On 21 July, the Department of Health took the extraordinary step of posting on its website three letters that were addressed to Computer Weekly and were critical of our coverage of a health IT conference at the NEC in Birmingham.
The department published the letters twice: on the websites of its Information Policy Unit and its Information Authority.
Such a decision by a government department, to publish a series of independent letters to a magazine, before that magazine has had an opportunity publish them, is unprecedented.
The conference in Birmingham had been organised by the British Computer Society’s Health Informatics Committee and Assist, the Association for ICT Professionals in health and social care. Its main purpose was to gather the opinions of delegates on a £2.3bn national programme for IT in the health service, particularly on the issue of electronic medical records, the official term for which is Integrated Care Records Service (ICRS).
Richard Granger, director-general of NHS IT, had asked the BCS and Assist for their views on aspects of an all-important sequence of documents called the Output Based Specification [OBS]. Comprising about 600 pages, the OBS provided a specification for companies that were bidding for contracts under the NHS’ national programme for IT.
The three leading specialists in their field who have sent strongly-worded letters by e-mail to complain about Computer Weekly’s coverage of the conference were David Young, clinical adviser to the Information Policy Unit at the Department of Health, Glyn Hayes, a family GP and chairman, Health Informatics Committee of the British Computer Society, and Marlene Winfield, head of patient and citizen relations at the NHS Information Authority, part of the Department of Health.
Before publishing the letters, which attack Computer Weekly’s ethics and professionalism and one of which says we committed a breach of trust, the department gave us no opportunity to respond. We have published this week a detailed explanation for our coverage of the conference in which we set out the rationale behind Computer Weekly’s NHS campaign. We also publish the three critical letters from Young, Hayes and Winfield, together with other letters from delegates at the conference who support our coverage.
In addition, here is a point by point response to the critical letter from David Young.
Young’s letter makes the strongest accusations against Computer Weekly. The original e-mailed letter contains a number of mistakes which, we assume, are errors made in the typing of the letter. We have corrected these so that the points made in his letter and our responses are easier to follow. The original e-mail is published at the end of this response so that it can be seen that we have changed nothing of substance.
Our response to the specific points made by Young
"I find your reporting in Computer Weekly 15 July issue of parts of the health informatics conference organised by Assist and BCS deeply disturbing in at least two respects.
"Firstly it was a gross breach of confidence to report the meeting at all. It was a private meeting at which attendees from all parts of the NHS, suppliers, academics, management consultants and the Department of Health could express their ideas and views on the National Programme for IT in the NHS knowing that they would not be made public."
The assertion that the conference organised by British Computer Society’s Health Informatics Committee the Association for ICT Professionals in health and social care (Assist) was a private meeting is incorrect.
Computer Weekly was invited by the BCS to cover the event. In addition, the reporter contacted the organisers of the BCS conference to seek confirmation that they were aware he was coming to cover the event.
At the conference he wore a badge prominently showing his name and that of Computer Weekly’s. He was placed under no restrictions in reporting on the event.
At a workshop, the magazine’s reporter introduced himself to the delegates before any discussions began. No suggestion was made to the reporter at any time that the meeting was private. Indeed the letter to Computer Weekly from Glyn Hayes, chairman of the British Computer Society’s Health Informatics Committee, complains about our coverage but does not question our right to have covered the event. Young’s assertion that it was a private meeting is therefore incorrect.
"A summary report will be the only outcome of the meeting."
This is incorrect. At the beginning of the conference, an organiser announced that, "This year the conference is about a response to the national programme [the NHS’ national programme for IT], particularly ICRS [Integrated Care Records Service – the official name for electronic medical records].
"Richard Granger [director-general of IT in the Department of Health] is interested in feedback. He has specifically asked for comments on what we think. We cannot obviously change the current OBS [Output Based Specification, a series of documents, about 600 in all, that form the main specifications against which suppliers are bidding for contracts worth billions of pounds over 10 years] but we can influence the way in which the OBS is implemented. Any comments we have will be fed back directly to Richard Granger," the organiser added.
It was clear, therefore, that the purpose of the event was to provide feedback to Granger. No announcement was made that this was to be the only outcome of the event. Indeed there was a reporter from another publication present.
"The chairman of the meeting specifically stated in his introductory remarks that all were bound not to comment publicly on what was said. To break confidences in this way is undermine the understanding which allows individuals from opposite sides of the fence to meet for frank and open discussions to the benefit of both and the services they represent."
This is incorrect. As we said earlier, Computer Weekly’s reporter was not placed under any restrictions in covering the event. Indeed the chairman announced that the Chatham House rule did not apply to the conference.
However the reporter elected to place himself under a restriction because it was announced at the start of the conference that delegates could talk freely because the BCS would not put names to comments when giving the opinions expressed at the conference to Granger. The organiser said, "I would point out that it is important for everybody that there will be no question of any comments, thoughts, disparaging or otherwise being associated with any particular individuals. You can say what you like. It is obviously not Chatham House rules … It is important [to say what you want] because of the nature of this particular meeting."
For this reason, Computer Weekly’s reporter decided not to name any of those who made comments at the conference, except Glyn Hayes, chairman of British Computer Society’s Health Informatics Committee, and Fleur Fisher, a former head of ethics, science and information at the British Medical Association. After the conference both Hayes and Fisher were asked and gave their specific consent to being identified in Computer Weekly’s coverage.
To accuse Computer Weekly and the reporter of breaking confidences is therefore defamatory of the magazine and the reporter and is incorrect. It is a particularly inflammatory accusation to make when the reporter had clearly exercised a discretion in his reporting that was not imposed on him by the organisers.
"Secondly the report was given the most sensational spin, with phrases such as 'secret plans to put sensitive health data... into a national "data spine";' 'patients... unaware that health records... could be seen by authorised government agencies such as the police', 'sensitive data, which could include references to sexual histories... could be vulnerable to hacking attempts'."
This is incorrect. The comments in the articles reflected accurately, and without exaggeration or "spin" the strongly expressed views of delegates; and the reporter mentioned only a small number of the concerns expressed. That secrecy over plans to put sensitive health data on a national data spine was an issue among delegates was made particularly clear during a number of discussions on plans for electronic medical records – ICRS.
At the time of the conference, the Output Based Specification was secret. The Department of Health did not make the OBS generally available on its website until 17 July 2003, two days after Computer Weekly published articles which reported on the secrecy surrounding the OBS and provided details from the specification.
At the time of the conference, several delegates complained that the confidentiality of the OBS had made their working lives more difficult. During the course of a workshop, the following comments were made by delegates:
- "It has been made absolutely clear that the OBS is not to be shared."
- "In a vacuum of information the NHS creates its own rumour mill. We need real clarity about how things are mapped out, what is the vision, sharing that vision, getting ownership of it and buying into the timescale, what are the risks and how they are being manage."
- "Our CIO [chief information officer] has been told not to share the OBS. I picked up a copy the OBS and I said: "I have shared it within my trust on a confidential basis, and I was told: "Do not share it". I have come to this conference and everybody is allowed to have a copy. The CIO needs to be empowered to keep everyone informed."
- "The issue is that the CIO is not even allowed to share [the OBS] with directors. Then at a different forum you are told: ‘Yes you can share it, so long as it is kept confidential.’ There is a real lack of consistency".
That patients were unaware that health records could be seen by authorised government agencies such as the police, was not a statement from the reporter but was based on comments made by delegates, such as in the following exchange that took place at a workshop between several delegates:
- "What sort of access controls will there be on the police and security services? So much legislation has gone through in recent years which gives massive access with relatively little control – I think that is an objection to having data on a national database."
- "This is a significant risk that has to be managed."
- "How do we manage it?"
- "This is under discussion at the moment. We have to accept that we live in an age where we share information a lot more."
- "Government feels that we need to make it easier for agencies to access information. That is one of the really worrying things. There are perhaps not large numbers of people who come here with multiple problems from other jurisdictions who could easily be identified from a national database. That information given for your health care could be accessed by the security services for very different purposes means tightening up privacy legislation not loosening it."
It is also incorrect that the reporter exaggerated comments made at the conference or effected "spin" by drawing attention to the fact that the sexual histories of patients were to be included on national systems. Indeed the reporter was discreet in mentioning the discussion only over sexual histories, genetic dispositions to certain diseases and psychiatric care. He did not mention in his articles that delegates had mentioned that the national systems would hold details of abortions, sexual diseases, suspected or actual abuse by patients – including clinicians – of their partners, and suicide attempts.
It is further incorrect to claim that it was an exaggeration to refer to the possibility that systems could be vulnerable to hacking. There were several discussions on this topic. One delegate who works for the Department of Health said, "They [patients] trust us now because we cannot share information very easily. We are talking about a world where at the press of a button you’ll be able to share vast amounts of info with vast numbers of people. The risks are magnified."
The potentially controversial comment (above) of this delegate was not reported in our coverage.
Another delegate who works for the Department of Health said, "Having patient data on a database is a risk" and the following comments were also made at the conference.
- "You ask any private detective how easy it is to get someone’s health record."
- "They would have to either break in [at the moment]. You would not have to do anything physical [to break in when there are national systems]."
- "The only way you can get a full record is to bribe someone who has a role which gives them access to the full record. Administrative people who are the leaky people in a GP’s surgery would not have access to the full clinical record [with a national system]."
- "Let’s not underestimate the problem. ID theft could be possible. We all have a major concern about pulling records together."
- "Anyone who has access to these records will leave a footprint [an audit trail in the system]."
- "Authorised access to personal data [that has been accessed with the consent of patients] does not necessarily leave a footprint."
- "We must make sure that all the lax practices today are not enabled [in the new system]."
- "You cannot take the horror stories and introduce controls that stop the systems working."
It is incorrect and an exaggeration to accuse Computer Weekly of the most sensational spin when the coverage included only a small number of the concerns expressed at the conference, and the concerns reported on were not always the most sensitive that were discussed.
Young also says that the police will have no greater power to examine health records [on a national system] than they do now.
This misses the point of the concerns at the meeting, as expressed in a letter to Computer Weekly this week from Fleur Fisher. "A National Data Spine of Personal Health Information signifies a radical departure by the Department of Health from all previous formal approaches to the personal health record," Fisher writes. And a delegate at the conference said, "In the future there will be more and more potentially damaging data on [patient] records – eg a prediction about what their whole health will be like based on their genetic fingerprints… It’s the same with information, so we have to take the necessary safeguards."
Dr Paul Steventon says in a letter to Computer Weekly, "The complete records and encrypted identities of all NHS patients will be uploaded into the ICRS spine without consent. The private keys meant to secure the encrypted patient identities are also held by government. These keys will be used to reverse the de-identification of patients without their knowledge or consent in ‘special circumstances’. The definition of these special circumstances remains unclear.
Steventon continues, "The location and tracking of individuals of interest to police and security services, such as asylum seekers, illegal immigrants, terrorists, drug smugglers, and paedophiles will certainly be possible using the ICRS. The list of ‘interesting people’ in Britain is arbitrary, set by government, and liable to change without either notice or parliamentary debate."
"Spin is more about style than substance as is evidenced in your report."
There is no evidence in the complainant’s letter that style has taken precedence over substance. Indeed the evidence is that the reporter has reflected accurately the concerns expressed at the conference and indeed has not mentioned some of the most potentially controversial aspects of the national systems.
"For the record there are no secret plans to put sensitive data into a national data spine. The plans for a national Integrated Care Record Service were published in June 2002 and have been on the internet for over a year now. The specific arrangements for a ‘National Data Spine’ were presented publicly at the Health Care 2003 meeting in March and several times since. The proposals were widely discussed within the information community of the NHS."
This is incorrect and a misrepresentation of what was said in the article. The complainant has omitted half of the sentence he complains of. Computer Weekly did not say that there were secret plans to put sensitive data into a national data spine. It said that there were secret plans to put sensitive health data on "up to 50 million people into a national data spine system whether or not patients give their consent".
This has a different meaning to the claim in the complainant’s e-mail. It was not a secret that sensitive health data would be put into a data spine. What was secret was the plan to put sensitive health data into a national system whether patients consented or not. The OBS, which was secret at the time of the BCS/Assist conference, says, "A patient will not be entitled to refuse that their personal data is made available to the spine."
The article also made it clear, however, that patients can refuse consent for data to be on the spine, in which case the data would still be uploaded but would be retained in a "pseudonymised" form unless consent were given for it to be made identifiable. The article went on to explain that the OBS has asked suppliers to ensure that in special cases it is possible to "reverse the pseudonymisation process".
Computer Weekly was reporting information not disseminated to the wider IT community that the OBS contained a clause that a patient will not be entitled to refuse that their personal data is made available to the data spine.
Young has, therefore, misrepresented what was said in the article and then stated undisputed fact to denigrate an assertion we did not make. Thus he has made the sort of mistake of which he unjustifiably accuses Computer Weekly.
"The police or anyone else will have no greater power to examine health records than they do now. The process needs a court order and is thus subject to judicial review."
This comment by Young is one he is entitled to make, but it does not sustain his assertion at the beginning of his letter that he found Computer Weekly’s coverage of BCS/Assist coverage disturbing. Indeed he does not mention the concerns expressed at the conference that access by police or other government agencies to a national system of shared health data raised privacy issues that went far beyond the current arrangements whereby a court order may be needed before the authorities can access a particular record held by a GP or hospital doctor. Computer Weekly did not report the following comments, but they show the concern of some delegates that locally-kept health records posed no issues of privacy but national systems did.
As Fisher says in her letter to Computer Weekly, "A national data spine of personal health information signifies a radical departure by the Department of Health from all previous approaches to the personal health record."
One delegate working for the Department of Health told a workshop at the conference, "In the future there will be more and more damaging data on [patient] records - eg a prediction about what their whole health will be like based on their genetic fingerprints. It’s the same with information, so we have to take the necessary safeguards.
Another delegate said, "People trust the NHS to look after their health information and the department is going to have to mount a very strong case when it comes to cross-departmental sharing because it would not take much to upset that trust. It would put people’s future health care at risk."
In the light of the discussion at the conference about the differences for the individual’s privacy between the current locally-held records and national systems, it is regrettable that this is not reflected in Young’s comment that "the police or anyone else will have no greater power to examine health records than they do now. The process needs a court order and is thus subject to judicial review."
"It is common knowledge that any database of information from banks to the Ministry of Defence are subject from time to time to attempts at unauthorised access. Something an IT journalist should be aware of. It is part of the modern electronic world such as spamming and other unsolicited e-mails. The most stringent security measures will protect all electronic health records."
It is incorrect to suggest that the reporter at the conference was unaware of attempts at unauthorised access to systems from banks to the Ministry of Defence. The reporter has written a number of articles on such attempts. Young’s comment that the most stringent security measures will protect all electronic health records is just that - comment.
"It is a great disappointment to have to complain of such an abuse of trust, which will make it more difficult for CW world to achieve the factual accuracy I am sure it strives for."
The letter writer is correct in saying that Computer Weekly strives for factual accuracy and indeed there is not a single inaccuracy in the articles referred to. There is nothing in his e-mail which supports his assertion that either Computer Weekly or the reporter has been guilty of an abuse or trust or using sensational spin in the coverage of the BCS/Assist conference.
From the record of the conference kept by the reporter it is clear that he has highlighted only a small number of the concerns expressed at the conference and has done so in a way which reflected accurately the tenor and substance of those concerns. In alleging a breach of confidence, Young’s letter is defamatory and incorrect.
The following is the original letter sent by David Young.
This letter is sent for publication in the next issue or as soon as possible.
I find you reporting in CW 15th July issue of parts of the health informatics conference organised by ASSIST and BCS deeply disturbing in at least two respects.
Firstly it was a gross breech of confidence to report the meeting at all. It was a private meeting at which attendees from all parts of the NHS, Suppliers, Academics, Management Consultants and the Department of Health could express their ideas and views on the National Programme for IT in the NHS knowing that they would not be made public. A summary report will be the only outcome of the meeting. The chairman of the meeting specifically stated in his introductory remarks that all were bound not to comment publically on what was said.
To break confidences in this way is undermine the understanding which allows individual from opposite sides of the fence to meet for frank and open discussions to the benefit of both and the services they represent.
Secondly the report was given the most sensational spin. with phrases such as ‘secret plans to put sensitive health data... into a national “data spine” ‘, ‘patients...unaware that health records...could be seen by authorised government agencies such as the police’, ‘sensitive data, which could include references to sexual histories...could be vulnerable to hacking attempts’.
Spin is more about style that substance as is evidenced in your report.
For the record there are no secret plans to put sensitive data into a national dataspine. The plans for a national Integrate Care Record Service were published in June 2002 and have been on the internet for over a year now. The specific arrangements for a ‘National Data Spine’ were presented publically at the Health Care 2003 meeting in March and several times since. The proposals were widely discussed within the information community of theNHS.
The police or anyone else will have no greater power to examine health records than they do now. The process needs a court order and is thus subject to judicial review.
It is common knowledge that any database of information from banks to the Ministry of Defence are subject from time to time to attempts at unauthorised access. Something an IT journalist should be aware of. It is part of the modern electronic world such as spamming and other unsolicited e-mails. The most stringent security measures will protect all electronic health records.
It is a great disappointment to have to complain of such an abuse of trust, which will make it more difficult for CW world to achieve the factually accuracy I am sure it strives for.
Clinical Advisor to the Information Policy Unit
Department of Health