The Real Truth about NHS data
I have worked in the NHS for over 10 years and specifically in managing data from numerous Trusts.
Currently the so called beneficiaries of this data is the drug companies so they can improve health, that is total bullshit. They already have access to data but under the supervision of a Doctor via study groups and sponsored research. They pay quite a high price for this, for example one study pays £60 per patient to the patient and £600 per patient to the Doctor. They want unlimited access to this data so they can export it to 3rd world countries for analysis. Some of the research carried out helps Doctors in the NHS, but this moves the value of that to a commercial company and takes it away from the Doctor. Remember the Doctor wants to make patients better, the drug companies want to sell you a pill you have to take every week, for life.
What amazes me from working in the NHS is the complete and utter lack of a consistent access control system for data. Some Trusts have "school leavers" looking after their data and will quite happily dump a complete SQL database because they do not know how to selectively extract data.
Others are incompetent with the HL7 interfaces, they say "well give you everything and you sort out what you need".
Meanwhile GP's are already not respecting your wishes if you want to opt out of the spine (your data being shared across the NHS).
The spine itself has already been infiltrated by Data companies who are selling selective parts of this data such as the address of patients to debt collection companies.
The data is not anonymous, because when you combine this data with data from other databases including Companies House directors, the electoral register and all the other databases.
For this reason I do not put my name on the Electoral Register.
The most sinister aspect of this is that you CAN'T OPT OUT, I already opted out of the spine with my GP but my data is being provided to the spine and being sold off to 3rd parties NOW. How do I know this?
I split from my Ex and took on some credit card debt which was sold off to a debt collection company. It took a while for me to get a new flat so I was staying with friends. I was temporarily at two different addresses, but I did not give those addresses to any organisation except two parts of the NHS, one was the transplant register, within a week I received a threatening letter from the debt collection agency, so that address had got onto Equifax.
Then a month later whilst at a completely different address that I provided to my local hospital who asked me to confirm my address. I gave them the address but I modified it by adding "first floor" even though it was a detached house. Sure enough the debt collection company wrote to me at the new address and included the "first floor" in their address.
Whilst I was at these two addresses I was completely "off radar" even my bank did not have my address. So the idea of GP's managing your preferences is a joke, they can't even manage it now.
Quite how the data is getting out of the NHS at the moment is unknown to me but I suspect it is a company that is plugged into both by providing some sort of outsourced IT service. Of course they will never admit it and right now they are probably only using the address updates but have you noticed how every time you use the NHS they are manic about getting you to confirm your address is correct?
Once you let this data out of the NHS access control will go out the window, the big data management companies will abuse your data (just look at what their American parent companies already do).
Some of these data companies already manage "public" databases things like the tenant deposit register to name just one, there are too many to mention.
Various different companies have access to public data, some buy the electoral register for under £5 per thousand records, they then bolt on information they gather and scrape from other sources including Google. This is why you are so stupid to provide your data either to companies or even sites like linkedin and Facebook. All that data can and is scraped daily.
The data protection act has a key element called PURPOSE, you provide your data to an organisation for a purpose and they are not allowed to use it for a different purpose without your express permission. The public sector organisations are exempt from this and the private data companies want access to this this exemption via the back door and you are not even being given consent.
Many companies are putting your data on credit registers without even telling you, they do not just look you up but they share your payment history. This includes energy companies, broadband suppliers and mobile phone companies.
So how can this data be abused, well putting aside the fact that some faceless organisation has access to your data without your permission? Simple, by profiling. When you know a patient has been putting on weight you can put relevant ads up to them, this already happens, it is called re-targeting, you can do it across most internet platforms (it is how ads chase you).
Consider Google, they collect your web search history and the only way to opt out is to register with them and specify that, they will still collect that data, they will just not use it to affect your search results. They have a spy on your desktop, first with Google Chrome, but also with the various toolbars in other browsers and also in the search box of the browser itself. Now this all sounds like innocent marketing right, sure, except that when Google sent their streetview cars around they used a pernicious bot to identify your router, grab all the information about it and even break through it to trawl your PC data. We recently found out that Google management were warned about this by their engineers and still proceeded. When asked to delete the data they said "we can't delete all of it but we have done what we can" what this means is that they deleted the data but not the index of it. Once they index data it is part of the index and that cannot be deleted ever. Just read the book "in the plex" to understand why. Hell they even index your emails.
So now Google knows your habits, it can identify you by the unique footprint of your router, SSID, your mobile, your PC name and when these change it can update your "profile", this is not a profile you have access to, but the Government does, there is a publicly admitted part of this
and the not so public admitted
Plus off course what we were told by Edward Snowden
Google is not the only one, Facebook will use your likes, the groups you belong to, your connections with friends, fair enough you might say, but they use your private messaging that is stepping over the line. Worse still 3rd party companies use software to trawl Facebook data and build their own profiles.
What it shows is that if you do not restrict and regulate big companies they will go as far as you let them.
Another example is insurance companies, with this NHS data they will be able to start to build a profile, it will start with increased policy costs and lead to refusal to even offer a policy. That is just one abuse of data, the whole idea of insurance is that you spread the risk across the masses.
What we have here is the beginnings of the creation of a "sub-class" for some it will be your financial status for other your health status and it is the combining of data that is the biggest risk. That will allow them to create new "sub-classes" or "prospects". Your medical data may be used to determine your lifestyle choices, how much alcohol you consume, have you ever taken drugs, are you depressed, are you a single parent, are your promiscuous, have you had an abortion, etc etc; your whole reputation is being sold, not just to one party but to all takers. They will combine that data with other databases, identify you, probably try to get you to confirm that identity with a questionaire or survey, or just use it as a "potential match". The continual updates from the NHS means they can chase you and you can't get away.
The only way to avoid this invasion of privacy is to take out services in false names and using false previous addresses, they know this and that is why they want access to data you can't change, your health data.
Information is power so collecting it by any means possible gives a lot of power and we know that power corrupts.
At the most basic the caredata system should be opt-in not opt-out so people have to choose to share their data, but I think the whole thing should be scrapped.