NHS England plans to create a single database of medical data from hospitals and GPs. This has created commercial and security concerns amongst the public and privacy groups. Drug and insurance companies will be able to buy the information later this year and the NHS has not had much luck managing data security in recent years. Privacy group concerns counter the “pseudonymised” records promise of NHS England, arguing that cross referencing by insurers, pharmaceutical groups and other health sector groups will enable identification of individuals from their own medical data. This is supported by a Netherlands study which showed that the unique combination of DOB, gender and a partial postcode enabled unambiguous identification. There are opt out forms from GPs but that does not cover records held at different hospitals or GPs if practice changed. It is a massively sensitive big data project, so the security framework will need to be truly robust to avoid continuing privacy and data protection legal risk.