NHS slammed for MAJOR data blunders as scale of patient info sell-off is revealed The NHS struck four "data-sharing" deals with three re-insurance companies that allowed them access to patient information under agreements that don't expire until 2015 and 2016. That's among the shocking findings of a review of data released by the NHS Information Centre - the predecessor to the Health and Social Care …
@nematoad
Yes, that really jumps out from the article, the answer to this now should only be, not now, not next year, not ever, can private medical data be shared outside the NHS. The government, NHS and other organisations involved have proven beyond doubt they cannot be trusted.
The great shame of this, is that done properly there was a great deal of good that could have come from it, however all involved have proven that the bad far outweighs the good.
Three things should come out of this (in no real order)
1. Sackings at the top and lots of them (including the government)
2. Criminal proceedings for such negligence
3. A law stopping patient data being sold or supplied to private companies EVER.
This is serious stuff. And you know insurance companies would love to only insure people who will never claim. This data is too valuable to let loose without responsible ownership and somewhere for the buck to stop with.
Never forget that that HSCIC is just CfH rebranded, but full of pretty much the same bunch of cock-up magnets as before.
The same bunch of 'have a go heroes' that pissed £ 20bn of our money by being willingly bum-raped by every IT consultancy and major IT supplier that ever drew breath.
Yes they have sacked the most incompetent, and there are now a some people around who know what they are doing, and the lower rungs have always been decent people but the case for dropping a nuclear device on Leeds is still overwhelming.
COI : I deal with CfH and now HSCIC on a regular basis.
@Will Godfrey
No, no, no - you don't understand. They won't "sweep it under the carpet", they'll "draw a line under it".
At first I was being facetious but then I realised that it is, actually, different. Sweeping it under the carpet is pretending it didn't happen; what they will do is acknowledge that there were problems (already done - no choice about it) but then "look forward". I.e. do nothing.
That the HSCIC actively pursues a technical solution to allow access to data, without the need to release data out of the HSCIC to external organisations.
This. It should be right up at the top of the list of recommendations. Do this, and the other recommendations become less vital, or even irrelevant.
All "clearly identifiable", "anonymised" or "pseudonymised" data should be held strictly on HSCIC premises and equipment, and only processed at arm's length, with incoming queries and outgoing reports strictly vetted by the HSCIC.
All truly aggregate data can be openly published, in accordance with the government's welcome commitment to open data.
There's a prevailing tacit assumption held by many bureaucrats and politicians, which should be challenged, that the only way to handle data is to pass it around on USB sticks, or DVD discs, or something, and process it with Excel. It's this kind of ignorance that leads to unencrypted laptops full of sensitive data being left on trains.
No meaningful health information can be truly anonymised - there's no such thing as an "average" patient, everyone's individual response to disease and treatment is different and that's the reason for collecting data from such large cohorts.
There's clearly a potential benefit from collecting and analysing all this data, the question is to whom is the benefit greatest. Even if HSCIC analysed data under contract, it's quite likely that the only people who'd pay for the service would be drug companies who could see the potential for long-term medication of the chronically ill.
I don't really believe HSCIC have a genuine medical agenda because I don't think we have any consensus on what type of outcome we want to achieve from this data. I think they have a purely financial agenda - they have this stuff and people will be prepared to pay for it. Under those circumstances, we don't need a technical solution, we simply need them to stop doing it.
I think they have a purely financial agenda
That's not true. From http://www.hscic.gov.uk/dles:
The HSCIC is publicly funded and we therefore operate on a cost recovery basis. We do not charge for data itself but do apply charges to cover the costs of processing and delivering our service.Check out the charges. They're not going to make a profit on this.
"They're not going to make a profit on this."
So why was insufficient demand for their services listed as a risk in their risk register? Any cost recovery scheme is going to be based on a particular volume, so that they can amortise fixed costs over the variable demand. If the demand drops to zero, the fixed costs don't get paid. If the demand goes above your planning assumptions, the fixed costs are paid and you can (subject to any costs that are fixed up to a point and then have a marginal component) book the extra as profit.
The real whammy with this is all the data that has been sold, resold & left around. You can never get it back and as they do not even appear to know who it was sold to, they cannot go in with enforcment orders to get it deleted (Ha Ha).
In the digital age, once electronic information is released that is it, there is never any going back. Maybe some draconian fines and deletion enforcments so that the parasitic companies that have bought the data are forced to delete all copies including their backups and the numpties that sold it in the first place are jailed.
Unfortunately that will never happen as the merry-go-round of directors in and out of public bodies and the cosy private consulting outfits and industry will always continue.
I opted out because this was so predictable.
Yes, I know all that universal care stuff, but anything governments does which is not pure administration and law ends up rotting on the branch or poisoning the well, because they don't understand how to run stuff which should be run by business, and I don't mean the FU of medical insurance. I'm not having a go at doctors, nurses, etc. just the socialist disorganisation. The worst absurdity is trying to run any closed system with no creative destruction as a market, it just doesn't work, and leads to colossal waste and disorganisation.
You have to make it peoples _business_ to get this stuff right and to suffer personal consequences when it fails, otherwise they get complacent, or worse become socialist do gooders (do bad)!
The staff handling this kind of data have proved time and again that they are oblivious to its value to either "legitimate" users or to fraudsters. The solution is that every member of staff in a department from which personal data is compromised must have their own corresponding data made public. Once they discover the pain of preventing that leading to personal identity theft (or the reality of it actually happening), they may begin to appreciate what they are wilfully doing to the rest of us.
In this instance they might find that, because their medical data is in the public domain they can't get medical or life insurance. Having read of their sexual health history issues and psychiatric health episodes, friends, family and colleagues attitudes toward them change.
The value to identity theives of the "lost in the post" CD of Child benefits records in 2007 (http://news.bbc.co.uk/1/hi/uk_politics/7104368.stm) was estimated at £1.5bn. In that instance Revenue and Customs chairman Paul Gray resigned - but only from that role, he kept his job as a senior civil servant on £200k+ salary.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
