Board logo

Protect your health data
Rod Ends - 19/6/21 at 04:23 PM

England’s NHS plans to share patient records with third parties

55m patients have until June 23 to opt out of having their health data scraped into a new database

England’s NHS is preparing to scrape the medical histories of 55m patients, including sensitive information on mental and sexual health,
criminal records and abuse, into a database it will share with third parties.


https://www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748


SteveWalker - 19/6/21 at 04:43 PM

The date has been put back two months.

The data will be anonymised, but there are questions over whether there is still enough detail to identify individuals.

It is however a uniquely valuable resource. Other countries do not have the NHS's uniquely comprehensive data set, which could allow valuable research. For instance, it is known that people who have been sexually abused or assaulted have a higher incidence of mental health problems, but just how much higher than average? Does the age at which or period of time they were abused for make a difference? How effective have therapies been? In other areas, can incipient diabetes be spotted and avoided by looking for some, as yet unnoticed, very early signs. What correlation is there between multiple conditions, etc.. Only comprehensive medical data will allow this.

I want my data to be used to develop medicines, treatments, diagnostic techniques, etc., but I do not want to be identifiable.


chillis - 19/6/21 at 08:02 PM

That old chestnut the 'anonymised data'. Which is never anonymised only pseudonymised.
According to my GP surgery they are being required only to redact the name & address, so your NHS number will still be attached to your file, seemingly because without being able to relate the data to the individual the data has limited value (one assumes the full value is in the full data so the third parties can plague you with unwanted emails and other scams) A government whose home office tells us it is trying to protect us from cybercrime while the health dept. is selling the data that cybercriminals want.


[Edited on 19/6/21 by chillis]


chillis - 19/6/21 at 08:29 PM

Don't get me wrong, I'm not against my genuinely anonymised data being used for good, but when the Government wants to sell your data to third parties who don't have to disclose what they will do with your data no good will come of it. the Government sold our electoral register data to whoever wanted to buy it so its not like the Gov don't have form!
The NHS already supplies proper anonymised data to uni's and genuine research org's following the data protection guidelines so the information is available to support the advancement of medicine in all its forms. The Government doesn't get any money from that though and I think that's the key point here, the Gov. are selling all of our private info and were hoping we wouldn't notice, hence why it is important to send in the form to stop them from doing this.


BenB - 20/6/21 at 08:52 PM

quote:
Originally posted by chillis
That old chestnut the 'anonymised data'. Which is never anonymised only pseudonymised.
According to my GP surgery they are being required only to redact the name & address, so your NHS number will still be attached to your file, seemingly because without being able to relate the data to the individual the data has limited value (one assumes the full value is in the full data so the third parties can plague you with unwanted emails and other scams) A government whose home office tells us it is trying to protect us from cybercrime while the health dept. is selling the data that cybercriminals want.


[Edited on 19/6/21 by chillis]


Don't know who you spoke to at the GP surgery but they were talking bollocks.
As ex digital lead for about 100,000 patients and Information Governance lead at a 20,000 patient practice I might be in a position to shed some light here.
There's no redaction at all going on at practice level, any anonymisiation, psuedoanonymisation or otherwise takes place after the data extraction by NHS Digital.

It's incredibly unlikely that patients will get scams and unwanted e-mails as a result of this system- I think that's just missing both the point of the service and the concerns surrounding it.

If / when 3rd parties are given access to the dataset (at a cost) NHS Digital will retain the key to reveal true patient identity.

Ultimately for the moment there's nothing that needs to be done as it's been pushed back and ideally patients would elect to go for the online type 2 opt-out as this doesn't impact on General Practice provision and if there's one thing we really don't need right now it's a great cohort of people worrying about what might happen to their data in a number of months time. At the moment GP practices are being wacked with a bigger workload even then during the second Covid spike six months ago. I've never known anything like it in my life. It' just unreal. We're being walloped by the third wave, we've still got minimal access to diagnostics at the hospital and yet all the problems that the patients have held off coming in with during the "peak" (even though we're in another one now) are coming home to roost so we're being slammed there also.

I absolutely understand the concerns people have regarding this data extract and I share them. Equally, I think for the most part a type 2 "National Opt-out" is going to be (at leasti in the short term) the best option- it lodges a formal objection to the intented use while not unecessarily interfering with what General Practices should be doing. It's also worth knowing that the BMA and GPC (GP committee) are looking at more appropriate options such as the type 1 opt-out being remotely actioned.

Personally I think whether patients opt-out or not it's only a matter of time before their data gets out there somehow. You only have to look at the writing on the wall. Tory panel recently decided that GDPR was far too complicated and prevented innovation (IE they want to ditch it) and companies are finding many ways of getting the data without use of a national system such as that e.g. couple of years back our local hospital (covering approx half a million patients) gave Google access to our entire hospital records without prior discussion. The local healthcare "landscape" where I am recently turned the other way while a group of 20 practices were sold to the US's biggest provider of medical insurance. The 20 practices just happen to provide all the out-of-hours provision and therefore have access to the entire medical records of 250,000 patients.....

I'm certainly no fan of NHS Digital nor the government and I have significant concerns about the intended extraction, I just believe at this point patients en masse contacting (in some cases repeatidly) practices regarding this matter is ultimately going to not have the intended effect and will have unintended adverse consequences.

In truth NHS Digital are tiny. They're almost totally reliant on private companies with vested interests and significant sway within the government (by virtue of lobbying).

Oh well, soon this will all be under the control of Dido Harding and won't that be wonderful. I mean 10 years or so as the Chief Executive of TalkTalk with it's horrendous customer service and the infamous hack. Then straight into Track + Trace and the pille of shite that is / was. Great person to be in charge of the NHS.


coyoteboy - 20/6/21 at 08:54 PM

I think the key here is we should be being told ##exactly## how the data is anonymised and presented and who it's sold to, in what form.

Without that, it's just guesswork


BenB - 20/6/21 at 11:05 PM

quote:
Originally posted by coyoteboy
I think the key here is we should be being told ##exactly## how the data is anonymised and presented and who it's sold to, in what form.

Without that, it's just guesswork


Absolutely. Rather impossible to make an informed decision without it. I personally believe this kind of things should be opt-in. I know this would result in very few people's data being available however the standard GDPR model is informed consent and it feels odd that both care.data and now this new data extract are "opt-out" when there's little information on which to make the decision. Thankfully there's time yet for these issues to be resolved.