NHS has confirmed why it thinks patients should allow it to share their medical records
If you didn’t know, the NHS is planning to make the medical records of some 55 million people available to academic and commercial partners later this month, unless the patients themselves decide to opt-out before the deadline. The change, which will see records brought together in a centralised database, only applies to people living in England and registered with a GP surgery.
While there’s still time to opt-out of the data-sharing, which kickstarts on June 23, 2021. Ahead of the upcoming deadline, NHS Digital is making the case for its new policy, which it says will be used “for research that results in better treatments, and to save lives”.
According to NHS Digital, which runs the country’s healthcare IT systems, a new centralised database is needed because the current system used by GP surgeries, known as General Practice Extraction, is over a decade old. While sensitive information, including mental and sexual health data, criminal records, full postcode and date of birth, is included in the database. NHS Digital says that anything that could be used to identify you from your records will be pseudonymised before it’s uploaded from your local GP practice.
“This means that this data is replaced with unique codes so patients cannot be directly identified in the data which is shared with us. The data is also securely encrypted,” NHS Digital explains.
However, the code to unscramble the anonymised data will be held by the NHS. This is different from the approach taken by some tech companies, including Apple and WhatsApp, which do not store the digital keys that could unscramble the anonymised data. That’s why Apple refused to help FBI investigators who hoped to unlock an iPhone owned by one of the terrorist suspects.
The software to store GP records is over a decade old, so NHS Digital is centralising everything
According to Apple CEO Tim Cook, “In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
NHS Digital will hold the keys to unlock its anonymised data, but says it will “only ever re-identify the data if there was a lawful reason to do so and it would need to be compliant with data protection law”. In an example scenario of why medical records would be un-scrambled to reveal the identity of the patient, NHS Digital adds: “a patient may have agreed to take part in a research project or clinical trial and has already provided consent to their data being shared with the researchers for this purpose.”
NHS Digital publishes a list of who it shares its database of anonymised records with, which is updated each month, however, privacy campaigners say it can be extremely difficult to find out who sees the data due to the NHS’ “opaque” commercial relationships. For its part, the NHS says that patient data is never used for insurance or marketing purposes, promoting or selling products or services, market research, or advertising.
The NHS wants to make medical records of roughly 55 million people available to academic and commercial partners from July 1, 2021. Unless you decide to opt-out before the deadline, records from your GP surgery will be brought together in a centralised database. It’s worth noting the change only applies to those living in England.
The deadline to opt-out of the data-grab is June 23, 2021. Ahead of the upcoming deadline, NHS Digital is making the case for its new policy, which it says will be used “for research that results in better treatments, and to save lives”.
However, if you decide to remove yourself from the database, you’ll need to fill out a form and submit it to your GP.
If you don’t do this before the deadline, your medical records will become a permanent feature of the NHS Digital database. Opting out after June 23 will still work, but will only apply to future data – any historic data will still be available to researchers, academic and commercial partners of the NHS. You can find the form required to opt out here.
If you’re not comfortable with the upcoming changes, there is still time to opt-out.
However, NHS Digital says that – should too many people decide to keep their medical records under lock and key – it could have serious consequences for research and cutting-edge new treatments in England.
“If a large number of people choose to opt out then the data becomes less useful for planning services and conducting research,” NHS Digital warns in a FAQ on its website about the incoming policy. “This is a particular problem if people from certain areas or groups are more likely to opt out. If that happens then services may not reflect the needs of those groups or areas and research may reach misleading conclusions.”
Of course, the final concern that most patients will have about the data-sharing is whether the NHS stands to make money from your private healthcare records. According to NHS Digital, that’s not going to happen.
“NHS Digital does not sell data,” it states in the FAQ, “It does however charge those who want to access its data for the costs of making the data available to them. This is because we are not funded centrally to do this. Charges only cover the cost of running the service and means that those organisations who need access to the data bear the costs of this, rather than NHS Digital. We do not make profits from the service.”
NHS Digital outlines how patient data is used
Digital rights campaigners Foxglove have questioned the legality of the upcoming change in a letter sent to the Department of Health and Social Care. According to Solicitor Rosa Curling, the public have not been given enough time to learn about the changes and decide whether to opt-out. Writing in a letter to the Government department, Curling states: “Very few members of the public will be aware that the new processing is imminent, directly affecting their personal medical data.”
To remove yourself from the database, you’ll need to fill out a form and submit it to your GP. If you don’t do this before the deadline, your medical records will become a permanent feature of the NHS Digital database. Opting out after June 23 will still work, but will only apply to future data – any historic data will still be available to researchers, academic and commercial partners of the NHS. You can find the form required to opt out here.
Advocacy group MedConfidential, a privacy-focused group that has been pivotal in raising the alarm about the impending deadline, told the Financial Times: “They’re trying to sneak it out, they are giving you six weeks nominally and if you do not act based on web pages on the NHS digital site and some YouTube videos and a few tweets, your entire GP history could have been scraped, never to be deleted.”
Published at Sat, 05 Jun 2021 06:01:00 +0000