UK set to sell sensitive NHS records to commercial companies with no meaningful privacy protections


#1

[Permalink]


#2

With their disregard for citizen privacy, I'm actually surprised they even bother with "opt-out" at all anymore. Just shove it in our faces, smirk and keep challenging us to do anything about it.


#3

To make things worse the contract for handling / managing the care data has been given to ATOS:

http://uk.atos.net/en-uk/home/your-business/healthcare/business-intelligence/gp-extraction-service.html

yes the same company whose disability benefit assessment has been found to be flawed and unacceptable in 40% of cases by the Audit Commission:

http://www.independent.co.uk/news/uk/home-news/atos-to-lose-monopoly-after-flawed-and-unacceptable-disability-benefit-assessments-8727115.html

Here are further links to opt out forms and additional information on the detail from the perspective of a practicing GP.

http://brief.care-data.info

And here the personal views of someone who cares about information rights and wrongs.


#4

Its actually much worse than even Cory describes.

Here's the PDF of the information for sale, directly from the site of the government body in question:

http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf

Note the "Standard extract - containing personal confidential data", "Bespoke extract - containing personal confidential data" and "Patient tracking" sections.


#5

May I humbly suggest you fill out the forms available from http://medconfidential.org/ and give them to your GP and insist he act on them


#6

Oh fuck.
I don't even need to follow the link, such is the symbolic power imbued in the string ATOS.

The form leaflet I was sent about this (entitled Better information means better care) so reinforces the positive idea I had about sharing medical data for the purpose of advancing knowledge (aren't I the nice person, toot toot) that it never occurred to me that it might be a good idea to at least give some consideration to the idea of opting out.

It would be a terrible thing of huge numbers of people did choose to opt out. It would make research so much more difficult.

Yet I feel we have to opt out. The way you do this at least involves talking to people (your GPs) - they've not made it as easy as ticking a box on a form - so you kind of get your day in court. It's the only way to send a message to the poisonous toads who have wrecked our community of care. NHS is now only a brand name, as somebody once said [citation needed].

OTOH if huge numbers of opt-outs happen, los poderosos will re-interpret, re-spin, that message as they see fit, because nobody believes they're the bad guys, so I think 'what the hell, may as well do nothing (and stay opted in)'.

When you're in a dilemma like this, you know you're in the real world.


#7

They want to do that in Denmark too.

AND they want to replace our GP's confidentiality oath with an obligation to include all diagnosis information etc. on their bills to Sygesikringen (our "NHS", which is actually regional, not national) - after which this now-much-more-complete data can be sold in an "anonymized" fashion to whoever wants to pay.


#8

What is going on on the U.K.?

The Twat Olympics?


#9

Well, isn't this just dandy.

Yet another way the the scum are poisoning the future, yay.


#10

You're spot on. Research would be more difficult.

And you're spot on there, too.

Let alone the general-citizen perspective that this is all just amorphous data, and generally our privacy should be protected, and generally mind-fluff background confetti, this has one very real consequence I can think of.

The welfare state doesn't fare well; private health insurance is more meaningful. I have it, particularly as a shield for my kids, and it's bloody costly. But there you have it.

The only way to prevent health insurance rates going up is for there to be decent competition between providers. Now if I want to switch providers, like with my car, I can either go 'don't declare history' or 'do declare history'. Depends on the circumstance.

But if I want to keep my history quiet, well, there will be an open market on this data to determine exactly what's up with me, if anything. We will see data brokers sitting between the medical community and these companies, making sure they get exactly what they want.

You then get a twist between actuarial predictions of your health, and the average. Currently, most insurance works on such big averages that it's a fairly communal thing. I'm healthier than most people, so subsidise sicker people. Fine.

But when the actuaries can pinpoint a likely health profile, the insurance argument falls over. It simply becomes a matter of charging people what you know they'll cost, plus profit - the sicker portion of society will not be able to afford it.

They return to the inefficient, politically swung NHS. To balance the books, it makes financial sense to diminish treatment for the elderly. This will happen, and is happening. They find it harder to have a voice.

So the whole idea of a health system will eventually return to the 18th century method, whereby you get what you can pay for.

And the societal benefits of a positive and efficient health system will evaporate.


#11

I'll be handing in my opt out form to my doctor this week.

Though it'll remain opt out, once March rolls around and this is launched it'll be too late to keep your data out of the hands of any company that wants it. Once it's sold on the first time there'll be no "sorry, they've opted out, can we have it back please?" going on. They may not get your future information, but that'll hardly matter when they can sift through your history forever after.

The most fiendish part of it all is the only warning most people have that this is even coming is a single leaflet pushed through the letterbox that looks like it was purposefully designed to blend in with junk mail and get overlooked. There are going to be so many people caught out by this simply because they don't know any better.


#12

BEWARE OF THE LEOPARD

Fucking Vogons.


#13

On this you are sooo wrong. Data protection and Accountability although not perfect in the public NHS is much much worse in the private sector. Where your medical information is used to sell you treatment:

http://www.fiercehealthcare.com/story/should-hospitals-mine-patient-data-targeted-marketing/2012-11-12.

E.g. if something goes wrong with your data in the private sector you have no remedy of an FOI request to find out what happened and who did it! You are at the mercy of the courts as information re private insurance companies and private health care providers fall under commercial confidentiality. Try getting access on the information held on you by your Life Insurance provider and then revisit what you think about the NHS. You are routinely excluded from the exchange between your Doctor and a private insurer.

It is also worth noting that this change comes hand in hand with a cynical move to reduce the budget and capacity of the ONS (Office of National Statistics) which has a very important role in the independent analysis of public health data! http://www.theguardian.com/society/2013/jul/10/public-health-statistics-publish-cuts-cameron

So although it would be nice to think that the move to make care data accessible for research was motivated by the desire for scientific progress, the evidence suggests otherwise.


#14

Bugger.


#15

And if you go to the page which tells you what approvals you need to get that personal confidential data you'll find...

"What approvals do I need if I want to apply for personal confidential data?
I
f you wish to apply for personal confidential data you will need one of the following:

The consent of the individuals to whom the data relates. In this case you will need to provide evidence of the consent of the individuals concerned, i.e. the consent form and consent information literature. These will be reviewed by the HSCIC to ensure they are appropriate and, where necessary, approval will be sought from the Data Access Advisory Group (DAAG).

Approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (anecdotally known as 'section 251 support'). In this case you will need to provide evidence of approval under section 251, i.e. a letter from the Health Research Authority Confidentiality Advisory Group (HRA CAG).Or,

The appropriate statutory regulation covering your organisation for the work required. In this case you will need to provide evidence of the statutory regulation concerned. This will be reviewed by the HSCIC to ensure it is appropriate.

Note: one exception to this is when bespoke data linkage is requested by a clinical care team in order to carry out audit or research projects in their service. In these cases, evidence will need to be provided as part of the application, such as a letter from HRA or the clinical lead."

http://www.hscic.gov.uk/dlesaac


#16

Some time, perhaps in a future post (!), I'm eager to hear Cory's advice on the dilemma over research use of "anonymous" health records. I couldn't discern his bottom line from this post (it may be a work in progress).

Here are a couple stark options (but I know I'm missing the clever in between compromises).

Option #1. Disallow research use of health records even in anonymous form. Cory argues that the technology for making the records anonymous is flawed. We could simply say, "research and knowledge cannot move forward in this direction, however valuable, because of the confidentiality concerns." This option seems contrary to Cory's usual view of things.

Option #2. Improve the technology for making records anonymous and then move forward with allowing research access. In a sense, research with successfully anonymous records is similar in spirit to research with aggregated data, which nobody doubts is a good thing. I could not tell if Cory really is optimistic that, with more elbow grease, a good system for anonymyzing data is possible.


#17

Does this include Scotland? Although we are ( for the moment ) part of the UK the info I found on this refers to NHS England.


#18

No this is only relevant to England! NHS Scotland and NHS Wales are separate entities with different legislation.


#19

Another option would be for the records to never leave NHS. Companies that want to do research with the medical dataset would submit their queries to NHS who would return the results. This wouldn't be nearly as convenient as having the dataset onsite to tinker with but would allow for a much great protection of personal information without removing the great opportunity that comes from such a rich dataset existing.


#20

Here in the States we're watching the episodes in Downton Abbey where the modern managerial class shows up and starts bossing the aristocrats around. I guess Julian Fellows' apologia for the ancien regime is redundant with the NHS making his point like that.