Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Phil Booth Profile picture
Phil Booth
@EinsteinsAttic
Mind 'for hire'; critical friend to just causes. Currently also @medConfidential; formerly @NO2ID

Nov 1, 2022, 25 tweets

While the chaos of '#AcceleratedCitizensAccess' to #GPrecords continues to unfold:



...we've come across some perturbing items on the agenda for @NHSDigital's Board meeting this afternoon 👇 which I'll pick up on in this [Thread].

nhs-prod.global.ssl.fastly.net/binaries/conte…

First, beginning on page 158, are some Directions that @NHSEngland must know will be HIGHLY controversial - given they are telling @NHSDigital to use @PalantirTech's #Foundry to collect *patient level identifiable data* from hospitals...

I'll tweet as I do a read-through, but even these first two paragraphs are incoherent, e.g. "...in a way that will enable." Enable what?

And if @NHSEngland Directs NHSD to use #Palantir, NHSE is *determining the purposes and means of processing* - i.e. it is a #DataController...

...not to mention that, given @NHSEngland's accelerated take-over* of @NHSDigital, and personnel changes that have already taken place, NHSE is - in effect - Directing itself at this point.

__
* Government taking advantage of chaos to advance its agenda? gov.uk/government/new…

Further questions arise, such as *who* exactly will be doing the #pseudonymisation, and who holds the #keys? There's a world of difference between an #independent #statutory #SafeHaven (i.e. NHSD), @NHSEngland that wants ALL the data to use for whatever it wants, and #Palantir...

And with monumental self-serving incoherence 👇 @NHSEngland is trying to argue that patients' #NationalDataOptOuts for Research and Planning somehow shouldn't apply to data "provided for health commissioning and #planning purposes"!

Way to "build trust", @NHSEngland! A new data initiative that breaks promises made to patients from the get-go! 🤦‍♂️🤬

Further down I see you're still trying to use excuses that didn't fly in 2014. That "ICO Anonymisation Code of Practice" went out of date with #GDPR in 2018...

...so why, in 2022, is @NHSEngland flying in the face of a fact on which both UK law and @ICOnews have been absolutely clear for years?

#Pseudonymised data is still #PersonalData! 👇

ico.org.uk/for-organisati…

Things get even worse / more complicated when you get to "#Publication and #dissemination" - noting, again, the subtitle of point 3.2.2 tails off into randomness - which once again illustrates the nonsense of @NHSEngland trying to pretend it isn't a #DataController throughout...

...having required @NHSDigital to use @PalantirTech Foundry to extract patient-level #identifiable data, which Palantir or NHSD(?) then #pseudonymises - so it is still #PersonalData - which is then somehow 'shared' via a system @NHSEngland controls WHICH THE DATA'S NEVER LEFT...

That @NHSEngland references the #DARS process - which it itself will control in a couple of months - is a figleaf. NHSE clearly wants patient-level data to build #dashboards, and will say pretty much anything however (self)contradictory and in conflict with the law to get it...

These two paragraphs alone 👇 disavow statements made by Ministers & NHS officials, and roll back promises made to patients following previous data debacles, by hiding behind EXACTLY THE SAME OLD EXCUSES.

The fact is that patients have a #RightToObject to the #processing...

...of their #PersonalData, so - while @NHSEngland may want to ignore people's opt-outs from Research & Planning uses, and contorts itself to say their data's not "confidential patient information" - the law(s) says otherwise.

It is personal data, it is provided in confidence...

...and it is being #processed under @NHSEngland's #DataControllership from the moment it is extracted - in #identifiable form - into #Palantir systems. That it is then #pseudonymised (which is itself data processing) makes it no less #PersonalData, and that NHSE is explicitly...

...doing this for #Planning purposes makes it completely #untrustworthy if it will not respect patients' #consent/#dissent choices.

N.B. Hospital doctors might also want to take note: this Direction surfaces @NHSEngland's long-held ambition to get "real time" workforce data...

..for #PerformanceManagement, using this "intelligence" to "understand and address the reasons behind performance variation", as per its 2017 '#TargetArchitecture' 👇 which, apart from the appearance of Palantir as preferred supplier, hasn't much changed:

medconfidential.org/wp-content/upl…

One can't but help note in passing the set-up for yet more acronym confusion: how does this "Faster Data Programme" (FDP) relate to @NHSEngland's "Federated Data Platform" (FDP) or is the "technical infrastructure" for this "pilot", i.e. Palantir Foundry, in fact the same thing?

If @NHSEngland thinks the use of @PalantirTech to process identifiable patient data is only "contentious" to "some privacy campaigners", then official have clearly learned nothing!

The lack of self-awareness here 👇 is truly staggering.

Those are just a few initial thoughts, but one burning question I have is exactly how much of this process would we see *after* the @NHSEngland/@NHSDigital 'merger'?

We picked this up in a 250-page set of Board papers, hours before the meeting...

...but the published papers DON'T include the (amended?) #DataProvisionNotice, the #DPIA (which has supposedly been approved), nor the Requirement Specification. And what they DO say doesn't comply with either the #law or #promises to patients!

If this is the sort of nonsense...

...we are getting from @NHSEngland now, what sort of things will it try to pull when NHSE takes over @NHSDigital and things get even LESS #transparent?

The meeting starts in five minutes, so I will just quickly note a couple of other things...

Firstly, GP Data for Planning & Research (#GPDPR) is clearly still in a mess; stuck at "Amber/Red", with key decisions on "forward approach, budgets and sponsorship yet to be confirmed", and GP IT suppliers (possibly understandably) 'refusing to play ball'...

And then another Direction - for an online 'register with a GP' service that we've pointed out *repeatedly* to @DHSCgovuk and @NHSEngland is #dangerous.

That neither have told us what #mitigations they intend to deploy makes us suspect they haven't done the work to make it #safe

(In essence, #registering with a GP *#deregisters* you from your existing GP - and all your meds, appointments, etc. - which is FAR easier to maliciously #weaponise against people online than it is in person.)

And finally for now, today's Board papers highlight a fun fact which is that, following its takeover of @NHSDigital, both #NHSWales and the Scottish Government (in certain circumstances) will be able to Direct @NHSEngland.

🤔🤔😉

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling