Risk Assessment in the Public Sector: Big Data or Big Brother?

Gathering information around the child

girfec_logoIt may have went under the radar, but Scotland has just pushed forward a system which aims to gather information on every child, and assess any associated risks around them. With this, an initiative known as GIRFEC (Get It Right For Every Child) is being implemented in certain regions of Scotland, with an aim of defining a named person for every child, who is someone who responsible for monitoring the concerns around a child.

The implementation of this has passed through the Scottish Parliament as The Children and Young People Bill, and which builds on other initiatives for improving learning outcomes (such as with CfE – Curriculum for Excellence). This new bill aims to encapsulate improvements around the health of the child with a metric named SHANARRI (Safe, Healthy, Achieving, Nurtured, Active, Respected, Responsible and Included). On the other side some campaigners have defined as the Spying on children Bill (here),  who see the bill as an establish a universal surveillance system in respect of every child and associated adult in Scotland.


So, as it starts to be implemented, society has to ask if the key stakeholder are part of the process  – the  parents and children. If they are not currently being involved, we have the opportunity for the feeling that Big Brother really is watching us. As the petition against states: it has essentially shifted the threshold for intervention in family life on child ‘protection’ grounds from “at risk of significant harm” to “at risk of not meeting state dictated ‘wellbeing’ outcomes. Well, on the one hand, one focuses on serious risk to the child, which makes sense, the other one could mean that every child could be at risk, and that ever concern is a risk!

Stuart Waitson, in his blog, defines that “The state seems to be fancying itself as better at parenting than families.  The state makes lousy parents – taking children into care, moving them from pillar to post and then abandoning them at 16 or 17 regardless of their ‘wellbeing’.” and also puts the case that England is likely to follow Scotland’s lead on gathering information around the child and associated information around their parents.

With any risk, there is a balance of rights of individuals to privacy, against the actual risk level needs to be taken into account, and information systems need to be build which not only protect children, but the rights of parents too. Too many cases of false acquisitions have resulted, too, in associated risks. There’s no way, in the Information Age, that the system which implements this bill will be paper based, as there are too many risks around paper-based systems, which are slow and where is it very difficult to share information. So the question must be asked …

  • What is the architecture that is being used?
  • Who collects the data?
  • Who is allowed to post concerns?

… and well lots of other questions. How many systems have failed, as they have failed to include the key stakeholder, and in this case, the key stakeholders are children and their parents.

Monitoring Risk
Figure 1: Monitoring Risk

Once of the major choices for UK society is how data might be used over the public sector. Unfortunately there have been many cases where a lack of sharing across public sector has led to increased risks to citizens such as with Baby P, and the Soham Murder. With the breaking down of boundaries for the access to data from disparate system, we have the opportunities to the monitoring of risks around citizen (Figure 1).

On the flip side we have a Big Brother society, where public sector employees with enough rights can aggregate data across traditional boundaries. Thus UK society has the opportunity to implement systems where risks can be captured those responsible for care, such as with a a named person monitoring a child at risk, or for a clinician monitoring health risks of their patients, but without a strong debate around this, we move towards a Big Brother society. In Scotland, this debate has not really happened, which does not provide a good role model for an information nation.

The Dream of Holistic Care and Automated Risk Assessment

Holistic Care
Figure 2: Holistic Care

On the positive side of information sharing, there is a focus reducing risks and on holistic care (Figure 2). In a future world, we  have a clinical software agent in the Cloud, and who was watching over our health, monitoring our blood pressure, our movements, and even detecting when we fall. When we are becoming sick our agent-in-the-Cloud alerts us to improve our health, or tells our trusted people that we are becoming sick. But artificial intelligence for diagnosis of illness is a long way off, even though IBM Watson recent beat some of the best cancer specialists in the diagnosis of lung cancer. So it’s a human that are required to filter and process risks, and then take actions. Information Technology is thus just an enabler, and a way to channel information to the right person, and then to keep track of any follow-ups. What is required is for each of the roles involved in health and social care (including in primary and secondary heath care, social care and assisted living) to all work together in co-ordinated way. Unfortunately many barriers current exist within information sharing, especially within health and social care record, but now the Caldicott review has outlined that there need for more sharing across the public sectors. While the barriers will take a while to bring down, we can start to see a move towards citizens getting access to their own records.

Barriers to Information Sharing
Figure 3: Barriers to Information Sharing

The barriers to information sharing across health and social care are both technical and societal (as outlined in Figure 3). While the technical problems focus on legacy systems, poor access control methods (such as having to log into special portals) and the fact that most records are flat in their structure, they can normally be overcome in these days of interconnected systems. The greatest barriers, though, are societal ones. This is highlighted by the current lack of sharing of information across the public sector.

The great thing about the new approach is that it will be an ‘opt-out‘, which means that citizens will have full rights, even without having to give their initial consent. This will hopefully drive forward the sharing of information between the citizen and their health and social care professionals, and also across the public. With more openness of data infrastructures within health care, social care, law enforcement and education, we need to make sure that data on us it not used for malicious purposes. One danger is that this sharing must be locked down by a known governance policy, as the sharing of information across the public sector can actually be damaging to the individual, if it is not done correctly, and within bounds. The Big Brother scenario is now possible, and must be overcome by those creating the policies, carefully defining how the data is used, and why? Overall the citizen should be at the heart of this, and have full rights to how their data is being used. We have been working within information sharing for many years, and, I must admit, we have seen a greater willingness of the public sector to share information, especially for the improvement in the health of the individual.

Citizen Control Data

The answer to avoiding a Big Brother society is for citizens to have full ownerships and rights to any data which concerns them. Thus the GIRFEC system should allow full access to the posted concerns for both the child and the parents, if not then it can be open to abuse. In order to identify whether there was a demand for citizens to control their own data, Edinburgh Napier University recently conducted a survey on the attitudes on the access to electronic health records in the UK. With 477 respondents, 79.04% of participants said that they wanted full access to their electronic health record, while only 16.98% wanted a summary of their record, and only 3.98% wanted no access to their health record, at all. This shows that there is a strong demand from citizens to actually access their health records. Of the reasons that citizens would most like access the main reasons were:
• Check its accuracy (36.07%).
• Recall key information (32.64%).
• Add comments (15.24%).
• Make amendments (11.45%).

There are many initiative around citizen focused heath records and which aims to address Action 75 of the Digital agenda for Europe, which outlined a target of 2015 for access for all citizens to their health records. In Scotland, a target of 2020 has been defined, which seems such as long target, especially with no intermediate deliverables defined. There are good examples around the World of how the citizen can be integrated into health and social care records, such as in New Zealand, where the Midlands Health Network are piloting a new National Child Health Information Programme (NCHIP). This provides a shared health information platform that gives each health provider a view of a child’s care. NCHIP  provides a shared view of milestones in a child’s health care, and where parents have a shared view of the data.

Is this a Big Brother Society?

The key concept of Big Brother is that our governments are spying on us, and trying to control our lives. Generally this type of activity is nearly non-existent in the UK, where DPA defines the rights of privacy of the citizen, and where regulations such as RIPA and DRIP (Data Retention and Investigatory Powers) define the context of when information from multiple sources can be used. Law enforcement professionals must thus tread a fine line, where any breaches of our rights will restrict future activities. In general, it seems that this is done well in the UK, where ISP records or CCTV records are only used within the confines of a criminal offense. Our worry would be when we open up these systems to external parties, who aim to gain some advantage of using the data. It is thus with PRISM that we see the opportunity that occurs when information is shared across judicial boundaries. Within national boundaries the usage of data is well defined within a context, but as it moves outside these, the restrictions of its usage can often be lifted.

A major difference between our Internet-enabled society and a Big Brother society is thus the move towards more citizen control of their own information. With this governments must operate within a legal framework in the how citizen data is used and how they share information across different areas. As the citizen decides on the risks that they willing to expose themselves to. Unfortunately, at present, we are in a transition phase in understanding the key risks involved with this, where users sometimes fail to understand that their information may offend their own circles-of-trust, and where social media posts can be open to those outside our trust circles.

It is a more citizen-focused information infrastructure that our public sector must start to adopt this type of approach, where we must start to question why things like our health and social care records are kept to with limited access from the citizen. The barriers to this are often due to a resistance from employees on changing their methods of work, and also the fact that many IT systems within the public sector were designed to restrict access from outside, and have very few access methods from the general public. The only way to change this is to start to trust external systems, and to support methods which the citizens trust in providing their identity.

Big Data and Governance

Big Data Integration
Big Data Integration

In an increasing connected world, data is becoming a key asset, especially within a Big Data context, where data from different domains can be brought together to provide new in-sights. Most of the systems we have in-place, though, have been built to securely keep data behind highly secure environments, and have difficulty in integrating with other disparate systems. This is now a major barrier to using data in a wide range of applications. Along with this, information sharing has many regulatory constraints, which often disable information sharing across domains, but, with carefully managed information architectures, it is possible to overcome many of these problems. An important challenge is thus to support information sharing across different domains and groups across multiple information systems. In the context of this paper, a domain is defined as the governance (and possible ownership) of a set of data, which is exposed to others through well-managed services.

The problem of providing governance around trusted infrastructures is highlighted by Boris Evelson who outlines that:

Big data is such a new area that nobody has developed governance procedures 
and policies, there are more questions than answers.

A feature of any trusted infrastructure is that the owner of the data is clearly defined, and the entity can differ from the actual governance of it. For example, in a health care system, the owner of the data can be the citizen, and the governed of the data is defined by the health care provider (such as the NHS in the UK). In a full trust infrastructure, the citizen could have full rights to define who had access to their data.

Conclusion … it’s just doing what we are all doing

Integrating All
Integrating All

In the past 10 years there has been a massive revolution in the way that the Internet has integrated with both our work and our social lives. Industries have been transformed, and, in most cases, could not exist in their current form. Within of Cloud Computing and mobile devices, we have never been so connected. Thus banking, oil and gas, education, and so on, have all changed through the usage of the Internet. It is thus in health and social care that professionals need to see the benefits of this new age, and start to use information to improve our lives.

And for the ownership of the data … well surely the end game is that it is our data, and we must have some rights on how it is to be used? For just now, that seems one step to far, but in this Information Age we need to start to move to a place where, at least, we can have access to it, and then move to a point that we can have ownership of it, and actually define who we trust to access it. That is a quantum leap, but it is a natural one for the future. It is a massive leap, but it will surely be worth it!

With the first steps taken towards assessing risks around children, and other potential risk assessors, the opportunity for gather information in aggregated and centralised databases gives opportunities for detecting genuine risk, on the other hand it risks us all being spied on. When I first started in academia we kept all our assessments on students secret, and there was never a notion that students can actually review what we have said about them. These days, we have extensive feedback, and we have to justify all the grades that we allocate. So The Children and Young People Bill needs to be watched carefully, in order to protect the rights of us all.



Personally I can see both sides, and it is only with a strong trust and governance system that the public sector can implement risk gathering, and once which involves citizens, rather than excludes them, as they are untrusted. If you are interested, here is our viewpoint on how GIRFEC could be implemented:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s