back to article Worldwide, perpetual, irrevocable and royalty-free: Amazon's Alexa NHS contract released

The UK Department of Health (DoH) has released a redacted copy of its contract giving Amazon access to data on the NHS Direct website, following a Freedom of Information request from civil rights group Privacy International. The Master Content License Agreement provides Amazon with "a non-exclusive, worldwide, perpetual, …

  1. steelpillow Silver badge
    Mushroom

    Now there's a manifesto pledge I would vote for

    Close down NHS Direct and replace it with a service not pwned by the dot com mafia.

  2. Steve Davies 3 Silver badge

    Wait and see

    If your data is traceable or not...

    If you go and see your GP about some hemmarhoids [other illnesses are available] and suddenly you get adverts for creams etc then you will know that Amazon is talking porkies.

    I would not trust Bezos and co as far as I could throw him into a bit of the Amazon river that is infested by very hungry Piranahs

    1. macjules
      Childcatcher

      Re: Wait and see

      ""No patient data is being provided to this company by the NHS, which takes data privacy extremely seriously and has put appropriate safeguards in place to ensure information is used correctly."

      This means "We already sold off your data to Amazon. Kindly put any complaints in triplicate to the ICO and we'll look at their submission in 5 years time."

      1. Degenerate Scumbag

        Re: Wait and see

        No, it means "If you are stupid enough to buy a voluntary surveillance device and place it in your home, we are not responsible for any data the controllers of the surveliance device gather on you by profiling the searches you make of our content using the surveillance device."

        They're providing web content to Amazon in the same way as Wikipedia etc, nothing more. Amazon certainly can profile you based on your searches of that, in the exact same way that Google can gather information and targeting advertising based on a profile of your searches. I absolutely agree that the potential for Orwellian abuse is quite horrendous, but if you're concerned about that the answer is to disengage from Amazon/Google etc, not blame content providers for making their content available on the platform you chose to use.

    2. phuzz Silver badge

      Re: Wait and see

      "If you go to NHS Direct and search for information about haemorrhoids [other illnesses are available] and suddenly you get adverts for creams etc then you will know that Amazon is talking porkies."

      FTFY

      Unless your GP has an Alexa thingumy in their office of course...

    3. Old Lady

      Re: Wait and see

      I would worry more about what information your GP is passing on if I was you. We received more than one request from research companies requesting help from my husband regarding his illness. One was open & honest enough to say that the GP had put my husband’s details forward. We don’t mind helping research but it would have been nice if we had been asked for permission to have my husband’s medical notes passed on.

  3. Ken Moorhouse Silver badge

    the health service's Crown Jewels

    Cough

    1. Rich 11 Silver badge

      Re: the health service's Crown Jewels

      Cough

      That's what the doctor says when he's holding your crown jewels.

  4. Doctor Syntax Silver badge

    "An NHS spokesperson said: "...this company ... which takes data privacy extremely seriously"

    Did nobody tell the spokesperson that this form of words is only used after a data breach? Or maybe they know something we don't.

  5. JohnFen

    Wow

    This is exactly the sort of thing that I would be entirely unsurprised to hear is happening in the US, but it does surprise me coming from the UK. The UK tends to be much better about this sort of thing than the US -- but I guess not always.

    It should be criminal for services that you can't realistically do without -- like health care -- to require that your data is shared with the likes of Amazon (or Google, or any other such company).

    1. Rich 11 Silver badge

      Re: Wow

      The UK tends to be much better about this sort of thing than the US

      Unfortunately we're run by a bunch of spivs who know the price of everything and the value of nothing.

      1. Danny 2

        Re: Wow

        To be fair, Boris Johnson didn't know the price of a Gregg's sausage roll. He was asked that after claiming he lived out of Gregg's, just like the hoi polloi, and he guessed £1.90.

        1. Rich 11 Silver badge

          Re: Wow

          I'm just surprised he didn't claim it was £350m.

          1. Danny 2

            Re: Wow

            For Americans and other non-Brits I should add that newspapers say a Gregg's Sausage Roll (waste meat in pastry) costs £1.

            The last time I bought one, only a few months ago, it was £0.80. Back then you could get a steak pastry for £1, maybe Brexit has increased that too.

            My main point is nobody knows how many children Boris Johnson has, not even Boris Johnson. He is kind of like Trump but more intelligent and less moral.

            1. Anonymous Coward
              Anonymous Coward

              "He is kind of like Trump but more intelligent and less moral."

              I was with you up to the "but". Boris is no more intelligent than Trump; he just had enough of an education to gather up sufficient classical references to hide his stupidity, and he has slightly better handlers.

              1. phuzz Silver badge

                Re: "He is kind of like Trump but more intelligent and less moral."

                He's less senile than the Trump.

              2. Alan Brown Silver badge

                Re: "He is kind of like Trump but more intelligent and less moral."

                "Boris is no more intelligent than Trump"

                dePfefel is proof that you can throw an Eton education at a baboon and some of it will stick, but it will still fling faeces everywhere and shag anything in sight

        2. Anonymous Coward
          Anonymous Coward

          Re: Wow

          To be equally fair, I have no idea either.

          I couldn't tell you how much anything I buy costs, and I do my own shopping.

          I buy what I need, or want, and pay for it, and unless it costs a lot, like more than £2, I pay little attention.

          It's probably just a sign that he has sufficient disposable income that he doesn't have to count every penny.

          1. Rich 11 Silver badge

            Re: Wow

            It's probably just a sign that he has sufficient disposable income that he doesn't have to count every penny.

            A salary of £275,000 a year for writing a self-serving Daily Telegraph column once a week probably would let you put a few quid aside for the weekend shop.

      2. JohnMurray

        Re: Wow

        "Unfortunately we're run by a bunch of spivs who know the price of everything and the value of nothing"

        Should be: "Unfortunately we're run by a bunch of spivs who know the price of everything and the value of everything, but don't care about anything except themselves"

    2. oiseau
      Facepalm

      Re: Wow

      ... it does surprise me coming from the UK.

      Long ago I would have thought/said the same thing.

      But you know who resides at 10 Downing St. these days and what party has been in power for 30 of the last 40 years, resulting in the sad state the UK is in.

      So no, not at all surprised.

      I am surprised there has not been a huge backlash to this.

      O.

      1. Rich 11 Silver badge

        Re: Wow

        Now, now. The Tories have only been in charge for 27 out of the last 40 years, not 30. Don't get your numbers wrong else the usual suspects will use the rounding error to dismiss your claim as utterly incorrect and point out that because Jeremy Corbyn has been in Parliament for the last 36 years it is in fact all his fault.

        1. veti Silver badge

          Re: Wow

          And for 7 of those 27 years, they were sharing power with other parties. (Both of whom got stitched up like kippers in the relationship.)

          I don't blame Corbyn, I blame the numpties who voted for him as leader of the Labour Party. As a backbencher he was fine. As a leader, he's by far the greatest weapon in the Tory arsenal.

          1. phuzz Silver badge

            Re: Wow

            "Both of whom got stitched up like kippers"

            What was the downside for the Conservatives? They had to have a referendum on proportional voting (which kept the status quo, so no impact really), and they introduced the plastic bag tax (which doesn't seem to have had much political fallout), but as far as I know that was the only concessions they made to the Lib Dems.

            The LibDems on the other hand, ended up losing most of their voters (most of whom in my experience would have been happy with anything except forming a coalition with the Torys). They went from 57 seats in 2010, to 8 in 2015.

            The Lib Dems came off much worse from that team-up.

            As for you comments on Corbyn, I'd broadly agree, but don't forget that he has managed to inspire a (very) hardcore bunch of people who weren't Labour voters before. Almost certainly not enough to win an election, but significant none the less.

            1. Doctor Syntax Silver badge

              Re: Wow

              "The Lib Dems came off much worse from that team-up."

              Not surprising as most of their voters seemed to treat it as a protest vote. It came as a big surprise to them that the leadership actually acted responsibly given that the alternative might have been a continuation of BankruptciesRUs Brown.

              The other thing that came as a surprise to then was that in government, especially in a coalition, you can't get all your policies implemented because reality gets in the way,. The big casualty there being student loans because that was how Blair/Brown had funded the expansion of Universities.

              1. JohnMurray

                Re: Wow

                I think there was a global financial crash somewhere at the end of Blair/Brown....caused by bankers doing what they do best: acting as crooks. After all, the banking industry is the financial wing of the CONservative party!

            2. veti Silver badge

              Re: Wow

              My point exactly. The Lib Dems got thoroughly stitched up when Cameron lured them into supporting tuition fee rises. And now the DUP have been equally brutally shafted (not that they don't deserve it) by Johnson's Irish-Sea plan.

              This is what happens if you make a deal with the Tories, which is why Johnson is adamant it can't happen again - he knows no-one is ever going to trust him.

          2. Anonymous Coward
            Anonymous Coward

            Re: Wow

            Most of those 27 years have ben spent fixing the damage caused by the preceding Labour governments.

            The only reason Blair and Brown stayed in power as long as they did was because they "borrowed" Tory policies and passed them off as their own. As soon as they went back to traditional Labour policies they messed it all up again and the Tories got back in.

            The reason the Lib Dems lost their seats is not because they were "stitched up like kippers", it's because the voters realised that it didn't matter what they had promised before the election, they wold do whatever they wanted and ignore what the voters wanted - and had been promised.

            1. Rich 11 Silver badge

              Re: Wow

              Most of those 27 years have ben spent fixing the damage caused by the preceding Labour governments.

              You won't often find me defending New Labour but most of their spending plans from 1997 involved fixing the leaking school and hospital roofs left as the legacy of 18 years of Tory government. That they swallowed the Tory line on deregulation and PFI to keep the City happy is something they should be excoriated for, but we'd be in a fuck of a worse situation if the Tories had carried on doing what they normally do, selling off public assets to fund their tax cuts for the wealthy. Go look at the data on which governments borrow the most and which governments pay off the national debt the most to see the true picture on long-term finance. Look at the rise in wealth inequality, foodbanks, precarious employment and household debt these last nine years to see how the Tories are happy to favour the few over the many every bloody time.

          3. Anonymous Coward
            Anonymous Coward

            Re: Wow

            It cost me just £3 to vote for Corbyn, thus ensuring Labour stays out of power excellent value by any measure.

    3. veti Silver badge

      Re: Wow

      This isn't about sharing "your" data with Amazon, it's about sharing the NHS's data with Amazon.

      The closest it comes to "patient records" will be something like "if the patient reports these three symptoms, ask about these possibly related symptoms - then based on answers, branch recommendations as follows".

    4. Mike 137 Silver badge

      Re: Wow

      "It should be criminal ..."

      Well it's worth reading this then. Government and health service web sites all over Europe are riddled with third party slurper bots, and that's even on pages gathering sensitive (Article 9) personal data. This latest departure is quite minor by comparison.

  6. Danny 2

    Your health records

    You can ask your GP to see your health records, and I'd recommend it - though do ask to do so in a health centre. They printed mine off and posted it to my neighbour, who read it before returning it.

    I was hospitalised by a cat attack once. About fifty bite punctures to my hand, and scratched to hell. It eventually swelled up and I was admitted through A&E. In my medical notes I later found out by reading my notes that the senior nurse assumed I was a heroin addict and I'd stabbed my hand with a needle fifty times in the one evening. That is just so wrong for so many reasons.

    Dismayed by the quality of information in my file, and dismayed by their lack of security, I demanded the right to be custodian of my own medical records. Every politician I approached treated me like I was crazy.

    I've mentioned here before I once had to scan in medical records I didn't think I should have had access to. We were an imaging / ICR firm trying for an NHS contract, and the NHS files provided to us to test/demonstrate were X-Rays, typed and handwritten records, et cetera, of numerous dead children. I doubt anyone thought to ask their relatives for permission.

    The NHS is wonderful in so many ways but once you realise their utter lack of data security for patient privacy then it's difficult to approach them for treatment.

    1. a pressbutton

      Dead peoples health records

      I do not think GDPR etc applies to dead people.

      Now, this (I think, IANAL) is the law.

      The morality of what was done in this case is _very_ dubious.

      1. Danny 2

        Re: Dead peoples health records

        I said before it was the worst work experience I had. It didn't give me nightmares, but I was emotionally devastated for weeks after. I was feeling sorry for myself at the time until I realised I was vastly overpaid compared to the nurses and supporting NHS staff that actually dealt with those dead children, and do so each and every day.

      2. MAF

        Re: Dead peoples health records

        No the NHS Data privacy regulations protect living & dead patients and overarch the GDPR/DPA regs.

        1. Anonymous Coward
          Anonymous Coward

          Re: Dead peoples health records

          My wife died because consultants and junior doctors couldn't be bothered to follow their own rules. This is isn't alleged, I forced them to apologised publicly and then sued them and won.

          As an institution they don't believe their own rules apply to them at any time, I have this in writing. They have no interest in learning from mistakes (also in writing) and don't really give a shit when things go wrong unless you drag them kicking and screaming to tribunals and courtrooms (all complaint responses late, most points ignored in favour of their own).

          Before I could begin my complaint I had to get hold of medical records which even in the circumstances I had to pay the photocopying fee for.

  7. Anonymous Coward
    Anonymous Coward

    Selling England By The Pound

    Top stuff. I'm gonna vote for even more of this! Can't wait to get the ol' snout into the Great British Cake-Trough KERCHING!

    1. Roj Blake Silver badge

      Re: Selling England By The Pound

      "Can you tell me where my country lies?"

      said the unifaun to his true love's eyes.

      "It lies with me!" cried the Queen of Maybe

      - for her merchandise, he traded in his prize.

      "Paper late!" cried a voice in the crowd.

      "Old man dies!" The note he left was signed 'Old Father Thames'

      - it seems he's drowned;

      selling England by the pound.

  8. dnicholas

    Everything's fine

    We really need the hear no evil, see no evil, speak no evil monkey icons

  9. Dan 55 Silver badge
    Devil

    Well

    The Tories certainly got that sorted out before the elections, just in case.

    In the remote chance they do get kicked out, I wonder which multinational they'll turn up in next.

  10. Cincinnataroo

    What I hear

    When I read those disclaimers like:

    the NHS, which takes data privacy extremely seriously and has put appropriate safeguards in place to ensure information is used correctly.

    I hear something like

    the NHS, which has no clue about data privacy at all, and would sell information about their grandmother if it paid enough, has put in place measures to ensure that data leaks widely, where we can't trace what's lost, and through leaks that we'll never fix (and don't know how to)

  11. aelking

    This article is scaremongering a bjt

    The data being sold by the NHS is its info on the NHS direct website, which is basically a symptom wizard and pages to look up what to do in an illness. Not patient records.

    The issue with this then being on Alexa is what are Amazon going to do with the data for a person after using the Alexa Symton wizard.

    1. NeilPost

      Re: This article is scaremongering a bjt

      The DoH are incorrect as to what Amazon do with it as not their problem as the DoH are the Data Controller, and Amazon a sub-processor.

      GDPR.

      1. Cynical Pie

        Re: This article is scaremongering a bjt

        they aren't. The DoH aren't sharing personal data so there are zero data protection implications for them.

        That Google may choose to profile is a matter for Google and they (Google) would be the data controller as they are the ones collecting and processing personal data.

        1. NeilPost

          Re: This article is scaremongering a bjt

          It’s supposedly anonymised, but still has to comply to the 7 Principles as below. What guarantee is being made to ensure the anonymisation remains intact.

          The GDPR sets out seven key principles:

          Lawfulness, fairness and transparency

          Purpose limitation

          Data minimisation

          Accuracy

          Storage limitation

          Integrity and confidentiality (security)

          Accountability

          https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/

  12. Anonymous Coward
    Anonymous Coward

    Just consider.......

    1. I live at postcode AB3 4CD

    2. I go to my doctor, who diagnosis X and gives me a prescription for Y, an over the counter medication.

    (Note, even if the patient record is anonymised, the TIME STAMP on the medical record is presumably available.)

    3. I go home and order Y through Amazon.

    4. The data mining application at Amazon immediately links the DOCTOR DIAGNOSIS (NHS Direct) and the Amazon order for Y (matching the TIME STAMP data).

    5. Voila ... Amazon can now link the original (anonymised) medical record with a name and address. And of course, Amazon also knows about your other purchases, particularly the ones you sent to friends (birthdays, Christmas). So now Amazon is building a matrix of you and your friends (and the medical history of your friends -- see above for details).

    BIG DATA at work.

    But wait.....commercial organisations have access to credit card databases, car licence databases, Google search histories......the list is very long. Matching processes similar to my example would allow some unknown DATA CONSOLIDATOR to link up medical histories, names, addresses, credit scores, car ownership...... This linkage might take a while (a month or two)....and before you know it, some advertiser will know the colour of your underwear (and that of your friends too).

    Welcome to the future........Amazon is already here!!!!!!

    1. NeilPost

      Re: Just consider.......

      Just go home and change something in your name or address to “NULL” and problem solved.

      Greetings to you in Aberdeenshire.

    2. Anonymous Coward
      Anonymous Coward

      Re: Just consider.......

      "4. The data mining application at Amazon immediately links the DOCTOR DIAGNOSIS (NHS Direct) and the Amazon order for Y (matching the TIME STAMP data)."

      This is where your logic breaks down a little (though the end result of what's really happening is pretty similar). Amazon won't have access to the doctor diagnosis info, as that's not on NHS direct. All they're getting from NHS direct is a symptom/diagnosis database, basically the same info the website will give you if you browse there looking for advice. There's no patient data there at all, much less the really sensitive stuff like actual medical record data.

      However, if you use alexa to search NHS direct for "Why does it hurt when I pee?" and then send them an order for an over-the-counter "clap-be-gone" ointment, you can bet that Amazon's algorithms will have joined the dots and made a note in their profile on you. NHS direct really isn't responsible for the data which has been gathered on you - you've leaked the data yourself by using Amazon as a middleman for everything. That's what's going on here.

      1. Ken Moorhouse Silver badge

        Re: you've leaked the data yourself

        Painfully, by the sound of it.

    3. JohnMurray

      Re: Just consider.......

      I don't use Amazon.

      I don't have a credit card.

      I opted-out of my health data being used for research purposes.

  13. Roj Blake Silver badge

    Boris Johnson

    See everyone? When Boris Johnson told us that he would never sell the NHS, he was telling the truth! He's going to give it away for free!

  14. -tim
    Facepalm

    Big Data?

    Big Data by definition is the ability to de-anonymise data like this.

    You take medicine A and B live in an post code area with a known pollution level. The Venn Diagram intersection of that consists of just you. Repeat for all the rest of the data and other factors. It gets even easier once you can start removing people from the data set since the birthday paradox can be used in reverse. A few trillion iterations through a large data set can keep a modern PC from sleeping for hours at a time.

  15. W.S.Gosset Silver badge

    Australia ditto, but more-so

    Australia's new-ish "MyHealth" system goes a step further than the NHS in terms of data captured and data accessibility. Much assurances by govt on how it is all totally secure and eyes-only and never to be released for commercial use, and in fact only to your own doctor*. "TWUST US! Or not ; we've made it mandatory so we really don't care what you think."

    A largeish company recently accidentally let the cat out of the bag by announcing they will be "innovating" by trawling the MyHealth data for commercial gain.

    .

    .

    * Or any doctor in event of emergency. In fact this ability was the headline scream-slogan as the overwhelming "NEED!" for this system.

    And since there's no way to really formally record "emergency status" environmentally, it's really just "any doctor". Or nurse, too, they'll need it. Oh, and the administrators, they need to make decisions about any treatment. Oh, and their managers and all senior management. GP's counter staff need it because they process the payments. And public servants with any responsibility related to health. So that's a gawpingly large number of Centrelink people included too. Plus most of the special units therein. Plus anyone who's ticked the govt box marked "NDIS Provider". Plus their sub-contractors. Plus .... etc etc. The arguments for the net thrown wider are ongoing and will always be. For example, RTOs (training organisatoins who've suckled onto the govt teat) have already made noises about needing access, as part of assessing concessional status.

    To put it another way, your private medical history is now leakable by perhaps a quarter of the population of Australia.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like