Conflicting messaging overshadows NHS Digital's attempts to inform public about patient data slurp

*cough*

What's in the DPIA ? Assuming they've done one.

Come on Reg

Where's the one click opt out link?

GDPR

How does this square with GDPR which deals with personal data (and data does not get more personal than this)? In my naivety, I thought all data requests had to be opt-in not opt-out so surely this drives a coach and horses through GDPR! Perhaps this appalling data grab should be brought to the attention of the EU data commissioner - it may be that this egregious theft of user data influences their decision on UK data adequacy and whether the UK can still operate data transfers to and from the EU.

Sweeping under the carpet

Just phoned my surgery to ask about this and the best way to opt-out of the Type-1.

They didn't know anything about it.. Surely something of this scale should be distributed to everyone, especially people who pick up the phone?

Oh no, that's right, they just want to plough ahead with the minimum of fuss from pesky individuals who value their privacy.

We do not sell data. We only seek to recoup costs

The lady doth protest too much, methinks

Almost impossible to opt out

I have opted out but it's very difficult for most people to do so.

A. Almost no one knows that this is happening

B. Of those that do most won't understand or, based on social media attitudes to privacy, care about the true implications.

C. Even in this day an age most people can't actually navigate the internet very well.

I wonder if insurance companies will have access to this data? This would be mana from heaven for them, to be able to target area's very specifically with different rates for insurance based on health data. If the NHS sells it for that sort of purpose they are scumbags.

Also, all those cosy assurances about the checks and audits they're supposedly going to carry out, will the results and the participants involved be on public record? Similar for the assured destruction of data records.

Dear NHS, fek off. Thanks.

Signed, pretty much everyone.

When even the fekkin blind guy can see the Mount Olympus of problems with what you're planning, what does that tell you?

(Yes, this is ShadowSystems. My temporary new handle reflects my current mood. I think someone has made a mistake down at the chemist's & my normal dried frog pills aren't being formulated properly.)

Link to opt-out form

It was quite easy to do - just need your name, DoB, NHS number or post-code - then it asks for email or phone to verify.

https://digital.nhs.uk/services/national-data-opt-out

Simple Solution

Maybe the simplest solution (not that anyone will do it) is to reset the current permission as it is no longer valid to a default of "opt out".

Now that would stop these knop jockeys dead in their tracks because all that tasty data to be slurped would not be available by default. I just find it astounding that anyone deems it acceptable to have a significant update to data sharing that most people do not know about with a default of status quo ( I assume) or worse opt-in.

For the majority of the population this is simply beyond them to figure out.

Actually, your opt-out matters not.

Your data can still be used in research/planning, even if you opt-out, if information that can identify you is "removed".

Your confidential patient information can be used in a small number of situations, such as national statistics.

In an emergency where the safety of others is affected.

The NHS collects confidential patient info from NHS trusts/local authorities/private healthcare providers, providing care to NHS patients. Research bodies can request access to that information.

The only exclusions noted are that marketing and insurance can have no access......but given that an increasing amount of healthcare is via USA companies.....

All that came from the NHS App.....

Seriously?

FFS - it actually says (https://www.nhs.uk/your-nhs-data-matters/where-your-choice-does-not-apply/) "Information about your health care or treatment might still be used in research and planning if the information that can identify you is removed first." So you effectively can't opt out. There are numerous other get-out clauses here too.

It has been shown many times that "anonymised" data can often be de-anonymised, as it doesn't take many data points to make the data unique or near-unique. And I have little confidence that there will never be a data breach.

Where your data is stored - apparently NOT in the UK!

Browsing through https://your-data-matters.service.nhs.uk/privacynotice tjhere is a paragraph "Where is your data stored" which states:

"We store your data on secure cloud servers in the European Economic Area (EEA)."

As the UK is not in the EEA (as defined in the link) this suggests the data is NOT held in the UK!

What really fucks me off is that all the info you have to provide on these opt out forms is EXACTLY what could be used to link you to the medical records. This whole thinking really stinks, like the arseholes that came up with this scheme.

BBC R4 Today

NHS Digital just had someone on Radio 4 defending this against ‘not very good’ probing. You could hear the nervousness in his voice as he explained what would happen to the data. Just been trying to re-listen to it but BBC Sounds is not making that easy. Talked I think about encryption of data in transit but I think I heard that it wasn’t when at rest and that identities were associated with data (hence my trying to replay that part)! And of course he had to admit that all the sensitive data you could imagine (sexual health, treatments etc) are included in that data - not one mention of private companies being able to gain access of course.

Also told the interviewer that they’ve made all the details available to GPs to allow them to inform their patients to include posters etc - knowing full well almost nobody has been near a GP office for the last year or so!

Disingenuous untrustworthy bastards!