Privacy groups have raised concerns about NHS England’s plans to create a single database of medical data collected from hospitals and general practitioners.
They warn there will be no way for patients to work out who has accessed their medical records or how they are using the information, reports the Guardian.
According to the paper, drug and insurance companies will be able to buy information on patients once a single English database of medical data is created later this year.
From March, NHS England will expand the collection of patient care data from hospitals to include general practices to improve data on disease and treatment patterns.
All this data will be collated and uploaded to a single database controlled by the NHS Health and Social Care Information Centre (HSCIC).
NHS England claims the project will improve the analysis of trends that can help plan future health services and allow researchers to investigate drug side effects or the performance of hospitals.
But privacy experts warn that organisations like university research departments, insurers and drug companies will be able to apply to the HSCIC to access the data.
If an application is approved, the applicant organisation will pay to extract information from the database.
Although some personal identifiers will be removed, experts say the information will not be anonymous.
More on the NHS and data protection
- Symantec helps NHS trust cut security costs by a quarter
- NHS set to challenge ICO fine
- ICO issues warning over NHS Data Protection Act breaches
- ICO hits NHS Trust with biggest penalty to date
- ICO finds NHS Liverpool Community Health breached Data Protection Act
- Royal Cornwall Hospitals NHS Trust breaches Data Protection Act
- ICO issues first monetary penalty to the NHS
- ICO issues £175k penalty against Devon NHS Trust
- NHS Trust to appeal £375k data loss penalty
- ICO issues £200,000 penalty for failed IT disposal
- ICO concerned about ongoing NHS data breaches
- Royal Wolverhampton NHS trust loses patient data
- NHS trusts breach Data Protection Act with patient records
- Third NHS trust caught in breach of Data Protection Act
- Lost NHS medical records: Laptops had unused encryption software
- ICO takes enforcement action against NHS trusts for data losses
Initially, NHS England indicated the data would be anonymised to make it impossible to track data back to individuals, but now says it will be use a process of “pseudonymisation”.
Mark Davies, HSCIC public assurance director, told the Guardian there was a "small risk" that certain patients could be "re-identified" because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the "pseudonymised" records.
"You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk," he said.
Julia Hippisley-Cox, a professor of general practice at Nottingham University and government advisor on health privacy said while there may be "benefits" from the scheme "if extraction [sale] of identifiable data is to go ahead, then patients must be able find out who has their identifiable data and for what purpose".
Hippisley-Cox added that "there should be a clear audit trail which the patient can access and there needs to be a simple method for recording data sharing preferences and for these to be respected".
“If the data is not truly anonymous, then there is a continuing privacy or data protection legal risk,” said Stewart Room, partner at law firm Field Fisher Waterhouse.
What Europe is concerned about on the question of anonymisation, he said, is whether the technique used to anonymise sensitive data is true and sound, and what guarantees it provides.
Data security is also a concern, said Room, because the initiative is a big data project involving medical information, which is the most sensitive type of information imaginable.
“So the security framework that is going to attach to this activity has got to be incredibly robust. And the more activities and processing we do, the greater the risk that is built into the system,” he told Computer Weekly.
Room said it is essential that the data is properly anonymised and secured, bearing in mind the NHS has had a lot of problems on the security front in recent years with the information commissioner.
From March, NHS England is to distribute millions of leaflets explaining the benefits of the scheme, that parts of the database will be shared outside the NHS, and how to opt out of the scheme.
NHS England said it would publish its own assessment of privacy risks by March.