NHS Medical Database – Launch Delayed

Originally set for April 2014, the launch of a plan to suck all our private medical data into one central NHS database has been put back six months

NHS-LogoSee NHS database launch plans delayed.

In common with many, many people and organisations, I am not convinced that access to the data will be restricted to bona fide “researchers”, and I am not convinced that the data will be “anonymised” such that I can never be identified.

Furthermore, I am not convinced that the leaflets have been sent out informing us of this new development and telling us how we can opt out. Note, by the way, that the default position is that we are opted in until we take action to opt out. If you do nothing about it then the data that you thought was private between your GP and yourself will be sucked into cyberspace and made available to “researchers”. I have not yet met a single person who has received the leaflet that the NHS claim has been sent to every household in the country. Maybe the information on the leaflet is roughly the same as on this NHS Choices web page on sharing your medical information.

Why don’t I believe that my data will remain anonymous? Two main reasons:

1) The combination of specific items in my medical record could be linked together with other specific items known about me (such as records of purchasing specific drugs/medications from a particular source) so that the possessor of the second set of data items would know the details of my medical record. This is a very real possibility: it’s known as a “jigsaw attack”. The data that the NHS is collecting will be made available to “researchers” including private companies. I think it’s safe to assume that we can take “researchers” to include the global pharmaceutical companies and, possibly, insurance companies.

2) Unless I’m being really dim about this, the “anonymising” of my medical history before it gets uploaded to the NHS database can not possibly be foolproof. The idea is that certain unique pieces of information (such as date of birth, NHS medical number, gender) are used to link together the known details about a specific person’s medical history and this history is then uploaded with a newly generated code instead of the identifiable information (date of birth etc). This is supposed to make the uploaded data “anonymous”. But – and it’s a big “but” – if they are going to maintain an ongoing history of that person then they need to update the information. To do this, they need to know – now and forever – how to link the identifiable pieces of information with the “anonymous” code. That ability to link the person with the “anonymous” data must always exist. If it exists, then it can be exploited and abused.

Filed-RecordsThe idea of creating a huge database of the medical history of the entire nation is great when kept in the abstract. Over time it will yield no end of data that will be incredibly useful for healthcare planning, research on disease development and prevalence, monitoring of health outcomes, and goodness knows what else besides. The problem is that I have no confidence in the NHS being able to keep my data secure. This is further undermined by the way they are going about introducing this :

  • Requiring us to opt out instead of opting in
  • Failing to inform us properly of the plans
  • Failing to inform us properly of the way to opt out

.. and I haven’t even mentioned the NHS record in the past for losing or mishandling our data. This is from The Daily Telegraph (but they have now removed the page that was my source – 09/11/2017):

…NHS statistics, revealed over the weekend, showed that health services were losing or breaching the safety of 2,000 patient records every day. More than 2 million serious data breaches by the NHS have been logged since the start of 2011, the figures reveal, with records dumped in landfill sites, left in shops and even sold on eBay.

NHS-Choices-LogoAm I going to trust these people to take all of the private information about me that has been recorded by my GP, and put it in a central database available to “researchers” (including pharmaceutical companies, insurance companies and hackers, of course)? No way, Pedro. I am not.

As soon as I had written the above, I hied off to my GP surgery to ask them how I can opt out. The nice lady there gave me a copy of a letter attached to a very simple form, that recorded my instruction not to have my data included in the database. I filled it in and gave it back to her. I don’t know who wrote the letter attached to the form, but it states the case so well that I have scanned and uploaded it. You can download it here – NHS-database-Opt-Out

All of this makes me feel very small and almost – but not quite – powerless. Who knows: maybe they will cave in completely and abandon the idea before we reach the postponed start date. The Daily Telegraph (not one of my usual haunts in cyberspace) seems to have got their teeth well into this story. If you are of a mind to investigate further, try this item, in which they summarise the risks v benefits of the NHS patient database.

Just for the record, I am not an NHS basher. I think it’s a wonderful service that we should be proud of, and I am very grateful that it is there for me and for everyone else. I just don’t trust the NHS – or anyone else – to be able to safeguard my medical data if it goes into one huge database floating around in cyberspace and available to private organisations with a financial interest, and all the other cyber rogues who wouldn’t be able to resist a goldmine when they see one.

Oh, and here’s a parting thought: would the American NSA be interested in its contents? I wouldn’t bet against it.