UK Liberty

NHS patient medical records

Posted in nhs records, privacy by ukliberty on November 28, 2006

The NHS IT project has been mentioned quite frequently in the Register this past week, particularly with regard to patient data.

At the time of writing, the most recent article claims that,

Plans to upload medical records onto a central database – the so-called spine – will put patient confidentiality at risk, Connecting for Health (CfH) has been told by its own consultants.

In its own risk analysis of the project, the agency responsible for centralising the country’s medical records has acknowledged that GPs’ concerns about patient confidentiality have merit, and that it would be safer to store records locally.

It has been proposed that social care records should also be stored centrally, and that the two databases be merged.

We seem to be moving ever further from the principle that for each specific and limited purpose, only the information necessary for that purpose should be collected.

There are sound reasons for doing this, but from the privacy perspective it helps prevent abuse of the data.

For those who would say, “if you have nothing to hide you have nothing to fear”, here are some counterpoints (with many thanks to Ian Stirling):

  • a rapist might be interested in women with no history of STDs, perhaps some mental health problems, a particular body mass index, ethnicity, and age group;
  • a burglar might be interested in patients who are going to be in hospital for a few days, or those who have received immunisation for exotic countries;
  • a vigilante might be interested in people with particular mental health problems;
  • an identity thief might be interested in people who are ‘confused’;
  • a marketeer might be interested in people with sexual health problems (sending them emails about V1AgrA, perhaps); and,
  • a blackmailer would love to know about that skeleton in your cupboard.

Hundreds of thousands of NHS staff will have access to the data, as will other ‘healthcare professionals’. There are some real-life (as opposed to hypothetical) examples of abuse of personal data by those entrusted with it in another article on this blog. In addition, a recent Guardian article claims that:

Investigations by [ICO] staff and police had uncovered “evidence of a pervasive and widespread ‘industry’ devoted to the illegal buying and selling of such information”.Mr Thomas [ICO Commissioner] said he had identified 305 journalists buying unlawful personal information about celebrities, lottery winners and others.

A private detective hired by a potentially abusive husband to track down his wife had posed as a health official. He had “obtained details of the woman’s whereabouts by phoning her parents’ medical centre and requesting their number to check a prescription”.

Government databases raided on behalf of insurance firms and private industry, often with the help of staff, have included the Police National Computer, the DVLA’s vehicle computer, and those at the Department for Work and Pensions.

Storing personal data locally would make it much harder to abuse, for example:

  • the abuser targetting an individual would need to find out where the individual’s data was being stored (rather than searching a nationwide database), and then gain access to that particular facility (GP’s office) in order to obtain the data; and,
  • the abuser targetting a particular category of person (such as those with sexual or mental health problems) would need to visit several facilities in order to build a substantial body of data on such people.

You have no legal right to have your data withheld from the Spine. However, some concerned GPs are considering withholding your data should you request it. Ross Anderson, a Professor of Security Engineering at Cambridge University, has described how, via your GP, you might opt out of three aspects of the Spine. He has also some published some history behind the project.

In addition, concerned individuals have put together a ‘dossier of information relating to concerns’ over the project.


10 Responses

Subscribe to comments with RSS.

  1. AttilatheHun1900 said, on December 11, 2006 at 11:57 am

    This is relevant and may interest:

    Health Hazard: Computers Spilling Your History

    Bill Clinton’s identity was hidden behind a false name when he went to NewYork-Presbyterian Hospital two years ago for heart surgery, but that didn’t stop computer hackers, including people working at the hospital, from trying to get a peek at the electronic records of his medical charts.

    The same hospital thwarted 1,500 unauthorized attempts by its own employees to look at the patient records of a famous local athlete, said J. David Liss, a vice president at NewYork-Presbyterian.

    And just last September, the New York City public hospital system said that dozens of workers at one of its Brooklyn medical centers, including doctors and nurses, technicians and clerks, had improperly looked at the computerized medical records of Nixzmary Brown, a 7-year-old who prosecutors say was beaten to death by her stepfather last winter.

    Powerful forces are lobbying hard for government and private programs that could push the nation’s costly and inefficient health care system into the computer age. President Bush strongly favors more use of health information technology. Health insurance and medical device companies are eager supporters, not to mention technology companies like I.B.M. and Google. Furthermore, Intel and Wal-Mart Stores have both said they intend to announce plans this week to embrace electronic health records for their employees. …

    [Source: Health Hazard: Computers Spilling Your History, by Milt Freudenheim and Robert Pear, *The New York Times*, 3 Dec 2006]

  2. ukliberty said, on December 12, 2006 at 3:11 pm

    Thanks for the article. I think its often more useful to have real-life rather than hypothetical examples, particular to counter the “if you have nothing to hide…” argument.

  3. gillian underwood said, on October 11, 2010 at 2:41 pm

    Today a nurse came to my home to take a blood sample.

    I notice my medical records lying on a chair which the nurse had brought with her.
    I asked if they were my records she nodded. I asked why she she had them she didn’t answere

    It was only after she had left I started wondering about my records being carried around by a nurse taking blood.

    As she left my home she was holding the piece of paper containing my medical history the paper was blowing in the wind.

  4. Gluten Free Society said, on May 20, 2014 at 11:22 am

    In the Paleolithic period dairy products were not consume because animals had not been domesticated.
    At this particular point, marketing knowledge is sought.
    For a starter of gluten free products, it’s a good idea to consult a dietitian who can answer your questions
    and offer advice about how to avoid gluten while still
    eating a healthy, balanced diet.

  5. The reaction occurs when the residue on your hands makes its way to your
    lips or into your mouth. Do gluten free products online have any side-effects.
    For a starter of gluten free products, it’s a good idea to consult a dietitian who can answer your questions and
    offer advice about how to avoid gluten while still eating a healthy, balanced diet.

  6. perfect place to meet like minded said, on February 14, 2015 at 9:39 pm

    Its such as you read my mind! You appear to understand a lot
    approximately this, such as you wrote the e book iin it or something.

    I believe that you simply can do with a few % to power the message house a bit, but instead
    of that, this is excellent blog. A great read. I’ll certainly be back.

  7. horse riding games unblocked said, on May 21, 2016 at 1:28 pm

    Your child’s rider riding clothing will secure their fingers and
    also toes from injury, aid them to sustain contact with the steed,
    and prevent their feet from slipping out of the stirrups.

  8. said, on June 20, 2016 at 1:37 pm

    This web site certainly has all the information and facts I needed about
    this subject and didn’t know who to ask.

  9. sex said, on July 15, 2016 at 2:22 pm

    Hi there everyone, it’s my first pay a visit at this
    web page, and paragraph is in fact fruitful designed for me, keep
    up posting these types of articles or reviews.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: