NHS England database raises privacy concerns

Privacy groups have raised concerns about NHS England’s plans to create a single database of medical data collected from hospitals and general practitioners.

Download this free guide

3 key web security guidelines from FS-ISAC

We address the ongoing issues regarding web security for businesses relying on an online presence. Download this e-guide and discover how to identify and address overlooked web security vulnerabilities as well as why you should look at the full security development lifecycle to reduce web threats.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

They warn there will be no way for patients to work out who has accessed their medical records or how they are using the information, reports the Guardian.

According to the paper, drug and insurance companies will be able to buy information on patients once a single English database of medical data is created later this year.

From March, NHS England will expand the collection of patient care data from hospitals to include general practices to improve data on disease and treatment patterns.

All this data will be collated and uploaded to a single database controlled by the NHS Health and Social Care Information Centre (HSCIC).

NHS England claims the project will improve the analysis of trends that can help plan future health services and allow researchers to investigate drug side effects or the performance of hospitals.

But privacy experts warn that organisations like university research departments, insurers and drug companies will be able to apply to the HSCIC to access the data.

If an application is approved, the applicant organisation will pay to extract information from the database.

Although some personal identifiers will be removed, experts say the information will not be anonymous.

Initially, NHS England indicated the data would be anonymised to make it impossible to track data back to individuals, but now says it will be use a process of “pseudonymisation”.

Mark Davies, HSCIC public assurance director, told the Guardian there was a "small risk" that certain patients could be "re-identified" because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the "pseudonymised" records.

"You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk," he said.

Julia Hippisley-Cox, a professor of general practice at Nottingham University and government advisor on health privacy said while there may be "benefits" from the scheme "if extraction [sale] of identifiable data is to go ahead, then patients must be able find out who has their identifiable data and for what purpose".

Hippisley-Cox added that "there should be a clear audit trail which the patient can access and there needs to be a simple method for recording data sharing preferences and for these to be respected".

“If the data is not truly anonymous, then there is a continuing privacy or data protection legal risk,” said Stewart Room, partner at law firm Field Fisher Waterhouse.

What Europe is concerned about on the question of anonymisation, he said, is whether the technique used to anonymise sensitive data is true and sound, and what guarantees it provides.

Data security is also a concern, said Room, because the initiative is a big data project involving medical information, which is the most sensitive type of information imaginable.

“So the security framework that is going to attach to this activity has got to be incredibly robust. And the more activities and processing we do, the greater the risk that is built into the system,” he told Computer Weekly.

Room said it is essential that the data is properly anonymised and secured, bearing in mind the NHS has had a lot of problems on the security front in recent years with the information commissioner.

From March, NHS England is to distribute millions of leaflets explaining the benefits of the scheme, that parts of the database will be shared outside the NHS, and how to opt out of the scheme.

NHS England said it would publish its own assessment of privacy risks by March.