If you listen to Radio 4 from 0810 on BBC iPlayer, you’ll hear a debate between Phil Booth of MedConfidential and Tim Kelsey of NHS England – the guy driving the latest NHS data grab.
Tim Kelsey made a number of misleading claims. He claimed for example that in 25 years there had never been a single case of patient confidentiality compromise because of the HES data kept centrally on all hospital treatments. This was untrue. A GP practice manager, Helen Wilkinson, was stigmatised as an alcoholic on HES because of a coding error. She had to get her MP to call a debate in Parliament to get this fixed (and even after the minister promised it had been fixed, it hadn’t been; that took months more pushing).
Second, when Tim pressed Phil for a single case where data had been compromised, Phil said “Gordon Brown”. Kelsey’s rebuttal was “That was criminal hacking.” Again, this was untrue; Gordon Brown’s information was accessed by Andrew Jamieson, a doctor in Dunfermline, who abused his authorised access to the system. He was not prosecuted because this was not in the public interest. Yeah, right. And now Kelsey is going to give your GP records not just to almost everyone in the NHS but to university researchers (I have been offered access though I’m not even a medic and despite the fact that academics have lost millions of records in the past), to drug firms like GlaxoSmithKline, and even to Silicon-Valley informatics companies such as 23andme.
I don’t think your evidence supports your argument, The Daily Record report you’ve linked to demonstrates that it WAS criminal and it WAS hacking – they just decided to let the guy off because he was ill…………..
The HSCIC charges for data can be found here: http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf
It was not hacking, but abuse of authorised access. Of course the tabloids described it as hacking, but here is the more sober version from EHI. The emergency care record is the Scottish equivalent of the SCR; it is a summary of your GP record and is uploaded unless you opt out. By default it’s available to everyone at the Department of Heath in Edinburgh, and to everyone in Scotland’s hospitals and ambulance services. If you opt out, then it’s still uploaded to the Department of Health, but it’s not shared with hospital doctors and ambulance drivers. Gordon Brown didn’t opt out, so any hospital doctor could see his stuff. Doctors were trusted to behave themselves, and one didn’t.
England has ten times as many doctors. Go figure.
‘Criminal hacking’ does not get the ‘hacked’ holder of the data off the hook. The NHS has an obligation to minimise the possibility of ‘criminal hacking’ of our data. Proliferating copies of that data to a honking great data centre, and thence to the world and his dog, is the antithesis of minimising the attack surface.
Besides that, ‘criminal hacking’ and ‘unauthorised access’ are functionally equivalent from the point of view of the data subject whose trust has been betrayed. The only distinction between them is in how an incontinent data holder seeks to dump blame on someone else.
If my bank said the vault has never ever been breached … except by criminal robbers … that wouldn’t exactly be reassuring. Kelsey’s rose coloured glasses have no place in a sober assessment of EHR security.
I have reached the unpopular conclusion (unpopular amongst my professional colleagues) that the state of the art in information security is simply not up to the task of protecting digital assets as important as EHRs. http://lockstep.com.au/blog/2014/01/21/security-is-not-secure
Coverage in Infosecurity Magazine
I’m sure that the monitoring and audit arrangements have been perfect for the last 25yrs. So, if he says there has never been a compromise it must be true.
Hi Robert,
I have a few questions:
01. Did you request access to the data or were you offered it without asking? If the former, did you have to provide any reasons as to why you were requesting the data?
02. How did you come to know that GSK and 23andme were offered data? How can I find out which other private companies have been offered access?
Would be grateful for your response.
I was offered the CPRD data without asking, simply because I was on an internal Cambridge mailing list for academics interested in issues around health research and data.
As for the offers being made to companies UK and foreign, there are plenty data points with different offers being made in respect of different systems. At present the 100,000 genomes project plans to require participants to give irrevocable consent for their data to be sold to companies overseas, including 23andme.
If you want to know what companies UK and foreign have got their hands on your HES data, you’re in for a fight. There is an ICO investigation going on, and meanwhile the DoH tries to pretend that HES data are not identifiable and thus not covered by the data protection act. Please support medConfidential in their attempts to chip away at the dishonesty.
Thanks for clarifying Ross, really grateful for your help. I’ll get in touch with medConfidential (sorry for getting your name wrong before, was emailing a few different people, stupidly dozy moment).
Ross
When you say that the Scottish Emergency Care Summary (ECS) is available by default to everyone at the Department of Health in Edinburgh, how do you know this? Or are you relying on the fact that there is no ‘Department of Health’ in Edinburgh (being the Health Directorate there) so your statement is null and hence not actually false, though possibly misleading.
That the ECS is available to all hospital emergency departments and ambulance services is the whole point of the record. If people don’t want the best possible emergency care or rate absolute privacy above their care, they can opt out of it.
At least in Scotland the role of the ECS was unambiguous, unlike the SCR in England, so it was much easier to understand what the implications of such a choice might be.
I think you also malign academics in the reference in your original piece to the London Health Programmes laptop loss – LHP was an NHS body, not staffed by academics. I am not claiming that academics have never lost data, only that you are wrong in this instance. LHP may have been interested in supporting research as part of its operations.
Further Tim Kelsey is not going to give anyone’s GP records to all and sundry – what he may be permitting/promoting is access to data derived from people’s GP and hospital records – a slightly different thing, especially if it is properly controlled and protected by blurring and other techniques. While you may be right to doubt the adequacy of such controls, it really doesn’t help if you over-egg the pudding.
You have valuable points to make – it is important that others can benefit from the full information too.