Can selling patient data be defended and protected?

NHS England plans to create a single database of medical data from hospitals and GPs. This has created commercial and security concerns amongst the public and privacy groups. Drug and insurance companies will be able to buy the information later this year and the NHS has not had much luck managing data security in recent years. Privacy group concerns counter the “pseudonymised” records promise of NHS England, arguing that cross referencing by insurers, pharmaceutical groups and other health sector groups will enable identification of individuals from their own medical data. This is supported by a Netherlands study which showed that the unique combination of DOB, gender and a partial postcode enabled unambiguous identification. There are opt out forms from GPs but that does not cover records held at different hospitals or GPs if practice changed. It is a massively sensitive big data project, so the security framework will need to be truly robust to avoid continuing privacy and data protection legal risk.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.