HSCIC publishes data audit

  • 3 April 2014
HSCIC publishes data audit
The HSCIC will action patient opt-outs of data sharing on 29 April

The Health and Social Care Information Centre approved 459 data releases to 160 organisations between April and December last year, an audit report reveals.

Of the organisations that received patient data, 56 were commercial.

The centre has today published a report detailing the data it has released since its creation. It has also commissioned an audit of the data releases of its predecessor, the NHS Information Centre, which is due for publication at the end of next month.

The report is a response to the intense public scrutiny of the bodies to which the NHS is releasing patient information that has followed the care.data row. 

Although supporters of care.data have sought to reassure the public that information will not be sold to potentially controversial users, such as insurers, or sent abroad, it has been revealed that the NHS IC sold Hospital Episode Statistics data to an insurers' body and allowed another organisation to process it using Google servers.

HES forms the backbone of care.data, which wants to combine an expanded HES data set with GP and other data and make the information available to researchers and other bodies, with the public given the chance to opt-out after a publicity campaign.

The programme was supposed to make the first data extracts from GPs this spring, but this has been put back to the autumn. NHS England's revised business case says that when it gets going care.data will build up slowly over three years.

Today's report shows that between April and December 2013, there were 347 releases of pseudonymised data and 75 releases of identifiable data by the HSCIC to 160 organisations.

The register lists each organisation, the type of data released, the legal basis for release and the purpose for which the data was provided.

Of the 160 organisations that received patient data last year, 104 were health and social care organisations, such as NHS trusts, or bodies such as universities and charities, while 56 were private sector organisations which provide services to the healthcare system.

Some of the commercial organisations that received HES data include Lightfoot Solutions UK, MedeAnalytics, Optum UK, Ernst and Young, and PricewaterhouseCoopers.

However, the MedConfidential pressure group, which has called for the public to be given more information about care.data – and a proper opt-out process – said the HSCIC had failed to declare companies that have long-running commercial licenses for HES data.

Phil Booth, the co-ordinator of the privacy group, said the ommissions included the license to PA Consulting, the organisation that had used Google's BigQuery cloud servers, which is now the subject of a formal complaint to the Information Commissioner's Office.

"It is inconceivable that the HSCIC was not aware the licence remains active," he said, adding that "another significant ommission" from the register was the release of data to police forces, who are known from Freedom of Information Act requests to obtain patient details from the HSCIC.

In response to public concern about the release of patient data to private companies, Jeremy Hunt recently announced new legislation to prevent the HSCIC from selling data for commercial use by insurers and other companies.

A proposed amendment to the Care Bill which is currently before Parliament is for the Confidentiality Advisory Group to advise the HSCIC on data releases.

In a statement accompanying the register, the HSCIC says it is reviewing its data sharing procedures and processes, including applications for new or renewed data agreements. It says it has already identified a number of areas of the register where it will seek guidance from CAG.

HSCIC chair Kingsley Manning said: “By placing this register before the public the HSCIC is taking an important step towards the full transparency needed to help the public gain confidence in the services we provide.

“This is about ensuring citizens and patients are clear about how data is used to improve the health and social care received by them directly and by communities as a whole.”

However, Booth said: "Despite saying it has turned a new leaf, the HSCIC is concealing releases of data that might cause itself, or ministers or other officials, embarrassment or political damage.

"Billions of records continue to be sold for commercial use without patients' knowledge or consent."

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Health tech can help reframe ageing as an opportunity not a problem

Health tech can help reframe ageing as an opportunity not a problem

Edinburgh's new Global Research Institute in Health and Care Technologies is working on solutions that will enable more people to age well, writes Professor Alan…
WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.