When the government asked the national data guardian to come up with options for a new consent model for data sharing, it might have been hoping for some measure of clarity – maybe even a firm idea of what should happen.

In the event, the NDG, Dame Fiona Caldicott, did set out options – but in the latest round of this game of cyber-security pass-the-parcel, strongly recommended that the government should consult the public on them.

With just one week to go until this consultation closes (on 7 September), campaigners are anxiously waiting to see what the outcome will be.

The stakes are high in a number of areas: on the one hand, research advocates are desperately worried that any resulting system could stymie future studies, if people are put off agreeing to their data being used.

On the other, privacy campaigners are worried that the options set out by Dame Fiona simply aren’t clear enough.

One opt in, or two?

So what does the review actually recommend and what’s the likely outcome of this latest process?

On the face of it – and as we are explicitly told in the consultation document – the proposed model would enable people to opt out from their personal confidential data being used for purposes “beyond their direct care”.

“These purposes may include the use of personal confidential data to provide local services and check the quality of care, and support for research to improve treatment and care,” it adds.

The review suggests two separate opt-outs, and these are listed in the consultation (page 12):

* Personal confidential information being used to provide local services and run the NHS and social care system (for example, NHS England surveys, regulators and others checking quality etc)

* Personal confidential information being used to support research and improve treatment and care (for example, a university researching the effectiveness of the NHS bowel screening programme etc).

These could be presented as two separate opt-outs or wrapped up into one super opt-out, covering both.

But Phil Booth, co-ordinator of MedConfidential, which campaigned against the controversial care.data programme, and has been blogging extensively about the latest proposals, believes that the opt-out system is far from clear.

He points out that option one (on personal confidential information being used to provide local services) would mean in practice that data could be passed to private companies with NHS contracts – which, he argues, is not what many members of the public want.

“This option treats commercial use like NHS internal use, but separates out research, with implications that are complicated and likely backwards from what patients expect,” he says. “If there is to be trust in the system, patients have to understand what the choice they’re offered means.”

Safeguarding research

Charities and other organisations with an interest in research are understandably anxious. The Wellcome Trust, for example, has set up an independent taskforce in response to the NDG’s latest recommendations, with the aim of “helping to develop a framework for clear and transparent discussions with the public, patients, and healthcare professionals, about how data can be used to improve health”.

Announcing it in July, director Jeremy Farrar said: “We will only unlock the immense value of patient data if we have open and honest discussions about how and why data can be used for care and research, what’s allowed and what’s not allowed, and how personal information is safeguarded.”

The Academy of Medical Sciences is similarly exercised. A spokesman told Digital Health News that the organisation was working on a response to the consultation. This is likely to be along the same lines as the statement issued when the review was published.

Then, president Professor Sir Robert Lechler cautioned: “If the public are to support their data being used for research, we must address any concerns over security and be clear about who can access this data, when and why.”

The implication from both pro-research bodies is clear: if the public understood the value of data to research, then of course they would be happy for their data to be used (indeed, Wellcome’s own research suggests that people are, on the whole, okay with this and with a range of bodies being involved – if there is a clear public benefit).

Booth and other campaigners, however, worry whether the public really is being told about how their data is going to be used; and whether the opt-outs enable them to act on that.

“The consultation didn’t explicitly ask the biggest question people are asking after the review: what will happen to my GP data?” he says. “Patients should know how their data has been used. If there is no secrecy, there will be no temptation to disregard the patient interest.”

A lot of data not covered by an opt-out

Indeed, the review and the consultation both say that the opt-out won’t apply to anonymised data, nor to data in “certain exceptional circumstances” (such as an outbreak of a disease like ebola or a natural disaster), nor where there is “a mandatory legal requirement”.

This last includes releasing data to inspectors such as the Care Quality Commission, the NHS Counter Fraud Service, and those regulating professions, such as the General Medical Council.

Another of these mandatory exceptions is the “statutory safe haven” of NHS Digital, which is now building a Data Services Platform to collect, hold, process, and then distribute de-identified and anonymised information – initially at least for commissioning.

Other areas that won’t be part of the opt out include disease registers and demographic information for production of official statistics. That all adds up to a lot of information.

Booth’s organisation has already warned that the circumstances are still there to recreate care.data under another name; but without the opt-out that applied last time. And he’s not happy.

So what does he believe needs to happen? “The first step is to inform patients how their data has been used, and that will then demonstrate the transparency in the system, which can lead to fact-based conversations about data use,” he says.

“There are legitimate reasons to override a broad patient dissent, but there are also many illegitimate bureaucratic reasons that some wish too – patients need to be able to see what happens, for them to have confidence in the legitimate.

“Had NHS England paid due respect to Caldicott 2, the law, and patients when designing care.data, it may have gone very differently.

“NHS England wanted all the data in the NHS linked by April 2016. It could have done that if they’d told everyone, transparently, and given people a choice to opt out — just as happened with the Summary Care Record. But they went for everything in secret, and it collapsed around them several times.”

Please, no Caldicott 4

Dame Fiona herself is urging people to take part in the consultation. In an article published on the National Data Guardian website, she acknowledges that members of the public can see both benefits and risks of data sharing, and calls on everyone to get involved in the conversation.

And let’s face it, as a human being she really must be hoping not to be asked to do it all over again.

After all, she led the first Caldicott Review of the use of information sharing in the NHS, that led to the present framework of Caldicott Guardians and information governance rules.

She led the more recent Caldicott 2 review, which restated the principles of the original report, while adding a ‘duty’ to share information when this was in the patient’s interest. And now she has had to recover some of the same ground.

Booth agrees. “If there is a ‘Caldicott 4’ then that will be a sign that the Department of Health has failed to learn the lessons that got us to this place, that things have got significantly worse, and that the department is incapable of appropriate data use,” he says, bluntly.

Whether the consultation – the government’s response – can avoid that scenario remains to be seen.