Warning over privacy of 50m patient files in NHS IT project
Millions of personal medical records are to be uploaded regardless of patients' wishes to a central national database from where information can be made available to police and security services, the Guardian has learned. Details of mental illnesses, abortions, pregnancy, HIV status, drug-taking, or alcoholism may also be included, and there are no laws to prevent DNA profiles being added. The uploading is planned under Whitehall's bedevilled £12bn scheme to computerise the health service.
After two years of confusion and delays, the system will start coming into effect in stages early next year.
Though the government says the database will revolutionise management of the NHS, civil liberties critics are calling it "data rape" and are urging Britons to boycott it. The British Medical Association also has reservations. "We believe that the government should get the explicit permission of patients before transferring their information on to the central database," a spokeswoman said yesterday.
And a Guardian inquiry has found a lack of safeguards against access to the records once they are on the Spine, the computer designed to collect details automatically from doctors and hospitals. The NHS initiative is the world's biggest civilian IT project. In the scheme, each person's cradle-to-grave medical records no longer remain in the confidential custody of their GP practice. Instead, up to 50m medical summaries will be loaded on the Spine.
The health department's IT agency has made it clear that the public will not be able to object to information being loaded on to the database: "Patients will have data uploaded ... Patients do not have the right to say the information cannot be held."
Once the data is uploaded, the onus is on patients to speak out if they do not want their records seen by other people. If they do object, an on-screen "flag" will be added to their records. But any objection can be overridden "in the public interest".
Harry Cayton, a key ministerial adviser, warned last month of "considerable pressure to obtain access to [the] data from ... police and immigration services", but he is confident that these demands can be resisted by his department.
Another concern is the number of people who can view the data. The health department has issued 250,000 pin-coded smart cards to NHS staff. These will grant varied access from more than 30,000 terminals - greater access for medical staff, and less for receptionists. Health managers, council social workers, private medical firms, ambulance staff, and commercial researchers will also be able to see varying levels of information. Officials say the data will be shared only on a need-to-know basis. But Guardian inquiries show a lack of safeguards.
Although data protection laws supposedly ban unnecessary build-ups of computer information, patients will get no right to choose whether their history is put on the Spine. Once uploading has taken place, a government PR blitz will follow. This will be said to bring about "implied consent" to allow others view the data. Those objecting will be told that their medical care could suffer.
The government claims that computerised "sealed envelopes" will allow patients selectively to protect sensitive parts of their uploaded history from being widely accessed. But no such software is yet in existence. It is being promised for an unspecified date. Some doctors say "sealed envelopes" may be too complex to be workable.
The design also allows NHS staff to "break the seal" under some circumstances. Police will be able to seek data, including on grounds of national security. Government agencies can get at records, according to the health department, if "the interests of the general public are thought to be of greater importance than your confidentiality". Examples given of such cases include "serious crime and national security".
The department's guidelines say: "The definition of serious crime is not entirely clear ... Serious harm to the security of the state or to public order, and crimes that involve substantial financial gain or loss will ... generally fall within this category." The health department says confidentiality can already be breached in such cases.
At present, police have to persuade a GP, who knows the patient, to divulge limited facts, or insist on a court order.
Under the new system, data may be disclosed centrally and anonymously, at the touch of a button. Health department privacy advisers say they do not wish to allow police to have clinical information. But they are prepared to disclose patients' addresses.
Another safeguard initially promised was that all patients would be able to check their records on the internet for mistakes. But a system involving the issue of smart cards to patients has not yet been tried out.
Current criminal penalties are so weak they have failed to stop tabloid journalists and private detectives raiding such data on an industrial scale, according to a recent special report by Richard Thomas, the information commissioner.
Sir John Bourn's National Audit Office also wrote a recent report warning of significant concerns among NHS staff "that the confidentiality of patient information may be at risk". But officials persuaded the NAO to delete the warnings in the published version.
The original draft said: "Patient confidentiality remains a controversial issue among critics ... both as regards the adequacy of the planned safeguards to protect information, and whether patients should have a right to opt out of having their information recorded".
More information on how weak Labour's contorl over our personal health information can be found at:
http://society.guardian.co.uk/health/news/0,,1936403,00.html
http://society.guardian.co.uk/health/news/0,,1936192,00.html
What can patients do?
Ross Anderson, professor of security engineering at Cambridge University, believes that patients do have legal rights over their medical records: "Write and insist that you are not put on the NHS data spine," Prof Anderson says. "If enough people boycott having centralised NHS records, with a bit of luck the service will be abandoned."
If you are concerned, you should discuss it with your GP. You can put a block on your own data by writing to:
The Secretary of State for Health
Richmond House
79 Whitehall Terrace
London SW1A 2NS
And send the same letter to your GP.
It should say:
Dear Sir/ Madam
I require you not to begin processing my sensitive personal data to the proposed NHS Summary Care Record on the Spine. It is likely to cause me substantial unwarranted distress because:
1. No 'sealed envelopes' yet exist to limit access
2. No online patient system yet exists to correct errors
3. Data uploaded may include genetic, psychological or sexual information
4. It is intended to make my data available to social workers, researchers and commercial firms
5. My consent will not be asked before beginning processing
6. Adequate criminal penalties against abuse do not yet exist
7. Police and other agencies can gain access to a potentially unlimited range of information about me. There is abundant evidence that computer databases - including police, vehicle licensing and banking computers - are routinely penetrated by private investigators on behalf of clients, including media organisations
8. 250,000 smart cards have been issued granting access to the Spine
9. The department threatens to withhold appropriate medical care to objectors
10. Doctors say there is no necessity to design the Spine in this way
For these reasons, among others, I strongly fear that I am in danger of having false or damaging health information fall into the wrong hands. My privacy is being unnecessarily violated.
Yours faithfully
Health Direct suggests that you write NOW- before this disgraceful plan gathers momentum.
After two years of confusion and delays, the system will start coming into effect in stages early next year.
Though the government says the database will revolutionise management of the NHS, civil liberties critics are calling it "data rape" and are urging Britons to boycott it. The British Medical Association also has reservations. "We believe that the government should get the explicit permission of patients before transferring their information on to the central database," a spokeswoman said yesterday.
And a Guardian inquiry has found a lack of safeguards against access to the records once they are on the Spine, the computer designed to collect details automatically from doctors and hospitals. The NHS initiative is the world's biggest civilian IT project. In the scheme, each person's cradle-to-grave medical records no longer remain in the confidential custody of their GP practice. Instead, up to 50m medical summaries will be loaded on the Spine.
The health department's IT agency has made it clear that the public will not be able to object to information being loaded on to the database: "Patients will have data uploaded ... Patients do not have the right to say the information cannot be held."
Once the data is uploaded, the onus is on patients to speak out if they do not want their records seen by other people. If they do object, an on-screen "flag" will be added to their records. But any objection can be overridden "in the public interest".
Harry Cayton, a key ministerial adviser, warned last month of "considerable pressure to obtain access to [the] data from ... police and immigration services", but he is confident that these demands can be resisted by his department.
Another concern is the number of people who can view the data. The health department has issued 250,000 pin-coded smart cards to NHS staff. These will grant varied access from more than 30,000 terminals - greater access for medical staff, and less for receptionists. Health managers, council social workers, private medical firms, ambulance staff, and commercial researchers will also be able to see varying levels of information. Officials say the data will be shared only on a need-to-know basis. But Guardian inquiries show a lack of safeguards.
Although data protection laws supposedly ban unnecessary build-ups of computer information, patients will get no right to choose whether their history is put on the Spine. Once uploading has taken place, a government PR blitz will follow. This will be said to bring about "implied consent" to allow others view the data. Those objecting will be told that their medical care could suffer.
The government claims that computerised "sealed envelopes" will allow patients selectively to protect sensitive parts of their uploaded history from being widely accessed. But no such software is yet in existence. It is being promised for an unspecified date. Some doctors say "sealed envelopes" may be too complex to be workable.
The design also allows NHS staff to "break the seal" under some circumstances. Police will be able to seek data, including on grounds of national security. Government agencies can get at records, according to the health department, if "the interests of the general public are thought to be of greater importance than your confidentiality". Examples given of such cases include "serious crime and national security".
The department's guidelines say: "The definition of serious crime is not entirely clear ... Serious harm to the security of the state or to public order, and crimes that involve substantial financial gain or loss will ... generally fall within this category." The health department says confidentiality can already be breached in such cases.
At present, police have to persuade a GP, who knows the patient, to divulge limited facts, or insist on a court order.
Under the new system, data may be disclosed centrally and anonymously, at the touch of a button. Health department privacy advisers say they do not wish to allow police to have clinical information. But they are prepared to disclose patients' addresses.
Another safeguard initially promised was that all patients would be able to check their records on the internet for mistakes. But a system involving the issue of smart cards to patients has not yet been tried out.
Current criminal penalties are so weak they have failed to stop tabloid journalists and private detectives raiding such data on an industrial scale, according to a recent special report by Richard Thomas, the information commissioner.
Sir John Bourn's National Audit Office also wrote a recent report warning of significant concerns among NHS staff "that the confidentiality of patient information may be at risk". But officials persuaded the NAO to delete the warnings in the published version.
The original draft said: "Patient confidentiality remains a controversial issue among critics ... both as regards the adequacy of the planned safeguards to protect information, and whether patients should have a right to opt out of having their information recorded".
More information on how weak Labour's contorl over our personal health information can be found at:
http://society.guardian.co.uk/health/news/0,,1936403,00.html
http://society.guardian.co.uk/health/news/0,,1936192,00.html
What can patients do?
Ross Anderson, professor of security engineering at Cambridge University, believes that patients do have legal rights over their medical records: "Write and insist that you are not put on the NHS data spine," Prof Anderson says. "If enough people boycott having centralised NHS records, with a bit of luck the service will be abandoned."
If you are concerned, you should discuss it with your GP. You can put a block on your own data by writing to:
The Secretary of State for Health
Richmond House
79 Whitehall Terrace
London SW1A 2NS
And send the same letter to your GP.
It should say:
Dear Sir/ Madam
I require you not to begin processing my sensitive personal data to the proposed NHS Summary Care Record on the Spine. It is likely to cause me substantial unwarranted distress because:
1. No 'sealed envelopes' yet exist to limit access
2. No online patient system yet exists to correct errors
3. Data uploaded may include genetic, psychological or sexual information
4. It is intended to make my data available to social workers, researchers and commercial firms
5. My consent will not be asked before beginning processing
6. Adequate criminal penalties against abuse do not yet exist
7. Police and other agencies can gain access to a potentially unlimited range of information about me. There is abundant evidence that computer databases - including police, vehicle licensing and banking computers - are routinely penetrated by private investigators on behalf of clients, including media organisations
8. 250,000 smart cards have been issued granting access to the Spine
9. The department threatens to withhold appropriate medical care to objectors
10. Doctors say there is no necessity to design the Spine in this way
For these reasons, among others, I strongly fear that I am in danger of having false or damaging health information fall into the wrong hands. My privacy is being unnecessarily violated.
Yours faithfully
Health Direct suggests that you write NOW- before this disgraceful plan gathers momentum.
posted by Dr Search- Principal Consultant at the Search Clinic at
9:59 AM
0 Comments:
Post a Comment
<< Home