medConfidential – Written evidence (INQ0098)


  1. Many of the existing answers to questions in the Call for Evidence rely on data in some way. This note is largely in response to the evidence given to the Committee on point 8 ("barriers to the development and implementation of these various technologies").


Data on the elderly


  1. In 2015, an online pharmacy (Pharmacy2U) decided to make some extra money by selling the names and addresses of its customers for third party marketing purposes.[1] Pharmacy2U were later investigated and fined by the Information Commissioner's Office (ICO) for breaches of the Data Protection Act,[2] and the pharmacists responsible were sanctioned by their professional body.[3]


  1. We draw the Committee's attention particularly to the victims identified by the ICO in this case: when the lottery fraudsters[4] and 'health supplement' company[5] selected their targets, they targeted the elderly who may have had cognitive impairment.


  1. Many of the 'first movers' in data are those who demonstrate the least consideration for the best interests of others, and existing systems are ill-equipped and not incentivised to detect this.


  1. A related example would be the "NHS Apps Library", which is still rife with apps that track individual devices and their users (across multiple devices) for the purposes of targeted advertising – health advertising being amongst the most profitable and useful. Some of these apps track users for advertising purposes even prior to the user having accepted the terms and conditions required of such apps.[6] The NHS Apps Library has entirely failed to address this issue in any meaningful fashion. It is further likely that apps promoted by the Library are more profitable than they would otherwise be, precisely because they receive the NHS imprimatur by being in its Apps Library.


  1. As DHSC and the NHS recommend more use of digital support tools, predation by the unscrupulous upon the elderly will only get worse. NHSX has refused to simply ban apps in the NHS Apps Library from tracking users, thereby tacitly approving the sale of NHS patients' health conditions to advertisers.


  1. If the goal is to maintain the widespread confidence of users, apps which wish to do the right thing for their users (e.g. those managed by charities, with long term goals driven predominantly by public interest) should not be put at a strategic disadvantage by the NHS 'platform'.




  1. Many of the patients covered by the Inquiry will have complex needs – and often the patient him- or herself is the only common factor across all of their different interactions with the health and social care system.


  1. Access to Summary Care Record / remote access: when a patient can see when data about them was used, including for direct care, they can also see when it wasn't used - and thereby where there are disconnections in their care. While access to this information wouldn't mitigate such disconnections directly, giving patients proof that their record was or wasn't accessed at a certain point provides them with an evidence base on which to ask questions of their care provider.


Predictive Analytics and narrow agendas


  1. Much is heralded for 'predictive analytics' and '5G', just as was the case for 'genome sequencing' and 'personalised medicine'. In practice, all new things are adopted in medicine when and if they help patients, and they are ignored if they don't – or until they do. (We note it has been some time since there was any need for a Parliamentary Inquiry into the use of electricity in medicine.)


  1. 'Predictive analytics' is often used as an excuse to grab as much data as possible on the entire population (i.e. 100%, with no dissent tolerated). Such demands are rarely about using predictive analytics for anything substantive; mostly they are in order to make the process easier for the commercial actors to whom analytics are outsourced. Any statistician worth their salt will confirm that if an analysis is not already significant, adding 2% more data will not make it significant – though it might help improve a business case.


  1. In practice, predictive analytics is potentially useful in a clinical setting for an identified patient – but at a population level there are a swathe of perverse incentives throughout the system (as has been covered in debates about "Accountable Care Organisations"[7] which in practice were neither accountable nor necessarily provided any care, and were thus renamed as "Integrated Care Providers" – being neither integrated, nor necessarily providers.)


  1. One concern about ACOs and ICPs was that they might be commercial entities with profit motives and an information advantage to game the system. If success is not measured for a decade, those who have the most knowledge can use perverse incentives within the predictive system to advance their own narrow agendas. This is by no means an unknown phenomenon; the Francis Inquiry into mid-Staffs also notes[8] the effects of perverse incentives within commercial analytics.


  1. The business models available to firms who wish to work with the NHS are not meaningfully restricted. We note that 'Health Data Research UK', the umbrella brand for UK medical research work, mandated commercial partners for analytics in its funding call, and funded zero projects without commercial partners. This outsourcing of data infrastructure is a policy decision by HMG / BEIS. medConfidential agrees with what the witnesses on the 25th February said about capacity building in the NHS, but we note that it isn't entirely true in practice. Should public bodies be required to provide further publishable evidence on those points, there would be an opportunity for further public comment and scrutiny of any bluster and inaccuracy.


  1. Picking up on the data desires of some on the second panel on the 25th February, we note that he on the one hand complains about a body having to certify that it has followed its data agreement, while on the other suggests a "single line change in the GPs' contract with their IT suppliers". This suggestion was the approach NHS England initially tried to take for the programme, in 2013 – until they were caught, and told it was illegal. (Whatever else it may be, health data is still data, around which there is a robust and evolving protection and rights regime.)


  1. If, as another witness suggested, patients should be told that once their data has been given to researchers and companies (since the same rules apply to both) those researchers and companies could re-use those patients' data for any project, at any point in the future, and for any other purpose, then it is not difficult to project what the overall effect would be on patient dissents. It is unclear whether the Wellcome Trust's 'Understanding Patient Data' project has done polling on how much higher the opt-out rate would be on this 'perpetual re-use' basis than the 25% that was suggested to the Committee could occur under the currently proposed rules.


  1. A sensible and practicable alternative to the 'free-for-all' desired by some researchers would be the use of safe settings run by the public bodies – principally NHS Digital, but also Genomics England. In the case of safe settings, the data working files need not be deleted but rather access to them could be removed – access that could be regranted when further research is approved and conducted. A data destruction certificate would not be required, as the data would not be held by the data user (i.e. researcher) but instead by the public body data controller (or their contracted supplier).


  1. The use of safe settings also avoids the risks introduced by overbearing individuals in institutions with no interests beyond their own narrow research agendas. As an example of such behaviours, it is notable how in the second-tier journal write-ups of Google DeepMind's work with the Royal Free Hospital some individuals changed their affiliations between contemporaneously-authored papers[9] – moving from one 'hat' to another, while continuing to disclose that their work was paid for by the same corporate funder.


  1. A concrete example of the type of 'perpetual re-use' model indicated by the professor would be Birmingham and Solihull Mental Health NHS Foundation Trust's deal with Telefonica.[10] While this work was seen to have ongoing commercial value to the company involved, and while the lead NHS clinician remained interested, the actual value to the NHS (and to the charitable funder) was seen as minimal – yet the work continued under its own steam despite, at best, disinterest from the majority of those who were supposed to use such a system.


Communications on re-use of the "life long record"


  1. The Committee witnesses on 25th February referred to the value of longitudinal data – what the recent NHSX 'tech vision' calls a "life long record", where individuals' records are linked across their lifetime – which witnesses advocated as being "anonymous" data for re-use.


  1. Do Committee members believe that the unique fingerprint created by linking every medical event in their life is "anonymous"? Have they, along with others in the public eye (both willingly or through happenstance) kept every detail of their and their family's health a secret – each such dated detail providing a key to their entire, linked lifelong medical record? Regardless, every patient should know to whom the NHS has sent a copy of their data.


  1. At the time of writing, in early 2020, the only place a patient can easily see where their data is used for 'research and planning' is on the website, which reformats the thousands of rows in the dozens of spreadsheets of NHS Digital's data releases register, to make them more comprehensible.


  1. It is untenable for public confidence in the medium term that medConfidential is the only provider of comprehensible information to patients about how their data is used. It is absolutely required that patients be able to access accurate, accessible information from the NHS (e.g. via NHS.UK) in order to provide the ongoing public confidence and communications necessary for the data projects on which the Committee has heard evidence.


  1. While the Committee and witnesses did note the critical importance of trust – whether in the context of the DeepMind/Royal Free unlawful data deal, or the programme – we find it curious that no witness mentioned to the Committee the forthcoming new GP data collection.[11] We strongly agree with the National Data Guardian's comments about the need to avoid repeating past mistakes, but the mistake is being repeated.


  1. As a measure of the level of current public knowledge and understanding, it is a trivial matter to compare the indicator of the public's desire to express dissent from such uses in Understanding Patient Data's research (which suggests 25%), and the current opt-out figures from NHS Digital (under 3%).


  1. Fewer than 3% of patients have opted out. Picking up on the numbers provided to the Committee by witnesses on 25 February, we draw attention to the other 22% of people who have told UPD (and similar surveys) that they do not want their data used for purposes beyond their direct care – but who have not (yet) expressed that wish to the NHS.


  1. The NHS has never directly told the general public how to express their wishes about data re-use; when the new National Data Opt-out model came in (at the same time as GDPR came into force) NHS Digital wrote only to those who had already expressed an opt-out – effectively encouraging them to opt back in again – and did nothing meaningful[12] for those whose data NHS Digital continues to sell, which millions of patients may prefer they didn't.


  1. We note from Dr Rashbass' introduction that the Cancer Registry he ran at PHE for many years is now the responsibility of NHS Digital. Many if not most cancer patients do not know that they're in the database, nor have they had any meaningful conversations about it. PHE's disconnection from NHS processes meant that it believed it had a legal basis to take the data and not tell the patients, based on a presumption of a public interest. It may (mostly) be right, but the consequences could be catastrophic should PHE ever make a mistake – such as choosing to do some work for a 'causes of cancer study' run by a tobacco company.[13]


  1. medConfidential does not dispute the value of health data; we absolutely refute (as do many others involved in data science, and as does the law) NHS Digital's assertion that the linked, detailed data of someone's unique life history are anonymous under the Data Protection Act 2018. All too often, the most rich data is that which is claimed as the least identifiableit cannot be both.


  1. The same stories about the benefits of data that were told for in 2014 are what the committee heard in February, from those currently in the same 'public debate' about data. All of those stories from 2014 fell apart in the face of scrutiny.[14] Every data use will of course be defended by those whose interests it serves – if only because 'no tyrant ever failed to justify their crimes...', and especially when they serve a business model.[15]


  1. Similarly, DHSC's expectation to be able to use patient-level data to make 'funding decisions' at national level is unlikely to be something that receives widespread support.[16]


What should happen


  1. The aging stand to make the most immediate gains from advances in science and technology that promote healthy longevity. But these benefits can only be delivered if there is widespread confidence in data use by (and beyond) the NHS. This is most clear in the context of complex needs and custom commissioning – where better care can also be cheaper, so long as everyone trusts the process.


  1. One necessary prerequisite for such trust is that there is a shared factual base on how data is used for each patient and their care, and how individual patients' wishes are respected – especially around data for their direct care, such as with access to the Summary Care Record.


  1. The largest predictable benefit from improved technology for elderly care would be for those with multiple conditions to be able to allow their different doctors and carers to see what each other are doing. Those most motivated to ensure their data has been seen by the right people should be encouraged and supported in that – and this includes patients who may have limited capacity themselves, but who receive digital support from their relatives with power of attorney, etc.


  1. One must, however, pay close attention to the differing motivations of those lobbying[17] to "empower people to own all their health information, they can make informed decisions about their own healthcare, and they can share this with anyone involved in their healthcare." The degree to which a company that provides a free GP Online app is "involved" in patients' actual healthcare is debatable; that it uses that 'opportunity' to market and sell dodgy DNA tests to NHS patients reveals its true business interests.


  1. Commercial actors see health information (and their customers) as exploitable assets; the use of the term "ownership" is a dead give-away in this context. For if a patient "owns" their data, they can be 'encouraged' to hand over information that may not be necessary or even useful for their care – data which companies could not otherwise get hold of, were it under the data controllership of the GP or care provider.


  1. As in all things to do with health and care, there must be a proper, open evidence base for each intervention. Evidence-free assertions that, e.g. third party "Personal Health Record[s] linked with the GP record" achieve anything must be tested as rigorously as any new medicine or medical device. Always remembering that gathering such evidence is not itself delivering care, but is rather (commercial) R&D – and must meet every standard for research on human beings.


7 April 2020




About medConfidential


medConfidential is an independent non-partisan organisation campaigning for confidentiality and consent in health and social care, which seeks to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe, and transparent.


Founded in January 2013, medConfidential works with patients and medics, service users and care professionals; draws advice from a network of experts in the fields of health informatics, computer security, law/ethics and privacy; and believes there need be no conflict between good research, good ethics and good medical care.


[2] Copy of the Monetary Penalty Notice issued by the ICO under the Data Protection Act 1998:


[4] Paras 24-28 of the Monetary Penalty Notice

[5] Para 20-23 of the Monetary Penalty Notice

[6] Mental health: and menstruation:


[8] Chapter 5

[9] vs (inc conflict of interest statement)

[10] health-issues/

[11] Final page, NHS Digital Board papers for 5th February 2020. february-2020.pdf

[12] In fact, they did even less than did to inform the public in 2014.

[13] us-firms-connected/

[14] Some fell apart immediately, such as the much-quoted "We don't know how many people get chemotherapy" the vast majority of chemo takes place in secondary care, not at GP practices. Although that question should be answerable by NHS Digital's Dr Jem Rashbass, who previously ran the Cancer Registry which does have that information – of course, that registry used to be based in PHE which the NHS barely acknowledges exists.


[16] Paragraph 2:

[17] technology-committee-lords/ageing-science-technology-and-healthy-living/written/104533.pdf