Response to Guardian story “NHS patient data to be made available for sale”
NHS England’s Chief Data Officer Dr Geraint Lewis said: “NHS England and the Health and Social Care Information Centre (HSCIC) welcome the increase in public awareness and debate about NHS data usage following the nationwide distribution of the leaflet ‘Better Information Means Better Care’.
“It is vital, however, that this debate is based on facts, and that the complexities of how we handle different types of data are properly understood. Patients and their carers should know that no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC never profit from providing data to outside organisations.”
For a detailed explanation of how the NHS uses patient data, please take a look at Dr Lewis’s blog here.
22 comments
Quote from above: “no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC never profit from providing data to outside organisations”
and yet 47 million records have ALREADY been sold to insurance companies:
http://news.uk.msn.com/nhs-records-sold-to-insurers
So is the Chief Data Officer completely incompetent or deliberately lying?
When I was in hospital I did NOT give permission for my data to be sold on, so I’m trying to establish if this is a criminal offence under the Data Protection Act.
So. you quote below “Unfortunately, technicalities of the Data Protection Act mean that NHS England cannot capture and record people’s objections at a national level…” In that case, how and why does the DPA allow you to capture and record (and SELL!) people’s medical records without their specific and informed consent then?
You are also mis-representing this – there is indeed a scheme to share data with hospitals, but this is NOT the same as the care.data scheme, the latter being a scheme to SELL not share data!
Bona fide researchers can already apply for access to the UK Biobank scheme, which includes people who have voluntarily agreed to share their medical data with NOT FOR PROFIT organisations. So there is no need for this care.data scheme really is there?
Read Ross Anderson on line
NHS opt out: not what it seems.
Geraint Lewis uses words cleverly when be talks about how people can try to combine data sets in order to re identify. The implication is that they can’t succeed. They can.
Any transfer of private personal data from the NHS to a private organisation without prior consent is disgusting, wrong. Never mind telling us who won’t get the data. Tell us who will and why. Outrageous and vile act which horrifies and destabilises the trust and security of many, who may not understand the gravity of what you are doing. You should be ashamed and hang your heads.
How will you track that the contract you release Amber data under has been adhered to?
If a patient suspects that Amber data about them has been released, cross referenced with other commercial datasets, and that they have been re-identified and their data used for the purposes of selling (or withholding) products or services, to whom can they complain?
Who will investigate this complaint, and how will the released data be re-captured, deleted from 3rd/4th/5th/xth party owned datasets, and re-secured as private and confidential data?
Who will be punished and how, for what types of data breach?
Still no leaflets! Didn’t know we lived in a communist state, thought my father fought hard for freedom!
What annoys me is that I have no idea what information is in my medical records and I will have to pay a fee to find out.
Hence I’m probably going to opt-out and may opt-in later once I’ve satisfied myself that the information is correct (if I bother).
It’s not as though you can opt-out later, is it?
My private data is confidential and not yours to disclose to anyone. Do so and I will sue, and I will win!
My medical data is NOT yours to sell yet you presume my consent to such a behavior. This is so wrong.
Once I work out how to do so I will be opting OUT. I will also be encouraging those I know and care for to do the same.
Surely the Data Protection Act requires a specific consent prior to you selling my data, are you above the law?
.
I agree they should get permission from patients to access their Data none of this OPT/OUT nonsense (Totally Undemocratic )
This is another government cock up.
1: it should be an opt in NOT opt out scheme
2: this scheme makes the individual easily identifiable. It should have been devised in a manner that made it totally anonymous then most reasonable people would have been agreeable.
As it is the information WILL be used by unscrupulous commercial interests.
Yes, but how can I be SURE ……that my data will not be sold ?
why do you need to know my NHS number? this is identifiable data.
i am also sure that if you have my DOB sex and my postcode there wont be anyone else who matches….. this is identifiable.
if it is for research purposes the none identifiable data will suffice.
you will not be having my data or my families for any reason and my GP has a code of confidentiality which mean he can not share what i discuss or results with anyone other than me or whom i say he can.
this should not be an opt out situation but an opt in!!
i am also discusted that it is the 1st feb 2014 and i still dont have my leaflet in the post and this is ment to go live in MARCH – cutting if fine arent we!
The NHS and government organisations have an abysmal track record in (mis)managing the data it collects. I’ve lost count of the number of times ‘confidential’ data has been reported as found in the public domain by accident.
It may very well be that the NHS will not make any profit out of this data but I don’t believe private health care, insurers, Uncle Tom Cobley and all won’t find a way to use it for their profit.
As someone who in a previous life was responsible for receiving, cleansing and producing datasets on a huge scale, I know just how difficult it is to keep data anonymous and secure. The NHS is far too big to be able to do so successfully.
I want to withdraw my consent for my records to be shared with anyone … It’s my information and no one elses.
Expect law suits
You can find an opt-out form at http://optout.care-data.info
This database does not meet professional integrity or secufity standards;
Data subjects cannot see, validate & correct if necessary fhe data held on them. There is no turn-around validation.
It can be passed on to unknown and uncontactable data controllers in Red form on the say-so of a Secretary of State.
I do not trust the data controllers it may be passed to to use it only for the purposes for which it was originally collected before the HSC Act which legalises its transfer to care.data.
I do not believe the Secretary of State is able to ensure conditions he imposes will be observed..
When asked what might stop the insurance companies from reusing the data, Dr Lewis could only point to what the Information Commissioner might do. The IC is a separate regulator with little track record of going after the private sector for Data Protection breaches, but even if they did take action, it would be too late. This could have been an opt-in exercise, and then the NHS reassurances would really have been tested. As it is, many will not even receive the leaflet (I haven’t), and won’t get to exercise a real choice.
What a ridiculous retort. I would gladly give away Dr Lewis’ house for free. Is it ok if I do that because I don’t make any profit from it?
Also, “selling or administrating any kind of insurance” is only one concern. I’d still rather it remained entirely confidential.
It should be opt-out by default. More details of what constitutes ‘amber data’, along with specific details of the pseudonymisation process, should be published before people are automatically opted in without consent.
Information on how to opt out here: http://medconfidential.org/how-to-opt-out/
38 degrees petition here: https://you.38degrees.org.uk/petitions/prevent-the-sale-of-nhs-patient-records-to-drug-and-insurance-companies-1
Further information here: http://www.care-data.info/
Epetitions (official govt site) petition here: http://epetitions.direct.gov.uk/petitions/53994
There should be a form included with this leaflet for anyone who wishes to opt out. I will certainly not allow my details to be shared
This statement goes no way to alleviating my concerns about how my data could be used.
Once insurance companies have the data are you really trying to tell me they wont use it to help work out premiums?
Next you’ll be telling us they’re as trustworthy as the banks!