1. What is Care.data?
Care.data is a data-sharing project being implemented by NHS England, who has commissioned the Health and Social Care Information Centre (HSCIC) to run the project. It involves extracting patient records from GP surgeries and linking them with hospital records. Care.data will be an anonymised medical database including the details of every NHS patient unless they opt out of the scheme. NHS England argues that sharing information about patient care will improve understanding of health needs and the quality of treatment and care provided and reduce inequalities in care provided. They propose that care.data will help find more effective ways of preventing, treating and managing illness, make sure that changes to services reflect the needs of local patients, understand who is most at risk of particular diseases or conditions so preventative services can be planned, identify who could be at risk of a condition or benefit from a particular treatment, make sure that NHS organisations receive the correct payments for services provided, and will guide decisions about managing NHS resources so that they can best support the treatment and management of illness for all patients.
2. What information will be shared?
Patient records will be 'pseudonymised', meaning that identifiable data will be removed, although it will include NHS numbers, postcode, date of birth, gender, ethnicity and GP surgery details. Information taken from GP records will include family history, vaccinations, diagnoses, referrals, NHS prescriptions, blood pressure, and BMI.
3. Who will the data be shared with?
The data is intended for use by commissioners although NHS England had planned to then share it more widely to approved users beyond the NHS, for example, to researchers and private companies. Amidst concerns raised in the media about care.data being shared beyond the NHS came the admission that hospital records (including treatments, diagnoses, age, and area the patient lived in) between 1989 and 2010 were given to the Institute and Faculty of Actuaries in January 2012. The information was used to provide a report to help insurance firms price their products.
The HSCIC has since announced that it will conduct an immediate audit of all data ever disclosed by central NHS authorities. In a Telegraph article, Anna Bradley, Chair of Healthwatch England, which represents patients groups, said: "There have been some really big questions raised about how medical records have been used to date and understandably people are telling us they are concerned about how their records might be used in future. This is a positive move by the HSCIC and absolutely vital if the public is going to have any confidence in care.data. Hopefully, complete transparency about the past can help the authorities draw a line in the sand and focus on getting this right going forward."
Following the relevations that records had been shared, the health secretary Jeremy Hunt announced that the Government will introduce legislation to prevent records obtained through care.data being shared for the commercial gain of companies outside the health service. He stated that the HSCIC will be prevented from sharing information obtained through care.data where there is not a clear benefit to the health service and will introduce a requirement for applicants for data to demonstrate an ‘ethical basis’ for its use.
Changes to the Care Bill
In response to the concerns, the government introduced amendments to the Care Bill, which was agreed by the Commons on 11 March 2014. Health Minister Daniel Poulter told MPs that the changes would enhance transparency and ensure patient data could not be used for insurance purposes, and that care information would only be disseminated "for the purposes of the provision of health care or adult social care" and "the promotion of health",
However, according to the BBC report, Labour MP and Health Committee member Barbara Keeley argues that data could still be released to private health care companies. In an HSJ report, shadow health secretary Andy Burnham argues that the government is failing to ensure that insurance companies will not be able to buy patient medical records through the controversial NHS data scheme. He said that the government amendments to the Care Bill are too wide ranging to provide the necessary protections against confidential information being sold for commercial purposes.
4. When will care.data be implemented?
The care.data project was due to be implemented in March 2014 but following concerns raised by the RCGP, BMA, patient rights groups and research organisations, its launch has been delayed until Autumn 2014. The delay in care.data's implementation will allow for the amendments to the Care Bill to regulate more tightly the way in which the collected data will be used.
Pulse have provided a useful summary of how the care.data controversies unfolded.here.
5. What have been the concerns about care.data?
a. Lack of public awareness about care.data
Leaflets explaining the care.data project and how to opt out should have been sent to 26.5 million households in January 2014. However, a survey of 860 adults in England by the BBC in February shortly prior to the planned implementation date for care.data revealed that two-thirds of people did not remember receiving a leaflet, and that 45% of respondents said that they did not understand the scheme.
A recent poll commissioned by the RCGP indicated that 65% of the public said they considered care.data had not been well-publicised. It also demonstrated that the patient's right to opt out of having their records added to the database had also not been well-publicised. Whilst the RCGP said that they supported the introduction of care.data, they stressed that the government and NHS England needed to ‘dramatically step up its efforts’ to publicise the workings and benefits of the project.
In a Practice Business article, RCGP Honorary Secretary Professor Nigel Mathers said: “Our poll shows that far more needs to be done in order to make the case for care.data – and to explain to people about their right to opt out of having their data used. “Unless the Government works harder to explain why care.data is such a vital project and how it will be implemented it will never enjoy the backing or confidence of the public or GPs. We believe that where a scheme is based on an opt out approach it is vital that the NHS can show that it is beyond reproach in having done everything practically possible to ensure that patients know about their right to opt out prior to it going ahead.”
b. Concerns about confidentiality
Although the database is meant to be confidential, there have been concerns that the information contains so much data that patients could potentially be identified. The NHS's own risk analysis admitted that patient confidentiality could be undermined. According to the Telegraph, the risk analysis by NHS England indicated that care.data could be vulnerable to hackers or could be used to identify patients 'maliciously', and highlighted that patients could potentially be re-identified if database data is combined with other information, although doing so would be illegal.
In an article in Computing, Eva Roodhouse, care.data programme director at the HSCIC, explained that postcode information will be truncated so that only the first three or four digits will be included, and that potential identifiers will be replaced with pseudonyms at the processing stage. She stated that identifiers will not be deleted but will be separated from the clinical data and kept in a separate secure database, and that pseudonymised data would be further pseudonymised before releasing it to the customer (e.g,. adding a further pseudonym per customer and per purpose).
However, the Computing article suggests that the issue of big data (large and complex data sets that exceed the processing capacity of conventional database systems) and the ability of big data techniques to uncover identities from disparate information in many cases means that the concept of anonymisation is redundant. In the article, Phil Booth, co-ordinator of MedConfidential points out that pseudonymising is not the same as anonymising and that the care.data records would be 'quite re-identifiable in certain circumstances'. Booth suggests that whilst care.data will replace a patient's NHS number, the HSCIC could reverse the process and look up the NHS number in order to track people from their NHS number in the future. The article gives examples of how so called pseudonymised data could be used to identify a patient's identity and potentially be linked with other data bases containing personal information.
c. Opt out or opt in?
Prior to the delay to the care.data project, patients' consent to their data being shared was assumed under the 'opt out' scheme, even though a large proportion of people did not recall receiving a leaflet about care.data.. However, according to a Pulse survey in February three quarters of GPs believed that the 'opt out' system of patient consent should be abandoned before care. data is implemented in the autumn. The poll of 427 GPs found that only 19% supported the 'opt out' system, in which consent is assumed unless patients explicitly object.
Following the delay to care.data's launch, NHS England has now discussed the possible benefits of a system by which patients 'opt in' to their data being shared. According to the HSJ, officials from NHS England have met with clinical and patient group to discuss their concerns about the project, including the British Medical Association, Royal College of General Practioners, and the patients' organisation National Voices.