Care.data: Have you opted out yet?
A while back, I wrote about organ donation in the UK, and looked with some astonishment at the discrepancy between donation rates in opt-in countries like the UK (17%) and Germany (12%) versus opt-out countries like Austria (99.98%) and France (99.91%).
Surprise, surprise: When you make an option the default, basically nobody bothers to opt out.
The UK has languished with opt-in organ donation for decades, and it’s not going to change any time soon.1 But elsewhere in the NHS, people with far too much power and not enough common sense are pushing the button on an opt-out nightmare innocuously called “care.data”.
care.data, for those who don’t know (which seems to be basically everyone in the UK) is a scheme whereby GP surgeries will be forced to share their previously confidential patient data with an arms-length NHS body called the “Health and Social Care Information Centre” or HSCIC.
The HSCIC will then “pseudo-anonymise” the data and sell it2 to, at first, medical researchers, but no doubt pretty soon after, private corporations. The data is not shared with other GPs, or with doctors or nurses that might treat you in hospital.3
The data will include everything your GP knows about you, such as your entire medical history, your NHS number, date of birth, postcode and gender.
The entire system is opt-out, and the HSCIC will start asking GP surgeries for data in March 2014.4 Supposedly every household in England has received a booklet about care.data – although I certainly haven’t. And even if I had, from the look of it, I would probably have pretty quickly thrown it away, because it looks and reads like total spam. This is, I can only assume, entirely by design.
Because the fact of the matter is, however admirable the NHS’s aims, care.data, as it stands, is a horrific and dangerous failure. A failure to communicate. A failure to follow EU data protection law.5 And a failure to protect citizens’ rights.6
No matter what the NHS or HSCIC claim, the data they collect is in no way anonymous. And there are essentially no safeguards to stop it falling into the hands of pretty much any government or private business in the world.
If you’d like to know more about care.data, and why it’s so laughably insidious, check out the following links:
- Wired.co.uk’s simple guide to Care.data.
- The two official NHS web pages [1, 2] about care.data.
- A rather amusing price list for how much “personal confidential data” will cost to buy from the HSCIC (answer: roughly £10,000).
- The HSCIC‘s page on patient confidentiality.
- care-data.info – probably the best summary of everything you need to know, with links to opt out.
- And MedConfidential – a similar site, run by the privacy activists behind Privacy International and No2ID.
GPs can, theoretically, refuse to provide the data, and a number have, although in doing so they are technically breaking the law. That said, many GPs argue that, in complying with the Health and Social Care Act, they’re already breaking Data Protection law, and the General Medical Council’s Duties of a Doctor guidelines. So, meh. ↩
I’m no lawyer, but the fact that data previously collected for GPs’ internal use, is now being co-opted for sharing with the HSCIC and their customers, without agreement from the data subject, contravenes the second principle. ↩