Care.data: Have you opted out yet?

A while back, I wrote about organ donation in the UK, and looked with some astonishment at the discrepancy between donation rates in opt-in countries like the UK (17%) and Germany (12%) versus opt-out countries like Austria (99.98%) and France (99.91%).

Graph from Johnson & Goldstein (Science, 2003) showing comparative organ donation rates in European countries

Surprise, surprise: When you make an option the default, basically nobody bothers to opt out.

The UK has languished with opt-in organ donation for decades, and it’s not going to change any time soon.1 But elsewhere in the NHS, people with far too much power and not enough common sense are pushing the button on an opt-out nightmare innocuously called “care.data”.

care.data, for those who don’t know (which seems to be basically everyone in the UK) is a scheme whereby GP surgeries will be forced to share their previously confidential patient data with an arms-length NHS body called the “Health and Social Care Information Centre” or HSCIC.

The HSCIC will then “pseudo-anonymise” the data and sell it2 to, at first, medical researchers, but no doubt pretty soon after, private corporations. The data is not shared with other GPs, or with doctors or nurses that might treat you in hospital.3

The data will include everything your GP knows about you, such as your entire medical history, your NHS number, date of birth, postcode and gender.

The entire system is opt-out, and the HSCIC will start asking GP surgeries for data in March 2014.4 Supposedly every household in England has received a booklet about care.data – although I certainly haven’t. And even if I had, from the look of it, I would probably have pretty quickly thrown it away, because it looks and reads like total spam. This is, I can only assume, entirely by design.

Because the fact of the matter is, however admirable the NHS’s aims, care.data, as it stands, is a horrific and dangerous failure. A failure to communicate. A failure to follow EU data protection law.5 And a failure to protect citizens’ rights.6

No matter what the NHS or HSCIC claim, the data they collect is in no way anonymous. And there are essentially no safeguards to stop it falling into the hands of pretty much any government or private business in the world.

You can opt out of sharing your data with the HSCIC – but they certainly haven’t made it easy. Take a look at optout.care-data.info for instructions.

If you’d like to know more about care.data, and why it’s so laughably insidious, check out the following links:

Edit: It turns out Open Rights Group Manchester is organising an event next Tuesday to discuss care.data with people in the know. Excellent timing!

  1. See this taskforce report for more excuses about why opt-out organ donation supposedly isn’t suitable for England and Wales.

  2. When I say sell, I should point out that the data itself is ‘free’, and the HSCIC only charges administration and access fees. Whatever.

  3. For that you’ll want to look at Summary Care Records – the list of medications and conditions which can help doctors and nurses to diagnose and treat you in emergencies.

  4. GPs can, theoretically, refuse to provide the data, and a number have, although in doing so they are technically breaking the law. That said, many GPs argue that, in complying with the Health and Social Care Act, they’re already breaking Data Protection law, and the General Medical Council’s Duties of a Doctor guidelines. So, meh.

  5. I’m no lawyer, but the fact that data previously collected for GPs’ internal use, is now being co-opted for sharing with the HSCIC and their customers, without agreement from the data subject, contravenes the second principle.

  6. Like the “right to respect for private and family life” afforded by the Article 8 of the Human Rights Act.