and all sorts of things, and take part in clinical trials to help future generations. But they need to know there is a system that is fit for purpose.”
In many ways, the risk of large-scale opt-outs is a problem of the project managers’ own making, according to Professor Richards. He points to management of the Scottish Informatics Programme, which he says shares many features with care.data. “Because this was carried out with public engagement throughout the whole process, and there was clarity that only accredited researchers would access the data, consent wasn’t even necessary.”
In any case, speaking before the health committee, Kelsey seemed unperturbed by the prospect of large-scale opt-outs. “To an important extent, any data at all is useful,” he said. “Clearly, we want as many people as possible to agree to share their data in the programme. The larger the amount of data, the more use it will be, but there is no point at which the data is of no use.”
There is widespread support from health professionals for the aims of the project, with many pointing out that other countries have implemented similar systems without half as much trouble as in England. “In the USA the use of patient data is helping the development of risk prediction processes which helps target care at patients at particular risk,” says Marina Lupari, professional lead for primary care and community nursing at the Royal College of Nursing.
Booth says the problems with care.data have stemmed from the top of the NHS. “There has been a singular failure to conceive of the entirely predictable consequences of this set of policies,” he says. “They have had their eyes so much fixed on the prize that they forget there are things like patient doctor confidentiality that you can’t just ignore. We are living through an information revolution but policymakers and legislators simply don’t understand the way the information society works.”