back to article Brits still not happy about commercial companies using their healthcare data

A significant number of people remain uncomfortable with commercial bodies accessing their anonymised healthcare records, according to an extensive survey by health charity the Wellcome Trust. The survey of 2,000 participants showed that a slight majority (53 per cent) of people would be happy for their data to be used by …

  1. heyrick Silver badge

    This finding has implications for thinking about whether an opt-out should be available

    What do you mean "whether"? If a third party wishes to share medical data held on us ("anonimised" or not) with other third parties, the fact that the ability to opt out is even a question speaks volumes about their real motives.

    1. Doctor Syntax Silver badge

      Re: This finding has implications for thinking about whether an opt-out should be available

      Forget about opt-outs. They should be thinking in terms of opt-ins.

  2. Anonymous Coward
    Anonymous Coward

    In the original it was like a vogon constructer fleet had arrived and given instructions on how to stop your data going by putting it in triplicate (double to be fair but triplicate sounds better) and posting it to your G.P. then telling you that if you don't or your G.P. doesn't add it to your notes in time then it's tough luck and you can't get it removed after the fact.

    To be fair my G.P. was actively pushing people to fill in the forms, why would a seasoned doctor be actively pushing his patients to opt out of something that is supposed to be of benefit to his patients?

    That is why I have no faith or trust in what the information is going to be used for or how it will be handled.

    I wonder what wonderful opt out scheme we'll get this time? That's if we get one.

    1. Oliver Mayes

      To date, I still have heard nothing about this from the authorities involved. I only know it's being done because of the news articles I've read online criticising it.

      If they're not making an effort to actually inform the population then their motives are seriously questionable.

      1. Gordon 10 Silver badge

        The last news I saw on this suggested all the people representing the privacy interests of the public had been quietly dropped from the MkII steering committee.

        That tells us all we need to know.

  3. John Smith 19 Gold badge

    The Dept of Health still thinks it's *their* data. It's not. It's *ours*

    I'd also suggest the benefits to society (but not the companies, which are usually under reported) never match up to the hype of the people who want this to happen.

  4. SuccessCase

    One of the reasons people are so wary, is because a single cock-up can mean the entire game is lost. There will be continual pressure to mine anonymised data for value and continual opportunity to fail to identify a vector that yields a way to de-anonymise the data (if you think it is easy to anonymise data, search for one of the many articles that show why it is a much harder problem than many realise). We always have to trust the anonymisation strategy is sufficiently thought through. If ever it isn't and the designated anonymiser is left thinking, "damn that's clever, I didn't think of that." It's a bust.

    For that reason, I'm definitely in the 17% category. Even for research. I would want the option to opt in and would only do so after being information about the data mapping that is done during anonymisation and would only do so for research I want to support. Research also, let's not forget, is conducted by commercial companies.

    1. This post has been deleted by its author

    2. Cynical Observer

      Any room left in that 17%

      ...cos I suspect I'm there as well. One of the pieces that really struck home was an article by Ben Goldacre - himself an advocate of responsible data sharing and as a doc who has called out pharma and quacks for their transgressions, someone whose opinion I would respect.

      I had twins last year (it's great; it's also partly why I've been writing less). There are 12,000 dads with similar luck each year; let's say 2,000 in London; let's say 100 of those are aged 39. From my brief online bio you can work out that I moved from Oxford to London in about 1995. Congratulations: you've now uniquely identified my health record, without using my name, postcode, or anything "identifiable". Now you've found the rows of data that describe my contacts with health services, you can also find out if I have any medical problems that some might consider embarrassing: incontinence, perhaps, or mental health difficulties. Then you can use that information to try and smear me: a routine occurrence if you do the work I do, whether it's big drug companies, or dreary little quacks.

      And therein lies the problem. reversing the pseudo anonymisation is possible - and while most of us will have no where near as high a profile as Dr Goldacre, our concerns are equally as valid.

      His suggestion - painfully punitive punishments for data breaches/misuse

      anyone leaking or misusing personal medical data needs a prison sentence, as does their CEO. Their company – and all subsidiaries – should be banned from accessing medical data for a decade.

      Full article here - it makes for a good opener to any debate on this issue.

      I will probably be equally as sceptical and cynical at the end but it is a debate that needs to be had rather than some stitch up behind ministerial doors.

      1. Graham Cobb

        Re: Any room left in that 17%

        I would extend Ben's prison sentences and ban from access to data to include anyone attempting any form of de-anonymisation, wherever performed, whether successful or not, for whatever reason (however noble), and whether it would lead to actual identification (name, address, email, etc) or just a description of a unique person.

        And whistle-blower protection/reward needs to be explicitly provided for in the law.

        With that I would probably be willing. But the opt-out still needs to be there for those who will not accept the remaining risk (which is mainly that even if someone is punished, the leaked information will still have been leaked).

  5. Tromos

    No, just no.

    Anonymising just isn't happening in the first place. OK, no names and addresses are being handed out, but given a post code, gender, ethnicity and age (even rounded to decade), it is possible in a lot of cases to identify individuals. For many studies, some or all of this information is irrelevant and hence what fields are actually made available need to be made available on a 'need to know' basis. For example, an epidemiological study may require postcodes to determine an epicentre. My other main concern is who this data is made available to. It is bad enough that Councils make money flogging their (compulsory) electoral register to anyone, imagine what the PPI cold-calling scumbags would latch onto next if they could get hold of medical data.

    I would have no objection to NHS accredited research organisations receiving PROPERLY anonymised and redacted medical data. And therein lies the rub, I have no confidence in it being done PROPERLY.

    1. Doctor Syntax Silver badge

      Re: No, just no.

      "Councils make money flogging their (compulsory) electoral register"

      Do you mean you didn't opt out?

      1. Halcin

        Re: No, just no.

        >"Councils make money flogging their (compulsory) electoral register"

        >Do you mean you didn't opt out?

        I always opt out and yet websites like 192 still list my details with "Source Electoral Register". So either the council couldn't be bothered or they cocked-up. Either way I can't get the data back. And that's the problem with these "wonderful" ideas cooked up by people living in their own little fantasy world.

      2. Steve Gill

        Re: No, just no.

        >"Councils make money flogging their (compulsory) electoral register"

        >Do you mean you didn't opt out?

        Which sadly means nothing as the scumbags can still access your records from the registers taken prior to being able to opt out

    2. Anonymous Coward
      Anonymous Coward

      Re: No, just no.

      with my medical condition, county, would probably identify me add age range, gender, ethnicity city let alone post code and 100% accuracy on a match.

      for NHS for clinical use for the treatment of the patient I believe digital medical records are a GREAT idea,

      BUT as soon as that data is used outside the clinical care of that individual patient there should be an OPT IN on a case by case basis not a blanket opt in.

      Also the rules regarding data mining and release of non authorised data should result in minimum term custodial sentences for Directors of any companies involved AND Government ministers. without this the security wont be taken seriously and Govt wont spend the money required to keep the data secure.

      Also the clause that states that the Secretary for health can authorise non anonymised data release if they think its necessary NEEDS to be removed.

      I have opted OUT at my GP but will continue to download the opt out form and resubmit it on a regular basis as i dont trust the Department of health. And what most people dont realise is that you have to opt out at every NHS service you use as there is no centralised opt out. so GP for Care,Data, Hospital for HIS and im sure going forward. local commissioning Group. and any other contact you have with the NHS.

    3. boltar Silver badge

      Re: No, just no.

      "And therein lies the rub, I have no confidence in it being done PROPERLY."

      Even it it was done properly, it will have probably been outsourced to some cheap-n-dodgy indian or indonesian company with some flash marketing brochure to do it, who would either by company policy or by corrupt employees then skim off the juiciest data themselves to sell to the highest bidder. Don't think that has happened already? Think again.

  6. Anonymous Coward
    Anonymous Coward

    Anyone who says "I don't mind companies using my data because it helps improve service" is a corporate STOOGE.

    1. Gordon 10 Silver badge

      way to go AC! you have really added to the debate.

      I would rather say 2 things :

      1. They either are genuinely ignorant of the way this data can be abused.

      2. The genuinely dont care.

      Maybe 0.001% are stooges. But not much more if the survey sampling has been done properly. Since it was sponsored by the Welcome Trust - who have a damn fine reputation - Im prepared to assume the sampling was good.

      1. Doctor Syntax Silver badge

        "I would rather say 2 things"

        3. Don't shout. We have enough trouble with Bombastic Bob.

    2. Anonymous Coward
      Anonymous Coward

      I disagree, while I am very cautious about what data is given out at any point by me or my family, I also think that medical statistics are useful for some research purposes and might help provide better care...

      the KEY thing is to have a good system that only provides certain data, and removes all location data when there is enough uniqueness to a record to identify a person by location....

  7. Charlie Clark Silver badge

    Make it opt-in

    Then see what you have to do to get people to opt-in.

  8. Adam 52 Silver badge

    I really struggle with how any of this can be legal. At no point have I ever consented to this. Ignoring data protection there's basic confidentiality (see the BMA website) and centuries of common law.

    Any doctor sharing data for non-treatment purposes has got to be in breach of basic medical ethics.

    I guess the GMC must be in bed with the government somehow.

    1. Warm Braw Silver badge

      I guess the GMC must be in bed with the government somehow

      It's got more to do with doctors being employed (or contracted) by the government. As the Netherlands DPA has just pointed out, where a worker is financially dependent on his employer, there is no free consent. And so, by proxy, there is no free consent for the patient either.

    2. Anonymous Coward
      Anonymous Coward

      The law is specifically EXCLUDED from oversight of the Data Protection Legislation.

      Would need someone to take the Govt to court after the legislation is passed. which is obvs TOO late :-(

      1. Anonymous Coward
        Anonymous Coward

        backing up my above comment

        The matter of consent is bypassed by the Health and Social Care Act 2012, which legally obliges GPs to hand over patient data if NHS England directs HSCIC to request it -- patients don't get to opt in, they can only opt out. But even the opt out option isn't a legal requirement, and HSCIC wasn't planning on having it initially, before magnanimously deciding to allow some patient choice.

        lets see how version 2 slips in more nasties without informing the public now they have rigged the steering group.

        BOO HISS :-(

  9. Archie Woodnuts

    How about

    we talk about how much these third parties will be paying me for my data, irrespective of who it's held by?

    Nothing you say?

    Well then I guess they can't have any access to it at all.

    1. Anonymous Coward
      Anonymous Coward

      Re: How about

      they will be paying for the data but it will be pennies and when the original plan hit the headlines it was calculated that the money raised would not pay for the processing of the data requests let alone the cost of the system :-(

      1. Anonymous Coward
        Anonymous Coward

        Re: How about

        Approved organisations that access the data will have to pay a fee (of between £800 and around £10,000 depending on which dataset is accessed). Critics say this means your data is being sold, but HSCIC insists this is a processing cost and that it won't be making any profit

  10. Version 1.0 Silver badge

    Data is real

    Ask Henrietta Lacks relatives how they feel about the medical community and business profiting from her "donations"

  11. Wommit

    Trust me, I'm a Doctor

    This stinks of the current political (I was going to say Governmental, but it's all of the buggers,) "I know what's best for you," mindset. No, you don't know what's best for me.

    Now if one of my consultants, during a consultation, said "I think your case notes would help research." Then I would agree. BUT, it's the blanket, "I've been told that this sounds like a damn good idea, and it's a money spinner, and I might get a directorship out of it." that really pisses me off.

  12. Adrian Midgley 1

    I can recall no instance of a believable

    indication anyone in charge of any of these central national projects regards data as anyone elses if they want it. And they do, they want it all, they want it now, and they want to share it wherever their administrative or political boss wants to share it.

    And it can't be anonymised.

  13. Red Bren

    Quid pro quo?

    So if some pharmaceutical company uses my medical data as part of its research into a new drug, what benefit do I get? A share of the profits? Free access to the drug? Or do I get told that the NHS can't afford to treat me with a drug that I helped develop, while my inbox is swamped with pharma-spam because the "anonymised" data got leaked.

  14. David 138

    Sharing medical data for medical research should be compulsory but the data should never be sold to anyone else.

    1. Martin Gregorie Silver badge

      Sharing medical data for medical research should be compulsory but the data should never be sold to anyone else.

      I hope you meant that: "Sharing medical data for medical research should be compulsory but possession of the the data by anybody outside the NHS will attract a mandatory custodial sentence."

      1. Anonymous Coward
        Anonymous Coward

        Sharing medical data for medical research should be compulsory but the data should never be sold to anyone else.

        I hope you meant that: "Sharing medical data for medical research should be compulsory but possession of the the data by anybody outside the NHS will attract mandatory capital punishment."


  15. Anonymous Coward
    Anonymous Coward

    Automatic RED flag, is administered by the HSCIC using software and services provided by a private sector company (ATOS).

    ATOS who's other Government contract have gone so well. (fit to work to name but one)

    Opting out just for this ONE reason. well opting out for lots of reasons as the whole charade has more holes than Swiss cheese. but this on its own is enough.

  16. Anonymous Coward
    Anonymous Coward

    The data has the potential to produce wonderful returns for the big companies by ostracising those who are likely to become ill

  17. Anonymous Coward
    Anonymous Coward

    And Timothy Kelsey

    has just fled to Australia while promising that "I'll be back".

    Answer: Don't use the NHS ever again, or at least until Timothy Kelsey is in one of the hostels provided by Her Majesty to accommodate those who break the law.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020