Opting out of NHS health data sale

(121 Posts)
OddBoots Sun 18-Aug-13 20:44:17

I wasn't sure what section to put this so I hope here is okay.

Following the news that there are government plans to sell identifiable medical information I'm really not sure what to think. I like the idea of it being easier for research to be undertaken but I'm not sure this is the way to go about it.

There's a site here with information about how to opt out and I'm thinking of opting out until it's a bit clearer what is going to happen to the information.

craftycottontail Mon 19-Aug-13 22:43:52

Parsing - I work in a large insurance company and all our staff have to sign declarations to say they won't look up family/friends' data, and there are extra declarations for the medical data we have access to. Also only a limited number of staff have access to medical data i.e. those who specifically need it to do their job - it isn't accessible to the rest of the staff. There are also declarations every time you sign in to computer programmes about our responsibility to use all data for appropriate company use only too. Could result in disciplinary etc.

There are confidentiality rules around medical data that apply across the board, not just to health care professionals.

craftycottontail Mon 19-Aug-13 22:46:03

(not saying any of this is right btw, just that there are consequences for misuse of data across the board, not just in health care)

NiceTabard Mon 19-Aug-13 22:55:26

IME data protection across the board in financial industry is not always adhered to as much as one might hope.

Sounds like your company is good, crafty smile

DogonBed Mon 19-Aug-13 22:56:36

Parsing - my point was not meant to minimise the issues around this but to give some perspective on other risks since I think people focus on HSCIC (could't remember their new name!) solely. I agree totally re disciplinary but I think that depends on staff being caught. There should be much tighter controls over who can access what.

NiceTabard - I read that paragraph differently. To me it's informing everyone how their data might be shared in accordance with DP act....and refers to a practice that has existed for a long time of billing services for the patients activity

pass identifiable data across a range of regional processing centres, local area teams and commissioning bodies The NHS is run as a business and all parts have to account for their costs and workload. In short this means for me e.g. detailing how many examinations of Type A I have done in month 3. The NHS no.s linked to these exams are shared in order that I cannot make it up - it provides auditable records. The no.s are shared with a secure network in the finance team. They are not passed outside of the the NHS. If a private company was contracted to provide an NHS service (e.g. BUPA) they would do the same to whoever was paying the bill

NiceTabard Mon 19-Aug-13 22:57:14

And no question that financial sector would love to get their hands on data this comprehensive and identifiable.

Non identifiability is a huge block when matching datasets across different lifestyle areas, and that is an area with a huge amount of interest at the mo.

This scheme gives me the heeby-jeebies.

DogonBed Mon 19-Aug-13 22:59:18

Just as an example of data sharing as I have described it doesn't say Dog has had a barium enema and then a colonoscopy

It's an excel sheet of NHS numbers against a particular 'tariff' for that cost centre

My number is 1234567890 and tariff 4 etc

NiceTabard Mon 19-Aug-13 23:01:27

Dogonbed is it current practice within the NHS to sell individually identifiable case notes on people who accredited organisations find interesting?

I am surprised about that, I would have thought that any current sharing of data outside the NHS was wholly anonymised. Even to the extent that certain info would be with-held if it could potentially be used to identify someone.

That is supposed to be the practice outside the NHS even when looking at pretty mundane information.

All of this is a huge shock to me.

TigerSwallowTail Mon 19-Aug-13 23:02:15

Thanks for sharing OP.

Do you know if this will affect Scotland? I can only see information about England in the links.

NiceTabard Mon 19-Aug-13 23:03:59

Dogon is this information that you are sharing / being shared with as a private sector employee outside the healthcare sector?

NiceTabard Mon 19-Aug-13 23:07:00

I can see that eg BUPA healthcare need to charge the NHS when they do work for them and bill accordingly.

And that NHS shares info within itself.

This is different though, selling info to others, not sharing it for reasons directly connected to your care.

DogonBed Mon 19-Aug-13 23:28:30

Dogonbed is it current practice within the NHS to sell individually identifiable case notes on people who accredited organisations find interesting? Not as far as I am aware

Dogon is this information that you are sharing / being shared with as a private sector employee outside the healthcare sector? No

This is different though, selling info to others, not sharing it for reasons directly connected to your care Yes the articles that OP has highlighted do suggest a worrying extension and it's appalling because it is driven by financial gain rather than care driven needs.

My previous post was saying how I interpreted the bit you CnPasted in the terms of admin to facilitate care rather than info sharing for purposes other than care

NiceTabard Mon 19-Aug-13 23:33:01

Ah right. Yes there is sharing at the mo but if you look at the link in the OP and others on the thread it seems to go much further than the (understandable) sharing of info that goes on at the mo.

I know that private sector esp financial services will be falling over themselves to get this data and it sounds all wrong.

Also this stuff about being able to track and identify individuals of interest. Does anyone know if that would extend to contacting people to see if they would be interested in assisting with research? Which is really really intrusive. Also contacting for sales purposes.

I'm really uncomfortable with all of this, from what I have read.

SunnyIntervals Mon 19-Aug-13 23:34:24

sad

ParsingFancy Tue 20-Aug-13 06:57:56

It's nice to hear your company comes down on individuals who look at data without authorisation, crafty, but I'm more worried about the "in order to do their job" bit.

Because the "job" itself might be detrimental to the individual.

Eg if prospective employers added "looking at family medical records" to their standard checks. Some go to the trouble of looking on Facebook etc, so it's a no brainer they would do this as well if they could. And claim it had nooooooothing to do with a candidate turning out to be "unsuitable".

NightFallsFast Tue 20-Aug-13 07:20:27

I'm a GP and have recieved absolutely no information about this from the NHS/government. Which is pretty usual, every few months there's a new 'thing' in the news and patients come into ask about it and we have nonmore info than is in the newspapers.

ParsingFancy Tue 20-Aug-13 08:07:51

Holy moley.shock

Well I wrote that about employment and went off to do something else - and fell across info about employment screening companies.

Take a look at this thread on MSE.

These screening companies are demanding proof of living at an address for 4 years before application for a job, proof of having discharged a CCJ 8 yrs previously, ringing round family and friends with detailed questionnaires. Another forum had someone having a job offer withdrawn because his college sent back different dates for his A level course.

Are these for jobs at MI6? No, for Virgin Media and Vodafone.

Sorry, that's a slight hijack. But I'm shockshockshock at the casual intrusiveness.

LegoCaltrops Tue 20-Aug-13 09:38:20

As far as I can see, the Telegraph article says "names and addresses, postcodes and date of birth will not be uploaded but gender and ethnicity will." I can't see anything that says that NHS numbers will be included either, although I may have missed that. I do agree it's a concern & will be asking my GP about opting out ASAP. It's got to get through parliament first though so hopefully it won't happen.

ParsingFancy Tue 20-Aug-13 09:52:46

From second link: "Each piece of information will made identifiable by uploading it along with your NHS number, date of birth, post code, gender and ethnicity."

And here's the HSCIC tariff list, detailing its products, eg "Bespoke extract – containing personal confidential data: A one-off extract tailored to the customer’s requirements of specified data fields containing patient identifiable data, sensitive data items or both."

Of course there may be restrictions - especially to begin with - on which sort of customer can buy which sort of data. But physically the HSCIC will have the lot, so it's a just a stroke of a pen to change who gets what.

ParsingFancy Tue 20-Aug-13 09:59:23

I don't know what this HSCIC product means: "Bespoke data linkage: A bespoke service linking one or more data sets held by the HSCIC to data supplied by the customer."

Sconset Tue 20-Aug-13 10:20:12

we did have something from our gp practice, but we were in the middle of moving, and it got filed in the 'important but not pressing' box, and not seen it since blush
It said something about april...

Solopower1 Tue 20-Aug-13 18:27:24

Thank you OP for starting this thread.

What this shows is an attitude that is really beginning to get to me. It's 'Because you use this service, we own your data'. You see it with cookies and on websites etc - 'if you want to access this site, you have to give us your name and address (at least)'.

Soon, very soon, the govt will be saying that it's in the national interests for them to have and store and sell our health data. Which will mean that anyone who objects is a traitor, and could have information that would be useful to terrorists. Then you'd get arrested at an airport, have all your documents confiscated and copied, and questioned about - oh I don't know - football or something. You'd be released a few hours later if you are lucky - after you've missed your flight/job interview/family gathering - and the police would keep tabs on you and your family for ever after.

Mark my words - it's the thin edge of the wedge and we're all doomed.

<Trundles off to make the tea>

Solopower1 Tue 20-Aug-13 18:30:03

Not that I'm making fun of this. I would definitely opt out if it happened in Scotland. The problem is that you really don't seem to be able to trust anyone to keep your details secret now, not with companies panting to get their grubby maulers on it - and willing to pay.

I think we should all be put in charge of our own data - by right. If someone wants it they should ask us if they can buy it. Cut out the middle man.

NiceTabard Tue 20-Aug-13 19:07:08

Parsingfancy it means that eg a financial services company or supermarket have a big database of existing customers, or people who have applied for stuff, and that can be linked with one or more of the medical datasets held by this company, thus giving a more detailed picture of the people. Often used for targeted selling purposes.

LegoCaltrops Tue 20-Aug-13 21:38:39

ParsingFancy thanks for that. I had thought that might be the case but missed that bit amongst all the links. DH was absolutely adamant this morning that the government couldn't possibly sell this sort of information, so I showed him the links. Then he said well it will never get through parliament (hope he is right). Then he said 'they definitely can't sell it with identifiable details like your address'. I just mentioned the latest link & he did that annoying grunt thing - you know where they know they have got it wrong but won't admit it. I bet he will let them sell his details now just to spite me...

5minutejourney Wed 21-Aug-13 11:08:51

it will never get through parliament
I'm sorry to say that it already has got through parliament.

The government is treating NHS patients like Facebook treats its users: They provide an ostensibly "free" service, and then sell our private details to the highest bidder behind our backs.

The Medconfidential site is a great resource. One of the people behind it is Ross Anderson, a security researcher at the University of Cambridge who has written a lot about these plans, e.g. here in the Guardian, and on this blog.

The supposed "anonymisation" of these records is a big lie. Effectively anonymising personal records, in a manner that they can't be re-identified, is actually a hard task, it's not just a matter of deleting name and address. For example, a well-known bit of research showed that 87 percent of all Americans could be uniquely identified using only three bits of information: ZIP code [postcode], birthdate, and sex. Basically, what will happen is that companies will buy access to these "anonymised" databases, cross-reference them with publicly available data (electoral register, data from facebook etc.) in order to re-identify people, and then spam us with targeted advertising based on our medical records.

Currently, this system doesn't apply to Scotland, but apparently there may be plans for something similar.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now