Your medical records are now officially on sale. American drug companies now learn that MedRed BT Health Cloud will provide public access to 50 million de-identified patient records from UK.
David Cameron announced in 2011 that every NHS patient would be a research patient, with their records opened up to private healthcare firms. He promised that our records would be anonymised and we’d have a right to opt out. I pointed out that anonymisation doesn’t work very well (as did the Royal Society) but the Information Commissioner predictably went along with the charade (and lobbyists are busy fixing up the new data protection regulation in Brussels to leave huge loopholes for health service management and research). The government duly started to compel the upload of GP data, to join the hospital data it already has. During the launch of a medical confidentiality campaign the health secretary promised to respect existing opt-outs but has now reneged on his promise.
The data being put online by BT appear to be the data it already manages from the Secondary Uses Service, which is mostly populated by records of finished consultant episodes from hospitals. These are pseudonymised by removing names and addresses but still have patient postcodes and dates of birth; patient views on this were ignored. I wonder if US purchasers will get these data items? I also wonder whether patients will be able to opt out of SUS? Campaigners have sent freedom of information requests to hundreds of hospitals to find out; so we should know soon enough.
7 thoughts on “Your medical records – now on sale”
The UK data in the MedRed BT Health Cloud (MBHC) is part of the UK open data licence, an open data initiative under the UK Government transparency guidance, which is freely available on data.gov.uk. The UK data is aggregated population level data, not patient level. This is being brought together with data made available through the US open data initiative onto a single platform.
MedRed and BT have brought together the open data sets to allow researchers to see the data in one place, enabling the delivery of higher quality care in the future.
We do not charge for access to data sets. We do work with organisations on structured access to the data which includes the costs of maintaining, integrating and hosting a platform on which the data can be used, for example for multiple organisations to conduct research together.
This suggestion by BT that they have 50 million “de-identified” patient records was the subject of quite a lot of consternation recently within the Primary Health Care Specialist Group of the BCS. Helpful and timely investigation by eHealth Insider has actually revealed the claim to be little more than marketing piffle, as actually this is just population data freely available on data.gov.uk (as Lucy states in the immediately preceding comment)
“BT – know your limits”
I fear that all we have to do is to de-anonymise (usually trivial to experts) the records of some politicians when the “anonymised” records get leaked. Suddenly they will be at all-out war with the idea of selling records, though I fear it will be too late. As for whether the records will get leaked: I would bet large amounts of money that they will given the security practices I see at institutions that are supposed to be pinnacles of data safety (and research institutions and not held to even that standard).
Remember that the German government wasn’t unhappy about US surveillance until it turned out that Merkel was listened on to. I wonder what those politicians were thinking why the US embassy has about 20 antennas on top of their building just across the Reichstag. I hope they didn’t seriously believe that the Americans just wanted to get good reception of terrestrial TV channels?
The source article stated:
“The challenge isn’t only in finding the data,” said Neal Stine, principal consultant at BT. “It’s in bringing disparate data sources together to provide an overall picture of a patient’s health.”
I think this is pretty clear as the direction of travel. The current data release may be aggregated, but an overall picture of a person’s health is quite intimate and unique.
How do you anonymise this?
How do you ensure that this information is not used by health insurance or prospective employers?
I see Lucy hasn’t replied to Javier; presumably her role was what Alastair Campbell used to call “rapid rebuttal”. It’s notable she did not actually deny that the organisations BT works with are getting data that’s identifiable or at least re-identifiable.
This morning’s find is a press release from a big drug company bragging about all the wonderful things they’ll do with the data. Read it quick, in case they pull it once they see it’s linked from here!
So how much is the NHS being paid for this data? It’s a huge asset and the government seem to be giving it away for free with only BT making money “maintaining, integrating and hosting a platform on which the data can be used.”
to the PR lady of the first comment,
enabling the delivery of higher quality care in the future?
How much money is made from selling records
Why done in conjunction with the US