I suspect that most people are unlikely to change their minds about the care data initiative.
I suspect that most people, unprompted, really couldn’t be that bothered about the initiative – after all, there was precious little consternation in Parliament when the relevant enabling legislation was considered – but those that are bothered are likely to remain very bothered about it.
As the ICO has helpfully explained when commenting on the enabling legislation (the Health and Social Care Act 2012), ‘This law gives NHS England the right to direct the Information Centre to collect certain sorts of data from the medical records. The law is a statutory enactment which requires the disclosure of the data, which means the data becomes exempt from the main parts of the DPA.
Because the main parts of the DPA are exempt it means that neither GPs (as data controller) or patients (as data subjects) have the right to stop that information being taken into the Information Centre – there is no legal ‘opt out’ under the DPA.
But while the DPA doesn’t give patients a right to object, the Secretary of State for Health has offered patients an option not to have their information used in this way. But as this option isn’t covered by the DPA, we can’t regulate it, and we don’t set the rules on how it works.’
So that’s it. Slam dunk. There is an avenue for people who are sufficiently motivated to object. There ought to be no further argument about the matter.
But of course there is and there will continue to be because some people are extremely concerned at the impact of the adverse consequences should anything go wrong and any data sharing go awry. And the ‘No never’ brigade are of course determined that it should be made much easier for patients to be able to object to having their own details shared.
And let’s be clear about this, of course things will go wrong, and of course some data sharing initiatives may go awry. But this does not mean that the initiative is a bad initiative, or indeed that it should not be allowed to proceed. What is likely of general concern are the practical steps that should be taken to provide the necessary degree of public assurance that data is being shared appropriately, but that is not an issue I am setting out to address in this response. (If it were, I would be spending the next 800 words arguing for the ICO to be able to play a more meaningful role.)
Is it really wrong, in a modern democratic society, that as a condition of receiving a vital (and free at the point of delivery) service, citizens should be encouraged to reveal to third parties information about their health that might improve health outcomes amongst the general population?
As far as I am concerned, no. The care data initiative is a necessary and proportionate response to a growing problem, which is that the costs of health care are significantly outstripping the ability of commissioning bodies to be able to purchase enough of it. I am a grateful recipient of the health care that the NHS is able to provide to me and my family, and I certainly wouldn’t want to erect any barriers that made it inappropriately harder for care professionals to devise the most appropriate treatments, or to benchmark health outcomes to ensure that dodgy doctors couldn’t practice with impunity.
In a nutshell, the right to privacy is a qualified right, and accordingly public authorities are able to interfere with this right so long as the interference is:
· In accordance with the law;
· In pursuit of one of the legitimate aims set out in Article 8(2) of the European Convention of Human Rights; and
· Necessary in a democratic society.
As far as the law is concerned, this test is met by the Health and Social Care Act 2012.
As far as meeting any legitimate aims of the European Convention on Human Rights are concerned, this test is met by the reference to initiatives ‘for the protection of health’.
As far as the meaning of ‘necessary in a democratic society’ is concerned, there have now been a number of cases before the European Court of Human Rights that have all referred to one or more of the following tests:
· Pressing social need – Does the interference correspond to a pressing social need?
· Proportionality – Is the interference caused by the measure proportionate to the legitimate aim being pursued?
· Relevant & Sufficient Reasons – Were the reasons given to justify the interference relevant and sufficient?
We can all argue until the cows come home as to how ‘necessary’ the initiative is, but I’m not sure what would be required to change my personal view that the initiative meets these tests.
I do pay tribute to the remarkable work going on behind the scenes to ensure that whatever does happen is done in a way that is as safe and as secure as possible. I’m also somewhat concerned at the potential threat to my privacy by the inappropriate disclosure of information that consequently caused me a great deal of embarrassment. But, I would be much more concerned if I were to be living with a particularly debilitating medical condition and it subsequently transpired that my own treatment plan could have been significantly improved if only a core of conscientious objectors had not been successful in withholding from researchers vitally important details about their own health issues.
Finally I do hope, although I am by no means confident, that the care data initiative actually does take off. It only takes a small, but vocal, group of detractors to derail it. And they do seem to have a remarkable ability to grab the headlines.
As in so many things data protection, this initiative is less about the law and more about the politics of the process.
Martin Hoskins is a Privacy Consultant and runs a company which offers clients a bespoke data protection consulting service: www.martinhoskins.com. He is Chairman of the Data Protection Forum: www.dpforum.org.uk/