A leading privacy campaigner has condemned NHS England’s £1m leaflet drop about care.data for not including an ‘opt-out’ form.
Phil Booth, co-founder of the medConfidential campaign, told EHI that the leaflet, which is supposed to inform patients about the programme and advise them that they can opt-out, said the failure to include an easy way for them to do this was “ridiculous”.
“There’s no opt-out form in the leaflet. This is ridiculous. If you’re going to send out this you have to include an opt-out form,” he said.
The leaflet drop is part of a £2m public awareness campaign being run by NHS England and the Health and Social Care Information Centre about care.data, which will expand the Hospital Episode Statistics and link them to other healthcare data sets, starting with information extracted from GP practices.
An estimated 22m homes will receive a leaflet called ‘better information means better care’ through their mail box this month. The leaflet drop was forced on the two organisations after GPs raised concerns about consent and confidentiality.
However, the bulk of the text focuses on the benefits of the new service, and the leaflet says relatively little about the right to opt-out.
It also says that patients do not want “information that identifies you to be shared” outside the GP practice should ask their GP to make a note of this in their medical records.
“If you read the leaflet you get the impression that you need to make an appointment with your doctor to opt-out. It’s appalling,” said Booth, adding that GPs were unlikely to have appointments free for such discussions, even if they felt confident talking about the new service.
Booth, who led the No2ID campaign against a British identity card, and who was involved in the initial campaign against an opt-out model for the NHS Summary Care Record, said he was also angry that the leaflets are being sent out unaddressed to households, instead of being directed to individuals.
He said this would reduce the status of the leaflets to “a piece of junk mail”, adding: “It looks like they’re trying to minimise the amount of people that opt-out.
“It’s hard to say that you can claim informed consent based on this leaflet. If this [service] is genuinely for our benefit, you would think that NHS England would bend over backwards to get this right.”
The care.data programme was approved by an Independent Advisory Group in April last year, and NHS England’s business plan, issued around the same time, said it expected 75% of practices to provide data extracts by September 2013.
However, in October this year, EHI reported that the data extractions were halted while issues around patient awareness were resolved. The solution was the publicity campaign, in which the leaflet drop that started yesterday is the first step.
Dr Geraint Lewis, chief data officer at NHS England, said in a press release that: “This initiative is about upgrading our information systems to get a more complete picture of the quality of care being delivered across all parts of the NHS and social care.”
However, GP and professor at the University of Nottingham Dr Julia Hippisley-Cox, told HSJ that she also felt some issues remained unresolved.
“I couldn’t find in the patient information sheets how patients can discover who has their confidential data or for what purpose,” she told the magazine. “We also need to be sure public benefits can actually accrue from this - that means robust and reliable analyses of data.”
© 2014 EHealth Media.
There is an irony here.
If the leaflets were to be addressed to individuals at their home addresses, where would this information be sourced?
Surely not from patient records, either summary or detailed, because this would be using information provided by patients for a different purpose than that for which it was gathered. A clear breach of the DPA.
Possibly from the electoral roll, but many of us have already opted out of this information being shared for anything but electoral purposes.
Another Catch22 I'm afraid!
How did you opt out of the electorall roll "being used for anything but electoral purposes"? You can opt out of your details being included on the edited register, which is sold to marketing agencies, but the full roll is open to use by a wide range of government and credit bodies for a wide range of purposes... ico.org.uk/for_the_public/topic_specific_guides/electoral_register
I have no problem with HSCIC extracting my data provided it is anonymised or pseudonymised first. Until such time as this is done I will not allow my doctor to let my information be uploaded.
But I wonder what NHS England would say if we GPs had combined in a similar project to use our medical records for research, with the same attitudes to patient consent and privacy? I can just imagine the uproar from NHS England saying that we were naive if we felt we could deal with patient information in this way; that just the NHS number alone is sufficient to identify an individual; that the whole project couldn't be performed without full anonymisation and encryption; and that the GMC would be informed about any GP who dared to get himself involved in such a hare-brained project. Well, then, what's sauce for the goose....
Particularly crazy since this lack of clear info/access to opt-out was the major problem raised about the SCR patient information campaign, and was specifically cited as something which needed to be sorted for care.data in the representations which gave rise to the pause over the autumn - looks like those responsible simply nod their heads and then proceed as normal
Personally I have no issue with anonymous data being used or where necessary pseudonymous data, but only after I as a patient have had the chance to check it. The technology for patient access exists for most practices to allow it, but few do, for no good reason. Those who can should be made to allow it immediately, and all practices within the next year. Until I have had the opportunity to validate it, I am not keen for the NHS to be selling this data on. I would agree that the GPs are not the right people to be advising on this, or be data controllers, they are contractors to the NHS. Access to a team of information governance advisors should be available via a call centre with the ability to register patient preferences on a central resource, e.g. SCR.
When I first did my Caldicott training, many years ago, our tutor told us of an instance where you could identify a single individual from a postcode and gender alone. (She was a farmer's wife, in an isolated farm with its own postcode, and the only female living at that address.)
So people see the leaflet as junkmail, bin it and that is called 'consent'.
So what happened to 'no decision about me without me' ?
As there are Information Governance (IG) issues here, and the responsibility is with the GP (according to the leaflet) who is responsible for IG for GPs, who will be checking that consent has been obtained, that opt-out has been complied with etc.
There is an easy way to opt out - you tell you GP surgery you don't want to be part of it, a code goes on your medical record and you are then not included in the extraction.
The trouble is, this was not explained on the leaflet.
Please do NOT make an appointment with your GP to do this
Please do NOT ring your surgery or GP to do this
Just fill in a form (e.g. goo.gl/v1YPXC ) and post/hand in/email/fax to your surgery.
Codes added, no questions asked.
That should have been made clear on the leaflet.
So no easy opt-out? Quelle surprise!
Jeremy Hunt and co have been bounced into circulating informaiton on a project they didn't really want anyone, the voting public especially, to know about. So the easy answer - produce a leaflet that most will not read, with one-sided information and pass the responsibility for managing any fall-out onto the GPs who need putting in their place!