back to article NHS Digital's demise bad for 55 million patients' privacy – ex-chairman

Ten months after attempts first began to extract the medical information of 55 million citizens in England, NHS Digital's former chairman is warning the merger of the agency with NHS England threatens the privacy of people's personal data. The view was that if a patient had chosen to use the NHS they had implicitly agreed …

  1. Anonymous Coward
    Anonymous Coward

    Sad but true

    Sadly these days everything and everyone wants your data.

    I can't do a lot about the data NHS already holds about me, but I can change what they collect in the future.

    I think of it much like Social Media, I don't use it, therefor I can significantly reduce what they know about me.

    As such, I don't visit GPs, hospitals etc. I just deal with my medical problems if they occur on my own with home remedies.

    (recently had to stitch a wound shut by myself for example)

    With that said I did get all the COVID vaccines to ensure other peoples safety.

    Sad to say, but it's the cost of privacy. I'm willing to pay that price.

    1. nematoad Silver badge
      WTF?

      Re: Sad but true

      "As such, I don't visit GPs, hospitals etc."

      Idiot.

      You might be fit, young and healthy but that is not true for everyone.

      So what if you develop cancer or some other life threatening illness? Are you going to self-medicate for those as well?

      A lot of us have no choice, we have to rely on the services of the NHS and in the UK we are blessed by being able to do so.

      So what is your answer to the problem of some people associated with the NHS wanting to make money off of people's most personal and sensitive data?

      In your case it seems to be to try and side-step the threats but it might be better to actually do something about it and put curbs on the acquisitive tendencies of those at the top of the medical hierarchy

      1. Anonymous Coward
        Anonymous Coward

        Re: Sad but true

        I never said other people couldn't or shouldn't use medical care.

        Merely that I myself do not use it. Plus I see it as a benefit to other people, one less person using the NHS is gives the ability for our NHS to help someone more deserving than me.

        If I get cancer? Well I'll just die of cancer. I wouldn't be diagnosed of it in the first place either, so it would just take me and probably quickly too.

        We all die eventually anyway.

        I don't fear death, you can't escape it so why fear it? I just enjoy the time I'm alive now.

        1. John Brown (no body) Silver badge

          Re: Sad but true

          "I wouldn't be diagnosed of it in the first place either, so it would just take me and probably quickly too."

          Please don't be so blasé about contracting cancer. Just because you might get it and be undiagnosed does not any way promise a quick and hopefully painless death. Allowing a cancer to remain undiagnosed and untreated could just as easily lead to a protracted and very painful illness. Being young and healthy doesn't preclude you from cancer either. It's just more rare.

          1. Anonymous Coward
            Anonymous Coward

            Re: Sad but true

            I'm not young (early 30s).

            As with any illness there's always a risk of pain, and thankfully I do have a high tolerance for pain (I always skip the pain killers and just grit my teeth through pain so I've developed my tolerance over time.).

            If it happens it happens. I'll just live with it for the time I can until I die.

            I do what I can to heal myself where needed. For example, instead of antibiotics I would opt for a more ancient method like honey on a wound to prevent infection and reduce swelling. (Proper honey, not your sugar filled artificial crap in the supermarkets)

            I haven't taken antibiotics in over 15 years, despite having multiple infections in that time which I self treated (they cleared up and healed nicely)

            People also often forget antibiotics don't just kill bad things in your gut, they also kill the good ones. You should browse the list of possible side effects on medication before you stick it in your body...

            In addition using them too frequently will reduce their effectiveness. Say, you have two people, one person who reaches for antibiotics for the smallest things like a cold (which they do nothing for) and another who rarely uses them.

            Give them both sepsis and try to treat them with medical grade antibiotics.

            You'll find the person who overused the antibiotics will be more difficult to cure and may not survive where as the person who rarely used them and didn't abuse them would have a higher chance of survival (albeit not guaranteed)

            My point being, medication and doctors don't always have to be the answer.

            The human body is quite capable of maintaining and repairing itself and while we do occasionally need to help it along the way I would rather not use a medical system which will use my own body against me in the sense of selling data.

            I like to travel a lot, which means I need travel insurance. Now picture this, you go to your doctor with a medical concern, s/he writes about that concern in your personal file and sends you off for tests.

            Meanwhile that information is immediately shared to a third party, that party then sells it to insurance companies.

            Next thing, you can't get travel insurance anymore without paying a hefty premium.

            How long until you can't get a credit card because you have a medical condition that makes you a higher risk of dying before being able to pay it back?

            Etc.

            If the information is stored and sold to third parties it can and will be used against you.

            And so, I choose to avoid the systems which would enable that to happen. It's a personal decision and it is my choice.

            I've tried countless times to teach people not to use social media companies like Facebook, or to avoid using google to search for personal things - explained to them the side effects of that.

            It always comes back to convenience over their privacy and they just don't care. So I simply don't bother trying to protect other peoples privacy from large orgs like Facebook, because they will use them anyway.

            The large companies know this all too well, and so they too will do it anyway because they know those of us who will stop using them because of their decisions is such a small minority that it doesn't make even 0.1% of a difference in their profits.

            So I chose to take my own steps for privacy for myself where I can. It's my decision and I will stand by it.

            Even if that makes me an "idiot" in other peoples minds.

            But you should be happy this idiot not seeing a doctor could be the reason you can see one (one less person in the queue).

            I'm also not insensitive to other peoples needs, why do you think I had all 3 COVID jabs despite each one giving me heart pulputations and sweats for a few days? To keep other people safe.

            I don't have have them for myself, I had them in order to hopefully prevent someone else losing their mum, brother, sister etc etc.

            So yes I may be an idiot, but I am a person who considers my decisions carefully.

            1. CRConrad

              Sad and not true

              > I'm not young (early 30s).

              Early 30s IS young.

              > So yes I may be an idiot,

              Apparently.

              > but I am a person who considers my decisions carefully.

              Apparently not.

            2. Ian Johnston Silver badge

              Re: Sad but true

              You'll find the person who overused the antibiotics will be more difficult to cure and may not survive where as the person who rarely used them and didn't abuse them would have a higher chance of survival (albeit not guaranteed)

              That is not how antibiotic resistance works.

            3. LybsterRoy Bronze badge

              Re: Sad but true

              TL:DR

              Tell me, briefly, precisely what information about yourself is so secret that you'd prefer death to its revelation.

            4. BurnedOut

              Re: Sad but true

              Although it's entirely healthy to debate the extent to which medical information should be sharable, this particular argument is problematic: "I like to travel a lot, which means I need travel insurance. Now picture this, you go to your doctor with a medical concern, s/he writes about that concern in your personal file and sends you off for tests. Meanwhile that information is immediately shared to a third party, that party then sells it to insurance companies. Next thing, you can't get travel insurance anymore without paying a hefty premium." Bearing in mind that all insurers would normally ask about pre-existing conditions and current investigations, to conceal such details at the time of applying for insurance would potentially be fraudulent.

            5. Anonymous Coward
              Anonymous Coward

              Re: Sad but true

              Each to their own but as someone who's just had several tumours removed from inside their head I'd honestly suggest you're concerns over the data held on you are daft.

              I work in the NHS, your data is probably more secure there than any other organisation you've ever interacted with as there are staff there who are zealously protecting it and who would frankly rather be fired than allow data to fall into the wrong hands.

              I'm one of them.

              Do not allow concerns over privacy stop you seeking treatment, you aren't helping others - you're simply harming yourself and your family as a result.

              You will at some point in your life end up in a hospital regardless, breathing or otherwise.

      2. LybsterRoy Bronze badge

        Re: Sad but true

        A diabetic here.

        I did think you were a bit harsh with your "idiot" then I read the second post from "Anonymous Coward" and assuming its the same one I think IDIOT is well justified.

  2. Mike 137 Silver badge

    Protections rather limited

    "In effect, NHS England will be able to decide that its legitimate interest override those of the citizen and the patient..."

    Actually, in respect of Article 9 data, legitimate interest is not a lawful basis for processing. NHS England would have to rely in Article 9(2)(g), (h), (i) or (j). However that's a pretty wide gateway, particularly as NHS England would be the arbiter of factors such as 'substantial public interest', necessity for 'management of health or social care systems and services', necessity for 'reasons of public interest in the area of public health' and so on.

    Unfortunately, as government agencies make the rules, they can award themselves pretty much any freedoms they want.

  3. Zippy´s Sausage Factory
    Unhappy

    FTFY

    "NHS Digital's former chairman is warning has just realised that the merger of the agency with NHS England threatens the privacy is designed to facilitate the sale of people's personal data."

    1. 42656e4d203239 Bronze badge

      Re: FTFY

      As far as I recall NHS(D) was set up to funnel public funds into private pockets as effecienty as possible and sell the data it gathered at the best possible price to its chums. Sounds like sour grapes on the outgoing organisation's behalf...

      1. Gordon 10 Silver badge
        Pirate

        Re: FTFY

        My thoughts exactly. I thought NHS-D were a bunch of data bandits?

        Is the chairman not the pot calling the kettle......

        arrrr!

      2. JassMan Silver badge

        Re: FTFY @42656e4d203239

        I agree. I read the sentence "Doing away with an independent statutory body in NHS Digital, charged with defending patient rights, is itself, unfortunate. " and thought it was a statement designed by Putin's media mis-information team.

        NHS digital were the ones trying to sell off our "anonymised" data and still have a page on the intertubes allowing you to opt-out. Which by the way is non-GDPR compliant in that it has the analytics and social media boxes pre-checked.

        Mind you care.data was just as bad and it was NHS England

        1. JassMan Silver badge

          Re: FTFY @42656e4d203239

          Replying to myself here as I have just checked and care.data was an NHS England project. There is a common point here and that is that both projects were initiated by the Conservative government. - Those guardians of our data who recently had a "consultation" on replacing/hobbling the GDPR in order to make it easier for anyone who donates to the party to use our data in any way they see fit, as long as they say it is for research. That is "research" in any form - not specifically science.

    2. Roland6 Silver badge

      Re: FTFY

      I think you got that wrong, it was NHS Digital that was set up to facilitate the sale of peoples medical data. This move effectively puts NHS Digital back inside the NHS and thus subject to all its data processing constraints.

      Now there might be a case that the NHS uses patient data without proper disclosure and consent.

    3. Roland6 Silver badge

      Re: FTFY

      Given NHS Digital's former chairman is quoted as saying " health secretary Sajid Javid's decision to merge NHS Digital into NHS England and NHS Improvement last year was a "retrograde step not least in the context of this government's clear intent to weaken the constraints on the use of patient data."

      It would seem the threat to data privacy he is referring to is it not being subject to weakened usage constraints... I fail to see how this is "a backward step for patient data rights"...

  4. This post has been deleted by its author

  5. codejunky Silver badge

    NHS

    The sainted institution of central control is expected to put patients first? Damn cheek!

    1. Roland6 Silver badge
      Pint

      Re: NHS

      What do you mean third-parties can only use the NHS patient data within the constraints set by the NHS and not be free to exploit it in anyway they see fit.

      1. Doctor Syntax Silver badge

        Re: NHS

        One wonders what constraints might be imposed by an organisation that appointed Dido Harding as its now thankfully departed chair of improvement [sic].

        1. Roland6 Silver badge

          Re: NHS

          Reports say her appointment was politically motivated cronyism. Fortunately, she became politically toxic before Downing St. offered her the NHS England CEO job...

  6. Anonymous Coward
    Anonymous Coward

    Re: Dead on arrival

    In fairness, there have been many instances of successful research projects during the pandemic that were only possible through access to shared, linked data from within the NHS. In many of those cases, the systems designed to ensure the due consideration of impact on individuals versus the common good were bureaucratic, and slowed things down. There are checks and balances in place and they do work.

    I would rather have an environment where data sharing is permitted, with those checks and procedures in place, than one where no data sharing is allowed. Remember that sharing _identifiable_ data is remarkably rare and requires huge levels of justification (rightly). Opting out of sharing data removes your data from _everything_, including all those projects where it's just the characteristics of the data, not the individuals that are the important features.

    Those of you up in arms about people seeing _your_ data should also remember that lots of the advances in medical treatments that we all take for granted were derived on the back of sharing other people's data. Without that, we'd all be like the earlier AC, living in a cave and slapping a nettle poultice on everything.

    1. Doctor Syntax Silver badge

      Re: Dead on arrival

      Their past efforts lead to a degree of mistrust as to just whether the checks and balances really exist and work. There needs to be a lot of effort to rebuild trust. We need to see that this is really working.

    2. Anonymous Coward
      Anonymous Coward

      Re: Dead on arrival

      "Those of you up in arms about people seeing _your_ data should also remember that lots of the advances in medical treatments that we all take for granted were derived on the back of sharing other people's data. Without that, we'd all be like the earlier AC, living in a cave and slapping a nettle poultice on everything."

      Agree with the sentiment BUT I do not trust 3rd parties to use my data safely.

      The monitisation of the data is too much of a temptation to 'fudge' the checks & balances.

      I have opted out in all possible ways, as previously advised in el Reg, but now those actions are looking to be redundant as NHS Digital is no more !!!

      :(

    3. Roland6 Silver badge

      Re: Dead on arrival

      >Those of you up in arms about people seeing _your_ data should also remember that lots of the advances in medical treatments that we all take for granted were derived on the back of sharing other people's data.

      My understanding is that all were achieved within the data ownership and sharing arrangements of NHS England.

      NHS Digital's data grab was about monetizing the data and facilitating the creeping privatisation of the NHS by US (profit first) health businesses. Ie. further Conservative party interests.

    4. SImon Hobson Silver badge

      Re: Dead on arrival

      Oh, I think we all agree that this data is incredibly important for research. Unfortunately, the people who should be applying the "checks and balances" in protecting that very important and very intimate personal information have really poisoned the well by showing themselves to be untrustworthy.

      Now, if they were to somehow demonstrate that they can be trusted, and that said trust would stand the test of time (and future ideas about what is "reasonable"), then I doubt that many of us would be averse to doing our little bit towards future medical research. But, that's a massive IF there - I have no idea how they could get from where they are now to where they need to be.

  7. Anonymous Coward
    Anonymous Coward

    Old model still in use in Scotland makes more sense

    NHS Boards (Trusts)

    separate legal entities, working together but each legally responsible as Data Controllers for their own population. Any central body wanting to misuse data has to get it past multiple governance groups any one of which can throw a spanner into the works.

    Not perfect, but as a citizen I'm far happier with that approach than dumping all the decision making power in one place and realistically one individual.

  8. Steve 114

    Privacy forever

    25+ years ago, I was in Committee-contact with well-intentioned, underpaid, NHS people who could see perfectly clearly that Britain was host to the largest potential database of (properly-anonymised) health, disease and operational data, possibly anywhere in the world. But however you tried to mobilise it, the GPs didn't like that, the Consultants didn't like that, and paranoid patient groups didn't like it. And even if anything seemed possible, the total spaghetti of systems and Standards and hopeless UIs made nothing feasible at all. Why, we wondered, could every other knuckle-dragging sector mobilise their data, and even for such potential public benefit we/they simply could not, nor even have a staged plan to do so? Even piffling Iceland already had a population genetic database (yes, I know those snags too). And here we all still are, still letting private operators carve off bits that might join some someday metaverse, and still locked up with forever-privacy squeals. Grotesque.

    1. Doctor Syntax Silver badge

      Re: Privacy forever

      "And here we all still are, still letting private operators carve off bits that might join some someday metaverse, and still locked up with forever-privacy squeals."

      That sounds like cause and effect.

    2. Anonymous Coward
      Anonymous Coward

      Re: Privacy forever

      Iceland has a genetic database for a good reason. The population is so small there are genuine inbreeding concerns. The database allows checking for how close a relation someone is.

  9. Howard Sway Silver badge

    If a patient had chosen to use the NHS they had implicitly agreed that their data could be used

    Yeah, cos otherwise you're going to have to be given the choice before you're loaded into the ambulance : share your data or die in agony sir?

    People don't use the NHS because they "choose" to. They use it because they have to.

    1. John Brown (no body) Silver badge

      Re: If a patient had chosen to use the NHS they had implicitly agreed that their data could be used

      They also use it because they paid up front to use it. It's "free at point of use" and some people get treatment far beyond how much they paid in, the majority use it far less than the value they paid in over their lives. But everyone pays. Even if they don't use it and pay to go private instead. That's probably the best thing about it. Homeless? Got no money and no job? Fine, you still get the same care :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: If a patient had chosen to use the NHS they had implicitly agreed that their data could be used

        I hate the constant cry of “free at the point of use”. That isn’t the only key factor. Not for profit is the other part always missed off when the Tories talk of it not being sold off. (Granted not for profit can be fiddled to symphony money off easily)

        1. John Brown (no body) Silver badge

          Re: If a patient had chosen to use the NHS they had implicitly agreed that their data could be used

          Yeah, I know what you mean, but I was reinforcing/adding to the comment about "choosing" to use the NHS. For most, it's not a choice it's using what you already paid for.

        2. Anonymous Coward
          Anonymous Coward

          Re: If a patient had chosen to use the NHS they had implicitly agreed that their data could be used

          >Not for profit is the other part always missed off when the Tories talk of it not being sold off.

          Yes, it took the NHS to actually resolve my medical problems - My (new) GP on reviewing my file simply prescribed the recommended mix of drugs - problem resolved in weeks and body fully recuperated within the year; nearly 20 years previously the private medical insurance paid for lots of expensive 'investigations' couldn't reach a diagnosis and so no treatment recommended, so I lived with the condition until I had cause to visit the Dr...

          I think this is part of the deal also overlooked, the NHS will tend to do what is most efficacious for the patient rather than what will extract the most money.

          Although in saying that, I'm really p*ssed off as to how unjoined up the NHS is, for example, something as well understood as a cochlea implant which requires a whole bunch of appointments with different specialists working in the same department and/or hospital campus, are treated as a series of separate individual appointment bookings with each being booked in turn, rather than being grouped into a couple of mega appointments.

  10. Arthur Daily

    Data Obscuration is Imposible

    Data Obscuration is impossible. Fields and relationships are subtly linked. The people working on such projects lack experience and formal qualifications. And they don't understand hospital specialists, or even operation timing. Or if a surgeon dies or they are all at some conference, what guesses can me made. In all, people with high intervention rare diseases can be linked back, others less so. In Australia the university researchers were able to poke holes, because they were aware of some relationships . The most significant discovery was which hospitals are best, and which are the worst (infections, follow up corrections needed) which the insurance companies lapped up, but the researcher denied the ability to publish. When the ability to score surgeons against procedures , that too was banned from light of day. In all digital information is not welcome, when it identifies deficiencies.

    1. Anonymous Coward
      Anonymous Coward

      Re: Data Obscuration is Imposible

      “The people working on such projects lack experience and formal qualifications.”

      Bollocks.

      1. Anonymous Coward
        Anonymous Coward

        Re: Data Obscuration is Imposible

        “The people working on such projects lack experience and formal qualifications.”

        Bollocks.

        Yes, I am sure some of the people also lack those .... due to certain normal genetic differences !!!

        :)

  11. Anonymous Coward
    Anonymous Coward

    All your confidential NHS Health Data records ...

    ... are belong to Google.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022