Full NHS hospital records uploaded to Google servers, "infinitely worse" story to come

PA Consulting, a management consulting firm, obtained the entire English and Welsh hospital episode statistics database and uploaded it to Google's Bigquery service. The stats filled 27 DVDs and took "a couple of weeks" to transfer to Google's service, which is hosted in non-EU data centres. This is spectacularly illegal. The NHS dataset includes each patient's NHS number, post code, address, date of birth and gender, as well as all their inpatient, outpatient and emergency hospital records. Google's Bigquery service allows for full data-set sharing with one click.

The news of the breach comes after the collapse of a scheme under which the NHS would sell patient records to pharma companies, insurers and others (there was no easy way to opt out of the scheme, until members of the public created the independent Fax Your GP service).

According to researcher and epidemiologist Ben Goldacre, this story is just the beginning: there's an "infinitely worse" story that is coming shortly.

Read the rest

Fax Your GP: quick opt-out from insane NHS plan to sell your medical records


The UK National Health Service has initiated a plan to take the nation's private health records and sell them off to private companies in a process overseen by notorious multinational bumblewads ATOS. If you live in the UK England, your records -- mental health records, prescriptions, records of surgeries including abortions, and other sensitive personal information -- will be handed over to a wide-ranging group of companies all over the world.

Unless you opt out. And opting out isn't easy. There's no central place to opt out. Instead, you have to send a letter to your GP's surgery, which means you have to look up your GP's surgery's address, compose a legally sufficient letter, print it out, find an envelope and a stamp -- etc.

However! There's a better way. A group of volunteers whom I trust implicitly, including the astounding Stef Magdalinski (who made the Faxyourmp service that is the ancestor of Theyworkforyou) have created Fax Your GP, a dead-simple form that will look up your GP's fax number for you, create a form opt-out letter you can fill in in just a few easy steps, and then they'll fax that letter directly to your GP's surgery. I just opted out.

Read the rest

UK set to sell sensitive NHS records to commercial companies with no meaningful privacy protections - UPDATED

The UK government's Health and Social Care Information Centre quietly announced plans to share all patient records held by the National Health Service with private companies, from insurers to pharmaceutical companies. The information sharing is on an opt-out basis, so if you don't want your "clinical records, mental health consultations, drug addiction rehabilitation details, dsexual health clinic attendance and abortion procedures" shared, along with your "GP records, HS numbers, post-codes, gender, date of birth," you need to contact your doctor and opt out of the process.

This is a complex issue. Large data-sets are the lifeblood of epidemiology and evidence-based care and policy, and the desire to extract useful health information from this data is a legitimate one.

However, it's clear that no one involved in the process gives a damn about privacy. These data-sets -- which will be sold on the open market to commercial operators -- are "anonymized" and "pseudonymized" through processes that don't work, have never worked, and are well-documented to be without any basis in reality.

And that's the thing that brings the whole enterprise out of the realm of legitimate scientific project and into the realm of corporatist hucksterism. Once the architects of this project announced that its privacy protections would be based on junk science, they lost any claim they had to operating in good faith.

Effectively, the managers of this programme have said, "We can't figure out how to protect the most private, potentially damaging facts of your life, so we're not going to try." It is pure cynicism, and it makes me furious. It brings the whole field of evidence-based medicine into disrepute. It is a scandal. And as it goes ahead, it will spectacularly destroy the lives of random people in the UK through the involuntary, totally foreseeable disclosure of health information, in ways that make the general public leery of any participation in this kind of inquiry.

If you set about to discredit the open data movement, you could do no better than this.


Update: As if that wasn't bad enough, Noemi adds, "The contract for handling and managing the care data has been given to ATOS. This is the same company whose disability benefit assessment has been found to be flawed and unacceptable in 40% of cases by the Audit Commission." Here's more.

Read the rest

Data viz: whom did the UK government invite to emergency talks about the health reform bills?


Dr Ben "Bad Science" Goldacre sez, "I did a really sophisticated and complex data visualisation. I think you might enjoy it. There's definitely a pattern in there, I just need to decide what statistical tests will best extract the signal from the noise."

Who is, and is not, invited to Cameron's emergency NHSbill summit? A data visualisation.