NHS England database raises privacy concerns

Privacy groups have raised concerns about NHS England’s plans to create a single database of medical data collected from hospitals and general practitioners.

They warn there will be no way for patients to work out who has accessed their medical records or how they are using the information, reports the Guardian.

According to the paper, drug and insurance companies will be able to buy information on patients once a single English database of medical data is created later this year.

From March, NHS England will expand the collection of patient care data from hospitals to include general practices to improve data on disease and treatment patterns.

All this data will be collated and uploaded to a single database controlled by the NHS Health and Social Care Information Centre (HSCIC).

NHS England claims the project will improve the analysis of trends that can help plan future health services and allow researchers to investigate drug side effects or the performance of hospitals.

But privacy experts warn that organisations like university research departments, insurers and drug companies will be able to apply to the HSCIC to access the data.

If an application is approved, the applicant organisation will pay to extract information from the database.

Although some personal identifiers will be removed, experts say the information will not be anonymous.

Initially, NHS England indicated the data would be anonymised to make it impossible to track data back to individuals, but now says it will be use a process of “pseudonymisation”.

Mark Davies, HSCIC public assurance director, told the Guardian there was a "small risk" that certain patients could be "re-identified" because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the "pseudonymised" records.

"You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk," he said.

Julia Hippisley-Cox, a professor of general practice at Nottingham University and government advisor on health privacy said while there may be "benefits" from the scheme "if extraction [sale] of identifiable data is to go ahead, then patients must be able find out who has their identifiable data and for what purpose".

Hippisley-Cox added that "there should be a clear audit trail which the patient can access and there needs to be a simple method for recording data sharing preferences and for these to be respected".

“If the data is not truly anonymous, then there is a continuing privacy or data protection legal risk,” said Stewart Room, partner at law firm Field Fisher Waterhouse.

What Europe is concerned about on the question of anonymisation, he said, is whether the technique used to anonymise sensitive data is true and sound, and what guarantees it provides.

Data security is also a concern, said Room, because the initiative is a big data project involving medical information, which is the most sensitive type of information imaginable.

“So the security framework that is going to attach to this activity has got to be incredibly robust. And the more activities and processing we do, the greater the risk that is built into the system,” he told Computer Weekly.

Room said it is essential that the data is properly anonymised and secured, bearing in mind the NHS has had a lot of problems on the security front in recent years with the information commissioner.

From March, NHS England is to distribute millions of leaflets explaining the benefits of the scheme, that parts of the database will be shared outside the NHS, and how to opt out of the scheme.

NHS England said it would publish its own assessment of privacy risks by March.