As I write this, my national soccer team has been knocked out in the initial stages of the World Cup after narrow defeats by Italy & Uruguay. To say the least, the week was a depressing one for many who live in England.
But this recurring national sense of disappointment (which surfaces every four years when a World Cup is held – England's only ever win was in 1966 as the Beatles were conquering the world of pop music) was made even worse this time by the fact that another of its institutions has also scored a massive own goal.
The National Health Service (NHS) is one of England's most revered and loved organisations. Established in 1948 to provide free health care to all UK citizens it employs over 1.3 million people who treat on average around 1.5 million patients every day. But it has hit the national headlines this week for the wrong reasons.
A recent audit of confidential patient record data has uncovered that the NHS has sold millions of patient records to 178 private companies over the last 8 years. These companies included pharmaceutical manufacturers, technology vendors and insurance companies. One insurance company alone had bought records covering 47 million patients. Although some attempts had been made to anonymise the data many records still included partial postcodes and dates of birth, plus gender and received treatments information. It wouldn't require an analytical genius to compare this against publicly available sources (such as electoral rolls) to quickly identify individuals.
The end result? Because the data sold can be used to identify named individuals this activity is illegal under UK & European Data Protection laws. New urgent procedures have been ordered within the NHS and recipient companies told to delete all the data they purchased. It has also greatly undermined the English public's confidence in the NHS, particularly at a time when it is trying to convince us all that centralising patient records will be to our benefit.
So who is to blame? The disturbing answer is no one in particular. The audit report said that ‘there were significant administrative lapses in recording the release of data. In some cases the decision making process was unclear and records of decisions incomplete. When handling medical records this is unacceptable.' In other words, there was a glaring lack of any formal rules or accountability for handling the data, so people simply made up the rules as they went along. And no one checked what they were doing.
The even more worrying reality is that the NHS is not unique in this respect. Many organisations continue to lack formal policies, practices and accountabilities for data management and usage. Yet putting these in place can be achieved through the application of the concepts and disciplines of Data Governance. This enables the planning, execution, monitoring and enforcement of processes to control how critical data should be managed.
So expect to see similar fiascos elsewhere. The sickness of shoddy data management will endure until Data Governance becomes the rule and not the exception. It's the only cure.
VP Information Management Strategy, Trillium Software
Nigel Turner works with Trillium Software clients to start, expand and accelerate their enterprise data quality initiatives. He spent much of his career at British Telecommunications plc (BT) where he led an internal enterprise wide data quality improvement programme. This ten year programme was praised by Gartner, Forrester, Ovum Butler and others both for its approach and proven benefits. Nigel has published several papers on data management and is a regular invited speaker at CRM and Information Management events. He is also a part time lecturer at Cardiff University where he teaches data management.