I’ve blogged before about some of the security issues around the NHS’s Personal Demographics Service – a mammoth database with 80,000,000 personal records in it, yet with 700,000 people granted access to it – and with such limited auditing systems that experts have concluded it is “incredibly difficult if not impossible” to detect or trace misuse of the data.
So it was good to see Julian Huppert take up with issue with a Parliamentary question, asking the Department of Health what assessments it has made of how adequate the safeguards in the PDS really are at preventing illegal access to personal data.
Two points are notable in the answer from Health Minister Simon Burns. First, despite being asked what assessments had been made, his answer does not give details of any assessments having been carried out – which is hardly reassuring as it implies that no recently thorough assessments have been conducted.
Second, the answer makes the classic IT security mistake of talking at some length about the protections against outsiders hacking in and then glossing over the risks of insiders misusing data. It is a classic mistake, because insiders are often the cause of IT security problems – even when the number of insiders with access is far fewer than the 700,000 with access to the records in the case of the PDS. All Simon Burns had to say about this is that it is the responsibility of hundreds of other bodies, all of which should be following the rules – and without any action having been taken to check if they really are.
All a bit of a gamble. Or rather, given 80,000,000 records, 700,000 people having access and no proper audit systems – a mammoth gamble.
Follow @libdemvoice.org on Bluesky
Like us on Facebook
Subscribe to our feed
Sign-up for our daily email digest
Knaptoft: The very heart of England
We do have a two-tier policing system but it is not what our homegrown racists think it is.
From Norman settlement to a civic square
Tom Arms
Ruth Bright
Tom Bailey
Alex Macfie
4 Comments
After the headlines that the National Programme for IT in the NHS was to be ‘scrapped’, many wrongly assumed this was the end of the threat to privacy. NO2ID has condemned large sections of this programme which are a threat to the confidentiality of the relationship between patient and doctor.
NO2ID along with the NHS Confidentiality Campaign have long argued that electronic records might well be beneficial to patients, and many GPs are using them. But that is not the same as creating a system where privacy barriers are torn down, and all medical records are potentially available anywhere depending on official whim. You can have the medical benefits of electronic records and privacy together. And that could happen (as it is doing in numerous other modern countries) without the Department of Health taking control of personal information. Improving patient safety and efficiency does not require the destruction of medical privacy.
We have been lobbying about this since day one. There are particular concerns around the areas of sexual health and mental health. Sexual health services have always depended on the principle of anonymity to ensure that no patients are deterred from seeking treatment because they fear that their records may be accessed by anyone outside the clinic. Similarly, young women who seek an abortion need to know that this information is not accessible to 700,000 people. We were told that the database will have ‘hidden’ sections that will require special clearance before they can be accessed, but how secure will this be?
Another worrying aspect is the proposal to allow everyone to access their own medical records online, just as they currently access a bank account. In an abusive relationship, or in a family with a controlling adult, this could prove fatal or could deter people from seeking treatment. I have spoken to a representative of one ethnic/refugee charity and he said that if this proposal went ahead many fathers would expect to be able to access the medical records of all family members. This potential flaw was never addressed by the policymakers who brushed it off as an unlikely problem, saying that, “The authorities would not allow people in abusive relatonships to register”, seemingly blind to the possibility that the abusive relationship could commence after they had registered. The issue of young people in controlling families was never addressed.
The only way around this that we could think of would be to allow patients access to their own records only in a private room at a surgery.
My house mate & I specifically wrote to our local Surgery saying we did NOT want our details put on this database – only for the very good reason that we didn’t want to be on yet another official database. I thought it had since died a death. As it very obviously has not died, have you got any advice on how do we should go about checking whether we’re on it or not.? Thank you.
Ruth: I’m afraid I don’t know the answer for sure on that, but I would have thought checking with the surgery first is sensible. You might also find this leaflet useful: http://www.connectingforhealth.nhs.uk/systemsandservices/demographics/docs/comms/pdsguide.pdf