Police to be allowed searches of national database of NHS patient records

News analysis

It went largely unnoticed but the minister for the NHS’s National Programme for IT, Ben Bradshaw, has confirmed that data on a central database of millions of confidential health records will be made available to police where there is an “overriding public interest”.

The phrase “overriding public interest” is not defined.

Some people will say “So what? If police can better protect us by accessing health records we should be grateful the technology is now being provided”.

Others may say that allowing police access to the national electronic database of patient records information is a step towards allowing access to other public authorities, such as social services; and later on private organisations, including employers and insurance companies.

Officials at the Department of Health would argue that every access to the records leaves a flag in the audit trail. But we will be reporting on evidence shortly that NHS staff may not have the time to check increasingly long audit trails of electronic healthcare records.

Ben Bradshaw said that police will have access to data in the Secondary Uses Service [SUS] database where “it is in the overriding public interest” or there is statutory authority, or the courts have made an order requiring disclosure.

The SUS is to be supported by a database of millions of patient records. The database will draw from local detailed care records of patients and 50 million summary care records.

The SUS system has technical design features that allow data from different sources relating to the same person to be linked. The data is “pseudonymised” which means that records are made anonymous to healthcare researchers but the names and personal details of patients can be easily linked to individual records if police and other government authorities require it.

The disclosure about possible police access to data in electronic health records was prompted by a question from Conservative MP Jeremy Wright. He asked the Secretary of State for Health “whether it will be lawful for the secondary users database to be searched at the request of the police and for the police to be provided with the identity of individuals whose medical records contain specific information”.

Ben Bradshaw replied:

“Data from the secondary uses service will only be disclosed to the police where it is in the overriding public interest, for example to prevent, or support detection of, extremely serious crimes, where there is statutory authority, or where the courts have made an order requiring disclosure.”

Bradshaw’s words were chosen carefully. Police may access records where there have been “extremely serious crimes”, but this careful phrasing did not rule out access by police where there have been less serious suspected incidents.

One GP has suggested that police may in certain circumstances be able to ask for information such as details of all under-16s who have presented for contraception, or details of all caucasian men living in a particular postcode who have been treated for alcoholic liver damage.


The word “pseudonymised” is interesting. It was used by the Information Commissioner in 2002 to mean:

“data where the normal personal identifiers have been replaced by an artificially-created identifier so as to conceal the identity of the patient”.

However there is a link between normal and artificial identifiers; and though these are stored separately patients can be “re-identified” if necessary. Indeed the Information Commissioner has said that pseudonimised information may still fall within the Data Protection Act.

It seems to me that the word pseudonymised has a fictitious benevolence. That the Secondary Uses Service is potentially useful to healthcare researchers, and could improve the care and treatment of patients, is not in doubt. But this database of millions of patient records is only dressed up to be anonymous.


Since posting the above entry GP Paul Thornton, who has made a study of the legislation and implications for personal privacy of national patient databases, makes these useful points:

” 1. Currently the decision to release sensitive information can only be made by the GP practice to whom it was divulged by the patient. The professional can defend the principle of patient privacy, if needed in the judicial process prior to a court order. Under the new process, the decision is made by an agent of the state.

“There are clear examples in history of medical information being subverted by state agencies as part of the migration of societies from liberal democracy to totalitarianism. That is why European law is less complacent in this regard.

“2. Currently, the police can only seek patient information once they have identified the individual. With the national database it becomes possible to search the data to identify the individual.”


NHS staff view celebrity record

Jeremy Wright Parliamentary question and Ben Bradshaw’s answer

Wall St Journal poll on electronic health records

Safety and privacy of databases on children

New York City puts e-health records online

Privacy imperative in healthcare IT

Google your private health information

How secure are centralized e-health records?

Warning over privacy of 50 million patient files

Quote of the day

NPfIT wiki

BMA letter to Ben Bradshaw

Modernising healthcare – is the NPfIT fit for purpose?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Why is there such an upcry about sharing of information. In Scotland we have been sharing information between NHS, Social Work, Schools, Police, Childrens Reporter and numerous other organisations electronically for a number of years. England seems to be be so backwards in their thinking. In Scotland the Scottish Government have pushed and continue to push for the sharing of information, based around an eCare framework that has been implemented by many of these groups.

If the sharing of information like this prevents one child from being harmed, I can see no reason why these trumped up publicity seekers should be told to sit down and be quiet.

I am sure that those reading this are net savvy enough to find the Scottish Executive website and have a search there for eCare and eSSA (electronic Single Shared Assessment).

Our anonymous friend forgets to ask how many children will be harmed by the database state. What effect does he/she think the ability of the police to trawl medical records for "offences" (like teenagers asking for the pill) on teen pregnancy. How many additional children will be harmed by undesirables getting access to the database, or parents tracking down children removed from them, or with partners now elsewhere via leaks from it (and we know all to well that staff can be tricked, and bribed)

If you save one child by harming another two you've made it worse. Social policy isn't black and white.

Even I am not sure about what over-ridding public interest means here, but handling databases to sherrif is not a bad ploy in this kind of global tension.

I made a general DPA request to my local authority inthe early part of this year regarding a maladministration/discrimination/discriminatation complaint with my local council. I was horrified and very upset to receive some extensive and sensitive/confidential medical notes informationin relation to myself being sent to me with other info from the Housing Dept of my local council. I had no idea my medical info was held on a joint computer system called `Swift' and could be accessed by council employees. I was/am very distressed that I was not contacted by the NHS first to to inform me of this situation and gain my persmission first the release of this info. I am upset also that I wa allowed to be identified in this way and my personal privacy toatally invaded and not respected. I had not committed a criminal offence, I was no risk to self or others and thee were no child protection issues. I am livid.