NHS extends deadline to opt-out before your records are shared outside health service


NHS Digital will extend the deadline for patients across England to opt-out of a new centralised database, which will store the medical records of some 55 million people and be available to academics and select commercial partners. There was less than a fortnight left before patients across England would be automatically entered into the new database, which includes sexual health, date of birth, and more personal details from your GP.

Minister for Public Health Jo Churchill MP confirmed the new deadline would be September 1, 2021. Addressing the reasons behind the change, the MP for Bury St Edmunds said: “We will use this time to talk to patients, doctors, health charities, doctors, and others to strengthen the plan, build a trusted research environment, and ensure that data is accessed securely.”

While that leaves people with more time to complete the – pretty lengthy – process of opting-out of the database, privacy campaigners won’t rest until the entire plan is dismantled.

Digital right campaign group Foxglove has celebrated the deadline extension, however, it highlights a number of questions that still remain about the scheme, including how NHS patients will be notified about the new deadline – especially those who aren’t online? And what terms will NHS Digital stipulate for corporations to be allowed to access people’s personal health records? Unfortunately, none of those questions will be answered today.

GPs are fighting plans to share your NHS records with private firms

The new database only applies to people living in England and registered with a GP surgery. According to NHS Digital, which runs the country’s healthcare IT systems, a new centralised database is needed because the current system used by GP surgeries, known as General Practice Extraction, is over a decade old.

While sensitive information, including mental and sexual health data, criminal records, full postcode and date of birth, is included in the database. NHS Digital says that anything that could be used to identify you from your records will be pseudonymised before it’s uploaded from your local GP practice.

“This means that this data is replaced with unique codes so patients cannot be directly identified in the data which is shared with us. The data is also securely encrypted,” NHS Digital explains.

However, the code to unscramble the anonymised data will be held by the NHS. This is different from the approach taken by some tech companies, including Apple and WhatsApp, which do not store the digital keys that could unscramble the anonymised data. That’s why Apple refused to help FBI investigators who hoped to unlock an iPhone owned by one of the terrorist suspects.

According to Apple CEO Tim Cook, “In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

NHS Digital will hold the keys to unlock its anonymised data, but says it will “only ever re-identify the data if there was a lawful reason to do so and it would need to be compliant with data protection law”. In an example scenario of why medical records would be un-scrambled to reveal the identity of the patient, NHS Digital adds: “a patient may have agreed to take part in a research project or clinical trial and has already provided consent to their data being shared with the researchers for this purpose.”

NHS Digital publishes a list of who it shares its database of anonymised records with, which is updated each month, however, privacy campaigners say it can be extremely difficult to find out who sees the data due to the NHS’ “opaque” commercial relationships. For its part, the NHS says that patient data is never used for insurance or marketing purposes, promoting or selling products or services, market research, or advertising.

Published at Tue, 08 Jun 2021 12:46:00 +0000

NHS extends deadline to opt-out before your records are shared outside health service


Please enter your comment!
Please enter your name here