So there’s a plan afoot to upload all your NHS records to a central database. That’s not such a bad idea if it means that anyone who treats you has immediate access to your complete medical history. In fact that was the idea behind the National Programme for IT, a multi-billion pound programme which was ignominiously abandoned a couple of years ago.
This time round it’s different because it’s not being done for clinical reasons. In a leaflet sent out with the junk mail you get through the post, the NHS says that the data will be used to see how well the organisation itself is doing and where improvements need to be made. It avoids spelling out exactly who will get access to the information, but does say that:
NHS organisations share information about the care you receive with those who plan health and social care services, as well as with approved researchers and organisations outside the NHS‘ (my emphasis).
‘Approved researchers’ could include insurance companies, pharmaceutical corporations and the like.
The data uploaded will need to be able to identify you personally so that the information from various NHS sources can be brought together. But the leaflet tries to reassure readers:
Records are linked in a secure system so your identity is protected. Details that could identify you will be removed before your information is made available to others, such as those planning NHS services and approved researchers.
Even if the database itself is secure (and the Bradley Manning and Edward Snowden cases suggest that putting large amounts of data together in one place where lots of people can access it is an invitation to leak) it doesn’t mean that the information in it will stay private.
Mark Davies, the Public Assurance (sic) Director of the Health and Social Care Information Centre, which is running the project, even admitted to the Guardian newspaper that there was a “small risk” that patients could be “re-identified” because health sector companies had their own medical data that could be matched against the “pseudonymised” records. Who’s he kidding? By now we all know that there is much more information stored on each of us than anyone cares to admit and companies will soon be working flat out to match it all up with our medical histories.
The leaflet says you have to speak to your GP practice to opt out of your records being passed on in this way. But in fact all you need to do is fill in a form and deliver it to your surgery. There’s a web site – medConfidential – where you can download a form.
If you value your medical privacy you should fill it in.
What particularly galls me about all this is that the information has been sent out in junk mail. If you’ve opted out of receiving these unaddressed Royal Mail deliveries then you may never have known what’s going on and of course your medical records will be uploaded by default. I only found out from John Naughton‘s weekly column in the Observer, which I would recommend for those that have an interest in how technology is impacting all our lives, whether we like it or not.