The NHS plans to launch a giant central database which will see patients records extracted from GP systems across the country. This is known as the ‘Care.data scheme’. This is a completely new move – patient data has never been collected from GPs before as it is usually considered confidential and for their eyes only. This sharing of private medical information is justified on the grounds that it will improve quality of care. The supposedly ‘anonymous’ data will be collected by the NHS’s Health and Social Care Information Centre (HSCIC) in order to find out which treatments are the most effective.
This is similar to proposals made by the home committee back in December that GPs should start “anonymously tracking patients addicted to prescription drugs” in light of the recent alarming rates of addiction to prescription drugs – tranquilisers in particular. It was advised that such data be collated in order to fully understand where the problem of addiction lies.
However, it is very questionable whether such information would remain anonymous. As soon as our medical information is gathered and passed onto someone else, its guaranteed anonymity is weakened. Moreover, this secret monitoring and spying on patients seem to violate the principle of doctor-patient confidentiality which is so central to medical ethics and practice.
The care.data scheme faces similar issues in terms of privacy. The NHS itself has even admitted that the database could be a threat to privacy. The medical information would include the patient’s mental health records, hospital admissions, diagnoses and lifestyle habits, such as drinking and smoking. There is still a very real risk that patient data could be identified when collated, despite promises that the data would remain anonymous when processed using pseudonyms instead of the patients’ real names. A risk assessment conducted by the NHS also found that the extraction of personal data without consent could lead patients to lose confidence in the health service. This could actually lead to the whole scheme becoming ineffective. As the report states:
This risk is two-fold; firstly, patients will not receive optimal healthcare if they withhold information from the clinicians that are treating them; and secondly, that this loss of trust degrades the quality of data.
The risk of privacy comes from the fact that the NHS will sell access to the data on to private companies and researchers. It will only be a matter of time before a company or individual researcher can figure out how to extract private information from this ‘pseudonymised’ data. As an article in The Telegraph points out, patients could be ‘re-identified’ if care.data is combined with other information. This is known as a ‘jigsaw attack’ and it is often employed by hackers as a time-saving device for their cybercrime activities. Of course, once this private information is shared with private companies, it will also become susceptible to illegal hacks and could be used for malicious cyber activities. It is not difficult to imagine this occurring – after all, it was recently shown that 2000 patient records are lost every day by the NHS.
Apparently, the NHS distributed leaflets about the benefits of care.data and how it will provide “low cost answers” to questions that we were previously unable to answer. However, a recent poll found that less than a third of adults received these leaflets and so are completely clueless about its implications. (I don’t remember seeing one…do you?) NHS England’s chief data officer told the BBC: “We are hearing that certain patients have not received the leaflets, so we’re working very closely with the Royal Mail.” Yes, blame the Royal Mail for your failure to inform the public about infringing on their privacy. The NHS claims that there are other ways to inform the public about the care.data scheme. Really? Then why do so few people know about it?
Patients will only be able to oppose this scheme by opting out of it. The scheme entails default ‘participation’ from all patients. Furthermore, the ability to opt out has not been made easy for us. Patients are given a short amount of time to tell their GP that they want to opt out before the system goes live. The NHS really should have provided the ability to go to their website and opt out that way. Before a patient knows it, they will be enrolled in this system without being properly informed and without being given a real chance to opt out. This is one more way in which the government is slowly and silently eroding our civil liberties – similar to the way in which David Cameron wanted to introduce default ‘porn blocks’.
That said, a website has been set up, FaxYourGP which provides an easy way to opt out of the data.care scheme and keep your medical records private, as they should always be. It enables you to find your GP and send them a message saying that you want to opt out of the scheme. Do it before it’s too late. Due to these public concerns, the scheme has been delayed by the NHS for the next 6 months. During this time the NHS will aim to properly communicate to the public the true risks and benefits of the scheme and their right to opt out.
As it turns out, NHS England has already gone ahead and sold medical records to insurance companies, even though it promised not to. They sold 13 years of data, covering 47 million patients, to insurers so that they could increase their premiums. It is a fundamental principle of the Data Protection Act (1998) that people are aware of how organisations may use or disclose their personal information. NHS England, therefore, seems to be directly violating data protection rights, since these 47 million patients have not been informed of this recent disclosure of their medical records.