George Mudie: Questions of confidentiality over NHS database

ONE of the most accepted and appreciated relationships is that between patients and their doctor, with the knowledge that whatever information is recorded by the GP is confidential and kept securely in the medical records held by the practice.

Next month, that will change. Under controversial legislation passed in 2012, family doctors will be required to pass to a new national database created by NHS England all the medical records of the patients in that practice.

The personal GP record may be added to by any other social care organisation that deals with the patient and with hospital records that exist for an individual. This is being done, according to NHS England, to improve the delivery of health care to benefit researchers inside and outside the National Health Service. I have no reason to suggest that this move will not lead to improvements in health care, but I have two concerns.

Sign up to our daily newsletter

The i newsletter cut through the noise

My first is shared by many people: the security dangers of bringing all such personal data together in one huge national database. The second is my dismay and even anger at the deliberate manner in which the public have been deprived of consultation and information on a significant threat to their right of privacy in respect of their medical records.

On security, we are assured by NHS England that the information “will be stored… in a secure environment with the highest standards of information governance and technical expertise to protect the data”.

If patients are reassured by that statement, the US Government must have lower standards. For example, Angela Merkel, the German Chancellor, learned about the USA hacking her personal phone from sources inside the US. A young lad from Glasgow was extradited to the USA in the past 19 months to face charges, because from his Govan bedroom he had breached military systems in the US. This weekend, closer to home, Barclays Bank admitted that delicate, sensitive and important financial details of 35,000 of its customers had been stolen.

My point is that there will eventually be a breach of security. It is inevitable, given the size of the database and the information stored in it. The human cost to the patient whose identity and medical history are made public is potentially disastrous. Careers could be ended, jobs lost, insurance refused and relationships destroyed if sensitive medical facts are made public or used by private firms, other people or, indeed, the media.

A further reason for concern is that the information will not be available for analysis and research in the National Health Service alone, but will be made available to non-NHS organisations.

A House of Commons library note describes an interesting situation in which, without the consent of individuals, the information given can identify patients: “In most cases, researchers can carry out their studies using information that does not identify you. Occasionally, however, medical researchers need to use information that does identify you. Only researchers who have obtained your permission or who have been granted special approval are allowed to access your identifiable data…There are a variety of reasons why it might not be possible to ask people; for example, where there are extremely large numbers of patients.”

So it is okay if researchers pinch a lot of patient information and identify the patients, but such patients would have no come-back, because that is reasonable in the eyes of the NHS.

We should be aware that NHS England and the Government see the whole exercise as an opportunity for the UK to become a major player in medical research, with both the NHS and the private sector seeing strong economic growth and income from the use of the data. I forgot to mention that in the database will be included people’s NHS number, postcode, date of birth, gender and ethnicity. With all that information – particularly the postcode – it will be fairly easy to identify someone.

I turn now to the question of permission. This genuinely makes me very cross. The handover from GPs will take place in March – one month’s time – and after three months, depending on opt-out numbers, 100 per cent of records will be on the national database. That should have happened already, but the Information Commissioner stopped the process late last year because the NHS had not consulted or, in the commissioner’s view, given enough information to the public.

I suggest that NHS England is not serious about involving and empowering the general public. That is the second reason why real questions should be asked about this plan. That is why I want the Minister to postpone the introduction of the scheme to allow further consultation and discussion about whether there should be an opt-in or an opt-out, about what information is being shared and about the security of that information.