General Practice has done this well for years
And we have patient records for groups of around 2000 (per GP) to 30 000 (largest Practice at present. They have since 1900 or so been intended to be cradle to grave records, thus having extracts of hospitals' etc records in them. With electronic records one may be a bit more clever.
There is something to be said for automating access by other healthcare entities to the record held by the Practice, among other things it significantly increases the difficulty of obtaining the record of a specific person, if some finite number of holes exist, and it vastly multiplies the effort of getting all the records, or trawling all or some of the records for particular profitable information. (The address of someone for instance who has reason not to want to be found by someone non-official. Oh, and who has what as well).
For making queries about disease tracking and other bits of epidemiology there are a couple of considerations:-
1. It is actually more economical and more virtuous to send the query to everyone, than to collect all the data from everyone and then run the query on it...
2. Medical records like other records tend to be very bad at answering questions that they were not designed or intended or used so as to be able to answer - random data mining is something that is presented as solving problems and valuable, but many of us are unconvinced as yet.
Compare and contrast "Send me all your medical records on everyone, I wish to count the cases diagnosed and coded as Typhoid" and "How many cases diagnosed and coded as TYphoid have you?"
One gets a gigabyte, the other gets "0". (Or in the context of an epidemic, perhaps a small set of names and addresses and geocodes.)
I quite like "loose" for what has happened - I've not seen the detailed reports to know whether the people involved were clinicians (whatever they are - I'm a doctor and there are another 100 000 or so of us, and then a bunch of people playing doctor whose informational needs and abilities may well be very different) and the 300 000 users for the NHS Net seems a low number to me, actually, given the access via Whitehall and the porters' lodge. Think 1 000 000 as a start, I'd say.
The data is not lost. That construction is one with the RIAA and FAST and the like. It has indeed been let loose. The media have been lost. Precision in talking about NHS IT was lost long ago among the politicians and managers, and is worth trying to recapture here.