the Digital arm of the UK's National Health Service
No it's not, it only covers NHS England.
The heads of the Digital arm of the UK's National Health Service have been accused of acting as suppliers, rather than guardians, of the data belonging to patients under their care by handing address information to the Home Office for immigration enforcement. Chief exec of NHS Digital Sarah Wilkinson, and the organisation’s …
I was just coming here to say that. It always annoys me when Reg articles talk about "the UK NHS" because there is no such thing or even just "the NHS" because I have no idea if what they are talking about affects me in Scotland (usually it doesn't).
(and presumably Wales)
That jumped out at me too. Sadly, I suspect the extension of this will be someone will suggest that we need to fund the NHS by allowing some ever-so-carefully selected companies access to this "national asset". And those organisations will never ever use it for anything nefarious (but it will be profitable) and then someone will come along and decide that we should have "monetised" the data within the NHS ourselves.
They're already doing that with allowing the likes of Google to access patient data on NHS Spine and do analytics/ data mining on it. At a fundamental level, that kind of thing (subject to *proper* data protection) has a real potential to deliver clinical benefits for patients. However, for that to happen the data custodian must guard the data and ensure it is properly protected. Without that, nobody will trust the NHS and, hey presto, a large group of patients (inevitably including some who are highly vulnerable) won't engage with medics / the NHS.
@James 51
> “Patient data is a national asset"
> No it is not. My data belongs to me. The NHS gets to hold onto it to do its job but that does not mean > that it belongs to the NHS or the nation.
Alas law enforcement and bodies responsible for national security are exempted from GDPR. They could quite easily deem that enforcing immigration is both. No, the NHS should not be sharing our data but in this instance if they didn't share it this way then I'm sure it would just get shared via some other much less overt manner. In light of everything I'd much rather it happened like this so we know about it and it can be scrutinised, than for it to happen under the radar.
Since it's going to happen one way or the other, then perhaps having the transaction (rightly or wrongly) out in the open then it serves as a warning and to dissuade any non-UK parties considering a trip to the UK for free treatment.
No it isn't. It's confidential.
What it is, is an NHS asset. Incredibly valuable for optimising access to the wonderful services offered. In the right circumstance an invaluable resource for medical research. But NOT for law enforcement.
These Home Office people really are scum. "Good morning Doctor. Could you tell me when you've stitched up Mrs Shirzai's caesarean please? We've got a plane waiting to take her back to safety in Afghanistan"
Gordon said the body was only providing information “of an administrative kind” to those who were seeking to pursue criminal offences. He said the body saw the MoU with home office as “lawful and proportionate”.
I wonder if Mr Gordon will be taking legal advice before May because I'd have thought that this:
191
(1)Liability of directors etc
Subsection (2) applies where—
(a) an offence under this Act has been committed by a body corporate, and
(b) it is proved to have been committed with the consent or connivance of or to be attributable to neglect on the part of—
(i) a director, manager, secretary or similar officer of the body corporate, or
(ii) a person who was purporting to act in such a capacity.
(2)The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and punished accordingly.
puts him right in the firing line.
I wonder if Mr Gordon will be taking legal advice before May because I'd have thought that this...
Would that it were that simple. Article 23 of the GDPR provides for Member States enacting certain exemptions; see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/exemptions/.
IANAL but I cannot see any government having too much trouble finding a way around some troublesome restriction elsewhere in the regulations should it be minded to do so.
You mean like anti-terrorism law RIPA being used by half of councils for waste and littering offences or BBC for licence enforcement?
This is exactly what the committee is getting at and I am impressed they have stuck up for everyone with a decent argument. Yet nothing will change, making the whole thing pointless.
NHS have been selling our data for years.
Their last big cash grab failed when everyone told their Doctors to keep their medical records away from the central database. Watching some Tory MP spout technobabble about anonymised data being "linked to a private key which is then linked to the user so its all safe and not identifiable" was both funny and scary at the same time.
The NHS are not fit to hold our private data.
Their systems are not patched and are all out of service date. Having a sizeable Windows XP estate is proof enough of this. Their blatant bollocks regarding being hacked by North Korea as an excuse for Wannacry is proof positive that they are not capable of either controlling their IT infrastructure nor do they feel they need to tell us when they screw up.
That last point, where they feel they can lie through their teeth as if it were 1980 and technical knowledge was low therefore we believe what they are saying is the biggest sign that tells me they should never ever get our data.
If they are selling car-parking spaces outside A+E for 4 quid an hour, then they are either selling our data to life insurance companies or swapping it for shiny toys with Google. Eye-scans from Morfields given to the one company who can unanonymise this data is no joke....
Maybe, just maybe, NHS England has crap IT and does some dodgy money-grubbing deals because
1) Successive governments have failed to fund it properly - what comes first, cancel an operation or cancel an XP upgrade?
2) Too much power in hands of administrators who decide that balancing the books (e.g. charging for patient and visitor parking) is more important than a caring clinical service. A friend kept having to leave the labour room every four hours to feed the meter!
@Pen-y-gors
1. NHS Scotland still have XP machines, granted there are very few of them and most are air-gapped or have some other form of hardening in place and actively being removed when equipment is upgraded.
2. Most hospitals in Scotland don't charge for car parking at all and some don't even monitor car park usage. This does cause problems with lack of spaces though - it's not a perfect solution.
NHS England is enormous, it's also got more layers of bureaucracy than the other NHS organisations, I've always wondered if that was part of the problem. It's also the one which is most likely to be restructured by Westminster and that's never cheap or quick.
I've also noticed that NHS England is the trailblazer for things that other NHS organisations consider too risky data protection wise like use of cloud storage, working with private companies on a large scale with patient data and engaging in patient portals for access to health records.
She appears to be one of the few Tories with both common sense/technical knowledge and a spine
That's her ministerial career over before it started. Same is true on the opposition benches. Look at the estimable Dennis Skinner. A man who should have led the Labour party and been PM (as I'm a child of Maggie, praise comes no higher).
funny.
The NHS data, even the highly personal data, has been available to the DWP for years, and is shared with various departments of local councils.
That's without the Digital economy Act...which authorised data sharing between all govt departments.
Here is the NHS confidentiality policy...
https://www.england.nhs.uk/wp-content/uploads/2016/12/confidentiality-policy-v3-1.pdf#page=4&zoom=auto,-70,707
NHS Digital is NOT part of the NHS it is an executive non-departmental public body of the Department of Health and was re-branded as NHS Digital from the Health and Social Care Information Centre (HSCIC) after its bad press due to the care.data fiasco.
For that matter Public Health England is not part of the NHS either.
NHS Digital and Public Health England not being part of the NHS also means that they are not covered by the NHS’s code of practice on confidentiality. so if they get DATA from the NHS they can and have been proved to sell or give the data away.
Examples: like when Sir Nick Partridge when he was deputy chairman of the Health and Social Care Information Centre (HSCIC) sold information to insurance firms and other companies without proper checks and balances. also data at some point in time (by HSCIC's prdessesor before a previous rename) sold health data to actuaries.
Essentially Tory Britain is a feudal state. Its the little people who get to pay taxes, have their data shared, are excluded from the law, are given debt for life and then tossed aside when they can't earn the elite money. Weirdly the little people seem to like it - because they keep voting it in.
Gordon said the body was only providing information “of an administrative kind” to those who were seeking to pursue criminal offences. He said the body saw the MoU with home office as “lawful and proportionate”.
I would expect the people pursuing criminal offences to come with a warrant asking for specific information based upon reasonable suspicion...
....the police are planning to store records on AWS (Amazon) so that PC Plod can use Alexa to access police records. Fake news?.....not really.....see:
- https://www.msn.com/en-gb/news/world/amazon-alexa-joins-the-fight-against-crime-as-uk-police-recruit-smart-virtual-assistant/ar-BBHMdM1?li=AA54rU
"Alexa, write up a new murder report with Jane Doe as a suspect"
Signed: A Dinosaur