• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency


Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance


Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

NHS

No Halt to the Sharing of Medical Records

Posted on by Dan Nesbitt Posted in Data Protection, Databases, NHS | 3 Comments

iStock_000016822421MediumDespite uncovering thousands of cases of patient information being wrongly disclosed to third parties a recent review into the sharing of medical records with private sector companies endorses the practice.

The Daily Telegraph reports that the review, conducted by Sir Nick Partridge found that “tens of thousands of records were wrongly passed to third parties”. However Sir Nick argued that the proper checks and balances were now in place.

This is not the first time questions have been raised about the NHS’ ability to keep patient data secure. Earlier this month Big Brother Watch published NHS Data Breaches, a report into the subject (PDF). It found that data security is an ongoing problem, over the last four years patient confidentiality had been breached at least 7,255 times.

The major issue to be resolved is the level of deterrent the Data Protection Act 1998 poses to individuals who are intent on breaking its provisions. Currently the courts can only hand down a fine to those guilty of maliciously breaching the terms of the Act.

Read more

Another Day another Data Breach

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Medical Records, NHS, Privacy | 1 Comment

3797160719_337b4742e7_bIn what is becoming an ever more regular occurrence for the NHS, it has been reported that the East Midlands Ambulance Service has lost a disk containing the notes of 42,000 patients’ who had been treated by paramedics in the last few months.

This incident once again underlines the dangers of organisations holding increasing amounts of personal information about individuals both electronically or in paper format. It seems obvious that the greater the amount of information that is held in one place, the more likely it is to go missing, either by accident or as the result of a deliberate breach. Indeed, just last week Kent Social Care Professionals unintentionally sent out an email containing the names, addresses and phone numbers of 120 elderly and vulnerable individuals to nearly 200 people.

Accidental leaks such as this make the need for proper data protection training amongst staff painfully apparent. If an organisation knows that it is going to hold large amounts of personal information, about staff or customers, it should ensure that its employees know their responsibilities under the Data Protection Act 1998 (DPA). Of course this cannot help to stop those who wish to purposely breach data protection law. This can only be achieved by improving the sanctions that are available to punish those who seek to misuse personal information.

Read more

Patients still in the dark about medical data uses

Posted on by Big Brother Watch Posted in Medical Records, NHS, Privacy | 2 Comments

dna-3Today’s publication of  the Health and Social Care Information Centre’s (HSCIC) register of data releases is striking for what it does not include. It is only the tip of the iceberg.

Minister Dr Dan Poulter told Parliament on 25 March that records of the data released by HSCIC would be made public and would cover “all the data releases” made. He said: “Following concerns expressed by the Health Select Committee in its meeting of February 25, Sir Nick Partridge, a newly-appointed Non-Executive Director on the HSCIC Board, has agreed to conduct an audit of all the data releases made by the predecessor organisation, the NHS Information Centre, and report on this to the HSCIC Board by the end of April. Furthermore, a report detailing all data released by the HSCIC from April 2013, (including the legal basis under which data was released and the purpose to which the data are being put), will be published by HSCIC on April 2. This report will be updated quarterly.”

This does not appear to be the case. HSCIC have either deliberately sought to limit the scale of the disclosure by concentrating on one data set – Hospital Episode Statistics – or they have such a poor grasp on what information has been released that they do not want to admit their ignorance. Either way, it is not a full publication and HSCIC must immediately explain why. Read more

Care.data delay is not the end of the issue

Posted on by Big Brother Watch Posted in Databases, Information Commissioner, NHS | 7 Comments

Times_caredataIn a campaign victory for Big Brother Watch, medconfidential and others, the care.data scheme has been delayed for six months.

This is not the end of the issue. We have significant ongoing concerns regarding the care.data scheme, both in terms of how patients have been told about what is happening and the long term privacy implications of creating a new database and releasing data that could be used to re-identify patients.

We welcome the fact that NHS England has recognised its efforts to communicate the scheme have been inadequate, something we have repeatedly warned about, not least the use of a junk mail leaflet to households that did not mention any of the risks involved.

Simply, however, NHS England had one job – to ensure patients and GPs were properly aware of the scheme and could make an informed choice about participation. Despite more than a year to achieve this, they have totally failed to do so. NHS England has serious questions to ask about its strategy that has tried to railroad through a significant change in how our medical records are used.

Read more

Care.data – rhetoric is easy but the reality is not so simple

Posted on by Big Brother Watch Posted in Databases, Information Commissioner, Medical Records, NHS | 2 Comments

3797160719_337b4742e7_bToday two articles have appeared on care.data, with are worthy of a few comments.

Firstly, George Freeman MP writes in the Telegraph:

“We must do everything to ensure a robust regime that will protect data from hacking and from any potential misuse. But at the same time, we must not block life-saving advances.”

As we have repeatedly pointed out, the Data Protection Regime is woefully inadequate and those who committ a criminal offence under Section 55 of the DPA cannot be sent to prison, merely fined. Mr Freeman does not suggest this should change, as we have repeatedly called for.

Equally, Mr Freeman writes: “we need to move health from being something done to you by government to something citizens take responsibility for themselves”

Interestingly, Mr Freeman also has his own legislation on this topic – the Patient Data Bill. The first two principles the bill states are:

(2) The Ownership Principle is that patients own their medical data.
(3) The Control Principle is that patients have the right to access their medical data and to control its use (including the right to share it for research or other purposes).

Yet care.data does neither of those things – quite the opposite. If you believe in people controlling their records, pulling them into a central database purely on the back of a junk mailing is hardly making patient ownership and control a reality.

Read more

GP exposes bullying tactics behind care.data scheme

Posted on by Emma Carr Posted in NHS | 14 Comments

3797160719_337b4742e7_bAs NHS England remains adamant to push through the care.data scheme despite concerns not being properly addressed, it was only a matter of time before GP’s started to publicly speak about. Unsurprisingly this has not gone down well with NHS England.

A GP in Oxford has accused the NHS of using ‘blatantly bullying’ tactics to ‘bulldoze’ doctors and patients into complying with the scheme. The government has made several statements about the fact that GP’s are responsible for their patients’ data, yet it now appears that they are being told that they aren’t able to act when they have genuine concerns.

Dr Gancz has revealed that he received a ‘threatening’ email from Thames Valley NHS England warning him that he would be ‘in breach of his contract’ if he did not automatically opt his patients in to the scheme. He said it also contained the ‘Big Brother-ish’ demand that he remove a statement on his surgery’s website which warned patients that he was ‘concerned’ about the scheme.

Read more

The new NHS database : safe or not?

Posted on by Big Brother Watch Posted in Information Commissioner, Medical Records, NHS, Privacy | 3 Comments

dna-2We have warned for many months that the new NHS database is deeply flawed. Not only does it centralise data into what cyber-security experts call a ‘honeypot’ it also puts at risk patient privacy, both from abuse and also later re-identification.

We’ve highlighted how patients still don’t know what is going on, and remain convinced that a national leaflet drop is simply inadequate to ensure people know about a fundamental change to how their medical records are used.

However, it seems the NHS is equally confused about the risks. Compare and contrast:

February 2, 2013: Tim Kelsey, national director for patients and information at the NHS Commissioning Board, said that data sharing was vital for improving the NHS: “This does not put patient confidentiality at any risk. Data quality in the NHS needs to improve: it is no longer acceptable that at a given moment no one can be sure exactly how many patients are currently receiving chemotherapy, for example.”

And today: Mark Davies, the centre’s public assurance director, told the Guardian there was a “small risk” certain patients could be “re-identified” because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the “pseudonymised” records. “You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk,” he said.

So is there risk or not?

If you would like to opt-out, you can use the form here. Let us know if you have any problems or feedback from your GP.

Patients remain ill-informed about changes to medical records

Posted on by Emma Carr Posted in Data Protection, Medical Records, NHS | 6 Comments

3797160719_337b4742e7_bLast week we wrote about the leaflet that every household will be receiving from NHS England detailing serious changes to the way our medical records are shared. We warned that such a lacklustre scheme to inform the public is arguably illegal under data protection law and goes against the Government’s commitment to give patients control over their medical records.

Today, the British Heart Foundation, Arthritis Research UK, Cancer Research UK, Diabetes UK, the Academy of Medical Sciences, the Medical Research Council and the Wellcome Trust have launched an advertising campaign encouraging people not to opt out of the initiative.

Quite simply, patients should not be forced, or feel pressured, to take part in a scheme that involved sharing details contained in their medical records. Especially at a time when NHS England has failed to properly inform patients about how medical records will be shared and which organisations will be able to see them.

Read more

NHS England’s wholly inadequate leaflet drop

Posted on by Emma Carr Posted in Data Protection, Databases, Medical Records, NHS | 6 Comments

3797160719_337b4742e7_bWhen you check your letterbox for mail this morning, make sure you take a second glance because you might just miss a leaflet from NHS England detailing serious changes to the way our medical records are shared.

Last year we campaigned to ensure that patients have the right to opt-out of these changes, however, despite this victory for patient privacy, NHS England has taken the decision that if patients do wish to opt-out of sharing their medical records then they must visit their GP to do so. Given GPs are already very busy, people should not have to see their GP to opt-out of the system. It should be possible to opt-out online or over the phone, and people who opted out of previous NHS IT projects, such as the Summary Care Records, should have their choice carried over for this system.

Read more

GPs threaten to boycott NHS database

Posted on by Big Brother Watch Posted in Data Protection, Information Commissioner, NHS, Privacy | 3 Comments

3797160719_337b4742e7_bThe Daily Mail reports that GPs are threatening to boycott the new NHS care.data system.

Their concerns are entirely reasonable. Patients have had zero direct communication from the NHS about the program, patient information posters are wholly uninformative and have only been displayed in GP surgeries, rather than being sent to patients. If you don’t visit your GP every few weeks then it’s likely you wouldn’t see the poster before it was too late (and even if you did read the poster, it’s likely you’ll have no idea what it’s talking about.)

Previously we applauded that patients had won the choice of deciding what would happen with their medical records, and that existing opt-outs would be honored. Speaking at the time, the Secretary of State for Health said: ”GPs will not share information with the HSCIC if people object…people will have a veto on that information being shared in the wider system”

Read more