The Independent View: Selling our NHS data is not putting us in control of our health records

Back in 2010 there was a wave of optimism amongst civil liberties campaigners, especially those of us concerned with protecting privacy from an over-bearing database state. Not only did the coalition agreement set out a promise to scrap ID cards and its associated population register, there were other promises too: “We will end the storage of internet and email records without good reason” and then on page 25 of the coalition agreement the statement that “We will put patients in charge of making decisions about their care, including control of their health records”.

In our briefing document ‘Privacy Under Threat’ NO2ID recently gave the coalition 3/10 on sticking to some of these promises. The proposed sale of information from our private medical records is the latest example that illustrates why we have the coalition such a poor rating. The reasoning behind such schemes is a utilitarian argument that the perceived benefit to sharing information trumps any rights or control we as individuals have over our own information.

Sadly we as citizens are losing even more control of our own information.  Our medical records continue to pass from doctors to central systems within the NHS, census data can now be widely shared with a range of bodies, and attempts to reclaim data capture by the police on the network of travel tacking ANPR cameras have been met with a stonewall.

Despite the coalition’s initial promises it ia business as usual for Whitehall data-sharing projects.  What started under the program of ‘Transformational Government’ is now wrapped up in the language of ‘Open Data’. The new language is attractive – after all we all want public data to be open and accessible.  Sadly bureaucrats too often conflate public data with private data collected and stored by public bodies.

Our private NHS medical records should belong to us, we as citizen s should be in control of them. They are not the Department of Health’s to trade and share. If we want to share our medical records so others can benefit there should be a clear opt in system where active consent is sought. This principle of clear consent operates throughout all medical research and should apply to how our data is used too. When government starts taking control of our information alarms bells should ring in those who are liberally minded. After all a society in which government assumes control of information is a society in which the government controls us.

* James Baker is the campaigns manager for NO2ID

The Independent View‘ is a slot on Lib Dem Voice which allows those from beyond the party to contribute to debates we believe are of interest to LDV’s readers. Please email [email protected] if you are interested in contributing.

Read more by or more about or .
This entry was posted in Op-eds and The Independent View.
Bookmark the web address for this page or use the short url http://ldv.org.uk/26111 for Twitter and emails.
Advert

25 Comments

  • Somehow I doubt if members of the cabinet, royalty, etc will lose control of their records….

    More worrying for me is the prospect of such data being available for ‘Landsley’s NHS’ or Health Insurance Companies (HICs);. After all, the new medical practices or HICs won’t want high risk candidates clogging things up…..

    Good intentions (and all that) but, once out, try ‘putting the Genie back in the bottle’

  • Simon Bamonte 5th Dec '11 - 5:27pm

    Handing confidential patient records to private companies to cherry pick profitable patients (as this will lead to) is the last straw for me in supporting this government. I simply cannot do so any more.

    This, like the NHS “reforms” as a whole must be stopped. The public don’t want the reforms and the medical profession do not want the reforms. The NHS is one of, if not THE, most loved British institution. If we kill off the NHS, we will get the brunt of the blame. None of these Tory plans would be happening without our support. Sure, the Tories will get some blame, but I fear we will get the most.

    Do we REALLY want our political tombstone to read: R.I.P. Lib Dems: destroyers of the NHS?

    We need out of this coalition now. It is damaging our NHS, the economy is flatlining, we are not creating the “greenest government ever”, protesters’ civil liberties are being ripped up & they’re being called “terrorists” by the Met, and the unemployed as well as the disabled are being demonised by this government. The rich are getting richer and the poor poorer.

  • I would suggest reading the blog post by Cancer Research UK about the proposals to get a simple overview of the proposals as there appears to be some misunderstandings from the comments I’ve read here and elsewhere.

    Potentially, this is great news for patients, allowing them earlier access to life-saving drugs and increasing the chances of discovering and developing such drugs. However, it is important that the data is held securely and that it is anonymised in such a way that the data can never be reconnected to the person is originated from. The ethics and regulation of data sharing is a very active research area and these issues are being explored in detail. There isn’t one right answer to how to do this and the govenment need to ensure that concerns are heard.

    For me, the essential point is the anonymisation of the data. I would want assurance, from independent researchers, that the system really is reliable and that my name and other identifiers will be separated from the data as soon as it leaves the GP surgery. This should be possible (though the government is going to need to significantly up it game on IT commissioning to allow this to happen).

    There is virtually no risk of cherry picking data. This is actually the opposite of what scientists would want to do. At the moment, the researchers want large, unbiased datasets so that common factors can be spotted.

    The other thing is that Scotland already has an electronic health record system. It would be interesting to hear from Scottish Lib Dems about how the system is scrutinised.

  • ,…………………………. this is great news for patients, allowing them earlier access to life-saving drugs and increasing the chances of discovering and developing such drugs. However, it is important that the data is held securely and that it is anonymised in such a way that the data can never be reconnected to the person is originated from. The ethics and regulation of data sharing is a very active research area and these issues are being explored in detail. There isn’t one right answer to how to do this and the govenment need to ensure that concerns are heard……………………..

    Let’s try….Keeping everyone’s DNA on record will be great news for victims of crime (especially rape victims)
    or….CTV cameras covering every street and shop in the UK is great news. After all, ,…………………………. this is great news for patients, allowing them earlier access to life-saving drugs and increasing the chances of discovering and developing such drugs. However, it is important that the data is held securely and that it is anonymised in such a way that the data can never be reconnected to the person is originated from. The ethics and regulation of data sharing is a very active research area and these issues are being explored in detail. There isn’t one right answer to how to do this and the govenment need to ensure that concerns are heard……………………..

    Let’s try….Keeping everyone’s DNA on record will be great news for victims of crime (especially rape victims)
    or…We need lots more CTV cameras. After all, the innocent have nothing to fear.

  • Ed Shepherd 5th Dec '11 - 10:42pm

    I cannot see how patient’s records can be “anonymous” once they are shared. Even if the name and address of the patient are not revealed, it will contain the patient’s age, postcode location, medical history, gender, number of children and probably a host of other details that will allow the patient to be identified. This sharing of data without consent is an invasion of my privacy.

  • @Ed Shepherd It’s a consultation, I believe, so we’d need to see the proposals first for how this is to be done. You are right in that if all this information is included then then individual records would be easy to identify. The next step must be an honest conversation about what information is essential for productive research and what needs to be done to safeguard privacy. In effect, it will have to be a trade-off and the public, research charities, patients will all need to be heard in the consulation so that the balance is set fairly. For instance, postcodes might give information about socioeconomic background, but the risk of identifying someone is so high that the risk outweighs the benefits, in my opinion. Age will be important – the lower the age of onset of a disease the more likely it is that researcher will spot the reason for this – but maybe classification within 5 year bands will be sufficient. This is certainly not a trivial task and I think you’ve hit the nail on the head for the problem. However, if we could get to, say, a 1 in million chance (number plucked out of the air for argument’s sake) of being identified I think that would be worth the benefit in saving lives.

  • @Maria

    For all your optimistic thoughts about how this is not a problem, I want to know politically how this squares with the fundamental right not to have medical records passed around, and how it squares with a coalition agreement that as every day passes looks like a not very funny joke.

  • Looking at the arguments from the biotech companies and considering the hugely targetted nature of modern medicine development, even to the extent of certain treatments only being useful for patients of certain genetic profiles, I do think that anything that speeds up the R&D process is worth looking at.

    I also consider the privacy point to be very important. There must be as an absolute minimum an opt-out system where patients could instruct the NHS to keep their records under lockdown, not as part of the public-private sharing arrangement.

    An opt-in system where we would have to tell the NHS that it could share our data with researchers would be much less useful in strengthening biotech R&D in Britain, though, as of course only a small proportion of those who don’t mind their data being used in this way will actively seek to make it be used. Its the same argument we see for organ donations. The opt-in system there means that many who on the face of it don’t have a problem with the idea don’t sign up, for various reasons.

    Opt-in versus opt-out is a debate that we will need to have. The apparent proposal of assuming consent and leaving no way to withdraw it, however, is illiberal.

    @Simon Bamonte

    I think you’ve conflated private medical research companies with private healthcare providers. Elements of patients’ records are going to be anonymously available to researchers developing medicines. They would themselves be operating under strict codes of professional ethics. Data protection is something pretty well legislated around in Britain, although I will freely admit we still have a problem with breaches of the existing rules.

    Selling the records to other companies so they can cherry-pick profitable bits isn’t on the table, though. And far from wanting to cherry-pick away from ‘difficult’ patients, I would imagine these researchers would consider such cases to be of considerable scientific interest.

  • “There is virtually no risk of cherry picking data. This is actually the opposite of what scientists would want to do. ”

    This isn’t about scientists wanting to do research; this is about the private sector wanting to do development (the private sector doesn’t do research – research involves publishing results in the public domain – this is the last thing any private sector company will ever do) by gaining access to this data (without the consent of those to whom the data relates).

    This has everything to do with the private sector trying to profit from the work of the public sector (this relates to the economically ignorant prejudice that the private sector pays for the public sector and therefore transferring wealth from the public sector to the private sector is payback, whether it is flogging off council houses at half their value or giving NHS data to the private sector). It is a complete disregard for the wealth generation created by the public sector and the rights of the individual in favour of the profiteering of private corporations.

  • I work in the pharma industry 6th Dec '11 - 8:12am

    Anonymised patient data is truly anonymous and the protocols are more stringent than you could imagine.

    The biggest risk to patient confidentiality is people working in GPs surgeries, especially reception staff.

  • @Maria M – I don’t know if this will help you at all. The most recent posting on the Scottish Government website is this one http://www.scotland.gov.uk/Publications/2011/11/24083315/1

    “Health Records Services: Operational Procedure for the Destruction of Personal Health Records” which takes you to page one of the whole entry.

    There are other pages which may be of interest – http://www.scotland.gov.uk/Publications/2008/07/01082955/9

    “Records Management: NHS Code of Practice (Scotland) Version 1.0″

    The Law Department of the University of Edinburgh has pages which refer to the introduction of the Electronic Health Records for Scotland.

    I live in Scotland and, so far, have no worries with regard to my personal Health Data. As far as I am aware, it has enabled the speedy and effective transfer of relevant data about my health and hospital records between medical professionals only. I have not heard of any problems with it so far, except for when the systems were introduced into the GP surgeries – there were initial teething problems in some places, as I understand it, but none which would have compromised anyone’s private data.

  • >> Let’s try….Keeping everyone’s DNA on record will be great news for victims of crime (especially rape victims)

    And after that we can think-up the most tortuously connected example in order to go whackity-whack at the straw man.

    Marie’s questions and Rebekah’s answers reflect my experience as well in Scotland. The sole example given of deliberate hacking – that is breaching of medico-legal legislation – (of high-profile patients) dates from over two years ago, not an industry-wide trend. I wonder how people here feel about their medical data being stored on site, either in paper form or on local computer systems.

    I also wonder how the calls for liberal principles square with the inevitable acquiescence to a State-arm holding all our medical data anyway. The terms liberal and civil liberties are in danger of over-use, but I’m fairly sure no-one seriously believes that they mean the State should be trusted beyond question with personal data.

    ~alec

  • Question of genuine ignorance… how are data stored in England & Wales? Is it locally at individual hospitals or GP surgeries, with medical professionals at other sites having to make requests for files to be transferred?

    ~alec

  • @James Baker – I read the Wired article you linked to – in that some researchers took some data that had been anonymized – in that case some information about individuals film rental records, and then cross referenced it with another set of records – an online movie database where people publicly reviewed films. Using timestamps and comparing other data they were able to do some matching. Basically – people who enjoyed telling other people what films they watched could be cross referenced.

    Can you explain how this would work with sickness and illness in NHS data? I can’t really see how I could be identified from my medical records because there is almost nothing in them, but even if there were, there isn’t some equivalent of a medical website that we all post on to cross reference with. I suppose that if people had a Boots loyalty card or something like that, it might be possible to cross reference medical history with a history of purchases, but that is pretty tenuous. I personally don’t use loyalty cards but I do often pay for things with a debit card so stores can easily build a profile on me if they want. What I’m saying is its possible to have concerns about privacy but still think that they are trumped by the opportunity for massive health benefits.

  • Alec… Posted 6th December 2011 at 10:00 am >> Let’s try….Keeping everyone’s DNA on record will be great news for victims of crime (especially rape victims).
    And after that we can think-up the most tortuously connected example in order to go whackity-whack at the straw man.

    Not exactly….There are advantages/disadvantages in all things. However, the ‘owners/funders’ of these research/pharmaceutical/Insurance companies are interlinked and are often the same groups. Anyone who believes that such data, once in private hands, will not be deemed ‘useful’, in the wider sense, has more faith in ‘safeguards than I.

  • JAMES BAKER ==> There are more recent examples of data breaches –

    A moment ago you were citing breaches under the system in Scotland [which you say England & Wales shouldn’t adopt]. Now you’re citing breaches under the system in England & Wales [changes to which you’d oppose].

    You’re all over the place. In my experience, introducing new examples each time one is refuted is the sign of an unsound argument.

    But, let’s examine your latest example. Only one case in three years, and the offender in question was sacked. And, by that I mean, the procedures and checks are in place to monitor and punish abuses of the system. Just like this fellow:

    http://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-15969170

    (And, no, this does not represent a breach under the digitalization of data in Scotland. The patient’s details were stolen from an on-site ledger or computer, which is standard practice in hospitals across the Developed World.)

    ==> It is always the human element that you can’t remove from any computer system now matter how strict you make the controls on paper.

    Does this mean that you’d object to any of your personal details being entered into an onsite computer at a hospital? You might, but I doubt it very much.

    Another point to consider is that a parochial attitude towards patient data was a direct contribution to the failure to detect Harold Shipman’s murderous activities.

    ==> Time and time again security experts demonstrate how easy it is to hack into this information.

    Such as? The very fact that we’re discussing this on LDV shows that you have registered an Internet account, which makes it much more likely that you are integrated into other areas of the digital age.

    I get the impression that “civil liberty campaigners” like yourself exist in a constant state of panic; finding new threats from databases in the same way people 150 years ago thought gas-lamps carried diseases, or the malign spirits living atop a rift in the universe located under Cardiff… no, sorry, that’s Doctor Who.

    ==> We only hear about the high-profile cases because those are the ones that are newsworthy.

    That’s a circular argument, and you know it. Just ‘cos you haven’t heard of something doesn’t mean it aint in the public domain. Besides, you yourself just have given an example of a nobody worker at NHS Bolton, and I gave a reports of a breach of similarly nobody patient in Edinburgh.

    Furthermore, individual breaches are insufficient for the argument you’re trying to form. What you need to demonstrate is an institutional, industry-wide failure/laxness; which, given how you’ve shown offenders are pounced-upon, doesn’t seem likely.

    And, as pointed out above, the claim that these proposals would see personal data sold to private health care providers with profit as their main concern is what is known in the industry as a LOAD OF CODSWALLOP. It refers to medical research agencies, which are subject to the same data protection legislation as the NHS as well as eye-wateringly stringent ethical checks.

    Nor do “we the citizens” have control over the storage of medical data. The NHS does. Regional trusts and health boards have oversight powers. So do elected representatives.

    You’ve failed to understand the underlining story; which, given this is your blog-piece, is quite an achievement.

    JASON ==> However, the ‘owners/funders’ of these research/pharmaceutical/Insurance companies are interlinked and are often the same groups. Anyone who believes that such data, once in private hands, will not be deemed ‘useful’, in the wider sense, has more faith in ‘safeguards than I.
    Maybe that’s because you haven’t understood the proposals being discussed, let alone existing legislation.

    Discussions like this reinforce my belief that any doctrinal expression of concern about civil liberty infringements must be considered hilariously confused until proven otherwise.

    ~alec

  • @JamesBaker – you’ve come up with one example – health insurance – thanks. That was also the first thing that came to my mind. Personally I don’t have it because when offered it with work I’ve always turned it down. I have had to fill in medical questionnaires when getting life cover and a mortgage though – and I had to disclose my medical history anyway. And that of my parents. So – basically – the people who you are concerned might go to great expense to try to obtain my medical data are today allowed to ask for it and block me from getting a mortgage or insurance anyway.

  • So – just to clarify – are the Lib Dems now in favour of my medical records being released (‘anonymised’ or not) to commercial companies without my consent?

    I think it would be nice to have a choice about this, whatever the merits of the arguments pro or anti. So are the Lib Dems going to allow me to have that choice, or not?

  • Andrew Thomas 7th Dec '11 - 5:07pm

    I’m just worried about this. It seems that the Lib Dems in regards to the NHS are only achieving slighter watered down Tory policies. I am concerned as a Lib Dem member that we have little or no control over our MPs in power who should have blocked this NHS bill altogether. I agree with the earlier comment that now is the time for the Lib Dems to pull out of the coalition. I wonder whether it is possible for the membership to request a vote amongst party members on whether we should still be part of this government. Otherwise our party leaders can do what they like without worrying about us members.

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

If you are a member of the party, you can have the Lib Dem Logo appear next to your comments to show this. You must be registered for our forum and can then login on this public site with the same username and password.

Your email is never published. Required fields are marked *

*
*
Please complete the name of this site, Liberal Democrat ...?

Advert



Recent Comments

  • User AvatarPaul In Wokingham 1st Nov - 11:25am
    The comments by Liberal luminaries and the BTL comments from all wings of the party reinforce a point that has been made many times: Mr....
  • User AvatarTerry 1st Nov - 11:25am
    I favour an overseas appointment, too. I don't see why a judge from overseas could not be given the authority to compel testimony by Parliament....
  • User AvatarTerry 1st Nov - 11:17am
    But it is the leadership, isn't it? Personally, I don't want to be publicly associated with the current leadership among my friends and acquaintances, because...
  • User Avatarpaul barker 1st Nov - 11:07am
    The low numbers of Libdem candidates in Local Byelections is terrible news, both for what it says about our morale & for the the further...
  • User AvatarJenny Barnes 1st Nov - 10:48am
    tpfkar > sometimes there is no-one from the local party who wants to stand.
  • User AvatarStuart 1st Nov - 10:34am
    @Helen Tedcastle "it beggars belief that a party which claims to be both democratic and participatory, ‘decided’ not to stand someone and that the Leader...