Patients still in the dark about medical data uses

dna-3Today’s publication of  the Health and Social Care Information Centre’s (HSCIC) register of data releases is striking for what it does not include. It is only the tip of the iceberg.

Minister Dr Dan Poulter told Parliament on 25 March that records of the data released by HSCIC would be made public and would cover “all the data releases” made. He said: “Following concerns expressed by the Health Select Committee in its meeting of February 25, Sir Nick Partridge, a newly-appointed Non-Executive Director on the HSCIC Board, has agreed to conduct an audit of all the data releases made by the predecessor organisation, the NHS Information Centre, and report on this to the HSCIC Board by the end of April. Furthermore, a report detailing all data released by the HSCIC from April 2013, (including the legal basis under which data was released and the purpose to which the data are being put), will be published by HSCIC on April 2. This report will be updated quarterly.”

This does not appear to be the case. HSCIC have either deliberately sought to limit the scale of the disclosure by concentrating on one data set – Hospital Episode Statistics – or they have such a poor grasp on what information has been released that they do not want to admit their ignorance. Either way, it is not a full publication and HSCIC must immediately explain why.

Today’s list makes no reference to the police or mental health data – all of which have previously been confirmed as data releases. One Freedom Of Information request response referenced “in excess of 1250 agreements” – while today’s release covers just 459 releases. It is clearly not the full list of “all the data releases” that Parliament was assured would be made public.

One other deal not included is with PA Consulting, which was awarded a license for HES data in 2011 (extended in 2012) that will run until November 2015. The Information Commissioner’s Office is currently investigating a complaint by medConfidential, the Foundation for Information Policy Research (FIPR) and Big Brother Watch on PA Consulting’s uploading of this data to Google’s BigQuery cloud servers so there is no obvious reason why that was not included in today’s publication.

Questions must be asked why HSCIC has not been fully transparent, despite giving assurances they would be. Yet again we are left questioning if the current leadership of HSCIC is able to properly protect the public’s medical records, or if they are more interested in protecting their own reputation.