As someone who has tried to keep databases and the associated server farm compliant for banking and credit card security PCI DSS. (in a retail environment Im not a high paid banker) i can say this is hard and firms still get hacked. I don't trust the NHS to be as vigilant or have the budget to keep data secure. everyone with an NHS ID will be able to access your information, they shouldn't but they would have access and by looking at the police as an example Police officers or support staff have accessed information for 3rd parties on the PNC. I'm sure this would happen in the NHS as well.
I have a physical disability and having spoken to Consultants i know that even with all my personal information removed I could be identified in a set of anonymous data with just disability, age group and location (Midlands). so i will be opting out of this and have on previous attempts.
IF the NHS could give a cast Iron Guarantee backed up by VERY tough legislation resulting in mandatory lengthy prison sentences for all involved up to and including ministers (not just the individual scape goat) for data protection breaches then i would be happy for my data to be stored in a national NHS database for medical use in my treatment and making policy / budgeting / future projections of care needs from statistics for internal use only but not for "BIG DATA" for external companies.
I see the Major advantages in treatment and care for individuals a national record of someone's medical history would make in an integrated system. Unfortunately the NHS and many other Government IT policies are NOT fit for purpose... unfortunately the Government seam to mess up 99% of IT projects from health to DWP, Education and the list goes on and on. wasting money.