Controversial plans to share NHS patient data with third parties revealed
The NHS and its data practices are once again at the center of controversy. A few weeks ago, Express.co.uk reported how a security expert claimed that the data used for the NHS app’s new Covid-19 vaccine passport feature could be used for other purposes, except for international travel. And now the way the NHS handles data has once again been spotlighted, this time over plans to create a database of up to 55 million patient records.
As reported by the Financial times, the database will scrape the medical histories of millions of NHS patients and contain sensitive information such as details of mental and sexual health, criminal records and abuse.
Details on sexual orientation, ethnicity, vaccinations and more will also be collected.
The database collects medical records from every patient in England who is registered with a general practice.
And the sensitive information in the NHS database will reportedly be available to academic and commercial third parties for purposes such as research and planning.
READ MORE: New NHS Vaccine Passport Registers Over 1 Million New Users
If you don’t want your data included in the database, you only have a few weeks left to unsubscribe. Patients need to download this shape from an NHS website, complete it and then give it to their GP by 23 June.
In a message online outlining this data collection, NHS Digital said: “Data will only be made available in response to appropriate requests from organizations approved after independent investigation by our independent group that advises on data disclosure.” In a next post, NHS Digital took a closer look at ‘with whom we share patient data’ and the types of organizations that may be able to submit requests for access to such information.
In addition to the Department of Health and Social Care, Public Health England and NHS England also highlighted “research organisations, including universities, charities, clinical research organizations conducting clinical trials and pharmaceutical companies”. However, the organizations that “probably need access to” patient data” cannot limit themselves to “the organizations mentioned.
Up to 55 million NHS patient records can be scraped for a new database
But the plans have sparked controversy, with privacy activists expressing “serious concerns” about its legality.
Speaking to the FT, Cori Crider, the co-founder of digital rights campaign group Foxglove, wondered what types of organizations would have access to the data.
Crider said: “Are they pharmaceutical companies? The health arm of Google Deepmind? If you ask patients if they want details about their fertility treatment or abortion, or share the results of their colonoscopy with [those companies]they don’t want that.”
The NHS Digital website added that the ‘GP data for planning and research’ will not collect names or addresses of patients.
Data that can be used to identify a patient (such as NHS number, date of birth, full postcode) is replaced by unique codes.
However, NHS Digital said this code can be turned back into data identifying a patient in specific circumstances where there is a “valid legal reason”.
NHS Digital said: “This process is called pseudonymization and means that patients are not identified directly in the data. NHS Digital will be able to use the software to convert the unique codes back to data that can directly identify patients in certain circumstances, and where there is is a valid legal reason.”
A spokesperson for NHS Digital told Express.co.uk: “Patient data is already being used every day to plan and improve healthcare, for research that results in better treatments and to save lives.
“During the pandemic, GP data has been used to help millions of us: help identify and protect the most vulnerable, roll out our industry-leading vaccine program and identify hospital treatments that have prevented people from dying from Covid.
“We have worked with physicians, patients, data, privacy and ethics experts to design and build a better system for collecting this data. The data will only be used for health and care planning and research purposes, by organizations who can demonstrate that they have an appropriate legal basis and a legitimate need to use it.
“We take our responsibility to protect patient data very seriously. Researchers seeking access to this data must be approved by the Independent Group Advising on the Release of Data (IGARD) and a GP Professional Advisory Group (PAG), which includes representatives from the British Medical Association and the Royal College of General Practitioners.”
Check all Technology News here: Gaming Ideology