As a UK taxpayer this makes me so angry. The fact this incredibly valuable (not to mention privacy sensitive) data is given away through backroom deals for a pittance without any transparency is just infuriating.
I live in the US and used to build products to deal with sensitive healthcare data. I recall talking to an Important Person from the NHS, years ago, who proudly told me that the NHS could do things with its healthcare data that US companies could not- without having to deal with things like HIPAA, etc.
I told them that while they might be able to do that, it would probably make a bunch of people mad if they weren't totally transparent about it.
This is literally how privatization works. My dad runs a small construction firm in London, and was invited to provide the sandwiches for the opening of a new park. For that colossal buy-in, they got their company name on a plaque, as a generous funder of the park's construction. In reality, the whole thing was paid for by the state. Except the sandwiches, of course (I think another business might have paid for a bench or two).
It's a simple scheme - the party looks like they did a project on the cheap, so they look thrifty to voters. The businessman gets real tangible benefits. The politicians responsible make friends who'll open doors for them in the future.
If things like this upset you, you are seriously naive about the operations of your government. As a former Palantir employee, I can say with some confidence that the govt and private company's make efforts to ensure these things remain secret..
Then be a hero and stop using a throwaway maybe? If you are embarrassed or maybe ashamed of your former association with Palantir, don't bring it up or don't get caught working there or both.
I work on similar public healthcare projects where our website mentions the contracts, down to the division. I tell people in meetings I don't do things I wouldn't stand by on public record.
I wouldn't to be honest; they are a whistleblower and unless they manage to get a lot of media attention, there's a chance they'll "disappear" or "commit suicide"; Palantir is a dodgy company with people, influence and interests going very high up.
While I understand the thinking here, it's a bit sad. It seems quite likely that very useful medical advancements could be made by looking for correlations in large databases of a variety of medical data. Or correlations between health histories and genetic data. If we gained understanding that led to improved healthcare for everyone, wouldn't someone doing this kind of work be a "good guy"?
There have been reports on this site, of severe healthcare provider (as in HIPAA protected data) privacy violations, that occurred via data broker intermediaries through popular social media platforms. You know, getting a $60 FedEx package consisting of baby formula, during the month that the baby you miscarried should have been born, that almost cost you your life too.
The amount of bad medical data, erroneous medical data, and just medical errors in the US is actually unbelievably astonishing.
Finding correlations in datasets (even the most perfect dataset!) for use in healthcare is a profoundly unethical social experiment, both among the population and the individual.
We all know that the field of software engineering has faced scandal after scandal when it comes to ethics. The list of examples is practically endless now, and this is one of the most dangerous examples by far.
There are actually multiple people on here, who had wives who miscarried, who got a $60 promotional FedEx package of Enfamil (baby formula) on what was the exact expected date of their miscarried baby.
So, it was not like it was hard to figure out that it was from medical data, and especially in one case, where they did not even know that they were pregnant when the miscarriage happened!
You can find this stuff easily by using variants of code words from the post I made, to find the details that you want to learn about.
However, this is the user who did incredible investigation work. (There are far more thoughtful posts over this incident if you just search for things like "USER" AND "Baby/Infant Formula": https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
You will find extremely insightful information if you further modify select key words in the search. It really is eye opening.
Also, the Financial Times always had pretty impressive investigative work on data privacy, and not in an apocalyptic or fleeting sense. It is just incredibly well researched, and somehow, I have never been disappointed by their coverage.
This seems really uncompelling. So what, we pass on potentially saving lives because some people are getting mail that makes them sad? Because a trans person might get mail that targets their sex? None of the potential harm seems as bad as dying or even physical (unlike dying).
It is sad. It’s the nature of the beast; oversight is as weak as water, foresight limited, opportunities for misuse and insecurity boundless. Trusted organisations have become the frontmen for all this bullshit, and people are frankly being conned en masse.
The problem with all these “atoms for peace” style big data initiatives is that they must naively ignore the weaponisation of data to justify their benefits. Our civilisation having access to big data is like a Neolithic people trying to handle uranium. Not only are we ill equipped to mitigate the dangers involved, we don’t even fully understand what they are yet.
Perhaps one day our species will evolve to the point where we can make use of these wonderful technologies without blowing our society apart in the process. Until then, absence of data is better than presence of mind.
That might be good advice in general, but I don't think that works with medical data. If I get hurt and end up in a hospital, how would the surgeons decrypt my hard drive to find my medical history if I'm unconscious? Obviously I need to entrust this data to somebody.
Edit: Not being a doctor, it's difficult for me to anticipate what sort of information doctors would consider relevant. Certainly there are some easy cases to anticipate, like allergies to penicillin or similar. And I think for things like that, people do get medical tattoos. But personally I'd feel far more comfortable if my doctors have my complete medical history available to them when they need it.
I'm willing the accept the 5% extra chance of death entailed by some emergency doctor not knowing my medical history. If I have something crucial, like an allergy to medication, I guess I'd just get that tattooed somewhere obvious.
In the vast majority of emergency cases for the vast majority of patients, I don't think one's medical history is going to be a significant factor in getting them out of the woods far enough to give an "encryption key."
How about just allowing me to register a checklist of what I think doctors should be informed about me with some federal database? A system that is centered around me, and my concerns, rather than just using my safety as a post hoc justification?
> I'm willing the accept the 5% extra chance of death entailed by some emergency doctor not knowing my medical history.
That seems logical in theory, but in practice, that is not actually how this kind of thing works. I know firsthand: I ultimately survived a series of differing and often unusual medical crises in my 20s, that I really should not have ultimately survived, individually or collectively, statistically speaking. I never actually pictured myself once, after turning age 18, ever being age 30. I never once believed that I would ever be 30, in my adult life. Now, every year after 30 to me is a gift.
If you do not think that something like this can happen to you: 7-8% of the general population collectively has some sort of a rare disease. Rare diseases can look exactly like a small collection of different common health problems that people with chronic illnesses may legitimately regularly acquire. It requires a lot of intuition, knowledge, experience, and foresight to actually get something like this right. This requires medical expertise and being an excellent clinician is essential. This is not a problem that software engineers can solve on their own.
Also, medical records are almost always littered with a ton of errors, that may seem minor to you, but in reality, they really are not. Considering the third leading cause of death in the US is considered to be preventable medical errors [1], which is appalling, you better being going through your medical records in detail, correcting each and every error (along with sharing the records--by giving physical copies--for security reasons--to the other provider--if they do not have full access to complete health records), if you plan on staying alive long-term, whether you are healthy or not.
We have a tremendous way to go on medical records and medical data, and it is really not something that AI can practically solve, in general, due to so many errors, bad datasets, and profound hoarding of data.
It seems pretty common sense that the main things people want to convey in medical emergencies where they're unconscious or their identity is unknown are allergies and reactions, hence why we have medical allergy bracelets and similar things.
If it's life and death and I'm unconscious, it's unlikely they would be able to access my medical records regardless, given the state of healthcare data interoperability (I have a lot of experience in this area). If I am conscious, I can tell them where to get my records, whether they're in Random Hospital X's database, or my personal DB.
I tend to agree that in the average case there's no real downside to doctors not having my medical history.
You admit that medical bracelets are a good thing. But then you go off and say stuff like "it's unlikely they would be able to access my medical records regardless". What? It's not "regardless". We can fix that. That's the point of this thread branch.
During the mid-aughts, there was at least one serious proposal that every person would have their own private record store, which they carried around (PDFs on a thumb drive). Part of NHIN shootout. Every one had a pretty good laugh.
Repeating myself here: one way to protect patient privacy is to issue everyone globally unique identifiers. Then use translucent database techniques to hide the important.
Currently, linking records across our heterogeneous systems, with all the data quality challenges, prevents data from being encrypted (in transit or at rest).
Generally speaking, the surgeon isn't going to have your medical history until well into your treatment... probably by the time you or someone who knows you are able to tell them anything they want to know. There's not a properly linked database of healthcare records for that purpose - the hospital doesn't even know what GP you're with, never mind have instant access to your records, and it mostly works out.
To put a finer point on it: it may be easier for doctors to find your hard drive and decrypt it in some cases that than to go through and extract them from another medical provider's EHR system. I say this only partly tongue-in-cheek.
Not really. Hospitals don't talk to each other properly, GPs don't talk to each other. I've been asked to bring blood test results in paper from my GP to a specialist clinic because they couldn't work out how to get them emailed over - and it is essentially various forms of email that much exchange does happen over.
An "integrated system" has been something the NHS has been sinking money into for decades and getting nowhere with.
Amen its normal if you cross NHS trust's for more complex cases.
I cant go to my local hospital for some of my tests (post transplant related) which is 30 mns away by bus instead I have to go to another hospital which by public transport will take an entire day.
A while ago we had (these numbers keep changing as the organisations merge).
207 clinical commissioning groups (CCGs)
135 acute non-specialist trusts (including 84 foundation trusts),
17 acute specialist trusts (including 16 foundation trusts),
54 mental health trusts (including 42 foundation trusts),
35 community providers (11 NHS trusts, 6 foundation trusts, 17 social enterprises and 1 limited company),
10 ambulance trusts (including 5 foundation trusts), and
7,454 GP practices.
The CCGs take money from NHS England and they commission services from local provider organisations. Those organisations don't have to be NHS Trusts (I think it's still law that CCGs are forbidden from having a preference for NHS Trusts).
NHS Trusts and NHS Foundation Trusts are independent organisations. They have their own board of directors and non-executive directors. Foundation Trusts do to, and they have additional responsibilities to their members.
In Gloucestershire we have one CCG, one acute hospitals trust, one trust that covers MH, LD, and community care, we have an ambo trust that covers the south west, and we have a local authority that commissions drug and alcohol services from non-profit orgs, and then a bunch of GP surgeries on top.
This means they all make their own decision on software packages to buy, and a lot of that info is locked up in their system. While there's some commonality in software packages used (eg, lots of use of SystmOne) it's not always easy to get the information from one organisation to another.
If I am diabetic and see me GP's diabetes clinic, and then I am admitted to mental health hospital, it can be hard to get my diabetes clinic notes into my MH hospital notes.
I posted a twitter thread just today about an NHS organisation who employ someone to print out one database, and then to enter that information into another database. Have a read of the twitter thread, because there are a bunch of people who agree. https://news.ycombinator.com/item?id=23426262
Inter-operability is going to be big business in the English NHS for anyone who can crack it.
It's not clear who you're meaning by "the good guys". None of the parties mentioned, maybe except openDemocracy (and not sure there) could feasibly have such a label applied.
Note that I've nor personally heard of Foxglove before, so no idea at all about their history.
NHS in general is way less known than UK citizens think. Especially in Europe where the existence of a national healthcare system is not a religion but a norm.
> Especially in Europe where the existence of a national healthcare system is not a religion but a norm.
An NHS-type system is not at all the norm in Europe. Comprehensive and universal health insurance or even single-payer health insurance are not the same as the single-payer (mostly) single-provider system in the UK.
In most of the Germanic countries, for instance, the norm is closer to the multiple-payer multiple-provider system in the US in structure, albeit most certainly not in outcomes due to some important tweaks.
I did specify "(mostly)" which I think is rather accurate. It's rather close to a completely single-provider model (in each of the constituent devolved regions, as you note) compared to the system in Canada, for instance.
> With largely public or government owned providers, this also fits into the 'Beveridge Model' of health care systems, sometimes considered to be single-payer, with relatively little private involvement compared to other universal systems.
I'm confused about what data is being provided to these companies. Is it the patient data that my GP has for example, or is it purely data that the NHS aim to gather from the contact tracing app?
This has of course been Dominic Cummings’s plan for years - you can read about it quite openly on his blog, and on the blog of his friend American physicist/eugenicist Steve Hsu. The point is to allow private industry to capture the health information of private citizens in order to turn Britain into a genetic modification powerhouse- pitched on the basis of fighting genetic diseases, but in fact founded on the anti-egalitarian, genetic-determinist, race-and-iq worldview of much of the modern right
Doubtful. There's far less money in politics in the UK than in the US. The total donations the Labour party received in the 2019 general election would barely be enough to elect a single senator.
"Predictive policing" using Palantir in US cities didn't raise big red alarm bells years ago? I kind of think this story is tame compared to what they've been up to.
