Just how safe are your medical records? Pretty safe, surely – this is sensitive stuff and it’s private, right? Well, yes – but for how long?
If the government gets its way, from May this year your family's patient-identifiable data will be uploaded from your GP surgery to a single, centralised database for the very first time. This “care-data” database will include your NHS (National Health Service) number, date of birth, postcode, ethnicity and gender. Your medical diagnoses, including cancer and mental health, your referrals to specialists, your prescriptions, your body mass index, details of your vaccinations and screening tests and your smoking and alcohol habits will be on there too.
The scheme, led by health secretary Jeremy Hunt, is being hailed as a revolution in the use of information to improve our healthcare and to advance medical research – admirable aims indeed. But once it goes live, organisations including drug and insurance firms will be able to apply to purchase “pseudonymised”details about patients. And “backdoors” to the database will allow bodies like the police to enjoy direct access to your medical records as well.
Regrettably the roll out of the scheme has been poorly handled. Not only has the government ignored advice that involvement should be on an “opt-in” basis. It has also failed to publicise the fact that worried patients can opt-out of the system at all.
Over recent weeks, you'll have probably received a little blue and white leaflet through the door, looking suspiciously like junk mail, under the heading: "Better information means better care". But there was no opt-out form included in the mail out. The leaflet instructs people to speak to their GP instead, but this is misleading. There’s no need to book an appointment to see your doctor – you can simply post, or drop in, a letter or form. MedConfidential have provided one you can use, which you can access here.
The retention of massive amounts of personal data on individuals on large, unwieldy databases has become commonplace over recent years. At Liberty we've long warned that such databases can be created with the greatest will in the world and still fall foul of abuse. The potential for human error - and data mining and data profiling - remains huge.
So it's understandable that many doctors, as well as members of the public, are concerned. At the very least, this database should be on an opt-in, rather than opt-out, basis. And the upload of our medical information should be delayed, to allow for proper parliamentary consideration of the proposals and a fuller understanding of what’s going on.
It's unacceptable for such a radical transformation of the way the NHS handles our confidential data to be snuck in, without scrutiny and under the radar.
* Rachel Robinson is acting policy director at Liberty