Even if this data (date of birth, postcode, etc) would be removed, it would still be rather trivial for e.g. an insurance company to match these records to their customers. Given one or two insurance claims for doctor's appointments, matching the medical records for identical dates is enough to pinpoint a person with adequate certainty.
Then the insurance company can grep the records for mentions of smoking, drinking, drug use or injuries related to dangerous activities like riding horses, motor racing or skiing. Now that the insurance companies can identify patients in these risk groups, they can proceed to doubling the insurance fees of these people.
I think that the insurance companies should not be able to access medical records like this.
edit: please excuse my ignorance on the UK health care system. In my country, you pay a fixed fee when using public health care and you can claim insurance on that.
Do people regularly claim on insurance for NHS doctor's appointments? I know I never have. Regarding the smoking etc, I'm pretty sure that health insurance companies ask if you smoke (and yes, double the cost if you say yes), and giving a lying counts as insurance fraud. Due to that, I'm not too sure how relevant the NHS records would be, other than in cases where someone has lied, in which case I'm not too inclined to feel sorry for them.
Several insurance companies will pay a cash incentive to use NHS services rather than claiming on your insurance [1]. For example if you need to stay over night in hospital and choose an NHS hospital instead of a private one they will give you £50 or more per night.
Nice - my employers private health care insurance includes this and I had never noticed!
Mind you I wonder when it would ever apply - if you have a non-emergency then you will choose to go to a private hospital, if it is an emergency then you don't have any option but to go to an NHS hospital...
Maybe for people who are covered by private health care but aren't close enough to a private hospital to actually use it?
It's presumably the incentive of not using non-NHS facilities (which the insurance company would have to pay for as part of your cover). £50 to stay in an NHS ward vs a bit more to stay in an en-suite room in a private hospital.
If I had insurance, I know for sure which I would be choosing.
Exactly. If you are trying to hide such information from insurance companies that would help them better understand your risks, that is unfair to insurance companies. That is Insurance fraud.
"Given one or two insurance claims for doctor's appointments"
You don't make any kind of insurance claim for visiting a GP (or indeed any other NHS service that I know of). You do make an insurance claim if you have private health insurance in addition to NHS cover but that's optional and entirely separate and that's for visiting a private hospital (although the same senior doctors often work at both NHS and private hospitals).
It's futile to prevent insurance companies from accessing the records - once information is out there, it's out there for ever. It would be better, IMO, to limit the amount of discrimination that private insurance companies can do - or, even better, eliminate all private insurance companies and provide complete health insurance to every citizen (in which case, data-mining research on health data can truly be useful).
Good question, but if they mean the first part only then calling it a postcode would be rather sloppy (this ought really to be called a postcode area or district[1]).
On a similar note, it seems ludicrous to provide a full date of birth rather than the year alone.
Not sure about the identifier used in England and Wales, but in Scotland most boards use the 10-digit CHI number. From this you can determine the patient's date of birth and sex.
For this reason it is not used as a patient identifier for information visible beyond staff cleared to view this personal information. Either data is aggregated to a point where it's not individually identifiable or an anonymised ID is used, and the most distinctive fields removed. I hope that's what's happening here!
> "The extracted information will contain NHS numbers, date of birth, postcode, ethnicity and gender."
> Yikes! Date of birth AND postcode? Pseudoanonymous that is not.
I suspect the article is sensationalising things. That information won't be passed on to anyone by HSCIC it's only used to link all the information about a patient into a single record:
"Your date of birth, full postcode, NHS Number and gender rather than your name will be used to link your records in a secure system, managed by the HSCIC. Once this information has been linked, a new record will be created. This new record will not contain information that identifies you. The type of information shared, and how it is shared, is controlled by law and strict confidentiality rules." - http://www.nhs.uk/caredata
Demographic identifiers are not necessary to deanonymize data. Even if every person is simply referenced by their unique identifier (MRN, PID, whatever term is used locally), patient identity can still be inferred by medical history.
I worked in healthcare IT (electronic medical records) for a while. I sought ways to protect privacy. Technically, there is none.
Only laws can protect privacy now. Such as laws preventing sharing patient data.
and the NHS Number should never be disclosed its effectively the equivalent of your social security number or ni number it's what the NHS uses to track you in the system.
Its why every test you do in the NHS is tagged with your NHS number
Yikes! Date of birth AND postcode? Pseudoanonymous that is not.