Surgeons vs. Freedom of Information

Every surgeon in England has a scorecard. How many operations they performed, what type of operation, how many of their patients survived longer than a month after surgery, how many had complications, and so on.

If you’re having an operation, you might want to see that scorecard. Or perhaps you won’t. To me, surgeons are like pilots: I know most are good and a handful aren’t, but it’s just easier to live in a world in which I think about them as meticulously precise robots rather than human beings prone to mistakes.

Either way, it should be up you to decide whether that scorecard is important and to interpret it sensibly. But you haven’t been trusted to do that. Surgeons’ scorecards live on NHS computers you’re not allowed access to.

Until now. Surgical outcome data is finally going to be published in England.

Consent

Groundbreaking. Or as they say in Scotland, welcome to 2005.

It’s been eight years since the Scottish Information Commissioner ordered the release of surgical mortality data, and ten years since the operations those data describe were performed. England is playing catch-up.1

But unlike the Scottish release of surgical data, in England surgeons themselves will decide whether their own scorecards will be published, because the Healthcare Quality Improvement Partnership2 reckons they “retain the right to exercise consent” under the Data Protection Act. The patients they operated on won’t have a say, and neither will their next patient.

Here’s why that’s wrong.

Privacy vs. public interest

This is about to get a bit technical. Stay with me.

There are two competing laws at play here. The Freedom of Information Act grants the public the right to information held by public bodies, subject to a few public interest exemptions. The Data Protection Act protects your personal data and mine from prying eyes. Sometimes there’s a conflict, and it’s for the Information Commissioner and the courts to get the balance right.

An example: let’s say I want to know who gets paid what in a hospital. Specifically, I want to know what my friend the physiotherapist gets paid, so I write an FOI request to the hospital asking for that information. I’m not exactly Edward Snowden and the hospital won’t tell me my friend’s personal information, though they might tell me how many physiotherapists they have and on which pay bands. The former would breach my friend’s right to privacy, whereas you could make a reasonable public interest case for the latter.

But what if instead of my friend’s salary, I want to know how much the chief executive gets paid, because I’ve heard a rumour they received a pay rise in the same year my friend lost her job? This is where the balance falls the other way: the hospital boss is entitled to a certain amount of privacy, but in this case privacy is trumped by the public interest, particularly because a chief executive should expect a greater degree of public scrutiny than a physio.

Groundhog Day

Freedom of Information laws are different in England and Scotland,3 but the same Data Protection Act applies across the UK. The same law that couldn’t prevent surgical mortality data being published in Scotland is being used to justified its nondisclosure in England. It’s mad. Here’s the Scottish Information Commissioner’s conclusion to his 2005 decision:

Where similar issues have been addressed by Commissioners, Ombudsmen or Courts elsewhere, the tendency has been to draw a distinction, as I have done, between personal and professional information, as well as to distinguish between information gathered by routine systems and those systems which may be susceptible to the withdrawal of voluntary participation.

I take the view that the information requested constitutes personal data relating to surgeons’ professional lives. It is collected by administrative procedures in the work place in which surgeons are employed and it describes their professional functions and outcomes from or related to their working activities. The scope for adverse comment or conclusion is limited to professional matters. While that may cause annoyance or resentment, it does not constitute damage or distress to the extent required to be exempt from disclosure.

We are having the same debate about the same law but reaching different conclusions, eight years apart.

The specific section of the DPA being used by surgeons as the justification for their right to block data being published is Schedule 2. Here are the relevant bits:

Conditions relevant for purposes of the first principle: processing of any personal data

1) The data subject has given his consent to the processing.

2) The processing is necessary:

(a) for the performance of a contract to which the data subject is a party, or (b) for the taking of steps at the request of the data subject with a view to entering into a contract.

3) The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.

Paragraph 1 gives surgeons a right to consent to the use of their personal information. Para 3 allows information to be published if the NHS is required to publish it by a law such as the Freedom of Information Act.

Read the Scottish decision again. It’s clear to me that the case must be made that surgical outcome data is not solely personal data belonging to surgeons, but data about their professional lives in which there is a clear public interest. Publishing surgical outcome data “may cause annoyance or resentment [but] does not constitute damage or distress to the extent required to be exempt from disclosure.”

Remember the salary example. The hospital boss is expected to be subject to a certain amount of public scrutiny, and the same should be true for surgeons.

What next?

There are more important forces at play than surgeons’ vanity. It is patronising to say the public cannot be trusted to interpret this information sensibly, and facetious to argue that the same data protection law that exists in Scotland should hinder the release of the same information in England.

Jeremy Hunt is broadly right to argue against surgeons who block the release of surgical outcome data (though I will never understand England’s obsession with putting everything in league tables).

But naming and shaming surgeons who block the release of their data isn’t enough — the Department of Health should take the case to the Information Commissioner and the courts.4


  1. Disclosure: between 2008-2010 I worked with the then Commissioner in his capacity as Rector of the University of St Andrews.

  2. HQIP is a “consortium of the Academy of Royal Colleges, the Royal College of Nursing and National Voices”: hqip.org.uk/about-us.

  3. A summary of the differences: Scotland’s law is better.

  4. Thanks to Johnathan Reid for prompting this post, with his question, “Can you help clarify how release of surgical outcome data is controlled via surgeons’ data protection rights & not their patients?”

Previous
Previous

Explaining the NHS reforms using only the 1,000 most commonly used words in the English language

Next
Next

Collaborative audio editing in Audacity