Private companies get access to millions of NHS medical records
Patients’ postcodes, medical conditions and treatments – and in some circumstances, their names – could be passed on to third parties without their consent.
The labour Government is considering giving firms access to a massive computer database which will contain the records of almost every man, woman and child in England.
The information is a goldmine for private companies, who could use it for medical research or for helping them to sell products to the NHS.
But privacy campaigners say they are “horrified” by the proposals which could see patients’ postcodes, medical conditions and treatments – and in some circumstances, their names – passed on to third parties without their consent.
The database, part of a long-delayed scheme to give NHS staff access to computerised medical records, will hold details of almost all visits by patients to hospitals and GPs.
The plans have been dogged by controversy. Last week. ministers gave in to pressure from privacy campaigners and agreed that medics will have to gain the consent of patients before opening their computer records. Yet patients will have almost no control over the same information being passed on to companies and other bodies outside the NHS.
The Department of Health says most records passed onto third parties would be made anonymous, but admits that identifiable data – which could include patient names – could also be handed on if it was deemed to be more useful.
Security experts said the scheme would “hoover up” vast quantities of confidential data which could easily be traced back to individuals, whether or not names and addresses or other personal details were removed.
Ross Anderson, Professor of Security Engineering at Cambridge University, said: “We have had a lot of debate about patients being able to opt out of the national scheme for patient records, but meanwhile the Government have pulled a fast one. There are no limits set on the way this data can be used; this database will hoover up all the personal medical data on every person, and it can be used for whatever the Secretary of State says it can be used for.”
Prof Anderson suggested the creation of one large database would also make it easier for different parts of the state to use confidential health data for other purposes, with social workers, courts and police able to access medical files more easily.
Helen Wilkinson, a former NHS manager who founded The Big Opt-Out, a campaign against the national care records scheme, said she was “horrified” by the latest development and planning a major publicity launch to warn people of the threat it posed to their privacy and security.
She said: “We are talking about a hugely valuable commodity which will be worth a fortune to the pharmaceutical industry, and to all the companies which make their profits from the health service.”
Joyce Robins, from patient pressure group Patient Concern, said patients would be left “entirely at the mercy” of those operating the scheme.
“We have no idea where this information will end up, and we have no control over it. Even when the data is anonymised, it will be easy to trace back to individuals because the nature of medical data is that it reveals a lot about a person. We have seen an endless succession of data losses and breaches, and there is little to reassure anyone that this information would be secure.”
The Government public consultation on secondary uses of NHS data, which began without publicity on Wednesday, has been outsourced to a private company called Tribal, which holds contracts to organise the planning of NHS services.
Its managing director Matthew Swindells was until recently chief information officer of the DoH, and before that adviser to then health secretary Patricia Hewitt.
A spokesman for Connecting for Health, the government agency which oversees the patients records scheme, said that while “in theory” anonymised data could be used to trace an individual, researchers would be more likely to examine records in batches of hundreds of thousands at a time. He described the matter of whether information should stay within the health service, or ever go outside for research – to academic researchers or pharmaceutical companies – as a “valid question” on which the consultation sought public opinion.
The agency’s chief operating officer, Professor Michael Thick, said patients would be able to be removed from the so callled “secondary use” database if they made an application under the Data Protection Act. Under the proposed system, third parties would need to request information from the central database, and fulfil requirements set by data custodians and ethics committees.
Health Direct points out that labour government records have shown themselves to be as watertight as a rusty bucket.
Now labour are openly proposing that your health details will be accessible to many.
Medical records are personal and private to the individuals concerned, having been given in trust to their medical adviser.
The assumption that medical records can be widely disseminated represents a breach of this trust and would be totally unethical.
If you also don’t want your medical details to be widely available, sign up at the Big Opt Out at http://www.nhsconfidentiality.org/