Plans to get medical data online concern activists already worried about NHS’ data selling and poor security history
Health secretary Jeremy Hunt is to outline plans to make the NHS “paperless” by putting tranches of medical records online, potentially without the permission of citizens, attracting claims the UK government is bringing about the “end of medical privacy”.
Hunt has set a 2018 “paperless” goal when he wants to have digital medical information “fully available across NHS and social care services, barring any individual opt outs”. That means people would, by default, have their medical information shared across services.
By March 2015, Hunt wants citizens to be able to get online access to health records held by their GP. He also wants plans in place for secure linking of electronic health records, wherever they are held, “so there is as complete a record as possible of the care someone receives”.
NHS plans to kill privacy?
Opponents claim the UK is heading to a place where privacy of medical data is non-existent. Nick Pickles, director of privacy campaign group Big Brother Watch, said the damage to privacy would be significant.
“Patients are already concerned about how the NHS protects their privacy, so to be pressing ahead with paperless records at such speed risks exacerbating the existing problems and causing untold damage to patient privacy,” Pickles told TechWeekEurope.
“The NHS’s track record of managing technology or patient data does not inspire confidence.
“Patients need to be in control of their records and the basic part of that is that choices are opt-in. The NHS’s current fervour for data sharing, dubious anonymisation claims and lax consultation with any groups concerned about privacy highlights [means] we are spiralling towards the end of patient privacy.”
NHS selling medical data
Privacy advocate Phil Booth said a paperless NHS may sound sensible in principle, but it “begs all sorts of questions – not least the security of highly sensitive personal information in an institution undergoing massive disruption that still regularly misplaces or exposes thousands upon thousands of people’s records”.
The NHS has a particularly poor record with keeping digital data secure. NHS Trusts have repeatedly been caught out by the Information Commissioner’s Office (ICO) for breaches of the Data Protection Act. The biggest ICO fine handed out yet, of £325,000, was handed to the Brighton and Sussex University Hospitals NHS Trust.
Some, including Booth, are worried there are more commercial interests at play, which the government is not talking about. “One has to ask if such an initiative is motivated as much by the desire to hoover up even more personal health data – which we now know is being sold on – as it is for any genuine health benefit.”
Booth pointed to “data extract services” offered by the NHS, where it charges researchers and organisations a fee for access to “patient-level extracts or tabulations of health and social care data”.
But the government believes the health and financial benefits of leveraging more technology outweigh concerns about privacy. “The NHS cannot be the last man standing as the rest of the economy embraces the technology revolution,” Hunt said.
A Department of Health-commissioned study, carried out by PriceWaterHouse Coopers claimed £4.4 billion per year could be saved through better use of technology.
It cited one case, at the Royal National Orthopaedic Hospital, where spinal surgery patients were asked to record their progress on an iPad and at home on an online system after being discharged. The trial created an estimated 300 new outpatient appointment slots per consultant surgeon per year, whilst 95 per cent of patients said they preferred the online process to traditional pen and paper.
The Coalition is hoping its new plans to drag the NHS into the 21st Century won’t fail as cataclysmically as the attempt of the last Labour government to update the health service.
The National Programme for IT (NPfIT) scheme, announced back in 2002, was finally scrapped under the Coalition last year, after billions of pounds had been wasted in an attempt to hook up different NHS bodies on a single platform.
Yet there remain concerns around the General Practice Extraction Service (GPES), an NHS-run, centrally-managed primary care “data extraction service” that will take information from GP IT systems “for a range of purposes at a national level”. For that technology-driven enterprise, there appears to be no opt-out for worried UK citizens.
Respect privacy? Try our privacy quiz!