NHS patient medical records
The NHS IT project has been mentioned quite frequently in the Register this past week, particularly with regard to patient data.
At the time of writing, the most recent article claims that,
Plans to upload medical records onto a central database – the so-called spine – will put patient confidentiality at risk, Connecting for Health (CfH) has been told by its own consultants.
In its own risk analysis of the project, the agency responsible for centralising the country’s medical records has acknowledged that GPs’ concerns about patient confidentiality have merit, and that it would be safer to store records locally.
It has been proposed that social care records should also be stored centrally, and that the two databases be merged.
We seem to be moving ever further from the principle that for each specific and limited purpose, only the information necessary for that purpose should be collected.
There are sound reasons for doing this, but from the privacy perspective it helps prevent abuse of the data.
For those who would say, “if you have nothing to hide you have nothing to fear”, here are some counterpoints (with many thanks to Ian Stirling):
- a rapist might be interested in women with no history of STDs, perhaps some mental health problems, a particular body mass index, ethnicity, and age group;
- a burglar might be interested in patients who are going to be in hospital for a few days, or those who have received immunisation for exotic countries;
- a vigilante might be interested in people with particular mental health problems;
- an identity thief might be interested in people who are ‘confused’;
- a marketeer might be interested in people with sexual health problems (sending them emails about V1AgrA, perhaps); and,
- a blackmailer would love to know about that skeleton in your cupboard.
Hundreds of thousands of NHS staff will have access to the data, as will other ‘healthcare professionals’. There are some real-life (as opposed to hypothetical) examples of abuse of personal data by those entrusted with it in another article on this blog. In addition, a recent Guardian article claims that:
Investigations by [ICO] staff and police had uncovered “evidence of a pervasive and widespread ‘industry’ devoted to the illegal buying and selling of such information”.Mr Thomas [ICO Commissioner] said he had identified 305 journalists buying unlawful personal information about celebrities, lottery winners and others.
A private detective hired by a potentially abusive husband to track down his wife had posed as a health official. He had “obtained details of the woman’s whereabouts by phoning her parents’ medical centre and requesting their number to check a prescription”.
Government databases raided on behalf of insurance firms and private industry, often with the help of staff, have included the Police National Computer, the DVLA’s vehicle computer, and those at the Department for Work and Pensions.
Storing personal data locally would make it much harder to abuse, for example:
- the abuser targetting an individual would need to find out where the individual’s data was being stored (rather than searching a nationwide database), and then gain access to that particular facility (GP’s office) in order to obtain the data; and,
- the abuser targetting a particular category of person (such as those with sexual or mental health problems) would need to visit several facilities in order to build a substantial body of data on such people.
You have no legal right to have your data withheld from the Spine. However, some concerned GPs are considering withholding your data should you request it. Ross Anderson, a Professor of Security Engineering at Cambridge University, has described how, via your GP, you might opt out of three aspects of the Spine. He has also some published some history behind the project.
In addition, concerned individuals have put together a ‘dossier of information relating to concerns’ over the project.