We have warned for many months that the new NHS database is deeply flawed. Not only does it centralise data into what cyber-security experts call a ‘honeypot’ it also puts at risk patient privacy, both from abuse and also later re-identification.
We’ve highlighted how patients still don’t know what is going on, and remain convinced that a national leaflet drop is simply inadequate to ensure people know about a fundamental change to how their medical records are used.
However, it seems the NHS is equally confused about the risks. Compare and contrast:
February 2, 2013: Tim Kelsey, national director for patients and information at the NHS Commissioning Board, said that data sharing was vital for improving the NHS: “This does not put patient confidentiality at any risk. Data quality in the NHS needs to improve: it is no longer acceptable that at a given moment no one can be sure exactly how many patients are currently receiving chemotherapy, for example.”
And today: Mark Davies, the centre’s public assurance director, told the Guardian there was a “small risk” certain patients could be “re-identified” because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the “pseudonymised” records. “You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk,” he said.
So is there risk or not?
If you would like to opt-out, you can use the form here. Let us know if you have any problems or feedback from your GP.