Health privacy: not fixed yet

I have written a letter to Stephen Dorrell, the chair of the Health Committee, to point out how officials appear to have misled his committee when they gave evidence there on Tuesday.

It is very welcome that the Health Secretary, Jeremy Hunt, announced he will change the law to ban the sale of our medical records collected via HES and He acted after it became clear that although officials told the Health Committee that our records collected via could not legally be sold, records collected via a different system (HES) already had been. But that is not all.

Officials also said our records would not be sold abroad, and that only coded data would be extracted rather than free text entered by GPs during consultations. Yet our records were offered for sale in the USA; the Department signed a memorandum of understanding with the USA on data sharing; and CPRD (a system operated by MHRA, the regulator) has been supplying free text for mining.

I also sent Mr Dorrell a previously unpublished briefing I wrote for the European Commission last year on the potential harm that can follow if patients lose confidence in confidentiality. Evidence from the USA and elsewhere suggests strongly that tens of thousands of people would seek treatment late, or not at all.

9 thoughts on “Health privacy: not fixed yet

  1. I note that both & HES do not include episodes of care that have taken place in private hospitals and have been given to private patients.

    This seems utterly unfair. After all, the data sets will be much the richer if all data of private patients is also included. (Disregarding of course that will only contain data from July 2013 onwards. Pretty bl**dy useless for any sort of historical research but…)

    I’d like to see the law changed by Hunt to include this ‘private sector’ data. He could do it at the same time as he is changing the law to stop all data of NHS patients being sold. After all, the data is all anonymised/pseudonimised. There’d be absolutely no chance of anyone “important” (royalty, politicians, sports persons etc.) being reidentified from this data… Surely what’s good enough for NHS patients is good enough for those who go private?

  2. The website was

    HSCIS have confirmed this.

    There’s a cached version of the front page here:

    The URL that Google has cached for access to the tool bears spelling out in full:!&viewstate%5BDataValue%5D=1&viewstate%5BTherapyArea%5D=3&viewstate%5BCodeGroup%5D=I200&viewstate%5BProceduralSearch%5D=false
    Non-https, arguments passed via GET operation, etc.

    That now leads to an error message from IIS.

  3. (2015-01-06)
    a couple of the links in the original blog post are dead

    “offered for sale in the USA”
    “supplying free text for mining”

Leave a Reply

Your email address will not be published. Required fields are marked *