Latest health privacy scandal

Today I gave a talk at the Open Data Institute on a catastrophic failure of anonymity in medical research. Here’s the audio and video, and here are the slides.

Three weeks ago we made a formal complaint to the ICO about the Department of Health supplying a large amount of data to PA Consulting, who uploaded it to the Google cloud in defiance of NHS regulations on sending data abroad. This follows several other scandals over NHS chiefs claiming that hospital episode statistics data are anonymous and selling it to third parties, when it is nothing of the kind.

Yesterday the Department of Health disclosed its Register of Approved Data Releases which shows that many organisations in both the public and private sectors have been supplied with HES data over the past year. It’s amazing how many of them are marked “non sensitive”: even number 408, where Imperial College got data with the with HESID (which includes postcode or NHS number), date of birth, home address, and GP practice. How officials can maintain that such data does not identify individuals is beyond me.

8 thoughts on “Latest health privacy scandal

  1. small technical detail re number 408. HESID doesn’t include postcode or NHS number as clear text – these are listed as being provided separately, along with date of birth, home address, and GP practice.

  2. Hello.
    Looking forward to listening to this, but is there any link to downloadable audio file to liisten to offline? The mixlr service seems to be online streaming only.
    Thanks!

  3. It would appear that the only way to get anybody to take this seriously is to use the available data to reveal something about a public figure which would be expected to be private. This would make the point clearly and hopefully focus minds on fixing this mess.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>