NHS England is facing further criticism over its use of patient data, following reports that hospital records were uploaded to Google by one company and released on the internet by another.
A 2012 PA Consulting report on the future of healthcare IT has been widely circulated on social media today, revealing that PA uploaded a copy of the Hospital Episode Statistics (HES) database containing medical records of patients’ hospital treatment for analysis on Google’s BigQuery data analytics tool.
PA purchased use of the records legitimately under rules around the use of data that were in place at the time, but critics have seized on the news as further evidence of a cavalier approach to patient records at NHS England.
Separately, medical researcher and author Ben Goldacre claimed on Twitter that HES data was made available online by another company, although reports suggest the data has since been taken down.
The controversy comes after NHS England was forced to postpone by six months the start of its Care.data service to upload full patient medical records from GPs, following widespread criticism that the scheme has not been fully thought through or adequately publicised.
A statement from the Health & Social Care Information Centre (HSCIC), the body charged by NHS England with managing the release of patient data, said PA Consulting was allowed to use HES data under strict safeguards as part of an agreement with the HSCIC’s predecessor, the NHS Information Centre (NHS IC).
“The agreement obliged PA Consulting to abide by conditions to protect the confidentiality of the data, including restricting the data to a named list of individuals, a prohibition on sharing any information with risk of identifying individuals and a requirement to destroy the data after the agreement end date,” said the statement.
Read more on the Care.data controversy
- NHS England admits failure to explain benefits of care.data
- NHS England faces growing pressure to delay Care.data medical records plan
- The lesson from the NHS Care.data row: You can't keep privacy issues private any more
- NHS collects patient care data from GPs
- Atos to manage care.data GP data extraction
“PA Consulting used a product called Google BigQuery to manipulate the datasets provided and the NHS IC was aware of this. The NHS IC had written confirmation from PA Consulting prior to the agreement being signed that no Google staff would be able to access the data; access continued to be restricted to the individuals named in the data sharing agreement.”
Parliamentary under-secretary of state at the Department of Health, Jane Ellison, was also forced to apologise to the House of Commons today after falsely claiming that HES data released to an insurance actuarial firm was “publicly available” and “non-identifiable”.
NHS England executives in charge of Care.data were further criticised by MPs at a health committee meeting last week.
“The public is rightly worried they don’t know who can and who can’t use their data,” Sharmila Nebhrajani, chief executive of the Association of Medical Research Charities, told the MPs.
Further reports have suggested that health secretary Jeremy Hunt will this week announce new measures to legally safeguard the use of records gathered under Care.data, in an attempt to stifle growing criticism of the scheme.