NHS Medical Records: Patient information and the “care.data” scheme

There have been several attempts by the UK government to create a patients’ information database. Those attempts have yielded resistance and uproar from those (patient groups, GPs) that will be impacted by the change. The first attempt had the following as its central theme: a centralised database; and all patients will be co opted in (so you have to opt out if you did not want your records). It was not a surprise that GPs were in arms against it (another case of not consulting with those that may be impacted by a change before implementing a change).

Those against the scheme argue the following incessantly:

  • Big brother society‘. It makes us susceptible to government intrusion in our privacy. Your employers may purchase your health records for malicious purposes.
  • UK government has a poor record on data safety. This group point to calamitous losses of data at government entities. Does anyone remember the lost disks saga at the HMRC? Also there was an HMRC employee who lost a laptop containing records of tax payers!

However, information security breaches are not isolated to government organisations. Home Depot and JP Morgan Chase have both been in the news recently for similar reasons.

Data theft and security breaches will not go away. They are issues we will continue to contend with as long as there are financial rewards from such activities (that is what motivates most of the unethical hackers. There are also cases of industrial espionage and many more which may not be directly linked to financial rewards). The more data we store electronically, the higher the probability of the data being stolen.

In order to mitigate some of the risks identified by those that will be impacted by the change, the government has taken a sensible approach and done the following:

  • Removal of personal data from the data that will be stored. The government has made a commitment to removing any personal data from the information that will be stored.
  • Data storage in regional data centres. Instead of the original idea of having one central repository, the government is now thinking of multiple regional data centres.

Although, patients will still be enrolled by default, the removal of personal information from the records (if we believe and trust the government) does eliminate the ‘big brother risk’. In addition, the data (if stolen or if it falls into the wrong hands) cannot be linked to you. However, who will ensure or guarantee that some years down the line, the removal of any personal data from the record will be upheld? Will patients be given the privileges of a decision maker?

Furthermore the decentralisation (regional data centres) of the data warehouses mitigates the risk of having a single point of failure. One would hope that the system access credentials will not be the same across all data warehouses (it will be insania to have a federated directory service providing identity management).

Finally, if the data will indeed be anonymous data, it begs the question: who needs the information and what will the data be used for? Perhaps the data will be used to assess the state of health of a population at any point in time in order to plan health services in such locales. The pharmaceutical and pension industries may also find the data useful.

%d bloggers like this: