The Spine

By Damian Abbott, 5 December 2007
Image: Lee Galpin, Cardhead, detail

As HM Revenue & Customs loses 25 million confidential records in the post, the programme to introduce a centralised NHS database slouches on, only delayed by a classically wasteful PFI project. Total data transparency may be good for corporations and security obsessed governments, but what does it mean for the recipients of ‘joined-up care’?, asks Damian Abbott


Just over a week ago, doctors in the north west of the UK became the first to be able to access 'The Spine'.

The Spine is a centralised database of medical records and has already been primed with the details of approximately 50 million patients. Those living in Bolton, some 237,000 people, were recently sent a letter explaining the scheme. Although failure to respond to the letter will be taken as implied consent to the use of their personal data, so far only a small minority have taken the opportunity to opt out.

Images: Lee Galpin

Although it sounds like a character from Dr. Who, the database programme’s moniker was no doubt chosen to evoke an indispensable component of the NHS’s target animal. The Spine is publicised on the government’s 'Connecting for Health' website as performing five main functions:

– to store personal characteristics of patients, such as demographic information

– to store summarised clinical information which may be important for the patient's future treatment and care, such as allergies, current medications and adverse reactions to drugs

– to ensure the security of systems required to restrict access to the national and local systems [For example, hospital doctors will carry a smartcard as a 'password' to access the database. A 'sealed envelope' system into which patients will be able put their most sensitive information is also under development and will be piloted ‘in the long term’.]

– to provide a Secondary Uses Service (SUS), supplying anonymised data for business reports and statistics for research and planning purposes – to interface with all the local IT systems within the National Programme.[1] The national programme was created in partnership with British Telecom and a host of often beleaguered sub-contractors including the consultancy Accenture and healthcare software provider, iSoft. Run as a Private Finance Initiative (PFI), it was initially touted as costing just over £2 billion.[2] However, over a decade of development this figure has risen to £12.4 billion. Rumours are now rife that the true final cost will be £20 billion.

A quick review of the history of PFI aka Public Private Partnerships (PPP) makes it clear that value for money has never been the primary motivation for this form of public project. It has always been, first and foremost, a polemical weapon deployed against the very notion of public funding, against the principle of providing services equally to the population through taxation. The first privately financed public project in Britain was a bridge connecting the island of Skye to the Scottish mainland. The governing Conservative party began seeking contractors in 1989 and construction started in 1992. Estimated to cost £25 million, there were numerous other hidden costs: sweeteners to entice a private consortium of UK and overseas companies into doing the job in the first place; access roads to the bridge which were not part of the deal and were paid for purely from the public purse; decommissioning of the ferry, which would have been the bridge's main competitor for tolls, again at a cost to the public purse. Once the ferry was abandoned, government then had to subsidise bridge tolls for the otherwise marooned islanders, many of whom were enraged enough to carry out a campaign of civil disobedience resulting in about 500 arrests and 130 subsequent convictions, putting pressure on mainland courts. All in all, the hidden costs added up to at least three times that of the publicised cost; the consortium walked away with over £33 million in collected tolls, before the Scottish Parliament bought them out for a further £27 million.

Let’s just pause and ask who was on the best side of that deal? It certainly wasn’t the taxpayer, but how could it be any other way? PFIs mix the worst of both the private and the public worlds: companies offering to do stuff on the cheap for government bureaucrats with severely limited experience of driving a mutually rewarding bargain. If you were looking for the best bang for your buck – a quality product for the right price, not a fully featured public project from your local Pound Shop – would you really want a civil servant to be your primary negotiator? PPP would probably best be read as standing for Piss Poor Performance, unless your benchmarks for efficiency were distinctly other than financial.

The NHS’ IT programme, however, is hugely ambitious and its size may well ensure a less happy outcome for its corporate partners. The many sub-contractors have had to commit a considerable amount of resources and are consequently shouldering an equally large burden of risk. The contracts were under scrutiny from the beginning, with the National Audit Office beginning an investigation in 2004, at an unusually early stage of the project. The published report in 2006 criticised the speed of progress and lack of consultation with doctors and clinicians. However, the general feeling was that the report itself was lacking, failing to criticise the lack of staff training in the programme.[3] The sub-contractors, too, have been critical of the process, but more because of increased strictures on the deal. Accenture pulled out of its commitments, announcing $450 million in losses due to the delays. Presumably the contract which they handed over to Computer Sciences Corporation, potentially worth £2 billion, seemed unlikely to live up to its promise given that it stipulated payment in full only on delivery of a fully working system.

iSoft are similarly dubious project partners, although they remain on board. The ‘healthcare software solutions’ group made a pre-tax loss of £343 million in 2006 on revenues of £210 million, apparently unable to deliver their ‘solutions’ within any kind of timescale, reasonable or otherwise. In May of this year they announced a board change, kicking out their Chief Technology Officer (with a £250,000 payoff and benefits), then, at the end of October, the company was taken over by IBA Healthcare. The merger has created the largest healthcare IT provider outside of the United States, but whether they too will be swallowed up by their commitments remains to be seen.

Before I go any further I have to declare an interest; I have to say that I'm not writing this article from any kind of objective distance (those who know me will be aware that I rarely do that anyway). I've had Crohn's disease for over twenty years. An inflammatory disease affecting the alimentary canal, and with no known cure, it has positioned me into a regular, almost daily relationship with the NHS for most of my adult life. The many additional symptoms of the disease, affecting peripheral parts of the body, have meant that my sense of self has been fragmented for equally as long, since each new symptom means being shuffled into a new hospital department. Iritis sends me over to the ophthalmic specialist, pyoderma to the skin department, tumours to the oncologist. Drug treatment has been overseen by a 'medical' team, whilst surgical intervention has been the territory of yet another group of professionals. Sometimes they have argued over whose discipline should take precedence, and most of the time it has been as if my body were segmented by a bureaucracy over which I have had little control. And yet I cannot say that it has been an entirely alienating experience. The form of surveillance to which I have been subjected has been of the most intimate and probing kind; my doctors and I have watched parts of my body, even touched parts of my body that my most adventurous partners in love have never even seen, could never even approach. A body composed of nothing but discrete organs, each organ having its own retinue of observers and functionaries. Yes, I feel worshipped, loved even, and have nothing but gratitude for the men and women that have kept me alive, watched over me, and kept me going in one form or another.

So I am, in many ways, the ideal customer for The Spine. It is being sold on the basis that it will provide me with a form of further empowerment:

Once the NHS CRS [National Health Service Care Records Service] is fully implemented, having each patient's Summary Care Record stored on the Spine will mean that wherever and whenever a patient seeks care from the NHS in England, those treating them will have secure access to summary information to assist with diagnosis and care. This should provide safer, more joined up care.[4]How many times is the word 'care' repeated in that paragraph? Someone really wants me to know that this is all about 'care'. The Spine offers the fantasy of uniting all the disparate parts of (one more time) my ‘care’, creating a holistic understanding of my disease. That a digital stitch could create a unitary realm of communication between my disease, my guardians, and ultimately my life, is a very attractive idea. Over the past two decades I have attended most of the hospitals in London (and a few outside of London); sometimes through the gateway of Accident and Emergency, and sometimes by appointment, but rarely however, has communication been a problem. Admittedly my Britannica sized folder of notes has strayed or been delayed on occasion, but thankfully a cross examination of the patient and an assessment of the particular symptoms as presented is what most doctors base their decisions on. While I can see that, for example, storing x-ray images electronically has many benefits, I am quite capable of informing a doctor of my name, address, and occupation. There must be very few occasions when emergency treatment is dependent on the kind of general, personal information and history that is contained in medical notes. Beyond the sales pitch, I'm sure that most of us, familiar with peer-to-peer music downloads, bit torrents, and the internet generally, were under the impression that a centralised data processing model was a digital anachronism. So whom will the database really benefit? Who will really find the demographic information useful?

The NHS itself is gradually being segmented and territorialised in much the same manner as my own body, but the infection at root of this process is much more easily diagnosed and discerned. Regarding The Spine from much the same perspective as a meningococcal bacterium are the medical corporations with products and services ready to fit the niches being created. As the foreword to the Cooksey Review, a report commissioned by Gordon Brown into ‘the best institutional arrangements for the new single fund for health research’, explained:

Combined with the reorganisation of the NHS R&D function to make it more accessible and transparent for industry, this [the ‘Connecting for Health’ IT database] opens the door for the UK to excel again in healthcare innovation and service delivery.[5] The BioIndustry Association has already expressed an interest in using patient information to seek out test subjects, but there is a deeper effect to consider than the prospect of commercial data mining.[6] The modularity indicated by the spinal metaphor is itself the medical industries’ preferred commercial model for the NHS. Taken to its logical conclusion modularity means that the NHS will become less a provider of services to the public and more a purchaser of them on the public’s behalf. Suddenly, the spinal metaphor becomes less something that makes the medical process directly and instantaneously accessible to me, but more of an obfuscatory mechanism, a middle man for a market that I will not have any direct control over.

The privatisation of health is little more than the consolidation of a triumvirate of power: health, education, and work. While our further education colleges are being exhorted to serve the needs of industry, the privatisation of health serves primarily to make people dependent on work in order to pay the insurance premiums. Everything locks together to make for a docile populace. Should things get out of hand, however, the ability to search a network that provides demographic information, cross-reference that data with an Oyster card trail, and triangulate the signals from a mobile phone, makes CCTV seem quaint.

Much has been made of the security implications of The Spine, primarily regarding the safety of the information contained therein. Apparently, every access to the database will leave its mark on an audit trail, so it is clear who is accessing information and when. This, of course, fails to take into account that tools are used in the most efficient and expedient way for their user, not necessarily in the way in which they were supposed to be used. For instance, there is already considerable evidence that the smart cards that should restrict entry to the Care Records Service are being shared among NHS staff, making it impossible to track exactly who has accessed the database:

An NHS trust board has approved the sharing of smartcards – a breach of security under the £12.4bn NHS IT programme because slow login times would otherwise restrict the time of doctors who are busy treating emergency patients.[7] Ultimately it is impossible to guarantee the security of any database and it will be impossible to guarantee the accuracy of the data that is input. However, identity theft or any other random security breach is really at the lower end of the potential problem. The utility of the Spine to the state is of more concern. ‘Rasterfahndung’, an investigative process pioneered by the German Federal Criminal Investigation Office, involves mining networked databases for characteristics that fit a particular profile. First employed in the late ’70s during the search for Red Army Faction sympathisers and members, it only resulted in the arrest of Rolf Heißler. Its use re-emerged after the attacks on the World Trade Centre on September 11, 2001. German police started collecting data from universities, registration offices, health insurance companies and Germany's ‘Central Foreigners Register’. The profile used was simple: male, aged 18-40, (ex)-student, Islamic religious affiliation, native country or nationality of certain countries with predominantly Islamic populations. Such profiling, whether or not based on a simplistic ethnic, and ultimately racist, assumption erodes basic tenets of justice, adding caveats to the very functional notion of presumed innocence. Rasterfahndung is not even a very effective method of investigation, however. When the German Federal Constitutional Court declared the process unconstitutional in April 2006, it hadn’t resulted in a single criminal charge for terrorism-related offences being tried. Ineffective, but very tempting to a lazy or authoritarian government. In the case that the government decides that either a ‘serious crime’ has taken place, or ‘national security’ is threatened, patient confidentiality conveniently disappears and you may as well start wearing a t-shirt that advertises your number of pregnancies, the number of days you’ve taken a sickie, and those two empty bottles you’ve been trying to hide each morning from the boss.

The rise in gun crime has already been taken by the British police as an opportunity to make a moral attack on the ethics of medical confidentiality. The Guardian recently quoted a police officer as saying:

If your ethics are about the preservation of life, then there should be at least the possibility of you telling the authorities if somebody walks in with a gun or knife wound.[6]With the state already considering the creation of a national DNA database, a privatised health service means a population reliant on the very insurance companies that would salivate over access to such information. Confidentiality and privacy really isn’t a matter of pedantic philosophising. It’s becoming a matter of self-defence.

Damian Abbott <damian AT> is a co-founder and editor of Inventory and has worked under various pseudonyms on other collective enterprises


[1] The Spine is part of a project called ‘The National Programme for Information Technology’ which includes the ‘Electronic Prescription Service’, and a ‘Picture Archiving and Communication System’, amongst other digital services,

[2] PFI, See also: Rob Ray, ‘The 3 P's – PFI, Private Equity, and Pensions’, Mute Vol. 2, Issue 7,





[7] Computer Weekly

[8] Reported by Vikram Dodd, crime correspondent, The Guardian, 29 October, 2007.