Martin Caldwell: My concerns about

Over 212,000 people have signed a petition calling on the government and NHS England to think again about selling access to our personal medical information to private companies.

Our members are very worried about the government’s proposed collection and sale of patient data held by GPs. They are deeply concerned about who will have access to the data, about others seeking to make money from their medical histories, and about protecting their privacy.

Let me be clear, we are not arguing that these data should not be used for medical research purposes. What our members are asking is that open season isn’t declared on their private medical information—at least not in the way it is currently proposed. What may have started with the best of intentions to improve patient care, has rapidly degenerated into an attempt to monetise our medical records.

Governments make lots of promises that later turn out to not be true, especially when it comes to how our personal data are used. We’ve recently seen how the intelligence agencies have arguably been misusing our personal data on an epic scale. Every email we write, every phone call we make, every website we visit, is logged, scanned, and stored by a variety of companies and government agencies. What is particularly disturbing about the proposals as they stand, is that the government is proposing to extend this new world to the consultation room.

The government argues that all personal identifiers will be removed from the saleable records. This may be true, but it doesn’t take a genius to use other publicly available data like DVLA records, credit files, and the electoral register to easily identify people and their medical conditions. Whatever the assurances are from the government, they aren’t enough. Our data won’t be as safe, and won’t be as secure, as the government and NHS England wants us to believe. The only way to mitigate corporate misuse of our data is to prevent anyone not conducting medical research from having access to the data in the first place.

Imagine the implications for individuals if insurance companies seek to match up data with their own? Perhaps banks will seek to use the information to deny people long term credit such as mortgages? Or maybe personal injury lawyers will want to use the data to help them identify people who’ve had serious accidents? That’s the big problem with the proposals as they stand, by making data open to private companies—no one is sure exactly how they will be used and by whom.

It doesn’t get much more personal than the conversations we have with our family doctors. They often know some of the most private details about our lives—maybe you had abortion, maybe you are struggling with drug or alcohol problems, or maybe you have a disease with a heavy stigma associated with it. We all probably have things in our files that we don’t really want the world to know about. But under the proposed system, whatever is in our records will be publically available for anyone with the cash to buy it.

It is true that patients can opt out. But the government isn’t exactly making this easy for patients, their doctors, practice managers, and receptionists. The current advice is to phone up your practice and opt out over the phone. Not only does this make the barriers to opting out quite high, it places the burden of dealing with the new system firmly on hard pressed general practices.

There is a clear way forward for the government and the whizzes that dreamt up the new system—that is to not sell access to personal medical information to anyone not conducting medical research. Unless the government is determined to make a fast buck from our medical histories this is a very realistic way to make the system better, restore trust, and potentially improve health outcomes for millions of people.

Competing interests: I declare that I have read and understood the BMJ group policy on declaration of interests and I hereby declare the following interests: I’m employed by who are running a campaign to stop the sale of GP patient data on the open market.

Martin Caldwell is a campaigner with the online campaign group

  • steve black

    I’m far more worried about the fact that the bogus claims about potential privacy breaches are getting in the way of something the NHS should have been doing for operational reasons for years.

    The idea that private firms will strip mine GP data for profit is nonsense not least because doing so would be illegal. But also because they probably don’t need to, since most people’s information (not their medical records but the stuff marketers might want to use) is already available to them from sources they volunteer to provide on the internet. What extra value that could be extracted from medical histories is not remotely obvious at all and neither is any harm that might result (embarrassment, perhaps, but harm, how?)

    But the whole idea that breach of privacy is a critical fear obscures the much more important issue of what holding back the data does to the operational effectiveness of the NHS.

    Imagine, for an analogy, that we applied the same concerns to banking. We would probably prohibit different branches of a bank from being able to access our account records. We would certainly prohibit other banks and their systems from accessing them. So say goodbye to being able to get cash from any ATM. And even, perhaps, the convenience of credit cards because to function at all they have to be able to see private information about your account. And when you want a loan, imagine the bureaucratic nightmare that would be required to authorize approval for the loan provider to find out about your history.

    Yet this nightmare is exactly how the NHS works now and which the opponents of would actually exacerbate by making it even harder to share any data. We know, for example, that we can improve many aspects of care for patients by doing a better job of coordinating the different types of care they receive. But there is no routine sharing of hospital data with GPs or vice versa. If we need data about social care or mental health care in the GP surgery we probably won’t get it. We certainly wont let those other groups see GP records. Because, OMG! patient privacy might be at stake.

    The cost of this coordination failure is actual routine patient harm when the different people who provide care fail to take account of others’ work. On to of that, a great deal of activity is duplicated, wasting resources. And the cost of this is large before we even start considering the research and performance management benefits that could arise from shared data.

    So, if privacy is so important we don’t trust the extremely tight controls and protocols of then we should pay this price. But we should be honest about how much the cost is and stop trying to befuddle patients with unlikely scare scores.

  • susanne stevens

    OMG!! Another whistleblower from Barclays bank has revealed this week that thousands of customers’ files have been leaked – again …they contain sensitive medical information amongst other confidential information . It is the bank which admits being ’embarrassed’ , it’s customers put it much more strongly than that.

  • Johnnie Shannon

    @steve black: I’m not sure that that’s what actually is; although to be fair, HSCIC have hardly gone out of their way to make this clear. To adapt your banking analogy, is it not more as if all your private financial transactions were to be uploaded to a central database, both for the excellent purpose of helping to improve your finances but also to be sold on to, as yet, unspecified commercial concerns for, as yet, undisclosed purposes. is nothing to do with sharing medical records between practices and hospitals – perhaps you are confusing this with the Summary Care Record? And there shouldn’t be a choice between effective care and confidentiality – it’s just the way that this is being implemented. Show me a way in which my anonymised health records can be accessed, when required, (i.e. not held in perpetuity in a centralised database) to help with medical research and the optimisation of health services and I’ll sign up immediately. However, I’m not willing to let my non-anonymised records be sucked into an opaque system of dubious security, for all time with no recourse to recall or veto over its use.