Informaticopia

Monday, March 23, 2009

Database State

Today the Joseph Rowntree Reform Trust published a major report on the Database State. In it Ross Anderson and colleagues chart the rise of public sector databases which impact on everyones lives.

The report arose from the loss by Her Majesty's Revenue and Customs of two discs containing personal information about nearly 50% of the population and a series of high profile fiascos and data loses and challenges over effectiveness, privacy, legality and cost.

The report assesses 46 databases across the major government departments, and finds that:

* A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.

* Fewer than 15% of the public databases assessed in this report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.

* Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.

*The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.

* The UK public sector spends over £16 billion a year on IT. Over £100 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.

The report uses a traffic light system to examine the databases - those achieving a red rating are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned". These include three systems specifically relevant to health and social care:

* ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;

* the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;

* the electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;

Other databases in the field including the NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, are rated amber which means "a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out".

Out of the 48 databases studied only 6 are given a "green light".

I' still working my way through the whole 63 page report and I'm currently analysing the significance and likely impact of the chapter related to the Department of Health.

The report has already been highlighted by the Guardian in its report entitled "Right to privacy broken by a quarter of UK's public databases, says report". It will be interesting to see what other reaction it receives and, most importantly, whether the direction of travel for government IT is changed at all.

Labels: , , , ,

Tuesday, May 06, 2008

Report of Evaluation of Summary Care Record Early Adopter Programme

An interesting report has been published today into the evaluation of the Summary Care Record (SCR) Early Adopter Programme. It highlights many of the difficulties which have been encountered and makes recommendations to improve for the future.

The evaluation team led by Trisha Greenhalgh at University College London discusses criticisms of the programme focusing on "implementing a technology rather than a broader and more developmental focus on socio-technical change". They also make comment about the ethical and moral considerations inherent in the "current ‘hybrid’ consent model for the SCR, which is widely seen as overly complex and unworkable (and which many GPs and Caldicott Guardians see as unethical), and consider alternative models, notably ‘consent to view’, that have been shown to be acceptable and successful in comparable programmes" in Scotland and Wales. This was despite the fact that few of the patients in the pilot area reported strong feelings about whether they had a SCR and low levels of "opt out".

The report also criticises an "outdated model of change – centrally driven, project oriented, rationalistic, with a focus on documentation and reporting, and oriented to predefined, inflexible goals", and argues for "more contemporary models of change (which are programme-oriented and built around theories of sensemaking, co-evolution and knowledge creation) include soft systems methodology, technology use mediation and situated action".

The full (138 page) report is available from http://www.ucl.ac.uk/media/library/screvaluation, and although I've only read the executive summary so far I think it should be compulsory reading for anyone involved in electronic health records.

Further commentary and discussion is taking place on the E-Health Insider site under Urgent review of SCR consent model recommended and elsewhere. It will be interesting to see if the lessons learned will be put into practice.

Labels: , , , , ,