Government duplicity on patient healthcare data

Last week the Daily Mail wrote:

Unless patients object, officials will start to extract confidential data from their files next month.

This is wrong. It’s talking about the UK government’s plans to extract all health records from our GPs and place them into a single central database which it will then sell to drug companies, insurance companies, academics and others. The Mail is wrong because it doesn’t matter whether you object or not. You cannot stop the collection and centralisation of your personal records.

All you can do is tell your GP that you do not wish to be identifiable from those records. You can do this at two levels: firstly, that you do not wish your identity to be associated with the records stored in the database; and secondly that you do not wish your identity to be associated with the records passed on to third parties (whose only possible purpose in buying this data is to increase their profits).

As far as I can gather — and remember that the government simply does not want us to understand what is going on — if requested by the patient, the system will seek to anonymise the data collected, and pseudoanonymise the data sold. How they will do this is not made clear.

Anonymisation is impossible. Big data makes it impossible. Even if every scrap of directly identifying information is removed (and I very much doubt that will happen) there is so much other data about all of us readily available that anyone with a few resources and determination will be able to identify us by collating the different bits. Drug companies and insurance companies have more than a few resources. This is not, as the government will tell us, a slight theoretical possibility, but a practical reality — and an inevitability.

As for pseudoanonymisation, that is a farce. It literally means slight anonymisation that can be reversed — and reversed it will be.

There’s another aspect. At the moment, if the police want our health records they can get them from our GPs with a warrant. They will no longer need a warrant. Backbench Tory MP David Davis asked the government (written question):

To ask the Secretary of State for Health whether any medical data will be extracted by care.data from GP-held records of patients who have objected to the use of their confidential information by others than those providing them with care.

Daniel Poulter, the Parliamentary Under-Secretary of State for Health, responded (written answer):

In terms of information which identifies a patient, NHS England’s “Better information means better care” leaflet sets out how people can ask their GP practice to note their objections, which will prevent confidential, identifiable data about them being used by the care.data programme, other than in a very limited number of exceptional circumstances.

As examples, existing public health legislation may require data to control the spread of specific infectious diseases or the police may require information about an individual patient when investigating serious crime. Decisions are made on a case-by-case basis and must balance legal requirements, the duty of confidentiality owed to the patient and the accepted public interest in a confidential health service, all against any benefits that may arise from the disclosure.

It is important to note that provisions in the Health and Social Care Act 2012 are designed to strengthen and clarify the role of the Health and Social Care Information Centre so that information can be collected, held securely and made readily available to those who need it in safe, de-identified formats, with crucial safeguards in place to protect the confidential data it holds.

The Health and Social Care Act 2012 is clear that

“information which identifies or enables identification of a person must not be published”.

Poulter’s response is as clear as mud. Note that there is no mention of opting out, merely objecting. But note also that the police ‘may require information about an individual patient’. To get to an individual means they must and can bypass all anonymisation and pseudoanonymisation instructions we give to our doctors.

This month, before March when the collection begins, I shall be doing a number of things:

• demand of my GP (in writing) that my records are collected without identifying information
• demand of my GP (in writing) that my records are not sold or given to third parties with any identifying information
• inform my GP that I forbid the uploading of any of my personal data to a central database, and invoke the European Data Protection directive in support
• write to my MP and explain my objections
• sign all and every petition I can find that objects to this government theft of my personal data (here are two: 38 degrees, and Epetitions)