Friday 28 February 2014

RIP IDA – care.data

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The care.data initiative is marketed on the basis that it would support medical research. As long as you only look at that aspect of HSCIC's initiative, it looks unimpeachable.

There are other points of view:
  • The Health and Social Care Information Centre are said by some to want to make money out of selling our previously confidential GP medical records. Is the objective health? Or wealth?
  • The claim that these records can be anonymised or pseudonymised is false. Why are HSCIC pretending that we can't be identified by our medical records when, in fact, we can?
The picture becomes more complicated. Our automatic trust in HSCIC begins to be undermined. MPs on the House of Commons Health Select Committee said on Tuesday 25 February 2014 that they didn't want their medical records to be bought and sold like a commodity and that they didn't trust HSCIC, so much so that they had already opted out of care.data.

Can you opt out? There is some doubt, identified by the tireless Professor Ross Anderson. HSCIC may still take your records from your GP even if you have opted out. They will pseudonymise the records before filing them. But that doesn't work. See above. You can still be identified.

At which point you start to ask yourself why there is this rapacious desire for our medical records. Is it just the research? There's already lots of research going on. Do we need more? Why wasn't care.data a priority ten years ago? Why now?

Is it perhaps that identification is the point of care.data? You don't know – but DMossEsq knows – that he over-produces calcium, great lumps of the stuff gather in his joints and occasionally make movement difficult. "Which mineral chosen from the following three do you over-produce ..." would be a good question to help to verify DMossEsq's identity. Only he knows the answer. At least until a few minutes ago. Now millions of people do.

care.data is something to do with the Government Digital Service's Identity Assurance Programme (IDA)?

There have been hints that that is the case.

In midata's marketing campaign for cretins, for example:

midata Innovation Lab (1'58")
midata would like your medical records (that's the nurse in the blue uniform, bottom right) and your travel records and your educational history to help to identify you. In addition to your banking records, of course, your mobile phone data and your utilities usage. All in your personal data store (PDS).

And there was a hint in the talk given in November 2013 by the CEO of Mydex. Mydex is a purveyor of PDSs. To midata. And to IDA, where it is one of the UK's five designated "identity providers". More than a hint – a detailed diagram:

David Alexander Mydex CIC CEO
talk at BCS Nov 2013 Trust online (13'29")
The blue cylinder at the top is HSCIC and the green lozenge underneath is DWP. The yellow, green and pink blobs to the right of DWP are your GP medical records, which fly all over the place via the "Government Citizen Identity Assurance Hub (when available)" in "seamless customer journeys" across the "open market for personal applications" with "innovation driven by market and NHS" – new apps to help you make the right lifestyle choices.

The whole structure is supported on Mydex (the purple bit) and its PDSs.

And there supporting Mydex is the trusty shield of tScheme, which "Gives you Confidence by independently Assuring that the Trust Services you are using meet rigorous Quality Standards". Even though Mydex isn't on the list of tScheme approved services or a registered applicant.

That's where your medical records are headed. Into the trusted "Integrated Customer Services Platform" (the great big blue lozenge to the left of DWP) of IDA.

No comments:

Post a Comment