If you didn’t know already, the NHS plans to make the medical records of some 55 million people available to academic and commercial partners later this month, unless the patients themselves decide to opt out before the deadline. The change, which will bring records together in a centralized database, will only apply to people who live in England and are registered with a GP practice.
Although there is still time to opt out of the data sharing, which will start on June 23, 2021. Ahead of the upcoming deadline, NHS Digital is calling for its new policy, which it says will be used “for research that delivers results in better treatments, and to save lives”.
According to NHS Digital, which manages healthcare IT systems, a new centralized database is needed as the current system used by GP practices, known as General Practice Extraction, is over ten years old. While sensitive information including mental and sexual health data, criminal records, full zip code and date of birth is included in the database. NHS Digital says anything that can be used to identify you from your data is pseudonymized before being uploaded from your local GP practice.
“This means that this data is replaced with unique codes so that patients cannot be directly identified in the data shared with us. The data is also securely encrypted,” explains NHS Digital.
However, the code to decipher the anonymized data is kept by the NHS. This is different from the approach of some tech companies, including Apple and WhatsApp, which do not store the digital keys that can decrypt the anonymized data. That’s why Apple refused to help FBI investigators who hoped to unlock an iPhone owned by one of the terrorist suspects.
NHS has confirmed why it believes patients should be allowed to share their medical records
The software to store GP data is over ten years old, so NHS Digital centralizes everything
According to Apple CEO Tim Cook, “In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections surrounding it. Once the information is known, or a way to bypass the code is revealed, the encryption can be destroyed by anyone with that knowledge.In the physical world it would be the equivalent of a master key, which can open hundreds of millions of locks – from restaurants and banks to shops and homes. No reasonable person would find that acceptable.”
NHS Digital will have the keys to unlocking its anonymized data, but says it “will only ever re-identify the data if there was a lawful reason to do so and it would have to comply with data protection legislation”. In an example scenario of why medical records would be decrypted to reveal the patient’s identity, NHS Digital adds: “a patient may have consented to participate in a research project or clinical trial and have already given consent for their data shared with the researchers for this purpose.”
NHS Digital publishes a list of who it shares its database of anonymized records with, which is updated every month, but privacy activists say it can be extremely difficult to figure out who sees the data due to the NHS’s “opaque” commercial relationships. For its part, the NHS says that patient data is never used for insurance or marketing purposes, promoting or selling products or services, market research or advertising.
The NHS plans to make medical records of some 55 million people available to academic and commercial partners from 1 July 2021. Unless you decide to unsubscribe before the deadline, your GP practice records will be brought together in a central database. It is worth noting that the change only applies to those living in England.
The deadline to opt out of the data grab is June 23, 2021. Ahead of the upcoming deadline, NHS Digital is calling for its new policy, which it says will be used “for research that results in better treatments, and to help save lives.” to rescue”.
However, if you decide to remove yourself from the database, you will need to fill out a form and send it to your GP.
If you don’t do this before the deadline, your medical records will become a permanent part of the NHS Digital database. Opting out after June 23 still works but only applies to future data – all historical data is still available to researchers, academic and commercial partners of the NHS. You will find the form necessary to unsubscribe here.
If you’re not comfortable with the upcoming changes, there’s still time to unsubscribe.
However, NHS Digital says that – if too many people decide to keep their medical records under lock and key – it could have serious implications for research and advanced new treatments in England.
“If a large number of people choose to opt out, the data becomes less useful for planning services and conducting research,” warns NHS Digital in an FAQ on its website about its inbound policy. “This is especially a problem if people from certain areas or groups are more likely to opt out. If that happens, services may not be able to meet the needs of those groups or areas and research can lead to misleading conclusions.”
Of course, the last concern most patients will have about data sharing is whether the NHS can monetize your private health records. According to NHS Digital, that’s not going to happen.
“NHS Digital does not sell data,” the FAQ reads, “but charges those who want to access its data to make the data available to them. This is because we are not centrally funded to do so. The cost only covers the cost of running the service and means those organizations that need access to the data will bear the cost of this, rather than NHS Digital. We are not making any profit from the service.”
Digital rights campaigners Foxglove have questioned the legality of the impending change in a letter to the Department of Health and Social Care. According to attorney Rosa Curling, the public has not been given enough time to learn more about the changes and decide whether to opt out. Curling writes in a letter to the government: “Very few citizens will be aware that the new processing is imminent and will directly affect their personal health data.”
To remove yourself from the database, you must complete a form and send it to your GP. If you don’t do this before the deadline, your medical records will become a permanent part of the NHS Digital database. Opting out after June 23 still works but only applies to future data – all historical data is still available to researchers, academic and commercial partners of the NHS. You will find the form necessary to unsubscribe here.
Advocacy group MedConfidential, a privacy-focused group that has been instrumental in alarming the impending deadline, told the Financial Times: “They try to sneak it out, they give you nominally six weeks and if you don’t do anything based on from web pages on the NHS digital site and some YouTube videos and a few tweets, your entire GP history could have been scraped, never to be deleted.”
Check all Technology News here: Gaming Ideology