NHS patient data to be made available for sale to drug and insurance firms

19. Januar 2014

The Guar­di­an

Pri­va­cy ex­perts warn the­re will be no way for pu­blic to work out who has their me­di­cal re­cor­ds or how they are using it

Drug and in­suran­ce com­pa­nies will from la­ter this ye­ar be able to buy in­for­ma­ti­on on pa­ti­ents - in­clu­ding men­tal health con­di­ti­ons and di­sea­ses such as can­cer, as well as smo­king and drin­king ha­b­its - on­ce a sin­gle Eng­lish da­ta­ba­se of me­di­cal da­ta has be­en crea­ted.

Har­vested from GP and hos­pi­tal re­cor­ds, me­di­cal da­ta co­ver­ing the ent­i­re po­pu­la­ti­on will be uploa­ded to the re­po­si­to­ry con­trol­led by a new arms-length NHS in­for­ma­ti­on cent­re, star­ting in March. Ne­ver be­fo­re has the ent­i­re me­di­cal his­to­ry of the na­ti­on be­en di­gi­ti­sed and stored in one place.

Ad­vo­ca­tes say that sharing da­ta will ma­ke me­di­cal ad­van­ces ea­sier and ul­ti­mate­ly sa­ve li­ves be­cau­se it will al­low re­se­ar­chers to in­ves­ti­ga­te drug si­de ef­fects or the per­for­mance of hos­pi­tal sur­gi­cal units by tracking the im­pact on pa­ti­ents.

But pri­va­cy ex­perts warn the­re will be no way for the pu­blic to work out who has their me­di­cal re­cor­ds or to what use their da­ta will be put. The extrac­ted in­for­ma­ti­on will con­tain NHS num­bers, date of birth, post­code, eth­ni­ci­ty and gen­der.

On­ce live, or­ga­ni­sa­ti­ons such as uni­ver­si­ty re­se­arch de­part­ments - but al­so in­su­rers and drug com­pa­nies - will be able to ap­p­ly to the new Health and So­ci­al Ca­re In­for­ma­ti­on Cent­re (HSCIC) to gain ac­cess to the da­ta­ba­se, cal­led ca­re.da­ta.

If an ap­p­li­ca­ti­on is ap­pro­ved then firms will ha­ve to pay to extract this in­for­ma­ti­on, which will be scrub­bed of so­me per­so­nal iden­ti­fiers but not en­ough to ma­ke the in­for­ma­ti­on com­ple­te­ly an­ony­mous - a pro­cess known as "pseud­ony­mi­sa­ti­on".

Howe­ver, Mark Da­vies, the cent­re's pu­blic as­suran­ce di­rec­tor, told the Guar­di­an the­re was a "small risk" cer­tain pa­ti­ents could be "re-iden­ti­fied" be­cau­se in­su­rers, phar­maceu­ti­cal groups and other health sec­tor com­pa­nies had their own me­di­cal da­ta that could be matched against the "pseud­ony­mi­sed" re­cor­ds. "You may be able to iden­ti­fy peop­le if you had a lot of da­ta. It de­pends on how peop­le will use the da­ta on­ce they ha­ve it. But I think it is a small, theo­re­ti­cal risk," he said.

On­ce the sche­me is for­mal­ly ap­pro­ved by the HSCIC and pa­ti­ent da­ta can be down­loa­ded from this sum­mer, Da­vies said that in the eyes of the law one could not dis­tin­gu­ish bet­ween "a go­vern­ment de­part­ment, uni­ver­si­ty re­se­ar­cher, phar­maceu­ti­cal com­pa­ny or in­suran­ce com­pa­ny" in a re­quest to ac­cess the da­ta­ba­se.

In an at­tempt to ea­se pu­blic con­cern, this month NHS Eng­land is sen­ding a leaf­let en­t­it­led “Bet­ter In­for­ma­ti­on Me­ans Bet­ter Ca­re” to 26m hou­se­holds, to say parts of the ca­re.da­ta da­ta­ba­se will be sha­red with "re­se­ar­chers and or­ga­ni­sa­ti­ons outs­ide the NHS" - un­less peop­le choo­se to opt out via their fa­mi­ly doc­tor.

Howe­ver, a lea­ding aca­de­mic and go­vern­ment ad­vi­ser on health pri­va­cy said pur­suing a po­li­cy that opened up da­ta to cha­ri­ties and com­pa­nies wi­thout cle­ar­ly spel­ling out pri­va­cy safe­guards left se­rious un­ans­we­red ques­ti­ons about pa­ti­ent con­fi­den­tia­li­ty.

Ju­lia Hip­pis­ley-Cox, a pro­fes­sor of ge­ne­ral prac­tice at Not­ting­ham Uni­ver­si­ty who sits on the NHS's con­fi­den­tia­li­ty ad­vi­so­ry group - the high-le­vel bo­dy that ad­vi­ses the health se­creta­ry on ac­ces­sing con­fi­den­ti­al pa­ti­ent da­ta wi­thout con­sent - said that whi­le the­re may be "be­ne­fits" from the sche­me "if extrac­tion [sa­le] of iden­ti­fia­ble da­ta is to go ahead, then pa­ti­ents must be able find out who has their iden­ti­fia­ble da­ta and for what pur­po­se".

Hip­pis­ley-Cox ad­ded that "the­re should be a cle­ar au­dit trail which the pa­ti­ent can ac­cess and the­re nee­ds to be a sim­ple me­thod for re­cor­ding da­ta sharing pre­fe­ren­ces and for the­se to be re­spec­ted".

Da­vies, who is a GP, de­fen­ded the da­ta­ba­se, say­ing the­re was "an ab­so­lu­te com­mit­ment to trans­pa­ren­cy" and re­jec­ting calls for an "in­de­pen­dent re­view and scru­ti­ny of re­quests for ac­cess to da­ta". "I am temp­ted to say that we will ha­ve 50 mil­li­on au­di­tors [re­fer­ring to Eng­land's po­pu­la­ti­on] loo­king over our shoul­der."

He said it was ne­cessa­ry to open up me­di­cal da­ta to com­mer­ci­al com­pa­nies es­pe­cial­ly as pri­va­te firms ta­ke over NHS ser­vices to "im­pro­ve pa­ti­ent ca­re". Da­vies said: "We ha­ve pri­va­te hos­pi­tals and com­pa­nies li­ke Vir­gin who are purcha­sing NHS pa­ti­ent ca­re now. This is a trend that will con­ti­nue. As long as they can show pa­ti­ent ca­re is be­ne­fit­ing then they can ap­p­ly."

But Da­vies ac­cep­ted the­re was now a "need to open a de­ba­te on this".

He poin­ted out that a num­ber of pri­va­te com­pa­nies - such as Bu­pa - al­re­a­dy had ac­cess to so­me sen­si­ti­ve hos­pi­tal da­ta, alt­hough no­ne had be­en able to link to GP re­cor­ds un­til now. He ad­ded: "I am not su­re how hel­pful in the NHS the dis­tinc­tion bet­ween pu­blic and pri­va­te is the­se days. Look at Dr Fos­ter [which] is a pri­va­te com­pa­ny that used da­ta to show si­gni­fi­cant­ly how things can be im­pro­ved in the NHS and re­vea­led what was go­ing wrong at Mid Staffs. The key test is whe­ther the da­ta will be used to im­pro­ve pa­ti­ent ca­re."

Cam­pai­gners war­ned ma­ny mem­bers of the pu­blic would be un­e­a­sy about pri­va­te com­pa­nies be­ne­fit­ing from their health da­ta - es­pe­cial­ly when the spre­ad of da­ta will not be rou­ti­nely au­di­ted. Phil Booth, co-or­di­na­tor at pa­ti­ent pres­su­re group med­Con­fi­den­ti­al, said: "One of peop­le's com­mo­nest con­cerns about their me­di­cal re­cor­ds is that they'll be used for com­mer­ci­al pur­po­ses, or me­an they are dis­cri­mi­na­ted against by in­su­rers or in the work­place.

"Ra­ther than prevent this, the ca­re.da­ta sche­me is de­li­be­ra­te­ly de­si­gned so that 'pseud­ony­mi­sed' da­ta - in­for­ma­ti­on that can be re-iden­ti­fied by an­yo­ne who al­re­a­dy holds in­for­ma­ti­on about you - can be pas­sed on to 'cust­o­m­ers' of the in­for­ma­ti­on cent­re, with no in­de­pen­dent scru­ti­ny and wi­thout even no­ti­fy­ing pa­ti­ents. It's a di­sas­ter just wait­ing to hap­pen."

Booth said the fi­ve lis­ted re­a­sons da­ta can be re­leased for are ex­cep­tio­nal­ly broad: health in­tel­li­gence, health im­pro­ve­ment, au­dit, health ser­vice re­se­arch and ser­vice plan­ning. He said: "Of­fi­ci­als would ha­ve you be­lie­ve they're do­ing this all for re­se­arch or im­pro­ving ca­re but the num­ber of non-me­di­cal, non-re­se­arch uses is bal­loo­n­ing be­fo­re even the first upload has ta­ken place. And though you won't re­ad it in their junk mail leaf­let, the peop­le in char­ge now ad­mit the ran­ge of po­ten­ti­al cust­o­m­ers for this gi­ant cen­tra­li­sed da­ta­ba­se of all our me­di­cal re­cor­ds is ef­fec­tive­ly li­mit­less."

NHS Eng­land said it would pu­blish its own as­sess­ment of pri­va­cy risks this week and poin­ted out that one of the key aims of ca­re.da­ta was to "dri­ve eco­no­mic growth by ma­king Eng­land the de­fault lo­ca­ti­on for world-class health ser­vices re­se­arch".

A spo­kes­per­son said: "A pha­sed roll­out of ca­re.da­ta is being rea­di­ed over a three month pe­ri­od with first extrac­tions from March al­lo­wing time for the HSCIC to as­sess the qua­li­ty of the da­ta and the linka­ge be­fo­re ma­king the da­ta avail­able. We think it would be wrong to ex­clu­de pri­va­te com­pa­nies sim­ply on ideo­lo­gi­cal grounds; ins­tead, the test should be how the com­pa­ny wants to use the da­ta to im­pro­ve NHS ca­re."