There are fears the students will not receive valuable information about a new NHS-led initiative that will use people’s medical records for research and development. The new ‘care.data’ program, to be brought in later this year, will alter the default position that everyone’s medical records will be held in their GP’s surgery. From March, NHS England intends on uploading these medical records onto a centrally controlled database, which will be administered by the Health and Social Care Information Centre (HSCIC).
All records will be uploaded from the start on March unless people do not opt-out of the new initiative (please see the foot of this article for further information about how to do so). Your medical records contain such information as past diagnoses, treatments and data sets which include person details such as permanent address, ethnicity and lifestyle choices. Although NHS England and HSCIC have stressed that the data will be ‘anonymised’ before being passed on, there are worries that this is in fact untrue.
The information that HSCIC receives will be partitioned into data that is either ‘identifiable’ or ‘potentially identifiable’. Whilst ‘identifiable’ data will need patient consent or a lawful basis on which to share it, ‘potentially identifiable’ data will be able to be shared without a patient’s knowledge or consent. An individual’s medical records will be ‘pseudonymised’ but there are concerns that the degrees of fragmentation may be insufficient. In an email from Terri Dowty, Coordinator at patient pressure group medConfidential, Dowty expressed these concerns as “the variety of the data being collected is so wide that it will enable anyone to join the dots and work out who the data is about.”
After problems about the security of the data were raised, NHS England agreed to carry out a mail drop to every household in England. The leaflet entitled “Better Information Means Better Care” will be distributed to 26 million households over the next month. However there have been worries that as students are mostly in shared accommodation away from home, they may not notice the minimal leaflet campaign. Whilst there are inevitable fears over data protection and identity theft, there are also fears that such information could be sold to insurance companies or sought by future employers who wish to check your medical background.
Mark Davis, the HSCIC public assurance director, told the Guardian, “You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk.” Davies went on to defend the database, saying there was “an absolute commitment to transparency” and rejecting calls for an “independent review and scrutiny of requests for access to data.”
Phil Booth, another coordinator at medConfidential, expressed that “One of people’s commonest concerns about their medical records is that they’ll be used for commercial purposes, or means they are discriminated against by insurers or in the workplace.”
This threat may become a reality, as the five listed reasons data can be released are exceptionally broad: health intelligence, health improvement, audit, health service research and service planning. Booth commented on these rather loose terms, saying: “the people in charge now admit the range of potential customers for this giant centralized database of all our medical records in effectively limitless.”
An NHS spokesperson, in an official response to growing concerns, answered that “We think it would be wrong to exclude private companies simply on ideological grounds; instead, the test should be how the company wants to use the data to improve NHS care.” Chair of HSCIC, Kingsley Manning, also added to the discussion claiming that “the HSCIC board last week agreed that a report detailing who we give data to and the grounds on which it has been released, will be made public on the website every quarter.”
If you don’t like the idea of your medical records being traded like a commodity, please visit www.medconfidential.org and download and print both the ‘opt-out form’ and the ‘opt-out letter’ and send them to your GP. It is worth bearing in mind that once your information has been uploaded to the HSCIC database, there will be no way to delete it.