• Media Enquiries

    07505 448925(24hr)

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

The snoopers charter is dead


More than a year ago, we learned that the Home Office was resurrecting it's plan to monitor every British citizens' internet use. Big Brother Watch led the charge against these plans, giving evidence to Parliament, urging our supporters to write to their MPs and being the central force in the media campaign against the so called Snoopers Charter. We highlighted how the Home Office had misrepresented the work of

Can you support Sgt Danny Nightingale?


Three weeks today, Sergeant Danny Nightingale will report to the Military Court Centre in Bulford, Wiltshire for a preparatory hearing. This is as a result of the Service Prosecuting Authority exercising its right to seek a re-trial of Sgt Nightingale. Like many people, Big Brother Watch has been dismayed at the treatment of Sgt Nightingale. Despite his conviction being quashed at the Court of Appeal,

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

NHS

Patients win choice of sharing medical records

Posted on April 29, 2013 by Big Brother Watch Posted in Data Protection, Databases, Featured, NHS, Privacy | 2 Comments

BCDBu3rCIAAyhwY.jpg_largeEarlier this year, we led the concern that a new NHS data sharing plan would see every patient’s medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control.

On Friday, the Secretary of State confirmed that this will not be the case.

We have worked closely with MedConfidential and Privacy International to ensure this and it is another victory for Big Brother Watch campaigning to protect privacy.

Jeremy Hunt said on Friday: “”GPs will not share information with the HSCIC if people object…people will have a veto on that information being shared in the wider system”

Read more

Patient records out of patient control?

Posted on February 2, 2013 by Big Brother Watch Posted in Databases, Information Commissioner, NHS, Privacy | 18 Comments

BCDBu3rCIAAyhwY.jpg_largeToday’s Daily Mail reports on the latest NHS database plan, which will see information held in GP’s surgeries being extracted and transferred to a new central system.

The agenda in the NHS to share data is far more than just monitoring how heath services are used. We may be witnessing the beginning of the end for patient privacy in the NHS.

Ross Anderson, professor of security engineering at Cambridge University, told the paper: ‘Under these proposals, medical confidentiality is, in effect, dead and there is currently nobody standing in the way.’

Read more

Paperless medical records : where’s the privacy protection?

Posted on January 16, 2013 by Big Brother Watch Posted in Data Protection, Databases, Information Commissioner, NHS | 7 Comments

3797160719_337b4742e7_bToday’s announcement from the Health Secretary that all patient medical records will be held in electronic form by 2018 has grabbed some headlines, but the underlying privacy risks seem to have been given short shrift.

Paperless records is a nice soundbite but the change creates significant privacy risks. The Department of Health needs to be absolutely clear who will hold our medical records, who can access them and reassure patients that their privacy will not be destroyed in another NHS IT blunder.

Detail on how patients will give their consent, who will have access and what rights patients will have after sharing is sparse. As we have previously highlighted, barely any NHS systems have the ability to give patients the option of seeing who has looked at their medical records. Without this audit trail, abuse is often very difficult to spot.

Read more

Another NHS data blunder

Posted on April 16, 2012 by Big Brother Watch Posted in Data Protection, Information Commissioner, NHS, Privacy, United States | 2 Comments

Yesterday’s Sun on Sunday carried details of the latest data protection issue in the NHS, concerning medical details of 600,000 patients.

Data was ‘over collected’ by GE Healthcare and then sent back to the US, despite the Data Protection Act clearly highlighting the need to keep data within the European Economic Area unless robust safeguards are in place.

The data included clinical data and records of weight, age and height and while the company became aware of the fault last year, the Information Commissioner’s Offfice was only notified last month.

NHS Trusts affected were also told, however it appears none decided to notify patients about the incident.

Patients will be shocked to hear that this kind of mistake can happen with details of serious illnesses and their treatments – and that they were not told when it did. Next time the information could be far more serious.

The incident also highlights why it is incredible that the Information Commissioner still requires permission before he can investigate how the NHS protects confidential patient information. The fact this all happened by accident should add further impetus to the need for the ICO to fully investigate the way that cloud and off-shore data services impact on patient privacy.

There should be an urgent investigation into just how many NHS bodies are sending data to other countries to save a few pennies, potentially putting patient privacy at serious risk.

 

 

Where is your data anyway?

Posted on March 27, 2012 by Big Brother Watch Posted in Data Protection, Information Commissioner, International, NHS, Technology | 3 Comments

At the weekend, the Sunday Times broke news of how Indian call centre staff had been caught offering stolen personal information for sale – stolen from UK companys and available for as little as 2p per person. They boasted credit card details, mortgage and loans and phone contracts.

The 1998 Data Protection Act prohibits the transfer of personal information outside the EEA unless there is an adequate level of protection for the information, and for individuals’ rights in relation to that information. If the data is lost, stolen or misused then the UK-based organisation is liable.

The law is clear and back in 2006 Deputy information commissioner David Smith warned “a UK-based business outsourcing a call centre or other aspect of its data processing abroad remains legally liable for any failings. It could face legal action by the Information Commissioner’s Office and by an individual even if a breach takes place outside the UK.”

However, the drive to reduce costs has seen call centres, services and some data hosting move to lower-cost countries, with the latest example being data from the Driver and Vehicle Licensing Agency, including addresses and registration plate numbers, along with credit card details, nowbeing available to staff outside the UK after ministers changed an earlier decision to allow IBM to reduce costs.

IBM runs the congestion charge zone for Transport for London (TfL) and the changes to allow staff abroad to access data is expected to be completed by 18 May.

The risks around off-shoring data are clearly substantial if it is not done in a tightly-controlled way. Whether allowing staff to access data, or physically moving the data abroad, it is essential that the rush to save money does not lead to irrepairable damage to privacy and data security.

Whose data is it anyway?

Posted on December 5, 2011 by Big Brother Watch Posted in Civil Liberties, Data Protection, Databases, ID cards, Information Commissioner, NHS, Privacy | 5 Comments

The Government’s plans to share/sell/publish (depending on which newspaper report you’ve read) anonymous health information features prominently in many national newspapers today. The Sunday Telegraph carried the story with a remark that ‘excessive regulation’ is preventing sharing of information.

It is simply laughable to describe Britain’s data protection regime as excessive. Barely existent is closer to the truth. These proposals do little to address privacy concerns, focusing on potential benefits instead of very real civil liberties questions.

The Government, in trailing the story to the media before any detail has been published, is fuelling a fire that could do untold damage to patient confidence in the NHS.

The proposals also carry very real health concerns. It would be an extremely high price to pay if people, because of fears about confidentiality, told their GP less about their illness. Yet there is already evidence that this is happening and it is regretful the Government has announced this proposal without a serious discussion of confidentiality beforehand.

Coming at a time when the NHS is already the worst performing public organisation on data protection – as highlighted by Big Brother Watch’s recent report into data protection in the NHS. Indeed, it was only a few months ago that the Information Commissioner’s Office questioned whether there was a systematic problem in the NHS around data protection.

As highlighted by the Oxford Internet Institute in the British Medical Journal, “the current system of “partial pseudonymisation” is nothing of the sort: it is a euphemism to describe measures that might prevent immediate identification of individual patients by the person using the data but which do not make re-identification impossible or even difficult.” The Government’s assurances around confidentiality and anonymity have not addressed this point.

It should also be noted that at time when patient choice is a central aspect of health reforms, it is strange how this sharing is currently planned to be done without first giving patients the choice of including their own information in the scheme.

We do not doubt that the objectives of this policy are laudable. However it is simply not the case that personal information is adequately protected under the current system. The Deputy Prime Minister recognised this before the election when he said: “government simply cannot be trusted with our precious private information.”

The data protection regime in Britain requires urgent strengthening before anything resembling this kind of policy should be considered. Until then, Government should explain why it wants to share our data and the evidential basis for doing so. Big Brother Watch looks forward to this debate.

(See here for an interesting example of how in the US, anonymous health information was matched to another data source costing $20, and thus identifying every individual concerned.)

We are of course delighted to welcome Andy Burnham MP, the former minister responsible to ID Cards, to the privacy fold. As the man who once said “Once you link personal facts and figures – address, name, date of birth – to a unique personal stamp, people will have much greater control over the issue of their identity” it is refreshing to see he has accepted the error of his ways!