Oi, that’s my personal data! (Why aren’t you sharing it?)

@lexij: “Health data: found a solution”

At UK Health Camp 2015 #UKHC15, I joked that a session about digital in healthcare will always end up as a discussion about the sharing of personal data. Many a true word…

This happens a lot; three of the sessions I joined at #UKHC15 at least featured a discussion about the sharing of patient data – about how important it is to share it and also about how to make sure it is shared in the right way (ownership, governance, protection etc). It clearly (and appropriately) matters to us.

@thatdavidmiller made this point after an enjoyable (and lively) session towards the end of the day:

Screen Shot 2015-11-29 at 12.12.08

Screen Shot 2015-11-29 at 12.13.02


I don’t agree that “debating ownership rarely helps” as we mustn’t devalue that particular conversation, however I agree with the sentiment – it is true that at the moment it rarely gets us any further forward; it feels like the ownership conversation has been going in circles for years now.  

Some projects across the country are starting to make progress in breaking down the data-sharing barriers but the reality is that piles of Information Sharing Agreements still exist just to support sharing within a single locality – that model of applying governance is absolutely not scalable.

I think the reason we’re stuck in this conversation is because we actually can’t answer the ownership question with what we know at the moment. The (read wider NHS systems, not just IT systems) we have in place today. We know that people should have control of their data and access to their data, but this doesn’t automatically equate to ownership and the risk is that ‘ownership’ becomes a catch-all term for ‘the intricate aspects of personal data, ownership, control, permission, etc.’

So maybe we need to put our current conversations about securing our data on the back-burner for a while, and have some conversations about what ‘comfortable’ might look like for users.“Revokable, Open & Transparent consumption of data,” are the sorts of things we should be talking about.

As @thatdavidmiller said, “Revokable, Open & Transparent consumption of data,” are the sorts of things we should be talking about. I’ve often imagined some kind of intuitive ‘data dashboard’ that people could use to manage their personal health data, however the complexity of the NHS structure and of people’s personal health data is such that I can’t see a straightforward route to it.

During the UKHealthCamp2015 session ‘Hard problems like care records, identity, consent’, @sheldonline briefly showed some prototype data sharing permissions screens from the GDS Government-as-a-Platform (GaaP) work and someone (I can’t remember who in order to give appropriate credit) highlighted that Facebook, Twitter, and many other online services that hold personal data already give users the ability to view who has used our data, and revoke permissions in a single click of a button.

People do broadly understand how to use these systems now – although it’s been a challenge for organisations like Facebook to make it simple for users (Google “Facebook privacy fears”) hence the fourth Government Digital Service design principle “Do the hard work to make it simple”. So maybe in health we should be looking to social networks for inspiration for how to make this work for users of the NHS? If it’s an ongoing struggle for Facebook it isn’t surprising that it’s hard for us in the NHS – can we avoid duplicating effort solving this problem where other organisations have already spent millions of pounds?

I’m not ignoring the differences between the NHS and a social network (not least the fact that social networks have all the data in one place) but when the conversation we’re having is about sharing information, social networks are up there in terms of experts.

I am certain that some of the ideas coming from the Government Digital Service and the rest of government around sharing personal data between different agencies are way beyond this in terms of thinking. I’d be really interested to see some more research in / with the NHS about what it might look like for people to manage their own health data – to see how much influence other digital services such as social networks have had on their thinking. If we can move the discussion on to: “What might the control and visibility of our personal health data look like?” some of our repeated conversations about data ownership and protection would also move forward.

We need to learn from the evil suppliers (at least some of them)

Events like UKHealthCamp give you an opportunity to meet lots of cool people who are on a mission to make a real difference in healthcare using digital.

I’m currently working with NHS England doing exciting digital things but have spent a large part of my career working for a commercial software supplier to the NHS –  for this reason I’ve often been quick to fly the ‘suppliers aren’t all evil’ flag (#notallsuppliers #notallevil). A lot of the time, I’ve met a fairly defensive reaction to this.

It’s worth clarifying that this is absolutely not a post in defense of big software suppliers, and the message is not intended to be “big suppliers are the answer to our digital health needs” (likewise it’s not saying they can’t be) – it is simply acknowledging the fact that they are a significant and established part of our digital health economy. Sometimes, when we’re trying to change things in a big way,  ‘the behemoth suppliers’ become only a representation of what we are desperately trying to get away from, and their place in our discussions doesn’t extend past a punching bag for our criticism and utter disbelief.

If you talk with many of the people who are trying to change things in their field/sector/locality, their stories often feature a chapter like:

We’ve asked our current supplier to make some changes – they said they would do it but two years later it still hasn’t happened.

We tried talking to our current supplier but they just weren’t interested and it wasn’t a high enough priority for them to do anything.

Unsurprisingly, people are disappointed by this, and it just leaves people even more determined to do something better in spite of the suppliers.

Hardly any large software suppliers have entered the NHS market within the last 5 years, maybe even the last 10. The systems that are now handling millions of patient encounters have years’ of development behind them – years of code, years of complexity layered on previous complexity, and at least 3 significant rounds of NHS re-organisations requiring renaming or translation of entire database schemas because a table labelled


in hindsight should have been labelled


This is absolutely not to suggest that all long-running systems are long-in-the-tooth – far from it in a lot of cases – but anyone who has created or maintained complex applications will relate to the fact that the longer an application has been evolving for, the more history there is to consider.

None of this excuses how hard it is to change things – definitely not in fact – but we do need to be careful about dismissing their collective experience.

@lexij pointed out to me:

“You have a great idea to solve some problem, and so you solve it, and then someone with that problem wants to pay you to solve it for them, and now you have a paying customer and a contract, and then more people want you to solve the problem for them too, and now you have more paying customers and more contracts, and then someone’s problem changes slightly and they want you to change how you’re solving their problem, and you ask them to complete a change request so that you can control the impact of the change, and now you’re an evil supplier.”

Every supplier, at some point, started by doing something different and solving a problem for someone.

The NHS is starting to understand how important it is to properly discover the problems that need solving – what is the user need? Pockets of (what I consider to be) better practice are appearing all over the digital health community, and high profile digital projects such as the NHS.UK Alpha are demonstrating how better practice can be applied to real needs. This helps to establish a legitimacy for these practices that in turn provides cover for more pockets of better practice to appear. As part of this important research we accept that we need to understand both what and why and I believe that to help answer the why we need to learn from those who have been at the cutting edge before – those who are already trying to solve the problem and getting there. They may well know why they can’t respond to these needs. So as a suggestion, how about we have some conversations asking:

“Why can’t you change your system to meet our need? Do you agree that it is a valid need? If not, why not?”

“What would have to happen so that you could change your system to meet our need?”

“What things stop you from being able to rapidly adapt? Why aren’t you getting ahead of the curve?”

I think we’d probably get some answers including phrases like “fixed contractual deliverables, contractual penalties for not delivering x and y, too many higher priority requirements already in the backlog, no clear return on investment, no clear sign that people need it…..” and many more. Surely all suppliers aren’t just so lazy that they all work from the same list of ‘excuses’ are they?  There’s more for us to understand here – we might just be responsible for creating this inflexible environment.

Clever people are looking after these well-established products, and as @lexij also pointed out

“they’re just people – people who just happen to work for a commercial software supplier”

I’d be surprised if they didn’t have some useful perspectives on this stuff, and if we can try and capture some of that experience in our discovery we will almost certainly be more successful in changing things for the better.

Some thoughts from UKHealthCamp 2015


On Saturday 28th November it was UKHealthCamp 2015 – a free ‘unconference’ for everyone interested in digital, design, technology and data for health and care following the style of the successful UKGovCamps.

It was organised by @sheldonline, @thatdavidmiller, @puntofisso, @aliceainsworth, @drcjar and @tonyyates and hosted at the London School of Hygiene and Tropical Medicine – they did a fantastic job and I could feel the buzz from everyone at the end of the day. 

A couple of things stuck with me whilst I was on the train home so I’m capturing them before they get nudged out by my next shopping list or I get distracted by some animated GIF.

I attended @GlynRJones‘ session titled ‘What do we know?’ – a discussion about how we can best share what we’ve learnt within the digital health community – I feel events like this are one of the best ways we can do that.

We need to learn from the ‘evil suppliers’ (at least some of them)
The ‘big NHS IT suppliers’ may not be the answer to delivering our next generation digital services for the NHS, but I do believe they need to feature in our discovery work so that we make sure we learn from their years of experience.

I blogged more about this here.

People really care about data sharing and data protection, but it’s not the only conversation we need to have
In no way should the conversation around data ownership, privacy, and protection be minimised. However it’s become the default conversation when the topic of data sharing within the NHS is raised; people feel really strongly about it but it can sometimes hinder conversations about doing things differently. 

I blogged more about this here.

Integration within health and care is all over the place and there is a disconnect somewhere (and I don’t mean the one between the systems)
Integration and interoperability are hot topics in the NHS at the moment. Most people accept that neither one-size-fits-all systems, nor disconnected ‘best-of-breed’ systems are the answer to a joined-up NHS. People providing care in the NHS want the systems they use to be more joined up yet there are tools which have existed for 5 years or more that still haven’t been utilised (e.g. the Summary Care Record). Why is that? Is it too hard to do? Is it too expensive to do? Or is in fact the benefit not real? 

I’m going to write a bit more about my thoughts on these things over the next few days.

The “datetime.datetime not JSON serializable” thing

I hit this every time I start a new project involving APIs and data stored in PostgreSQL; and every time I spend ages googling to try and remember how to fix it.

The issue is that psycopg2 returns datetime.datetime types from database timestamp fields, which then can’t be converted when calling jsonify() on the returned dictionary.

There are actually quite a few ways to solve this and I’ve tended to use whichever one seems to hurt my head the least at the time…

Previously I’ve used the following method:

class DateEncoder(JSONEncoder):
def default(self, obj):
if isinstance(obj, datetime.date):
return obj.isoformat()
return JSONEncoder.default(self, obj)

But this time I discovered it can actually be as simple as:

json_friendly_date = meany_datetime_type.isoformat()

.isoformat() returns you a nice ISO8601 complaint string which will then jsonify() nicely

>> datetime.datetime(2015, 11, 9, 20, 30, 00).isoformat()