The latest twist in a scheme that’s ignited controversy since it was announced last month has revealed that, under a new patient data initiative, police and government bodies will be able to access people’s medical records without a warrant. Talk about undermining doctor-patient confidentiality.
It’s a further worrying insight into the full privacy implications of the National Health Service’s care.data programme, which is set to start gathering the whole nation’s medical data next month.
Care.data will pool every English NHS patient’s medical records into one big database, all in the name of improving research. In its purest form, it’s a noble idea: researchers will be able to use the vast collection of data to look at trends across the population’s medical histories in order to explore things like the causes of certain diseases, or track standards of care across the country.
But it didn’t take long for people to point out the privacy issues associated with such a scheme. That’s because, although the data is stripped of some personal identifiers, it’s not totally anonymised—because medical records are so individual, it seems impossible to guarantee that your identity couldn’t be tracked from the data, especially if those accessing them had their own databases to compare the pseudonymised records against. Mark Davies of the Health and Social Care Information Centre, which will oversee the database, admitted to the Guardian in January that there was “a ‘small risk’ certain patients could be ‘re-identified.’”
The NHS website explains that while your name won’t appear in the data, it will include “your date of birth, full postcode, NHS Number and gender.” They will be kept in a “secure system”—but some have expressed concern over the potential for hacking, and the NHS doesn’t exactly have a perfect track record when it comes to computer security.
An animation explains how the database would improve healthcare. Video: NHS England/Youtube
Medical records are perhaps the most private personal data we have, and so even a small risk is a pretty big deal. There’s a reason we have patient-doctor confidentiality: the records collected by the database will include sensitive information like mental health records, and drinking and smoking habits.
Then there’s the issue that the data won’t just be available to academic researchers, but also—at a cost—to private companies. Patients won’t know who exactly who has their data, or how they’re using it. The NHS responded to privacy fears in this area by assuring people, “Patients and their carers should know that no data will be made available for the purposes of selling or administering any kind of insurance and that the NHS and the HSCIC never profit from providing data to outside organisations.”
But now, it seems another type of organisation—one that has nothing to do with medical research—could get access to people’s medical records without explicit consent: the police. This revelation comes from MP and former shadow home secretary David Davis, who told the Guardian that with the new database, police could simply go to the NHS centre and request information about a person’s medical history, without first getting permission from a court.
Even more worryingly, they’ll apparently be able to do this even if you opt out of the scheme, as if the whole opt-out mechanism wasn’t controversial enough in itself. People and groups including the scientific journal Nature have spoken out about the government “downplaying” patients’ right to opt out of the initiative, which has only caused privacy advocates to encourage people not to participate even more. As a Nature editorial put it, "An unfortunate false choice has been established, between scientific progress on one side and protection of privacy on the other."
As it stands, everyone should get a leaflet through their door from the NHS explaining the scheme under the title “Better Information Means Better Care.” But most people still seem unaware that previously confidential data shared between them and their doctor will soon be automatically collected unless they opt out. (I haven’t yet seen a leaflet, though it may have gotten lost among the million takeaway flyers pushed through my door every day, or thrown out by a housemate. Flyering doesn’t exactly seem the most efficient execution of a national awareness campaign.) Opting out isn’t exactly easy, either—you have to contact your GP directly, and it seems likely a lot of people simply won’t bother.
And now it transpires that opting out won’t stop your records being swept up; it will only stop them being shared outside of the NHS. Except, perhaps, tothe police. The Guardian explains that “opting out of data sharing outside the NHS will not prevent records being sucked up and state agencies in some cases will be able to get access to them.”
For their part, a Department of Health spokesman responded, “Any release of identifiable data without consent would only be in a very limited number of exceptional circumstances, where there is a clear basis in existing law—such as for the police to investigate a serious crime."
The main problem isn't necessarily what's going to happen to our data per se; it's the lack of transparency in the whole initiative. People should have the chance to decide whether they want their most personal data to be used in what is, so we're told, an optional programme. But they should be given the full facts to base that decision on, and clear instructions on how to opt out if they so wish.
As a result of the NHS' over-emphasis on how this initiative could benefit healthcare services, and a lack of clarity on—or sometimes complete elision of—how the data may otherwise be used, what could have been a great opportunity to use big data for good is compromised. Using medical records to advance medical research and improve care is a noble aim; but trying to sneak the full implications of data-sharing under the radar risks turning what should have been known only as an innovative research initiative into an invasion of privacy.