Connecting For Health Consultation

I've spoken before on the 'Connecting for Health' IT project, its something that frankly gives me the willies; a huge database of all your medical details that has shockingly bad security measures.

(I've spoken to people working on the system, and trust me, it's horrendously insecure).

They are having a consultation process on the use of your medical information, which you can take part in on-line.

NHS Connecting for Health (NHS CFH) is conducting a consultation with the public and healthcare professionals on the use of patient information for purposes such as health research and managing and planning care.

The health and well-being of the population can be improved by activities such as medical research, disease surveillance, screening, needs assessment and preventative activities.

NHS CFH is keen to obtain the views of the general public, patients and other interested parties on how patient information held by the NHS should be used for additional purposes such as research.

I suggest that everyone in the UK has a look at it.

From the Open Rights Group mailing list I'm part of, someone has made the following point.

Note that the survey more than once claims that patients have no legal right to control information they have given the NHS about themselves once it has been anonymised.

As a matter of law this is nonsense.

Information given in confidence may not be used or disclosed except for the purpose for which it was supplied unless the supplier consents, and this is not changed by removing the supplier's name. So I hope responders will challenge this (and perhaps also the blithe claim that

anonymisation only fails in the case of people with very rare diseases, which greatly understates the risk that an aggregation of conditions,

dates and places will identify someone just as plainly as a name and address).

This is just exactly the sort of function creep that I mentioned in the previous post, please go and have your own say about your data being used in this fashion.

Oh, and you folks do me proud. If anyone else wants to join up (I do recommend it, I'm a proud supporter, and you can see the sorts of bright people we have involved) you can find out more here. These folks do good work that you can help support for less than the price of two pints of lager.

22 thoughts on “Connecting For Health Consultation”

  1. So when asked what you think about it you can disagree with it.And say in it what you've said right here.

    But why not go a little further can say what you think would advance health care instead of this.

  2. Having spent s lifetime in computing and years as a consultant, the reason projects are faulty, go over the timescale and over budget are:1) The original spec is written by people who don't know what they want.2) New faces are brought in during the lifetime of the project and they all disagree.3) 1+2 are good news for consultancies as it means more cash over a longer time.

  3. You missed4) Management didn't like the estimates given them by the people who have been working for them for years who actually know the business, got in a consultant who took the management spec as gospel and said it could be done in half the time for 1/3 of the price then during development half the IT team left in disgust at the political wrangling going on over their heads and stopping them doing the job.

    Hypothetically speaking of course.

  4. typically 'directive' survey from the government – so that they can claim they consulted people.all the questions are of the type do you think we are 1. excellent, 2. brilliant or 3. great ?they also make implausible presumptions and take these as starting points – the bit about if researchers had to approach patients via GPs it would be really slow and inefficient, if you don't agree then you are a luddite and cute kittens will die – as i pointed out in the survey, a well designed computer system would make nonsense of this claimi had to sign up for an account to post this and now it's time for my medicationdeclaration of interest: I have been both an nhs patient and an ambulance technician

  5. Information given in confidence may not be used or disclosed except for the purpose for which it was supplied unless the supplier consents, and this is not changed by removing the supplier's name.This is wrong. The Data Protection Act 1998 only applies to Personal Data, ie that relating to an identifiable living person. If the data are anonymised such that the person they relate to cannot be identified, the act does not apply.

    Interestingly, there is a wrinkle that the processes of anonymisation is processing under the meaning of the act, so it may only be undertaken if it complies with DPA. Medical research has some specific exemptions within the act, but they may or may not apply here. Of course, if managing health provision is one of the core purposes for which the data was collected, then it may be processed under DPA.

  6. I have spoken to someone who worked on it, and it was horrendously insecure even at its inception. It started flawed in premise.

  7. The problem being that it may well be possible to identify people despite scrubbing otherwise identifying information from the data.But yes, I suspect that this will be the route that the government will take should it go to court.

  8. One typical case of not asking the end users of a computer project.A consultancy made an order entry system for our company, but didn't bother to see what the order entry clerks thought of it. They just installed it without anyone inside the company testing it.

    The result? When the clerks tried to use it they had to scroll around the screen and many had to pull away from the screen to read the text.

    The reason? The staff were using 12″ monitors and the programmer who put it together was using a 21″ monitor. So when the program was transferred to PCs with smaller monitors, it didn't scale down and appeared 60% larger than it should have been.

  9. Well to be honest, I've worked on that project, in various guises, one of the key ones being in the data domain. How it's moved, how it's stored etc.I've also spent a lot of time out at trusts, working with their data departments.

    What I would say, is that personally, I would rather have my data in NPfIT, by a country mile. The data protection used by trusts of their own volition is poor at best, a raggedy collection of Lloyd George notes left in hallways, old PC's and laptops with unencrypted data, and USB keys flying around.

    Yes, the centralised system may not be the *best* but it is by far and away better than what there is now, and being centralised, it can be architected with a better overview, and held to account.

    Just my 2p worth.

  10. I agree with A_Consultant. Having worked across both sides, on balance I would rather be in than out. Heaven knows, there may be a time where I may actually benefit :)Axy

  11. To be honest that is a bit of a poor argument. To say that it's 'better', yet still be insecure is like saying that you'd rather be shot than nibbled to death by rats – the end result is still death (or in this case dataloss).And with an uncentralised system the amount of information that you can make away with is limited, with NPfIT you can get away with a lot more, and leave less fingerprints…

    Also, do you honestly think that staff on the 'shopfloor' level will change their habits to become more data security conscious? Will they remember to log out? Will they realise that when they remove their security card from the card reader they are still logged in and that anyone can use that computer with their 'authorisation'?


  12. PEBUAK does absolutely occur, but then we should be asking if the users should be responsible for security, that's why IT are there.Given the systems I worked with (the ones in the north, rather than Cerner, so I can't comment on London, sorry), and given the architecture used, you remove the ability at the point of use to use things like USB keys, etc. The login/logout can be solved with technology, and sharing smart cards will be something fixable by HR policy. People need to be held to account.

    The problem where this breaks down is where data is taken out of the data centres, which in my experience *are* secure, it's when that data is fed to systems still hosted by the trusts, such as data warehouses, reporting systems, path labs etc. At this point we lose stewardship of the data from a central point of view, and back to the trust (a non IT organisation) taking responsiblity for it. something that is proven to be bad.

    So for my money is that the disaster scenario of the data centres being Haxored, and all data being released is very slim, so the central function works. But sadly to be used, the data has to be given back to the trusts, and that's where the problem comes in… PEBUAK. How do we solve that? Buggered if I know.

  13. “(I've spoken to people working on the system, and trust me, it's horrendously insecure). “”I have spoken to someone who worked on it, and it was horrendously insecure even at its inception. It started flawed in premise.”

    Well then, if those who worked on it or are still working on it, know that it is “horrendously insecure” then why don't they have a spine and stand up and be outspoken about it and then DO something about it?

  14. The survey is ridiculously biased towards the positive. It presents the possible benefits for patient research and then asks us what we think.There is no addressing of security issues, safeguards to access, standards, just nothing! This is a PR exercise not a consultation. A proper consultation would have in effect asked “What do you think of these downsides to these proposals”.

  15. “To say that it's 'better', yet still be insecure is like saying that you'd rather be shot than nibbled to death by rats – the end result is still death (or in this case dataloss).”On the other hand, given my records are evidently insecure at the moment, and there is no audit trail on who has access, moving to a system where there is an audit trail of who has access, even if it is still insecure, may be a step in the right direction.

    The end result may still be that someone can view my records who shouldn't be able to, but at some point in the future those records may be available to me when they previously couldn't be, and therefore may be of some practical use.

    Tbh, my experience is of the northern solution(s) rather than the London ones. It may be that if I had the same experiences as you, Tom, I may have the same reservations.

    No idea what PEBUAK is. Answers on a postcard to…?


  16. I know it as PEBCAK, problem exists between chair and keyboard – i.e., is the person on the chair. It makes more sense to me, too.

  17. Thus speaks someone that doesn't know the way the system works. It doesn't matter if you know its flawed. It doesn't matter if everyone you are working with know its flawed. If it requires a change to the specification then that will cause delays, increased costs, budget reviews etc. The chance of that happening is almost nil.

  18. “Thus speaks someone that doesn't know the way the system works.”Stuff the system! These people who are working on it – are they paid to think or are they wage slaves puppets only worrying about their mortgages?

    How can anyone continue with a project and be motivated when doing so will conclude in a flawed product. It's immoral when they know so many lives could be at risk? Why don't they just walk out?

    To set an overall budget on this project is incorrect; this should be an incremental on going cost delivery with Boehm's spiral development where features are delivered tested and built upon. Not a big bang approach.

    But oh no, the big picture has to be painted with headline grabber value-for-money figures to satisfy short-termist political manifestos.

    As I replied in Tom's last blog here on the subject, the fundamental problem is our short-termist political system which lacks continuity traded off against the potential benefits of frequently refreshing how our country is run every 5 years when an election is called.

    Such a big undertaking as a NHS database must have continuity beyond election terms as I said.

  19. I like most of your points, but I do object to being called a wage slave …I have 2 kids, a current partner and an ex wife. I do not go to work because I want to, but because I need to to pay my mortgage and put food on my table. If that makes me bad, then tough s….

    Do you attempt to stop the system, or change it from within ? Fairly fundamental question. For those of us who work in this shoddy excuse for a project, we try and do the best we can, and you sure as hell won't be able to stop this juggernaut from without unless you happen to be, oh, prime minister or something. Even Helath Secretary won't do, since you'll just be reshuffled as a luddite. I do not have the power to stop it from within, change the specifications or to do much more than kick and shout about the implications in my area of expertise. Occaisonally, I get to do that at a quite high level, but not often and those who get paid more than my paltry 15kpa do not often listen (they know more than I do, since they get paid more, of course). What I can do is ensure that anything I am involved with is done with the patients interests at heart and to the best of my ability. In my sphere of influence, that meant making sure that there were business processes to sort out what happens when things go wrong and patient records on the system get confused and mixed up, which will happen.

    I would agree wholeheartedly with your assessment of a 'big bang' project scenario. There are potential improvements in electroniky stuff in the NHS, but not if it is done this way with a political agenda rather than patient care as a driver.

    Rant over. Back to my hole, now.

  20. I'm 100% behind an NHS database and therefore support what you do, as I said in Tom's earlier post about this, given my reasons why.It's a tough call to choose where the finite money goes and I certainly don't envy the decision makers.

    Misguided populist view will say: why spend money on computers when the money should be spent on paying staff better, expensive drugs, treatments, new beds etc.

    But I believe that along with new drugs, new treatments and therapies, an NHS database is also a medical advance and can help these other areas: treatments can be more targetted to a patient's unique makeup, lightning fast decisions can be made with large amounts of data in emergencies, medical research can be helped.

    It's about time we had some more cross-party consensus politics, that we have already seen in the banking system, moving into healthcare.

    If the roll-out of a database can be immune from the goal-post moving of short-termist political manifesto targets then we can move on to a serious issue being that the NHS staff have a deep mistrust of such a database system, with valid concerns I agree.

    In blog posts here, I see people say the system is horrendously insecure. So they are not saying that any system will always be insecure – just that the way this one is being made will result in it being secure. So they have a notion in their mind that there can be a secure system. That computer systems can be secure.

    Going back to the anecdotal evidence seen here in replies to the blog posts, which suggests NHS staff mistrusting the system. If the issues can be addresses, then the staff need to be able to own the system, make it theirs and see it as another valuable medical resource. They need to be aware of what it should do and what it should not do. Much the same as saying that giving someone medical drugs is not always the best treatment.

    Or we can all just carry on moaning about it and not do anything about it.

    The conundrum for our Tom is that if you're a regular reader you'll remember him expressing an interest in working more with computers having excelled at them during his formative years. So Tom, perhaps you are the one to influence the roll out of the NHS system with your hands on healthcare knowledge coupled with your enthusiasm for computing?

Leave a Reply

Your email address will not be published. Required fields are marked *