If it’s not outright lies, it is downright deceit: the NHS and patient data
I had to visit the hospital the other day. I’m not going to say why, because that’s private, personal and confidential. Suffice it to say that the condition isn’t one that I wouldn’t tell my mother; but it is one that I’d prefer potential employers and insurers know nothing about unless I tell them (it’s probably nothing anyway). I would most certainly not want the pharmaceutical industry to know — the drugs they offer make the (possible) condition much worse, and introduce new ones.
But I don’t need to worry, do I? At the bottom of the hospital appointment letter, in bold type, is the statement:
All personal information about you is kept confidential at all times and is only shared when necessary to support your care and treatment. If we want to use your information for any other purpose, with the exception of when the law requires us to do so, we will talk with you and obtain your consent. If you have any concerns regarding this, please talk to the person providing your care and treatment.
(see grammatical note at the end of this post)
But that’s a lie. While the government wants to start centralizing our GP records in the autumn, it is already doing so with HES (Hospital Episode Statistics). These are already held by the Health and Social Care Information Centre (HSCIC) which is where all of the records will eventually be held. According to the HSCIC website,
HES is a data warehouse containing details of all admissions, outpatient appointments and A&E attendances at NHS hospitals in England.
This data is collected during a patient’s time at hospital and is submitted to allow hospitals to be paid for the care they deliver. HES data is designed to enable secondary use, that is use for non-clinical purposes, of this administrative data.
It is a records-based system that covers all NHS trusts in England, including acute hospitals, primary care trusts and mental health trusts. HES information is stored as a large collection of separate records – one for each period of care – in a secure data warehouse.
We apply a strict statistical disclosure control in accordance with the HES protocol, to all published HES data. This suppresses small numbers to stop people identifying themselves and others, to ensure that patient confidentiality is maintained.
Compare the two statements. It is perfectly clear that the hospital is lying. But the reality is, so is HSCIC.
Back in 2012, the marketing firm PA Consulting bought a copy of the HES data.
So we bought the data and installed it (with certain security restrictions) on our own hardware… [But querying the data took too long.] The alternative was to upload it to the cloud using tools such as Google Storage and use BigQuery to extract data from it… Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds.
(That document seems to have been removed from the PA site, or hidden away. Anyway, I can no longer find it, and have to rely on the copy I have. It seems to have been replaced by a press statement from PA here and another from HSCIC here in a coordinated release. Neither of these should satisfy any patient.)
The HES data sold by the government is pseudonymised — but still includes postcode and age (PA denies that it received DOB or address, but doesn’t specify whether that included ‘age’ and ‘postcode’). In other words, standard HES data specifies very clearly exactly who 98% of the patients actually are and where they live.
And then there’s Beacon Dodsworth, a firm that “provides geographical information system (GIS) mapping software and marketing technology to clients in a wide range of industries” including Estee Lauder, Trinity Mirror Group and Boots. It says
Hospital Episode Statistics (HES) have now been integrated with our P2 People & Places people classification thanks to some hard work from our clever developers.
This means you can now better understand the health needs of local communities and populations and identify trends and patterns in order to target health improvement more effectively.
So we seem to have a system that quite readily sells our hospital records to any marketing company that will pay for them, and then allows those marketing firms to advertise the ability to target us on the basis of our health. And at the same time, the NHS itself tells us something completely different: that the data is only seen by those involved in our treatment.
Now Ross Anderson, chair at the Foundation for Information Policy Research; Phil Booth, coordinator at medConfidential; and Nick Pickles, director at Big Brother Watch, have all filed a complaint with the ICO requesting that the issue be examined in relation to the Data Protection Act.
It will be interesting to see how the ICO can reconcile what to everyone else is a clear but hidden breach of confidential patient data — and the Data Protection Act — with this government’s desire to sell and share everything about us to anyone willing to pay for it, irrespective of our own wishes. Because the one thing we can be very sure about in all of this is that the ICO will do all he can to avoid doing anything at all.
The first sentence is a complete statement. The second sentence is also a complete sentence. There is nothing in the second sentence to indicate that it qualifies the first sentence. There is nothing in these two sentences from which a reasonable patient could infer that it really means, “We will not share your personal data with anyone other than the centralised government database operated by HSCIC, with whom we will always provide all of your details all of the time, and over which we have not the slightest control nor responsibility for your personal data.