This headline 👇 will be no surprise to anyone who's been following @NHSEngland's plans (and actions) for a while.
But @JonUngoedThomas's article reveals some crucial details about what's intended for your #NHS #HealthRecords that are worth unpacking...
theguardian.com/society/2022/n…
First, and possibly most significantly, is @NHSEngland officials' confirmation that its '#FederatedDataPlatform' will incorporate patients across England's #SharedCareRecords:
Why is this so important? Because #SharedCareRecords - which every new #ICS* is supposed to have - include your #GPdata, which @NHSEngland has been trying to get hold of for years (most recently last summer)...
__
*#IntegratedCareSystem explainer here:
kingsfund.org.uk/publications/i…
...and because people around the country - including my colleague Sam 👇- have been told and are being told unambiguously that their #ICS "Shared #Care Record" (#ShCR) will ONLY be used for delivering their #DirectCare:
Where this is true, such #DirectCare uses would be #lawful BUT - as per existing #SummaryCareRecords (#SuCR) - patients have a right to #OptOut or to restrict #sharing of their medical information, for personal safety, confidentiality or any other reason:
digital.nhs.uk/services/summa…
But @NHSEngland's Federated Data Platform is NOT primarily for the delivery of individual #DirectCare - it is largely intended for 'secondary uses' such as #Planning (covering a host of uses), #PopulationHealthManagement*, and #Research...
__
*blog.bawmedical.co.uk/population-hea…
...so by "incorporating" your Shared Care Record into its #FDP, @NHSEngland is once again attempting a #DataGrab including your #GPhistory - this time hiding behind the #ICSs, instead of @NHSDigital as in 2021's #GPDPR or #caredotdata, as in 2014:
medconfidential.org/whats-the-stor…
What's even worse is that, though this has been @NHSEngland's intention FOR YEARS, it put out guidance* that made NO MENTION of these secondary uses - so the #ICSs and their precursors have been #misleading their patients all this time...
__
*transform.england.nhs.uk/information-go…
The basic principle the original #NationalDataGuardian, Dame Fiona Caldicott, established was "NO #SURPRISES" for patients.
And yet each time, @NHSEngland - which runs no hospitals and cares for no patients - tries sneaking in another #DataGrab without being up front & #honest.
The second crucial detail is the nature of the information @NHSEngland will siphon into its #FDP 👇 and its legal basis for "wider use" of it.
When used for your #DirectCare, your medical details are fully #identified - they HAVE to be, so medics know who they are treating...
...and, in the main part, #DirectCare is done with what is called "#implied #consent", though you still have #choices about your data being #shared - as with the #SummaryCareRecord (see above) - and your #informed #consent must be sought for certain treatments, e.g. operations.
What @NHSEngland CANNOT lawfully do is rely on that #ImpliedConsent for #DirectCare for the *other* things it wants to do with your NHS health data.
However, instead of telling you what it intends to do, and seeking your #consent (opt in) or respecting your #dissent (opt out)...
...@NHSEngland is trying a bunch of other ways to get what it wants.
One is to redefine things that aren't care as 'direct care'; another is to collect data for a particular #DirectCare purpose, but then reuse it for other things - what it calls "collect once, use many times"...
...a phrase that emerged with last year's attempted #GP #DataGrab.
The way @NHSEngland tries justifying such #reuse is worth unpacking, and revolves around precisely what is meant by the technical term "de-identified"...
Though it might sound like it is, data that has been "#deidentified" is NOT #anonymous.
In practice, 'de-identification' means removing SOME of the most obvious #identifiers - like your name, address, date of birth, or NHS number - and/or replacing one or more of them with...
...what's called a #pseudonym - like a handle or alias, but not one you choose - so that your data from different parts of the NHS can be #linked together over time.
(In some situations, where the law permits, pseudonyms can even be 'reversed', so patients can be #reidentified.)
So data treated this way is still #identifiable, not only because YOUR medical details can be #linked - and not, say, yours with someone else's - but also because EVERYONE'S medical history is #unique, and events and combinations of events in it make you #uniquely identifiable...
And this is @NHSEngland's #deception: in effect it's saying that once it has "de-identified" (or #pseudonymised) the data it has collected, it can do what it wants with it because it's no longer 'your data'.
Officials bandy around terms like "confidential patient information"...
...and offer torturously narrow self-serving techno-legalistic explanations, all to distract from the #fact - and the #law 👇 - that both #pseudonymised & #deidentified data at patient level is STILL your #PersonalData.
And so all the rules still apply.
ico.org.uk/for-organisati…
Which as well as ensuring EVERY use of patients' data is #lawful, #fair and #transparent, means #respecting people's #NationalDataOptOuts from #Planning & #Research 👇 AND the promises Ministers made just a year ago, after #GPDPR came off the rails...
...and NOT trying to hide behind a no-longer-statutory 2012 Code of Practice, as @NHSEngland did in its Direction to @NHSDigital - which it is in the process of taking over - to use #Palantir to collect NHS patients' #hospital data just last week:
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.