Saturday 22 February 2014

Thoughts on the Risks of #Care.Data

Care.Data is the government's plan to centralise patient records from English GP surgeries. This has some clear benefits, in providing a database that can be used for epidemiological research, recall of medical devices (c.f. the breast augmentation scandal), spotting side effects of medication and the like. Unfortunately the proposals for England have major issues with respect to privacy, as they will see the selling of incompletely anonymised data to industry, data which is then NOT subject to the Data Protection Act. Care.Data is currently on hold for six months over the privacy issues, with the Information Commissioner's Office stating that the NHS clearly failed to provide adequate information on the privacy risks in the mail shot it sent to every household in the country (but which most of the households in the country appear not to have received). And when I say it didn't provide adequate information on privacy, I mean that it failed to raise the issue at all, the closest it got was a small paragraph mentioning that it was possible to opt out, without providing any indication of how to do it.

Dr. Margaret McCartney has written a particularly good article for the BMJ, discussing the risks with the English system, noting why the proposals for Scotland and Wales are clearly better, and linking to many of the relevant facts. It's rather revealing that among the companies asking for access to Care.Data are a right-wing think-tank, and two private medical providers.

The people running Care.Data have said that they will address the privacy concerns, but to date their approach seems to be to deny that there are privacy concerns, which really doesn't address the issue of patients being able to give 'informed consent' (required by medical ethics) for this data-sharing. The absolute failure to address privacy issues in the Care.Data leaflet (assuming people received it at all) means only those of us who also have an interest in IT privacy issues and have followed the Care.Data issues are currently in a position to make a decision based on informed consent.

My primary concern with Care.Data is that it opens up individual patient records to a hugely increased number of NHS personnel, greatly increasing the risk of a massive leak of data, a risk illustrated by the Chelsea (Bradley) Manning and Edward Snowden leaks from US intelligence databases. The more personnel who have access, the greater to unity becomes the risk of a major leak.

While linking one medical record back to an individual represents an investment in effort unlikely to be worth the investment in time, the process of linking tens of thousands, hundreds of thousands or even millions of records to identities becomes an obvious case for automation, and the resulting database has clear potential for monetisation. The phone-hacking scandal has demonstrated just how widespread is the risk from people willing to go to any length to access personal data. (Update: And as of 24th February and the Telegraph revelations detailed below, we now know the insurance industry has done precisely this with the inpatient records of 47 million people).

Having already faced career-destroying employment discrimination over disability issues, and facing a clear dilemma over whether to declare to a prospective employer all of my disabilities or not, the idea that a black-hat hacker might be able to set up a service checking medical backgrounds of prospective employees (in much the way that the Consulting Association used to run a blacklist for engineering firms) is not one I can face with equanimity. I can see the clear potential of Care.Data to do good, but as it stands my concerns over security mean I am likely to opt out.

No sooner do I write about the potential risks of Care.Data then we find out the worst case may already have happened. A Telegraph article reveals that the complete set of NHS inpatient records for the 13 years from 1997 to 2010, covering 47 million people, has been sold to the insurance industry, who have then linked that information back to individual people via DoB and postcode (which is a seriously flawed methodology if true, it's entirely possible to get two people with the same DoB and Postcode, even name, DoB and Postcode will have duplicates), combined that with consumer credit information and used it to justify increasing the cost of health insurance for certain individuals. The Guardian is running an article quoting the Telegraph, but including a few additional details.

It's going to be particularly interesting to see how the legality of this is judged. As soon as 'Staple Inn Actuarial Society' created a database linked to individual people and their medical records, they exposed themselves to the most stringent provisions of the Data Protection Act. If they haven't registered this with the Information Commissioner there will be hell to pay, if they have, and the ICO has okayed it, then there will still be hell to pay, but not just for the insurers. If this had been done with CareData data packages, then it would be specifically illegal, whoever authorised the release of data may well have known that, and while they may not have broken the law because this wasn't CareData per se, they are likely to find themselves with some particularly awkward questions to answer.

It's going to be a particularly rough week for the CareData advocates, especially as the NHS is up in front of the Health Select Committee in the morning on precisely this issue - in fact the timing of the Telegraph story screams deliberately timed leak - and I'm willing to bet on it making an appearance at Prime Minister's Questions as well. Big business and the NHS in collusion over the selling off of the most personal aspects of people's medical data, in advance of that sale being made illegal, and that data then being used to justify increasing insurance costs (already an issue over the floods) is a perfect gift to Labour.

Depressingly, at exactly the same time the Independent has published an interview with the Information Commissioner in which he says the courts aren't treating data protection with nearly enough seriousness.

No comments:

Post a Comment