England’s NHS plans to share patient records with third parties - only a few weeks left to opt out

[Volpina]

Not sure how many of you are aware of this, but an article in the FT 26 May 2021 is very informative about how to do this. We only have a few weeks to opt out and according to the FT the data collection project is the first of its kind.

NHS Digital apparently confirmed the plan to pool together medical records that will be available to 'academic and commercial third parties for research and planning'. For me that's way too vague.

You have until June 23 to opt out.

do you have a link?

Yes need link please.

Following.

www.theguardian.com/society/2021/may/30/gps-warn-plans-share-patient-data-third-parties-england

It's all over the place now actually - this from Guardian - think the FT is firewalled so I can't link to

www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748

Thanks op....but how do we opt out??

We used this form which we emailed to GP it's from a site called medconfidential.org which seems to be legit.

'Dissent from secondary use of GP patient identifiable data
Dear GP,

I am writing to give notice that I refuse consent for my identifiable information / and the identifiable information of those for whom I am responsible [delete as appropriate] to be transferred from your practice systems for any purpose other than my medical care.

Please take whatever steps necessary to ensure my / our confidential personal information is not uploaded and record my dissent by whatever means possible.

This includes adding the ‘Dissent from secondary use of GP patient identifiable data’ code (Read v2: 9Nu0, CTV3: XaZ89 or SNOMED CT: 827241000000103) to my / our records.

I am aware of the implications of this request, understand it will not affect the care that I / we receive, and I will notify you should I change my mind.
Yours sincerely,
Signature Date _
Information to help identify my records [please complete in BLOCK CAPITALS]
Title Surname / Family name
Postcode
Date of birth
NHS number (if known) _

digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice#what-patient-data-we-collect

This is the announcement from NHS Digital about what they will collect, what they won't collect and how they will or won't protect and use your data. It's worth reading.

Having read the link I have no idea why I'd refuse access to my records.

Mass data will have a lot of impact on many aspects of the NHS, medical interventions etc.

None of the data shared is about me, it's about my use and needs of the NHS, pseudonymised for context.

I think I can live with that. It's far less intrusive than data collected on store cards and cookies.

I'd have some concerns about the security, but not the purpose Curious.

I'm not sure how easy it would be for it to be converted back to directly identifiable data if there was a leak. Possibly not very easy.

This isn't about the NHS benefiting (other than charging for access to the data), it is about large private companies using it to make money.
From a FT editorial (we is NHS digital) "We do not allow data to be used solely for commercial purposes,” it pledges. The word “solely” does much heavy-lifting in that sentence.

Pseudonymised data is disconnected from it's source. As far as I know, from experience, it can't be back engineered, even when that might be to the benefit of the individual.

As for commercial interests being involved, yep! That's what Big Pharma is, amongst other possible partners.

As I said, I'm less bothered by the idea if this than I am the much more personalized data collected in other every day ways.

And the NHS will benefit as much of the research would/could be logistics as well as any specific medicines. There are myriad areas this mass data could be useful in, could be used to increase efficiency etc.

I am aware of the implications of this request,

What are the implications of the request?

If one reads the FT comments people are mostly against this. Some think companies will be able to combine data sets to work out who people are. Say they know the first part of your postcode (the NHS digital link above refers to your full postcode), that is not that helpful but if one combines it with your previous (first part) postcodes from your medical records then you might be identifiable.

What about birth dates, only a small number of women give birth on a particular day at a specific hospital. Combine with birth registration data and one has a small number of people. What if you have something rare, the only one in your area?

It's as though the government want as few people to know about this as possible...

Selling people's data clearly goes hand in hand with their privatisation aims.

Birth dates aren’t included. They a pseudonymised by your GP surgery before the data is even given to NHS digital. As is your full postcode.

They can’t be passed onto a 3rd party in a way that identifies you. It’s probably far more anonymised than the current method of collecting data from GPS.

As far as I can tell, the groups objecting in the articles don’t have an issue with the concept itself, just the short notice and lack of time to properly explain to people.

Link to confirm choices, using full name, date of birth and NHS number

https://your-data-matters.service.nhs.uk/reviewyourchoice

Here's a previous thread with a quick canter through some of the issues of giving out medical data even when pseudonymised.

www.mumsnet.com/Talk/general_health/a1870445-Important-information-for-NHS-patients-in-England?msgid=50462426#50462426

I'll go off now and read about this latest expansion of access to our medical data. The issues round pseudonymisation won't have gone away though: they're intrinsic.

Thanks for the link, Rafa. It says:

NHS Digital will be able to use the same software to convert the unique codes back to data that could directly identify you in certain circumstances, and where there is a valid legal reason.

digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice#what-patient-data-we-collect

Yes. But it has to be approved by an independent board before they do it and in line with the data protection agreement from the ICO.

They aren’t just randomly going to be unanonymising data. I’m struggling to work out how someone in the nhs who wanted to find your medical record to unanonymise it would work it out. Unless they knew enough about your medical history to narrow it down to a single record.

I’d be more worried about someone working in my GP accessing it tbh. Or the way they used to collect the data, which would have involved far more people looking at your data.

We already know some of who would like this data, if they can find an excuse to get their hands on it, because in 2014 it came out that insurance companies were buying NHS data.

They might have to do a bit more work to get around pseudonymisation (possibly not much work, given all the other tracking of us that goes on now and the computing power available to munge it), but the appetite is certainly there to acquire our data and so is the willingness by the government to sell it.

Or even to give it away. IIRC our data was being talked about by US insurance companies as part of post-Brexit trade deals – along with access to the UK healthcare market as UK healthcare is progressively contracted out bit by bit (ie firms receiving UK taxpayer funds and licence to use the NHS logo).

Millions of NHS records sold to insurance firms
Millions of patient records were sold to insurance firms who used it to set their critical illness premiums in a series of 'unacceptable lapses', an independent review finds

www.telegraph.co.uk/news/health/news/10906390/Millions-of-NHS-records-sold-to-insurance-firms.html

For myself, it isn't the individual repersonalisation I'm concerned about.

It's the mass munging of the data of the sort that Facebook did, where it took members' likes of music and posts, and and used it to segment the population into psychometrically aligned groups it called "universes". This data was then used by Cambridge Analytica to target universes, for purposes of political manipulation.

Retailers use the same Facebook universes to try to sell you more stuff.

Facebook also collect a lot more data on you, eg when you visit third party sites like MN that have the Facebook icon, and also using "device identification data" to recognise your mobile phone or laptop when you're on their site. It also, of course, asks for your phone number, and can potentially use that to identify you across a lot sites.

Facebook isn't the only company doing this, of course, just the most well known (and the one that got caught). Lots of sites now collect and trade in our data, and there's the computing power to make use of it in a way that didn't exist when the internet was young.

Oh, and if you don't have a Facebook account, there's a strong suspicion that Facebook is creating what's called a "shadow ID" for people as they move around the internet.

This is what's going on in the Big Data world.

I don't know all the things our medical data will be used for, but I'm pretty sure that some of it I won't be happy with.

[quote FinallyHere]Link to confirm choices, using full name, date of birth and NHS number

https://your-data-matters.service.nhs.uk/reviewyourchoice[/quote]
That's at your end, to prove you are you! It's not the anonymised/pseudonymised data.

It is that the wrong link?

www.nhs.uk/your-nhs-data-matters/manage-your-choice/
I think this is a useful page