NHS misleads patients over sharing medical records with drug firms
A new NHS computer system that will share the medical history of millions of patients with drug companies without proper consent is under attack from privacy experts, who say it is misleading, risky and potentially illegal.
The system, the Secondary Uses Service (SUS), is part of the NHS’s troubled National Programme for IT (NPfIT), and massively expands the amount of medical data that commercial and academic researchers can access.
In many cases, patients will not be asked for consent for their data to be shared, because it is claimed it will be “anonymised”, a process which deletes certain information with the aim of making individuals unidentifiable.
However, in a letter to the British Medical Journal, Dr Ian Brown of the Oxford Internet Institute said that NHS rules mean such unwitting participants in research can be “trivially” re-identified. They are also not to be told or given a choice about how their medical records will be used, he said, and misled about the risks to their privacy.
“This is something that is just getting going,” Dr Brown told The Telegraph.
The SUS replaces previous record sharing arrangements that were typically on much smaller scale and involved patient consent.
It will supply data where patients’ names and addresses have been replaced by their date of birth and postcode.
“As a postcode typically contains about 20 houses, almost all patients are easily identifiable by reference to these facts,” Dr Brown said in the letter, which is co-signed by Lindsey Brown, a researcher in public health ethics at Bristol University, and Professor Douwe Korff, a data protection law specialist at London Metropolitan University.
Some of the “anonymised” data also includes the unique NHS Number for each patient, making them even more easily identifiable. According to Dr Brown and his colleagues, such weak privacy policies could be illegal under European data protection laws.
“Patients are not currently being adequately informed about possible secondary uses of their medical data for medical research,” said Dr Brown and his colleagues.
“[Patients] are not asked to give clear, specific, free and informed consent; are not offered unambiguous and effective opt-outs; and are misled about the level of anonymisation of their data and the likelihood of re-identification,” they added.
The Department of Health had not responded to a request for comment.
The letter is a response to suggestions by scientists that the rules on accessing to patient data should be further relaxed. They have welcomed SUS and argued that easier access to sensitive data records will spur medical advances.
“It is irresponsible to insist that no regulation and governance should interfere with researchers’ access to health records or record linkage capabilities,” said Dr Brown and colleagues.
The National Programme for IT was conceived under the Labour government at a cost of around £12.7bn, making it the most expensive pulic technology programme in the world.
Since coming to power, the coalition has announced it will abandon the name and shave an £700m from the price tag, in addition to the £600m cut made by Alistair Darling in 2009.
Several suppliers have dropped out and doctors’ groups have questioned the clinical value of the scheme, which will digitise patient records and make them available throughout the NHS.
Tags: Conservatives, data privacy, Doctors, Health Professionals, IT disaster, labour liars, Labour shambles, NHS, NPfIT