Data security is finally being upgraded from a supporting role to the star of the show – the one dubious upside of the NSA fallout. It’s made users aware that there are certain things – things that you might assume are totally air-tight – that might not be so well protected. Like your medical records, for instance. While you may not mind telling your friends that you had a hernia two years ago, whether you’d want your entire medical history released is another story. The question is, is it as risky as it sounds, and could any potential risks be justified?
NHS England’s care.data scheme plans to collect information from every GP surgery in England to help understand causes and outcomes of illness, and generally improve patient care. In theory, a great idea. The data would be split into green, amber and red data according to different criteria; and with identifiable features removed or encrypted would become available to third parties. On the downside, patients will have no way of realistically knowing who’s handling their data and there will be certain circumstances – like in a public health emergency, such as an epidemic – when researchers can get access to the personal information for red data. The scheme states ‘Applicants for red data would need to demonstrate (i) that the research was in the public interest and for the benefit of the health service; and (ii) that it is not possible to use information that does not identify patients; and (iii) it is not possible to ask patients for their permission.’
It’s just been announced that the plans have been put on hold after concerns from the Department of Health that not enough information had been given, and that people weren’t really sure of the benefits. Which is true – I don’t even remember getting the flyer. GPs have also shown concern that it could make patients worried about confidentiality, and have threatened to opt out all their visitors. Several big organisations initially backed the scheme but have withdrawn their support until there is full and informed patient consent.
There’s also – as we know from recent events – the growing concern of hackers; and that there’s not enough education on data protection, leaving patients potentially vulnerable. Big Data (literally, large amounts of data that make it complicated to store and process) is great for spotting trends and getting an overview of the situation – and, as anyone who’s been on an NHS waiting list can attest, it’s not a bad idea! –but it does make it very hard to protect.
The Department of Health supports the scheme overall but agrees with the decision to wait. It was meant to begin in April but has been delayed til Autumn, so keep your eyes peeled for more information soon; unlike the pizza flyers this is actually something you want to read!