Health database optout – latest news

December 18th, 2006 at 10:10 UTC by Ross Anderson

This morning I debated health privacy on Radio 4’s Today programme with health minister Lord Warner. You can listen to the debate here, and there is an earlier comment by Michael Summers of the Patients’ Association here.

I support a campaign by TheBigOptOut.org which has so far persuaded thousands of people to write to their GPs forbidding the upload of their patient records to central systems. Once they are uploaded, you’ll have to prove ’substantial mental distress’ to the government (as Lord Warner says) to get them removed or restricted. It is much simpler to tell your GP not to upload them in the first place (and you can always change your mind later if the Government delivers on its claims about safety and privacy).

For more, see TheBigOptOut.org, nhs-it.info and my previous blog posts here, here and here, and our work on children’s databases (children’s safety and privacy might be particularly at risk from the proposals, as I explain in the debate).

Entry filed under: Legal issues, News coverage, Security engineering

17 comments Add your own

  • 1. Keith Tayler  |  December 18th, 2006 at 13:06 UTC

    If you prove ’substantial mental distress’, such a condition might appear on your medical record as a mental health problem if it becomes abnormal to optout. Some medical professionals and the ‘others’ that have access to NHS records, might begin to consider ‘optouts’ as suffering from a new psychiatric condition.

    The history of psychiatry reads as a list of such ‘abnormalities’. Ian Hacking’s analysis of how the French and Continental legal system and obsession with identity checks created the transitory mental illness of ‘pathological fugueur’ in the late 19th century, should make all ‘optouts’ think about how quickly their beliefs can be recorded as being pathological in their medical records. (I. Hacking, ‘Mad Travelers: Reflections on the Reality of Transient Mental Illness’, (Cambridge, Harvard University Press, 1998)

  • 2. Alf Zugenmaier  |  December 18th, 2006 at 18:05 UTC

    Who exactly is at risk of having their data published in the database: only currently registered patients or everyone who ever was a patient (or even only registered)?

  • 3. Dr Dermot Ward  |  December 18th, 2006 at 18:42 UTC

    Congrats on your lucidity on Todays’ NHS Nat Datbase. Your advising joe public on writing to his GP is spot-on.

  • 4. FishNChipPaper  |  December 19th, 2006 at 07:14 UTC

    It would be great if you could comment on the questions I raise concerning opt out (see http://fishnchippapers.typepad.com/tomorrow_fish_n_chip_pape/2006/12/more_reporting_.html) here. There seems to be some ambiguity in the reporting

  • 5. Ross Anderson  |  December 19th, 2006 at 08:57 UTC

    Significant press coverage today in the Telegraph (also here and here), the Guardian (also a leader), the Indy and the Times. Not all of these writers realise that we’re being offered an opt-out only from the ‘Summary Care Record’ (a list of current medications etc that will be available to ambulance crews) but not from the ‘Detailed Care Record’ (this means that your GP record will be uploaded to a hosting centre run by a government contractor). However, so long as your data remain in your GP’s surgery you can forbid him from uploading them. If he disobeys you then he is in breach of medical ethics and of European human-rights law, neither of which the Government can override (at least in the short term!)

  • 6. igb  |  December 19th, 2006 at 11:18 UTC

    I’ve just had a trip through the NHS this weekend following an off-road bike accident. Ironically, on the ride in question I was turning over health privacy in my mind, and came to one conclusion: it is vital for those of uswhose medical records contain almost nothing to opt out, so that the act of opting out does not itself because suspicious. To protect the rights of those whose records do open them to possible harm, it is vital that the rest of us opt out. In large numbers.

  • 7. Russell  |  December 19th, 2006 at 18:39 UTC

    Ross, please explain in more detail the “Detailed Care Record” and the plans for uploading GP records to hosting centres, as this point seems crucial to protecting privacy yet looks not to have been mentioned publicly at all. When is this likely to happen (assuming all goes to plan, etc !!) Is any GP likely to have uploaded such records already? what are these “hosting centres”?

  • 8. Ross Anderson  |  December 20th, 2006 at 10:10 UTC

    The software developers have been instructed to implemet the following:

    (1) The GP’s records are uploaded in their entirety to a hosting centre run by the LSP

    (2) Software will then trawl the records for current prescriptions, allergies and adverse reactions

    (3) These get uploaded to a national system

    (4) GPs then upload a blank record in respect of everyone who has opted out. This ‘overwrites’ the initial summary record, so it’s no longer visible to clinical staff, e.g. at A&E

    (5) However the initial SCR remains on the national audit trail and is thus available to administrators.

    Ministers have praised the system already operating in Scotland. Indeed. There, if you opt in, your GP data are available to A&E and to the Department of Health in Edinburgh. If you opt out they are not available to A&E but are still available to Edinburgh. Clearly what’s needed is an option to have them in A&E but not in Edinburgh – but Edinburgh paid for the software and so didn’t allow that.

    That’s why it’s importanat to tell your GP not to upload your data to the LSP in the first place.

    BTW, nice article in the Times, a great comment piece in the Guardian – and see also my comments on the article in the Standard

  • 9. Clive Robinson  |  December 20th, 2006 at 14:40 UTC

    @Ross,

    “(5) However the initial SCR remains on the national audit trail and is thus available to administrators”

    Is truly scary.

    There are some medications that you would not want on your medical records if read by somebody without medical knowledge.

    For instance say you have shingles (result of a viral infection in child hood) it’s painfull can flare up at any time and is embarising for most people who have it. It’s only real effect on your mental health is due to worry and lack of sleep.

    However one of the most likely medications to treat the burning nerve pain is a tricyclic antidepressant. If however you look the medicine up almost the first word that pops up about it’s treatment uses is “psychosis”.

    Which a lot of people without further knowledge would take to mean that you are psychotic in some fashion…

    Which again would probably make them think you are a danger to the public etc. etc..

  • 10. Ross Anderson  |  December 21st, 2006 at 08:19 UTC

    I have an article today in the Guardian – which now understands what’s going on. There’s also one in the Register which doesn’t yet get it – which is unusual for a story on digital privacy

  • 11. giafly  |  December 21st, 2006 at 11:29 UTC

    When I last went to my doctor for medical advice, I asked him to not make a record of the consultation and he agreed. I can’t be sure what happened after I left the surgery, but I recommend this as an alternative way to try and protect your medical privacy.

    If you normally use repeat prescriptions, you could try buying medicines from Canadian pharmacies instead. They advertise on the Internet and don’t only do anti-impotence drugs. I plan to do this.

    Finally there are many medical conditions that are difficult to diagnose – for example back pain. The next best thing to no record is a worthless record, so you could try reporting imaginary ailments to NHS Direct.

  • 12. Dave  |  December 21st, 2006 at 23:20 UTC

    “you opt out they are not available to A&E but are still available to Edinburgh”. Not being checky here, but are you sure about that? I recently had a meeting with a couple of people from my NHS trust (including an Information Governance Manager) who seemed suprised that this was the case, they did seem to think that only those involved in your health care would have access to the data. There is also no mention of Edinburgh in the info that has been given to patients. One of the problems I have with it is the fact that some staff have access without having to provide a reason. I can understand a doctor/nurse wanting to know if I am alergic to something or what medication I am currently on (unless it is something I’d rather they not know) but I have yet to be told why a receptionist would need to know, its not as if they are going to say you cant see that doc/nurse because you are on that drug. So why allow them access? You might not care if you are on a drug that is used to treat various conditions, but what if you are on something that treats very few or even just one, such as viagra?

    You might also want o check out a forum thing on the NO2ID web site at http://forum.no2id.net/viewtopic.php?t=14025 While a lot of doctors/nurses might be understanding (I have a great practice!) if doctors are saying patients can not restict access, then when the info goes on-line they will assume they have the right to access anything on that record.

    I would never recomend buying drugs over the internet. A lot may be OK, but there is still a risk.

  • 13. Ross Anderson  |  December 22nd, 2006 at 13:04 UTC

    Letters in The Times today – and I’ve been pointed to an excellent speech by the Earl of Northesk in a recent NHS debate in the Lords. Oh, and the BMA is getting seriously annoyed about the Department of Health’s claim to be the data controller of all GP records. (Subject access requests, anyone?)

  • 14. .$author.  |  December 27th, 2006 at 14:43 UTC

    [...] We had a great run-up to Christmas, with thousands of people downloading our opt-out letter. We had a comment piece in the Guardian on the 21st, and there are many more media links here. There an lively discussion on the No2ID blog; we’ve appeared on political blogs from webcameron through select privacy to blogzilla; and we’ve starred in many medical blogs including Dr Crippen, Dr Rant and Dr Grumble. (I wonder why do so many medical bloggers choose such depressing names?) We also seem to have stampeded the Department of Health into claiming to be the data controller of all GP records – which is wrong in law and has made the BMA seriously annoyed. [...]

  • 15. Ross Anderson  |  December 27th, 2006 at 18:17 UTC

    There’s a Guardian leader taking up cudgels again after the Christmas break …

  • 16. Norman Mash  |  March 3rd, 2007 at 15:50 UTC

    I do not wish by Health recods to be included on the New Computor system.
    National Insurance Number AB 344 904 C
    I can not get to the see my Doctor owing to the state of my health

  • 17. Carl Chrystan  |  April 11th, 2007 at 10:13 UTC

    I had a 40 year-old brother with special needs that had been taken into sheltered housing after our mother died. He then got rushed into hospital a few months later as his diabetes got worse, and got discharged the next day back to his dead mother’s empty, boarded up house; because the nurses on the ward didn’t have his new address recorded. They didn’t even remember who brought him in. I managed to intervene in time after the Nurse told me in passing that “my mum needs to make sure he’s got some comfy cushions for his foot”. My dead mum.

    But, I was soooo happy that my brother’s liberty wasn’t invaded, by the people paid to look after him not having the ability to snoop into his private record. No. That’s the price of freedom. No. He’s got a mental age of 8 and was about to be dumped into the middle of a council estate. But he was FREE to do that. Rule Brittania.

    Oh, and I bet those people who found Victoria Climbie’s tortured and emaciated body were soooo happy that her freedom wasn’t violated by having the people treating her having one system that they could all look at and piece together a story of violence and evil to a child, before she was finished off. No. It’s much more free for this little girl to get murdered.

    Oh, and we all have fantastic memories and can remember every single little aspect about us that could help our healthcare. We shouldn’t put trust into NHS staff, should we? Tell you what, next time my 3 year-old daughter is pleading in agony, I won’t bother telling a Clinician what the problem is, because there’s a chance that she could use this information to stalk us.

    And the Police should stop arresting people for crimes. Next time I get beaten up, robbed or sexually assaulted, I won’t bother giving them the information that could help them do their job better. No, don’t trust coppers me. If I get burgled today, I won’t bother calling them.

    Oh, and Shipman wouldn’t have been caught earlier, as was stated in the Shipman Inquiry, if there had been a more robust information system in GP practices, possibly electronic. No. It’s freer to ignore this recommendation. The cost of freedom was only some people’s grandparents.

    Next time you see a blind man with a guide dog, tell him that he’s pandering to a nanny state. He doesn’t need a dog to help him. However, make sure you let him know that it’s us normal people that made him understand this.

    A national computer system is there to HELP us, you idiots!

    Maybe we’re all clairvoyants on this site, and we’ll never ever be unconscious, and important medical information is needed about us to keep us alive.

    It’s always an abuse of freedom and we all live in a surveillance society until you get on the other end of it.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


Calendar

December 2006
M T W T F S S
« Nov   Jan »
 123
45678910
11121314151617
18192021222324
25262728293031