The story that an medical insurance company has already done
an exercise to "refine" its premiums by
collating the NHS Hospital Episodes Database with Mosaic helps put the current
debate over access to medical records into perspective. It also adds "bite" to my reprise on the "Bled Report" yesterday, particularly with regard to the sale of data collected as part of the delivery of a public service.
At this point I should, however, add that I personally would have much more faith in the security of an exercise done by a phamarceutical or insurance company in co-operation with Experian, than one done by the NHS or any academic researcher.
The former understand the importance and value of confidentiality and have the budgets to go with it. The latter tend to think that their project is more important than all that security flummery, which they cannot afford (time or money) anyway.
I would be most surprised if this exercise was done in such a way as to compromise patient identity and confidentiality but there is little doubt that had it not been done by an organisation which takes information security and anonymity very seriously when doing such exercises, like Experian, it could have been.