NHS DATABASES: NOT CANCELLED. STILL A THREAT TO PRIVACY
It has been widely reported that the National Programme for IT in the NHS in England is to be “scrapped”. Since we have condemned parts of that programme as a profound threat to the confidentiality of the relationship between doctor and patient, you might expect us to be pleased. But it is not true. It is not clear anything has actually changed. And the most damaging things for privacy, the centralisation of records and of prescriptions, and “secondary uses” of private details for third party purposes, are being proclaimed as the successes of the scheme.
The Department of Health (not a spokesman, but the voice of the department itself, as presented) is quoted in the official press release as saying: “The NPfIT achieved much in terms of infrastructure and this will be maintained, along with national applications, such as the Summary Care Record and Electronic Prescriptions Service, which are crucial to improving patient safety and efficiency. ”
NO2ID along with our friends in the NHS Confidentiality Campaign have long argued that electronic records might well be beneficial to patients, and many GPs are using them. But that is not the same as creating a system where privacy barriers are torn down, and all medical records are potentially available anywhere depending on official whim. You can have the medical benefits of electronic records and privacy together. And that could happen (as it is doing in numerous other modern countries) without the Department of Health taking control of personal information. Improving patient safety and efficiency does not require the destruction of medical privacy. To try do so is the Department’s decision, and it is not withdrawing from it yet.
What you can do
Our recommendation remains the same, to those living in England: If you and your family don’t have any significant conditions (in which case you should of course consult your family doctor to discover whether they are relevant), then do consider opting out of the Summary Care Records system, or making sure if you do decide to have one, that automatic ‘enrichment’ of your record is turned off. Dr Neil Bhatia, a GP and critic of the system explains on his website ( http://www.nhsdatabase.info/ ):
In the event the ‘consent’ code finds its way into your GP records, Whilst your explicit consent should be sought and recorded before any further information is added beyond core data, sensitive diagnoses, conditions and procedures will be uploaded nevertheless – and automatically. [...] Think very, very hard before having an enriched SCR.
The Scots, Welsh and Northern Irish health services are administered rather differently. We would like to know more about what privacy risks and options patients in those countries face, though they are generally believed to be less than those posed by the English leviathan.
Parliament returns on 10th October. It will be considering the Protection of Freedoms Bill, which is an improving measure, but marginally so. We have only been able to give it 3/10.
Along with other privacy and civil liberties groups, NO2ID has been advocating the establishment of a single Privacy Commissioner to replace a tangle of feeble regulators. This plan seems to have been accepted by the Home Affairs Committee of the House of Commons, which put a very similar suggestion in its consideration of the Bill. The government (Home Office) response is in effect outright rejection. This is not a surprise, but the objections given are essentially empty.
A Privacy Commissioner wouldn’t be a substitute for proper privacy rights, but could be a key gain.
We still lack a Treasurer to oversee funds and fundraising (and liaise with, but not be, the accountant). The ideal person for the role will have finance experience and be able to attend the occasional meeting in central London.
ID in the news
A selection of news stories on the database state. Opinions are those of the media concerned, not ours, unless otherwise stated.
Should your system offer Mr, Ms … and Mx? Time to phase gender out of your databases – The Register (27 Sept)
Earlier this month the Australian government announced new rules for declaring a gender on passports. This week UK authorities revealed they are conducting their own review of gender on passports. The Australian move follows increasing pressure from transgender and intersex lobbyists to alleviate difficulties they encounter when crossing borders, where there is variance between someone’s apparent gender and what is written on a document. In some countries, such difference can pose a real risk, and the problem has only intensified with the introduction of body scanners at many airports. The UK debate, however, goes further. The official Home Office position is that they are looking at “the gender options available to customers in the British passport”. Asked to clarify, a spokesman added that the statement should be taken at face value.
Database disgrace: DNA plan ‘good for rapists’- The Sun (28 Sept)
DNA records of up to 17,000 suspected rapists are to be destroyed under Government reforms ‹ jeopardising police investigations, Labour will warn today. And thousands more each year who must give samples under current rules will no longer be part of the valuable database, the Shadow Home Secretary will say. Yvette Cooper will warn that the Government’s plans will rob police of a key tool in bringing violent predators to justice. Ministers have vowed to destroy DNA samples in the database from thousands of people including 17,000 suspected rapists who were arrested but never charged. And in the future, no genetic material will be stored from anyone arrested but not charged including the 5,000 suspects arrested each year for rape. This is despite serial attacker John Worboys the Black Cab Rapist being caught by DNA stored after he was arrested but not charged for a sex assault. In her speech to the Labour conference today, Ms Cooper will blast the Government’s plans to slash back the DNA database.
A nation beyond help - Daily Telegraph (22 Sept)
Countless regulatory checks put volunteers off coming forward to help in their communities.
While it is evidently important to keep children safe, this will not be achieved by discouraging well-meaning adults from helping out in their communities. To its credit, the Government has suspended the Vetting and Barring Scheme that threatened to catch nine million people in its net, and legislation now before Parliament should restore some common sense to this area. Not before time.
An effective way to stop the cheats? – Bedford Today (23 Sept)
Plans to introduce automatic number plate recognition (ANPR) car parking have been included in Bedford Borough Council’s forward plan of savings, which was revealed last week. And subject to the results of a 90-day consultation period the scheme could be up and running soon. ANPR parking would replace the barrier systems in council-run car parks. As a car enters the car park a camera would recognise their number and if the driver failed to pay at the machine they would be slapped with a fine.
Committee Report Labels Police ICT Unfit For Purpose – eWeek Europe (23 Sept)
A report from MPs has warned the police’s ICT is detrimental to crime prevention and is not fit for purpose
A damning report from MPs has said that the vast number of incompatible IT systems within the UK’s 43 police forces is hindering the fight against crime. The Home Office report, entitled ‘New Landscape of Policing’ describes the current ICT setup as not fit for purpose, because the 43 forces have between them a multiplicity of different IT systems and IT contracts, many of which are not compatible with one another. In June the police finally set up a database that allowed police forces around the country to share and access locally-held intelligence. Until then, information about criminals had to be shared manually between police forces, a process that could take up to two weeks. And in May the Metropolitan Police revealed it has begun to utilise an online procurement website to help it procure goods and services.
US Attorney General defends EU data sharing agreement – BBC (20 Sept)
The US Attorney General Eric Holder has defended the sharing of personal data between the EU and US, during a hearing with the European Parliament’s Civil Liberties Committee. The session on 20 September 2011 debated EU-US relations on tackling transnational crime, such as terrorism, fraud and human trafficking. Concerns have been raised by some over privacy issues surrounding the use of EU data – such as financial data and airline passenger records – by US authorities. This was highlighted in the rejection by MEPs of the proposed SWIFT agreement that would give US authorities access to financial transaction data.
Shocked MPs told electoral plan could remove 10m voters – Guardian (15 Sept)
Dramatic implications of individual voter registration spelt out to members on constitutional reform select committee
As many as 10 million voters, predominantly poor, young or black, and more liable to vote Labour, could fall off the electoral register under government plans, the Electoral Commission, electoral administrators and psephologists warned. Ministers have unexpectedly proposed that it should no longer be compulsory to co-operate with electoral registration officers (EROs) when they try to compile an accurate register, in effect downgrading the civic duty to engage with politics.
[NO2ID Comment: Ministers appear to have moved in favour of privacy here. Previous proposals would have meant more compulsion to participate and more capture of personal information from those who wish to exercise their right to vote.]
Identity assurance – how it will affect public services and your personal data - Computer Weekly (15 Sept)
Computer Weekly examines some of the key issues around the government’s identity assurance project for accessing public sector services.
The success of the government’s “digital by default” agenda, a central drive in its ICT strategy, will depend to a large extent on how comfortable the public feels in transmitting personal data online. The IDA project is fundamentally about shifting channels online and moving forward the digital by default agenda, says Bill McCluggage, deputy government CIO. “We have to be customer focused – the customer has to be protected under the Data Protection Act. As servants of the taxpayer, we have a duty of care,” he said.
Transparency and privacy are compatible, says government report - CIO UK (13 Sept)
As long as confidential data is protected at every stage. The Cabinet Office is asking the public to comment on a new independent report it commissioned to examine the impact of its transparency agenda on privacy.
The review, led by Dr Kieron O’Hara, a senior research fellow in electronics and computer science at the University of Southampton, was commissioned to inform the government how to maintain privacy while releasing information as part of its open data and transparency agenda. One of his conclusions was that privacy needs to be embedded into any
transparency programme, to avoid data breaches and to maintain public confidence.
Local Groups News
The size, influence and activity of NO2ID’s local group network is unique among single-issue campaigning groups.
If you’re interested in starting a group yourself, please contact James Baker firstname.lastname@example.org / 07817 605 162 to discuss what’s involved. Local groups are currently doing two new things in addition to their usual business. The first is distributing our new Factsheet on Automatic Numberplate Recognition and travel tracking to people on the street. The secondly is a street survey to assess people’s concerns and priorities over their privacy. This survey is designed to help us better understand what bothers people and what doesn’t as well as what they know.
Even if there is not an active group in your area, there may well be a local mailing list to keep in touch with other supporters. See:
http://www.no2id.net/localgroups/ or call the office for details.