You don't need to be signed in to read BMJ Blogs, but you can register here to receive updates about other BMJ products and services via our Group site.

Medical Information for Sale?

21 Jan, 14 | by Iain Brassington

Reader Keith emailed me a week or so ago to tip me off about the government’s plans to allow private firms to access medical information.  It’s a story that has subsequently been picked up by  – inter alia – The Guardian.

As with the last post I made here, I’m going to have to cry off from saying much in my own right – I’ve got lectures that need to be written, and I need at least to go through the motions of being competent – but I would draw your attention the Christian Munthe’s take on the matter.

Touch wood, I’ll be able to get back to more frequent blogging soon.

By submitting your comment you agree to adhere to these terms and conditions
  • Keith Tayler

    One of the problems with these data bases is that the NHS and government are not telling the truth about whether our health record information can be individually identified by the data user. On the NHS website, ‘Better information means better care’, that explains what the Health and Social Care Information Centre will do with our records, it says, ‘This new record [the HSCIC record] will not contain information that identifies you.’ That’s about all it says on the subject and this will be repeated in the letter that will be sent to NHS patients in the next few weeks. Hopefully they will change it because on the HSCIC website http://www.hscic.gov.uk/dles that is selling the ’product’ it says something different:

    ‘The HSCIC handles three different types of patient level data:

    1. De-identified data for publication – data that can be publicly disclosed as it has been anonymised and there is a low risk of individuals being identified.

    2. De-identified data for limited disclosure or access – data that has been through a process of pseudonymisation, however there remains a risk of individuals being identified.

    3. Personal confidential data – data in which individuals are identified, or there is a high risk of individuals being identified.’

    It does not take much to identify individuals from the first type (go to http://www.cl.cam.ac.uk/~rja14/ scroll down to Security of Clinical Information Systems), and to help you with the other two the salespeople at HSCIC offer, ‘The Data Linkage and Extract Service…range of products which enable customers to access type 2 and 3 data (as above). We can provide extracts from a range of individual and linked data sets and can add significant value to individual sets of data by combining and matching them at individual record level in a secure environment.’ Remember if you are tempted to splash out on this great offer you might have to buy the ’secure environment’ to go with these incredible products.

    So the NHS to telling a whopping great lie to millions of its patients if the HSCIC is to be trusted. But can we trust the HSCIC? It has managed to cost to the last penny each bit of information it will sell to organisations, but, according to its website, it has not got any ‘Policies or Procedures’ that we can look at because it has not had time to think them up. So what it is saying is, “Give us your medical records to flog off – but don’t come round here asking any questions about our policies and procedures because we’ve been to busy prising up the products and promoting them to our lovely customers to bother about all that ladida stuff. And another thing, those anti-business European types might outlaw this brilliant bit of privatisation we‘ve got going here. The Ministry for Justice, according today’s Telegraph, ‘have already expressed concern that existing [EU] proposals create too much bureaucracy and place too high a burden on businesses.’ Bureaucracy – just another word for those bloody policies and procedures. Business comes first – mark it up and flog off. That’s what we do best in this country – we don‘t want a bunch of foreigners telling us we can‘t sell personal information……” UKIP might be picking up a few more votes at the MfJ and HSCIC.

    There are of course numerous other reasons why we should opt out but I shall leave those to others. However, I will just finish with the heretical thought among some scientists and bioethicists, that this type of information could be detrimental to some areas of medical research. There is some concern that areas like epidemiology are becoming pseudo-sciences because data it is misused and techniques like data mining are distorting research. Too much information, poorly understood computer software and modelling, the need to publish, pressure of funding and increasingly the need to make a profit, do not always make for good science. When I read or hear about yet another study that claims there is a link between one substance and one or two medical conditions, I usually discover if I can be bothered to look at the research that it’s all eyewash. I think that might spread the more it all becomes a business. If an organisation or business buys some product from the HSCIC they will want results and profit.

  • 572ec13f

    Thanks for the mention. I just posted an update re. the right of people to opt out of this scheme: http://philosophicalcomment.blogspot.se/2014/01/more-on-uk-sellout-of-nhs-medical-data.html

    Christian

  • Keith Tayler

    I posted this on Light Blue Touchpaper blog (there is a great deal of interest in this data grab among IT types), and copy it here because it follows on from my earlier post and is shaping up to become quite an ‘event‘ for the Minister of Health .

    The ‘Better information means better care’ pamphlet that has been sent (it is claimed) to all households is somewhat ambiguous when it comes to who will have access to our information and privacy. Three weeks ago I tried to discover what it all meant by ringing the NHS patient information number given at the bottom of the pamphlet. What I particularly wanted to know was what the following two paragraphs meant:

    1) We sometimes release confidential information to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.
    2) Information that we publish will never identify a particular person.

    The person on the NHS patient information line knew nothing about how the data would be used and I soon learned that I was talking to an outsoursed call centre. I was informed that my inquiry would be forwarded to a manager in the HSCIC who would contact me in five days. I heard nothing and got back to them a week later. The supervisor apologised and again assured me that the HSCIC would contact me within a week. Again nothing, so I rang the HSCIC who also knew nothing about the use of the data and said I had to contact the NHS patient information line. With great self-control I politely asked to speak to a manager. I was rung back by a Mr Mathew West, Care.data Team Leader, who preceded to assure me that the HSCIC will ‘never’ publish identifiable data. ‘But what about type 2 and 3 data which, according to the HSCIC website, are identifiable’? I asked. They, he explained, were not published because these types of data will be ‘released’ to customers for an ’administration fee‘, they will not be ’sold’ to the customers so the HSCIC are not publishing the data.

    So there you are, if you charge an ’administration fee’ for information to restricted customers you are not ‘publishing’ it. Mathew has a point. Trying to make a distinction between administration fee and selling is silly, but it could be argued that the sale of information to a restricted group is not publishing. On the other hand there is the established process of “restricted distribution publishing” which would cover the publication of type 2 and 3 data to restricted customers. Para 1 (above) gives the impression that the HSCIC will very sparingly release confidential information to researchers, not that it is now going to be marketed and published on an industrial scale.

    I think that the HSCIC should issue another pamphlet that fully explains their publishing policy and release a press statement apologising for not doing so earlier. I am sure the HSCIC will dismiss this suggestion out of hand because, as they put it in their Privacy Impact Assessment, ‘Some people may believe that any use of patient identifiable data without explicit patient consent is unacceptable. These people are unlikely to be supportive of the HSCIC’s functions whatever the potential benefits’. I do accept that in some exceptional circumstances identifiable data should be used without explicit patient consent (this has always been the case when trying to control epidemics etc.), but I am sure I will be dismissed as being one of ’these people’ because I object to the marketing, sale and publication of identifiable data. According to a YouGov poll 65% of 1,161 people are also ‘these people‘ because they oppose uploading our data to care.data.

    • Keith Tayler

      Big PS
      Just heard on BBC 4 PM that the upload is to be delayed by six months. If just about half of the 65% opt out in the next few months the data will be useless.

You can follow any responses to this entry through the RSS 2.0 feed.

Latest from JME

Latest from JME

Blogs linking here

Blogs linking here