UK set to sell sensitive NHS records to commercial companies with no meaningful privacy protections – UPDATED

The UK government's Health and Social Care Information Centre quietly announced plans to share all patient records held by the National Health Service with private companies, from insurers to pharmaceutical companies. The information sharing is on an opt-out basis, so if you don't want your "clinical records, mental health consultations, drug addiction rehabilitation details, dsexual health clinic attendance and abortion procedures" shared, along with your "GP records, HS numbers, post-codes, gender, date of birth," you need to contact your doctor and opt out of the process.

This is a complex issue. Large data-sets are the lifeblood of epidemiology and evidence-based care and policy, and the desire to extract useful health information from this data is a legitimate one.

However, it's clear that no one involved in the process gives a damn about privacy. These data-sets — which will be sold on the open market to commercial operators — are "anonymized" and "pseudonymized" through processes that don't work, have never worked, and are well-documented to be without any basis in reality.

And that's the thing that brings the whole enterprise out of the realm of legitimate scientific project and into the realm of corporatist hucksterism. Once the architects of this project announced that its privacy protections would be based on junk science, they lost any claim they had to operating in good faith.

Effectively, the managers of this programme have said, "We can't figure out how to protect the most private, potentially damaging facts of your life, so we're not going to try." It is pure cynicism, and it makes me furious. It brings the whole field of evidence-based medicine into disrepute. It is a scandal. And as it goes ahead, it will spectacularly destroy the lives of random people in the UK through the involuntary, totally foreseeable disclosure of health information, in ways that make the general public leery of any participation in this kind of inquiry.

If you set about to discredit the open data movement, you could do no better than this.

Update: As if that wasn't bad enough, Noemi adds, "The contract for handling and managing the care data has been given to ATOS. This is the same company whose disability benefit assessment has been found to be flawed and unacceptable in 40% of cases by the Audit Commission." Here's more.

HSCIC's own guide to confidentiality points out the potential for messy dilemmas. For instance, the guide mentions that "removing the individual's name, age, address and other personal identifiers may not be sufficient to effectively anonymise the information." Therefore, even so-called "green" data can leak personal health information.

And while HSCIC attempts to fix legal issues by stating the information should always be shared in accordance with the law and organisations must abide by legal provisions which may ban or limit attempts to re-identify confidential information, plans for HSCIC to publicly track client compliance are yet to be revealed.

The types of privacy and legal issues that the Spine database creates are immense. For instance, under Section 33A and section 41 of the UK's Human Fertilisation and Embryology Act 1990, any disclosure of information relating to assisted conception (for example information about gamete donors and people receiving treatment) is usually a criminal offense. How exactly this information would be safeguarded is currently unknown.

Though privacy advocates have bemoaned the lack of public clarity and transparency over exactly which organisations will be able to buy particularly sensitive datasets, two companies may already have a head-start to the treasure trove: MedRed and BT. and the murky US partnership that puts your health data at risk [Asher Wolf/Wired UK]