This information will only be used to cause harm and bring misery to people when they need help the most.
I have private medical insurance through my work. Last year I made two claims, which were covered by the insurance company. However after the second claim they sent me a letter requesting access to my medical records. Obviously I told them to fuck off as they're an insurance company and have no business poking through my medial history.
This data probably shouldn't ever exist, but if it's going to, it should be anonymous.
This information could invaluable to the medical research community as a whole and shouldnt have any adverse consequences for individual patients if suitably anonymised.
Currently I don't have sufficient information to judge whether I need to opt out or not so I'm withholding judgemeny.
Making that data truly anonymous so that you cannot de-anonymize it with other data sets is likely impossible. You would have to remove so much that the data becomes useless.
The NHS provide shockingly little information on how to opt out. The leaflet that came through all our doors about this was vague. There is no official form, they just suggest you talk to your surgery. Legislation passed in 2012 allows the NHS to use our data with out first seeking our consent.
So that's what I did. Because they don't give this scheme a name, it's hard to talk reception staff about exactly what it is you want to opt out of. They were very understanding, but left me with forms to opt out of the Summary Care Record which is not the same thing. Even if you've already oped out of the Summary Care Record you must still opt out of this.
An email to the practise manager did the trick though. I asked by what mechanism they achieve the opt out, as it all seem very vague. A very helpful and prompt response explained that a change has been made to the access conditions of my record in System One (the monolithic care record system) such that it can't be used for this purpose.
All of which is great. But this scheme should clearly be on an opt in basis.
And what happens if someone has medical records in the UK but no longer lives there? They'd never receive the notice and not have a UK GP to contact to opt out!
Even if this data (date of birth, postcode, etc) would be removed, it would still be rather trivial for e.g. an insurance company to match these records to their customers. Given one or two insurance claims for doctor's appointments, matching the medical records for identical dates is enough to pinpoint a person with adequate certainty.
Then the insurance company can grep the records for mentions of smoking, drinking, drug use or injuries related to dangerous activities like riding horses, motor racing or skiing. Now that the insurance companies can identify patients in these risk groups, they can proceed to doubling the insurance fees of these people.
I think that the insurance companies should not be able to access medical records like this.
edit: please excuse my ignorance on the UK health care system. In my country, you pay a fixed fee when using public health care and you can claim insurance on that.
Do people regularly claim on insurance for NHS doctor's appointments? I know I never have. Regarding the smoking etc, I'm pretty sure that health insurance companies ask if you smoke (and yes, double the cost if you say yes), and giving a lying counts as insurance fraud. Due to that, I'm not too sure how relevant the NHS records would be, other than in cases where someone has lied, in which case I'm not too inclined to feel sorry for them.
Several insurance companies will pay a cash incentive to use NHS services rather than claiming on your insurance [1]. For example if you need to stay over night in hospital and choose an NHS hospital instead of a private one they will give you £50 or more per night.
Nice - my employers private health care insurance includes this and I had never noticed!
Mind you I wonder when it would ever apply - if you have a non-emergency then you will choose to go to a private hospital, if it is an emergency then you don't have any option but to go to an NHS hospital...
Maybe for people who are covered by private health care but aren't close enough to a private hospital to actually use it?
It's presumably the incentive of not using non-NHS facilities (which the insurance company would have to pay for as part of your cover). £50 to stay in an NHS ward vs a bit more to stay in an en-suite room in a private hospital.
If I had insurance, I know for sure which I would be choosing.
Exactly. If you are trying to hide such information from insurance companies that would help them better understand your risks, that is unfair to insurance companies. That is Insurance fraud.
"Given one or two insurance claims for doctor's appointments"
You don't make any kind of insurance claim for visiting a GP (or indeed any other NHS service that I know of). You do make an insurance claim if you have private health insurance in addition to NHS cover but that's optional and entirely separate and that's for visiting a private hospital (although the same senior doctors often work at both NHS and private hospitals).
It's futile to prevent insurance companies from accessing the records - once information is out there, it's out there for ever. It would be better, IMO, to limit the amount of discrimination that private insurance companies can do - or, even better, eliminate all private insurance companies and provide complete health insurance to every citizen (in which case, data-mining research on health data can truly be useful).
Good question, but if they mean the first part only then calling it a postcode would be rather sloppy (this ought really to be called a postcode area or district[1]).
On a similar note, it seems ludicrous to provide a full date of birth rather than the year alone.
Not sure about the identifier used in England and Wales, but in Scotland most boards use the 10-digit CHI number. From this you can determine the patient's date of birth and sex.
For this reason it is not used as a patient identifier for information visible beyond staff cleared to view this personal information. Either data is aggregated to a point where it's not individually identifiable or an anonymised ID is used, and the most distinctive fields removed. I hope that's what's happening here!
> "The extracted information will contain NHS numbers, date of birth, postcode, ethnicity and gender."
> Yikes! Date of birth AND postcode? Pseudoanonymous that is not.
I suspect the article is sensationalising things. That information won't be passed on to anyone by HSCIC it's only used to link all the information about a patient into a single record:
"Your date of birth, full postcode, NHS Number and gender rather than your name will be used to link your records in a secure system, managed by the HSCIC. Once this information has been linked, a new record will be created. This new record will not contain information that identifies you. The type of information shared, and how it is shared, is controlled by law and strict confidentiality rules." - http://www.nhs.uk/caredata
Demographic identifiers are not necessary to deanonymize data. Even if every person is simply referenced by their unique identifier (MRN, PID, whatever term is used locally), patient identity can still be inferred by medical history.
I worked in healthcare IT (electronic medical records) for a while. I sought ways to protect privacy. Technically, there is none.
Only laws can protect privacy now. Such as laws preventing sharing patient data.
and the NHS Number should never be disclosed its effectively the equivalent of your social security number or ni number it's what the NHS uses to track you in the system.
Its why every test you do in the NHS is tagged with your NHS number
It's unclear why they didn't get the UK Data Service to handle this, who have extensive experience in anonymization and data control (they handle the processing of census data and HMRC tax information by external researchers among other things).
The data gets held in N3 which is an entirely separate system/network, and has a much higher set of standards than UKDS would largely be used to using. HSCIC are well used to doing this as well.
It may be that the Guardian is misreporting it, but from their description the data level is far less anonymized than what I've seen when working with UKDS data.
The care.data program was also the subject of an editorial in this week's issue of Nature [0]
Ross Anderson has a blog post with links to more details [1], including a PDF of how the patient information leaflet 'should really have been drafted' [2] (quite different to how it was - [3]).
FYI. If your insurance company requires you to disclose pre-existing conditions and you fail to do so, it will give legitimate grounds for the insurance company to cancel your insurance if you ever make a claim in the future.
I'm not sure if you read the article, but I'll assume you have and you missed the part where this was about the NHS in England.
My healthcare when I turn up to hospital in the UK isn't being paid for by an insurance company, it is - basically - funded through taxes and administered through central government.
> This is equivalent of Tea Party activist proclaiming "Keep government out of my Medicare".
I see little conflict of interest between the government and the insured citizens (lower costs, keep healthy people healthy, make sick people healthier), while there is a lot of conflict of interest between private insurers and their (potential) customers (not insure sick people, only insure those healthy people who have little chance of becoming sick, do all they can to avoid paying in case of a claim).
That's both useless and inconvenient. Their site even says a doctor might not actually do it, and having the optout so hidden in that way would violate the spirit of not the letter of the Data Protection Act. It's also a huge waste of time and money on the NHS, which is already expensive and overstretched.
Well spotted, I think we all tend to forget that there are actually 4 separate NHSs in the UK - one each for England, Scotland, Wales and Northern Ireland:
This is mostly a good thing. The NHS is of course a huge trove of valuable information, but there are some incredibly compelling reasons to make it available to anyone who can improve patient care - start-ups should be interested in this too.
In an ideal society, I totally agree. However, in today's world, such data will mostly be exploited by health insurance companies, credit rating agencies, employers, and paparazzi. Unless, of course, the government(s) pass laws that protect the rights of the people and limit the influence of the industry, but that is rather the opposite of what has been happening recently.
It's not so much health insurance companies I'm worried about, as they will probably have access to medical information about their clients anyway, and organisations like BUPA probably do take patient confidentiality seriously.
I'm more concerned about other forms of insurance, and about links to people related to you and not you personally. For example, what if people start getting a higher car insurance quote because someone in their household had an alcohol problem a few years ago? What if parents start getting refused life insurance because someone's sibling died young from an unlucky genetic problem?
Plus there are the obvious concerns if employers or their representatives/trade bodies can get hold of this kind of data and discriminate in dubious ways when making hiring decisions (sorry, we don't hire anyone who ever had a drug problem, even if they've been clean for a decade), media people going after celebrities/politicians/crime victims (that rape victim was obviously a slut, look at the two STIs she's had in the past five years), and so on.
I agree, except for the last one, which I'm not concerned about - in an open/transparent society, such "problems" (slut/drug abuser/B&D/...) would not be considered problems any more, but only "life phases"/"exploration periods"/"lifestyles" - after all, when everybody is "weird" in one way or another, nobody is really weird any more.
It's only the commercial exploitation I'm worried about - it has a lot of potential to meaningfully impact human lives, usually for the worse, and often because of things said humans have no influence on.
Though for those living in totalitarian/fascist societies (e.g. gays in Putin's Russia) have much better reasons to be concerned.
I'm surprised no one has mentioned the most obvious exploitation: politicians. If you could just vote for my proposal, or perhaps send me some money, I could arrange for no one to find out about ...
Company execs are about the same way. So you earn 100K pounds per year and someone wants 1K pounds to keep something quiet that could derail your career. Well, OK then. As long as it doesn't scale to 100 people all trying to blackmail the same guy. Or if you could just sign this sale contract with our company, we'd have no reason to explain to our shareholders all about your mental health issues 30 years ago that obviously cost us the contract.
re: the risk of insurance companies using the data to reconstruct identities: Mark Davies, the centre's public assurance director says "I think it is a small, theoretical risk"
this guy is either (a) a liar or (b) horribly naive or (c) misinformed by his experts (or all of the above)
Even if the data are "pseudonymised", if they still contain age, gender, ethnicity, postal code, and even a small smattering of medical info (or other info) then it's pretty much a done deal to link the records back to a person.
Think of it this way as well : even if they can "only" narrow down a given record to 100 people, so what? They just treat those 100 people the same (i.e. poorly).
This sets a horrible precedent. One's medical records ought to be one's personal, private property, and any release of such ought to be with the express permission of the owner (i.e. the patient).
I read this article and was astounded there wasn't a massive outcry about this. Then I dug around some more and it seems the guardian article is really quite misleading.
The "pseudonymised data" is also referred to "amber data" and does not contain the postcode, DoB or NHS number of the patients.
The "red data" which contains this additional information is not available to 3rd parties except in exceptional circumstances - eg: a national emergency with an outbreak of some deadly disease where the government is trying to contain it.
I have private medical insurance through my work. Last year I made two claims, which were covered by the insurance company. However after the second claim they sent me a letter requesting access to my medical records. Obviously I told them to fuck off as they're an insurance company and have no business poking through my medial history.
This data probably shouldn't ever exist, but if it's going to, it should be anonymous.
Going to see if I can opt out ... somehow.