England’s NHS is making ready to scrap the medical records of 55 million patients, together with sensitive data related to psychological and sexual well being, prison information and the abuse of adults and youngsters, right into a database it’s going to share with third parties.
The information assortment venture, which is the primary of its kind, has triggered an uproar amongst privateness campaigners, who say it legally questionable, especially as patients only have a couple of weeks to decide out of the plan.
NHS Digital, which runs the well-being service’s IT techniques, confirmed the plan to combine collectively medical information from each affected person in England who’s registered with a GP clinic right into a single pool that can be available to educational and business third parties for analysis and planning purposes.
Cori Crider, the co-founder of Foxglove, a marketing campaign group for digital rights, said that all of us need to see the NHS come out of the pandemic stronger, however famous that the NHS has been fully silent on who would have entry to the data.
She said is it pharma corporations? The well-being arm of Google Deepmind? When you ask patients whether or not they need details of their fertility treatment or abortion or results of their colonoscopy shared with those companies, they’re not going to need to.
Foxglove has issued an approved letter to the Division of Well being and Social Care, questioning the legality of the plans underneath present information safety legal guidelines, and threatening additional authorised motion.
Rosa Curling, a solicitor at Foxglove, wrote within the letter that she had severe issues concerning the legality of the change as a consequence of no specific permission had been given and only a few segments of the general public could be conscious that the brand new processing was coming or directly affected their private medical data.
NHS patient’s GP records are the most detailed and sensitive medical records that exist, containing the history of events in an individual’s lifetime affecting their physical and mental well-being.
But, from 1 July, NHS Digital has announced that data may be shared from the GP medical records about any living patient registered at a GP practice in England when the collection began.
NHS Digital, the health and social care system’s information and technology partner, will be able to take the following from GP’s records, which will be data about diagnoses, symptoms, observations, test results, medications, allergies, immunisation, referrals, recalls and appointments, including data about physical, mental and sexual health.
This will also include data about staff who have treated patients, and data on sex, ethnicity and sexual orientation, as well as other delicate data.
Although NHS Digital states that patient’s data will be removed from GP systems across England from 1 July 2021, and its privacy notice states that individuals have until 23 June 2021 to opt-out.
And while its press release on the matter states that people can opt-out at any time, the privacy notice states that NHS Digital will nevertheless still hold the patient data which was shared with them before they registered the Type 1 opt-out, meaning that for anyone who’s not opted out by the time their GP history was first extracted, the data taken will never be deleted.
Having collected millions of patient’s GP records, their data will be distributed, including into the secret VIP lanes for GP data, and, likely, the preponderance of the population will not be conscious of any of this.
It will not know that the Government has commanded NHS Digital to instruct their GP to hand over a copy of their lifelong medical history to be sold, because the Government has taken the decision not to tell anyone.
When a similar GP data grab was attempted before, junk mail flyers were sent to homes. That programme failed.
This time, patients could and should have been written to, as millions of people have been throughout the Coronavirus pandemic.
If a member of the public did happen to find out about this programme, including the opt-out, they would be forgiven for thinking that NHS Digital would not sell their health and care data, because that’s precisely what it says on its website, including in this myth-busting fact check about social media posts.
On its website, NHS Digital states that it’s publicly funded and that they don’t work on a cost-recovery basis, and that it doesn’t charge for data, only to meet the cost of processing and delivering its service.
Although it states that there’s lots of protection in place to make sure patient data is used securely and safely, it’s not doing the safest thing, which would be to not let its customers have copies of patient’s data at all.
Like the Office for National Statistics and Genomics England, NHS Digital does now have what’s known as a safe setting, a secure data processing facility with layers of rules, approvals, protections, and monitoring. But the Government hasn’t made it mandatory for patient’s GP data to only be accessed via this highly secure, heavily audited environment, and so, in all probability, NHS Digital’s customers will continue to buy copies.
NHS Digital does audit some, but not all of its customers which receive copies of data. Several of these audits have revealed that, and not only do organisations break the protections in place, but that these don’t hinder them from getting data once they’ve been broken.
Some of these protections are legal obligations, but audits have revealed that one public body didn’t even conduct a legally required data protection impact assessment.
This recently obtained GP data will be distributed in the same way as patient’s NHS data obtained from other health and care settings already are.
After the failure of a similar data grab in 2014, NHS England undertook that any subsequent collection of GP data would be in a safe setting only. But, that promised safeguard is now entirely missing.
Some may say that there’s no point arguing with a Government that doesn’t listen and doesn’t appear to care, but people do care, and in this situation, they have options.
To fully opt-out from having your NHS data used for purposes beyond your direct care is a two-step process:
1) If you have concerns and want to stop your and your family’s GP data being taken from your GP practice for purposes other than your direct care, you can do so by filling in and giving this ‘Type 1’ form to your GP practice. (This form allows you to include details for your children and dependants as well.) This is the most urgent step; the deadline to get your form to your GP is 23rd June 2021, according to NHS Digital.
2) If you want to stop your non-GP data, such as hospital or clinic treatments, being used/sold for purposes other than your direct care (e.g. for “research and planning”) you should also do the following:
· If you are opting out just for yourself, use NHS Digital’s online National Data Opt-out process – this process only works for individuals aged 13 and over.
· If you have children under 13, you need to fill in this form and e-mail or post it back to NHS Digital – this form works for both you and your children.