'Biggest data grab' in NHS history - links to opt out.

[Freakbro]

Yes, insurance companies cannot identify you from this data so they cannot possibly use it to jack up your premiums.

Yes, in regards to this proposal at this point, but I agree with Hades that it's only 'yet', I don't have that much faith it won't be used in the future. Which, as shown by the US, isn't really an outlandish thought.

 

[Freefaller]

I think there's nothing tin foil about this at all, if you look at the history of IT blunders with the NHS and the government's poor management of data... Once it's been proven to be safe, well organised and beneficial I'll opt in, but for now I'm happy to be left alone.

 

[SexyGreyFox]

They will be used by private companies to increase costs to you. e.g. Taking out travel insurance? Well you once had a broken leg so you must be doing risky activities. Let's increase the premium. 5x A&E admissions? Wow you really are a bit accident prone so we will have to increase your premium for that employment protection cover. Hey, we just noticed your father had cancer. Hmmm, let's increase your life insurance premium in case it's hereditary. Oh wait, you have a history of work burnout and depression, well that will put up the cost of your life insurance even more.

Putting other stuff like not showing identifiable data to the side, I already have to list everything for insurance anyway, leave something out and my insurance is void.

 

[Deleted member 77746]

Putting other stuff like not showing identifiable data to the side, I already have to list everything for insurance anyway, leave something out and my insurance is void.

Maybe insurance companies might api into the data to see what back history you have.

 

[inferno]

I really don't care about this. If the NHS is using companies like Palantir to analyse health records we can expect a more efficient service!

 

[mrk]

NHS Digital said names and addresses, written notes, images, letters, and documents would not be collected. Nor would coded data that is not needed due to its age and coded data that GPs are not permitted to share by law.

Key bit here, I have done one NHS online opt out but printing paper and signing then sending to the GP is a faff I CBA with when none of the collected data doesn't actually name be personally and collected and shared data is otherwise untagged from any specific person.

 

[Ice Tea]

NHS Digital said names and addresses, written notes, images, letters, and documents would not be collected. Nor would coded data that is not needed due to its age and coded data that GPs are not permitted to share by law.

Key bit here, I have done one NHS online opt out but printing paper and signing then sending to the GP is a faff I CBA with when none of the collected data doesn't actually name be personally and collected and shared data is otherwise untagged from any specific person.

And then further down the page it says...

medConfidential has produced a guide to opting out of the new data grab. It has also published a list of the types of data that will be extracted from GP records by the programme. These data points include sensitive details relating to divorce, criminal records, prison and probation, complaints about care, relationship abuse, and child abuse, and info on sensitive diseases, such as AIDS. The campaign group's full guide for patients is available here.

And at the top of the opt out form at NHS digital it specifically says identifiable information.

If you do not want your personally identifiable patient data to be shared outside of your GP practice

A few examples of data breaches:

Patients Blackmailed 2 Years After a Breach

https://www.databreachtoday.com/patients-blackmailed-2-years-after-breach-a-15274

Therapy patients blackmailed for cash after clinic data breach

https://www.bbc.co.uk/news/technology-54692120

Massive Health Record Breaches Evidenced by the Office for Civil Rights Data

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6556182/

This study presents evidence of health data breaches taking place at an unprecedented level. Medical records of at least 173 million of people, gathered since Oct 2009, have been breached and might have adversely influenced over half of the population in the USA.

https://digitalguardian.com/blog/top-10-biggest-healthcare-data-breaches-all-time

1. Anthem Blue Cross: 78.8 Million Affected (January 2015)

So a great track record for medical data breaches...

 

[darkgen]

You can opt out exclusively online now; takes a few minutes.

EDIT - Looks like the entire thing has not been deferred to a later date due to the obvious lack of informed consent.

 

[Sstevie]

I've filled in my form and will be dropping it off at the GPs tomorrow. This whole scheme is outrageous

 

[Secret_Window]

Dido Harding is a potential candidate to take over as NHS chief from Simon Stevens in July...

https://www.theguardian.com/society...gland-chief-as-dido-harding-expected-to-apply

https://www.thetimes.co.uk/article/dido-harding-eyes-role-as-head-of-nhs-sqzww3fb9

https://www.independent.co.uk/news/uk/politics/dido-harding-nhs-test-trace-b1860907.html

 

[Angilion]

You can opt out exclusively online now; takes a few minutes.

EDIT - Looks like the entire thing has not been deferred to a later date due to the obvious lack of informed consent.

You can't opt out exclusively online. The link you gave is only for a type 2 (national/international) opt out, which is partial. To fully opt out, you need to register both a type 1 (at GP only, paper form only) and a type 2 (online). Also, your opt outs can be over-ruled (by unspecified people) without your knowledge let alone consent.

 

[darkgen]

You can't opt out exclusively online. The link you gave is only for a type 2 (national/international) opt out, which is partial. To fully opt out, you need to register both a type 1 (at GP only, paper form only) and a type 2 (online). Also, your opt outs can be over-ruled (by unspecified people) without your knowledge let alone consent.

Oh; guess I'll need to do the paper part then as well. That last sentence is quite sinister!

I'm not adverse to fully anonymised data being shared for medical research purposes but who can trust this current government (or any flavoured incumbent) to ensure and keep the data secure but then not to also sell it on to anyone and for any purpose!

 

[SexyGreyFox]

I'm not adverse to fully anonymised data being shared for medical research purposes but who can trust this current government (or any flavoured incumbent) to ensure and keep the data secure but then not to also sell it on to anyone and for any purpose!

As someone who reads 1000s of patients medical records for a living I have to wonder what you are worried about!

 

[darkgen]

As someone who reads 1000s of patients medical records for a living I have to wonder what you are worried about!

Governmental competence and integrity.

 

[Bear]

As someone who reads 1000s of patients medical records for a living I have to wonder what you are worried about!

You keep repeating this but you are irrelevant, what has you reading medical records got to do with data security and the potential sale of that data, you know the line you actually quoted?

 

[Angilion]

Oh; guess I'll need to do the paper part then as well.

If the system is administered honestly, doesn't ever suffer from function creep, isn't ever quietly changed and is secure (and do you want to buy a bridge?) then the type 1 data sharing does have some benefit to you. That data sharing is supposed to be only within the NHS and only for patient care purposes. Supposed to be. Stuff like a hospital having immediate access to your GP records and vice versa, which might well be important. The type 2 (national/international) is a different kettle of fish - that's to benefit whoever the data is sold to, not patients.

That last sentence is quite sinister!

Would you expect anything else from a UK government? Or almost any other country's government? Maybe every country's government. Even if they didn't intend to use it, they'd still give themselves the power to do so.

I'm not adverse to fully anonymised data being shared for medical research purposes but who can trust this current government (or any flavoured incumbent) to ensure and keep the data secure but then not to also sell it on to anyone and for any purpose!

True, but it's worse than that. The data is, as explicitly stated in the official page about the scheme, not anonymised. It is explicitly stated to be identifiable. On top of that, "anonymised" data is at least almost always only anonymous if no other relevant data is available. How likely is that nowadays? The funniest example I know of was when a politician in the USA was backing "anonymised" medical data being shared and someone who had some understanding of what that really meant extracted that politician's record from the "anonymised" data using nothing more than the publically available voter records. That was a while ago too - it's a lot easier nowadays since there's a lot more spying on everyone.

Here's the simplest way to sell "anonymous" data that's not at all anonymous:

I have a load of data about lots of people. For publicity reasons I can only sell you "anonymised" data. So I generate two sets of data. The first set is the full data but with the people's names replaced by codes. That's "anonymous" as it doesn't identify people. Then I sell you another set of data, which contains people's names and the code associated with each name. That's OK too because the dataset doesn't contain any data about anyone. Combine the two and you've got the complete and completely identifiable data. But I only sold you "anonymised" data.

In reality it's usually a bit more complex than that, but the principle is the same - combining datasets to de-anonymise data.

It's also irrelevant in this case as the patient data that will be sold under this scheme is explicitly stated to be identifiable confidential patient data. Not anonymous or even "anonymous".

 

[Em3bbs]

I was going to fill in the forms but my GP just sent a text out saying they had opted all patients out of this scheme, and if anyone wants to opt in to email them. Nice move, hopefully others will follow suit.

 

[iamtheoneneo]

Wonder how much google is paying for the data

They likely already have it. Google have a massive health research division. I would happily bet my entire estate that they already have acquired the data somehow.

It really doesnt matter. Anyone that's worked with large amounts of data will tell you that the 'individual' is non-existent in these datasets and its basically a series of numbers and codes that they can run through a computer AI.

 

[krooton]

Then I sell you another set of data, which contains people's names and the code associated with each name. That's OK too because the dataset doesn't contain any data about anyone.

You mean other than their names.....?

Any company doing this isn't following accepted pseudo/anonymization protocols.

Sending 2 separate sets of data with a linking key is not anonymization.

 

[Angilion]

You mean other than their names.....?

But nothing else, so it's "anonymous". Or ignorable. Either will do. The main data, the only thing that might possibly get some media attention, is "anonymous".

Any company doing this isn't following accepted pseudo/anonymization protocols.

Sending 2 separate sets of data with a linking key is not anonymization.

It'll do for publicity purposes. Also, as I said:

In reality it's usually a bit more complex than that, but the principle is the same - combining datasets to de-anonymise data.

It's also irrelevant in this case as the patient data that will be sold under this scheme is explicitly stated to be identifiable confidential patient data. Not anonymous or even "anonymous".