back to article NHS England DIDN'T tell households about GP medical data grab plan

NHS England patients who went to the trouble of opting themselves out of junk mail being crammed through their letterboxes did not receive the health service's recent leaflet about its data grab plan with GP medical records, it has been revealed. That's despite ministerial mutterings that implied that households across the …


This topic is closed for new posts.
  1. Graham Marsden

    Perhaps it should be renamed...


    1. Vimes

      Re: Perhaps it should be renamed...

      Meanwhile in other news:

      Still trust the NHS?

  2. Anonymous Coward
    Anonymous Coward

    This was probably the whole intent

    i.e. to avoid sending it to the people who were most likely to opt out in the first place.

    1. Werner McGoole

      Re: This was probably the whole intent

      In my case opting out of junk mail has had ZERO effect on the junk mail, but has nevertheless successfully opted me out of NHS circulars, or so it would appear.

      So much for that excuse, then.

    2. Anonymous Coward
      Anonymous Coward

      Re: This was probably the whole intent

      My problem with this scam scheme is that it concerns sensitive data, and should thus never have been in the opt-out category to start with. And when you rely on opt-in to get something off the ground, you will damn well make sure you get people informed.

      Why not actually follow general Data Protection principles? Or do they have something to hide (sorry, couldn't resist that last one)?

  3. Steven 1

    Funny that..

    I can't stop Virgin Media from bombarding me with shit about services that I have no interest in but yet this was deemed sufficiently trivial to not be delivered to me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Funny that..

      Follow the money.

      In the case of Virgin, it's in their interests to spam people, hoping a proportion will sign up. As a volume game, it doesn't matter that you haven't signed up yet.

      In the case of health data, the money is to be made by selling the data (or more likely handing it over for free to a company run by a minister's friend), and that money is therefore maximised by NOT delivering opt out leaflets.

      Anybody still not in the tinfoil-hatter camp on this matter may wish to look at this article on today's Telegraph website:

      1. Anonymous Coward
        Anonymous Coward

        Re: Funny that..

        That Telegraph report really needs to be spread far and wide. Those of us who doubted the assurances that our data would never be flogged to insurance companies et al were described as "scaremongering" last week (what next - Medical Miracle Deniers?) - it seems we weren't!

    2. Tony Green

      Re: Funny that..

      Here's a tip that worked for me.

      Email their CEO, Tom Mockridge,, telling him that you regard their constant unwanted communications as harassment under the terms of the Harassment Act 1997. And that if you receive any more communications you will take action under that act against him personally, as the person responsible for the company.

      You'd be amazed how quickly they get their arses in gear to get it stopped and just how apologetic they get.

      1. BlueGreen

        Re: Funny that..

        > Here's a tip that worked for me.

        Neat. But may I also suggest joining the MPS too? Just to be on the safe side mailing preference service and even better, kill off those annoying cold callers with the telephone preference service. It takes a few months for it to really kick in but it works very well when it does.

        Edit: and I didn't receive the leaflet in question either.

  4. Mike 140

    Every household?

    I live in a large house converted into 5 flats. One leaflet was delivered.

    1. VinceH

      Re: Every household?

      "I live in a large house converted into 5 flats. One leaflet was delivered."

      Sounds about par for the course.

      That's one reason why a generic leaflet is not the right way to do this. Similarly, any households in which there is more than one person living, and the first person to see the post is likely to not understand what the leaflet is and discard it as just some more junk in with the post.

      It should be sent individually, addressed to each and every patient - and if it's done like that, there's no reason not to include a form to allow people to opt out. Or, even better, a form asking for consent. But the danger with an opt out form is that people might actually fill it in and return it. And the even bigger danger with a consent form is that people won't bother to fill it in at all.

      Better, then, to send a simple, non-addressed leaflet to households. That way, fewer people are likely to see it, and therefore more people will be opted in.

      Oh, wait. That's what they did, isn't it?

      Who? Me? Cynical? Ridiculous!

    2. taxman

      Re: Every household?

      I haven't opted out of pizza leaflets etc as I use them as fuel on my log burner. But I haven't had this leaflet informing me about being able to opt out either.

      Looks like someone's made an opt out decision for me.

      1. wikkity

        Re: Every household?

        Yep, we did not receive one either.

        1. Gordon 11

          Re: Every household?

          I remember(?) receiving a leaflet about NHS data sharing some time last summer??

          Does any-one know what this leaflet actually looks like?

          1. Nick Ryan Silver badge

            Re: Every household?

            Sure I haven't seen it either. However seeing what it is meant to look like might help jog the grey cells...

            Just a random google image search gives me this:

            ...and nope, it doesn't ring any bells at all even with a pic of it.

  5. Anonymous Coward
    Anonymous Coward

    Who made the descions to...

    1) Not mark it as "exceptional"; and

    2) Send it as junk mail in the first place; and

    3) Not correctly anonymise/aggregate data to ensure privacy?

    Once they are identified, fire them for gross negligence and/or bringing the company (i.e. civil service) into disrepute. This is what would happen in the private sector; this is what MUST happen in the public sector.

    Oh, and the sackings should begin from the top down (starting with Jeremy Hunt). No compensation, not hand outs - just fired.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who made the descions to...

      "Once they are identified, fire them for gross negligence and/or bringing the company (i.e. civil service) into disrepute. "

      Why? The outcome is precisely what was intended. I have a very low regard for civil servants (see note 1), but you can't blame them for doing what the politicians wanted, in the way they wanted it done.

      1) Having once been one myself you'll understand the standards are lower than Barry White's balls on a deep sea dive.

      1. Anonymous Coward
        Anonymous Coward

        Re: Who made the descions to...


        "the sackings should begin from the top down (starting with Jeremy Hunt)"

  6. bigtimehustler

    I never received this leaflet and I haven't opted out of royal mails non addressed mail either. So either the NHS didn't send out enough leaflets or royal mail have been saying they deliver them and haven't been doing so.

  7. zaax

    Don't worry they have already sold your Hospital records to the insurance industry so they can put up your insurance premiums.

    1. graeme leggett

      Going by the description of the HES data, that is what it is supposed to be available for.

      "Each HES record contains a wide range of information about an individual patient admitted to an NHS hospital, including:

      clinical information about diagnoses and operations

      information about the patient, such as age group, gender and ethnicity

      administrative information, such as time waited, and dates and methods of admission and discharge

      geographical information such as where patients are treated and the area where they live."

      So its not your full medical record. But a fair bit of data. The site does say that admission with low incidents are suppressed to reduce possible identification.

      You can download a lot of the info from the site anyway. eg Apparently there were two admissions for "Glanders" (usually affects equines) in 2012-2013.

      1. Brian Morrison

        A little more on this, via the UKCrypto mailing list...


        "In 1996 these bodies were abolished and the NHS-Wide Clearing Service (NWCS) was set up to provide a means of transmitting the records. In 2006 this work was taken over by the Secondary Uses Service, which is run by the Health and Social Care Information Centre and the National Programme for IT.”

        So it came under HSCIS’s remit in 2006. The data set was from 2000-2010.

        For tracking though, there is the HESID -

        Which appears to include per-client pseudonym-ids. Data cleaning on release appears to be documented here -

    2. Anonymous Coward
      Anonymous Coward

      So, they got £50 million for them? Anyone got any practical objections why we shouldn't all receive £1 million each compensation?

    3. Anonymous Coward
      Anonymous Coward

      The report indicates that they re-identified confidential personal data using age and post code (which is claimed to make the data anonymous). It would be interesting to hear about the legality of this.

    4. Anonymous Coward
      Anonymous Coward

      And what is the problem with that? Insurance companies providing cover for the actual risk, not the under-represented (i.e. fraudulent) risk means fairer prices for all. Only those actually at increased risk pay more.

      Otherwise those to stay healthy have to subsidised the unhealthy.

      We already have a catch-all (the NHS), so those who choose to price themselves out of private insurance can make do with that.

      It's just like driving. Why should good drivers subsidise bad? This is why you have to declare your points etc.

      1. spiny norman

        Missing the point?

        The whole point of insurance is is to spread the risk across as wide a population as possible. That's how it worked when insurance was first set up as non-profit societies for mutual protection. Bad drivers are penalised by loss of their no-claims bonus. You seem to be assuming that people who suffer poor health all bring it on themselves.

        1. Ken Hagan Gold badge

          Re: Missing the point?

          "The whole point of insurance is is to spread the risk across as wide a population as possible."

          Two points:

          1) If you apply for insurance you have to declare your medical history anyway and if you miss anything out then it may invalidate the policy (years later, after you've paid all the premiums, and now actually need a payout).

          2) The point of the NHS is to make medical insurance unnecessary, by providing medical care according to need, free at the point of delivery. If that's not working for you, you don't need to worry about the health insurance business, you need to worry about the NHS.

      2. Anonymous Coward
        Anonymous Coward

        "We already have a catch-all (the NHS), so those who choose to price themselves out of private insurance can make do with that."

        What about those who don't "choose" to get sick who you so conveniently overlook? Perhaps through genetic defect, environmental factors etc etc - the majority I suspect.

        The world needs fewer of you and your ilk.

  8. ravenviz

    I can't tell if I've received it or not since:

    a) I have opted out of junk mail;

    b) replacement postmen sometimes forget and deliver junk mail anyway;

    c) when that happens it goes straight into the recycyling without me looking at it.

    About Virgin Media, I did actually ring them up and ask them to stop sending mail to 'The Householder' at my address. They said they would but it would take up to a month to take effect. More news on this soon.

    1. spiny norman

      Virgin on the offensive

      Virgin Media periodically send my elderly mother broadband offers addressed to her by her christian name, in very familiar terms that, I expect, at 94, she found offensive, and probably puzzling, as she only vaguely grasped the idea of the Internet. As she died in November, I find them even more offensive and hope they'll stop soon.

      So much for CRM, campaign management and targeted marketing.

  9. NogginTheNog

    Cheers Reg!

    I'd never heard of this Door-To-Door opt-out from RM, and I'm sick of the junk crap (for Virgin Media, old-fogey insurance, etc) that they keep sending. So I headed straight over to their website to find out how to sign up.

    For everyone else's convenience, check here:

    1. Grumpy Guts

      Re: Cheers Reg!

      I have done this several times. Opting out of junk mail has made bugger-all difference...

      1. Corinne

        Re: Cheers Reg!

        The vast majority of the junk mail I receive (bar Virgin Bloody Media) is pushed through the door by people other than the postman, I reckon maybe 8-10% only of the leaflets arrive via the Post Office, the rest is either leaflet distribution companies or people employed by the one company to leaflet the area. Opting out would make very little difference to me sadly.

        1. John Brown (no body) Silver badge

          Re: Cheers Reg!

          the rest is either leaflet distribution companies or people employed by the one company to leaflet the area."

          ...and quite a few of those companies can trace their history to right about the time the TPS and other opt-out schemes related to Postal deliveries came into existence. One wonders if any of those companies are owned or part owned by senior officers of the PO, what with them knowing it was coming and having the experience to set up a private postal service.

    2. Anonymous Coward
      Anonymous Coward

      Re: Cheers Reg!

      For everyone else's convenience, check here:

      I have another solution - I tend to send the brochures back to the sender via post, but without postage..

  10. Anonymous Coward
    Anonymous Coward

    There are two explanations I'm torn between: the one AC just proffered "to avoid sending it to the people who were most likely to opt out in the first place" to which I'd add 'which thought they promptly convinced themselves had not occurred to them, i.e. repressed'. Or, in a similar vein, that the process was decided upon by the type of people who are such lying, unprepossessing little bread-heads that they're sticking it to people who opt out of 'Direct Mail' (sic).

  11. Tom Chiverton 1

    Discuss all this and more with Phil Booth in person this Tuesday in Manchester :

  12. Tony S

    I've never received it either; and if I had used all of the vouchers sent by just one particular pizza chain in the last year, I'd now weigh 30 stone.

  13. Anonymous Coward
    Anonymous Coward

    My leaflet did arrive - in the junk-mail service

    I did get the leaflet (but wouldn't have noticed it had I not heard something about it on the radio a few days earlier). It arrived in the middle of a wad of 5-6 pieces of 'junk'; pizza menus, Budgens monthly offers, local DIY shop monthly specials, curry take-away menus,...

    The visual design did not really distinguish it from junk mail, and certainly didn't give the impression it was 'important' (even if it said the word 'important' on it).

    I'll bet a fair few of the people claiming they didn't receive it actually put it straight in the recycling bin without even noticing it.

  14. caffeine addict Silver badge

    Since this opt-out is on a person by person basis, and the head of the household / first to the post doesn't have the right or ability to opt is or out for you, why wasn't this sent out as individually addressed letters to everyone with an NHS number?

    Yeah, I know the answer. Still need to ask though...

  15. Sooty

    what data are they sharing?

    I haven't had a leaflet but I'm not that surprised

    Last time I went to the doctors a few months ago they had an address 3 years out of date, and the doctor asked me about my asthma, which i don't and never have had.

    I went to A&E around the same time, due to bad luck, and the address they had for me there, 10 mins walk from the doctors, was over 10 years out of date, and they didn't think I had asthma.

    1. Anonymous Coward
      Anonymous Coward

      Re: what data are they sharing?

      Last time I went to the doctors a few months ago they had an address 3 years out of date

      Lucky you were still registered then ... I visit Doctor very infrequently (my father was a GP and I was brought up to not be ill!) but over the past 12-18 months I've had a couple of calls/letters from the surgery and whatever the local health authority is called now to check that I still want to be registered each of which indicated that if I didn't respond then I would be removed from the regsiter.

    2. Anonymous Coward
      Anonymous Coward

      Re: what data are they sharing?

      My GP surgery regularly changes a random digit in my phone number. On the first occasion I only realised after the snotty receptionist delivered a sharp little lecture about "not keeping my phone number current", and the apology was only perfunctory when I pulled out my phone and showed them an inbound call from their number 3 months previously.

      I've no idea what they're actually doing, but I'm sure it has worse consequences than the consumption of humble pie.

  16. Loyal Commenter Silver badge

    Forget about whether we had the leaflet or not

    Does anyone have the website address to opt out of this nonsense right now?

    1. Roger Stenning

      Re: Forget about whether we had the leaflet or not

      Wouldn't mind that info too.

    2. Grumpy Guts

      Re: Forget about whether we had the leaflet or not

      To opt out of having your private details handed to al and sundry you must write to your GP. is a guide to how...

  17. cpage

    website with useful links to opt-out forms etc

  18. Pat 11

    Why does the data need to be identifiable anyway?

    There are a lot of benefits to aggregating all this data. Real, life-saving benefits. But I think those benefits would still exist without precise identifiable data. Why not upload age brackets and first part of post code, and create unique keys which never leave the GP practice to tie it all together downstream? I think if they don't want to do that, it's pretty strong evidence that individual health records are valuable to insurers and the intention is to sell them.

  19. Anonymous Coward
    Anonymous Coward

    I've opted out already, thanks to the Register article.

    I looked at the linked web site, decide I wanted none of (don't) (insecurity), found the better opt-out doc on my doctors web site, and have already provided the completed double ticked and signed form to them.

    I've warned other people too.


    This data is too damned valuable to allow third parties access to it; it /will/ leak!

  20. Roger Gann

    Worrying stuff indeed

    Might not it have been more enlightening to know how many households the 'Better Information means better care" leaflet was delivered to and how many opted out? That might give us a better picture.

    PS - Ever tried applying for private health insurance without divulging a raft of personal information to an unaccountable ('cept to it's shareholders) insurance company? I don't think you'd get too far.

  21. Adrian Midgley 1

    watched for it, got Domino's menu but not

    the leaflet.

    I'm one of the doctors who thought some aspects of the idea and its implementation were suboptimal.

  22. Anonymous Coward
    Anonymous Coward

    beggars belief

    Should we start a sweepstake on how long it will be before our medical records get hacked and stolen? And then put on pastebin for all to see?

    Because let's face it, private and confidential computer data has never been stolen before, has it. And I bet NSA/GCHQ can't believe their good fortune.

  23. Anonymous Coward
    Anonymous Coward


    So let me get this straight... I live out in the sticks, and have a unique postcode that only applies to one property. And I'm the only occupant! In what way does that make the data anonymous?

    1. Nick Ryan Silver badge

      Re: Anonymous?

      You are personally anonymous to the government and NHS cronies through security-through-obscurity. However the buyer of your personal information (inevitably somehow linked to the same government and NHS cronies, odd that) will now know all they need to know about you. They will then link this new information to all of other personal information that you never gave permission to be shared.

      And then people wonder why I always fill out such random information on forms that don't need this information, refuse to give my address to random shops for "catchment surveys" and other general flippances. So instead my bank sold, or lost, my personal details for me...

      1. Intractable Potsherd Silver badge

        Re: Anonymous?

        I sit on a Research Ethics Committee in Scotland, and there are a lot of places up here that are one post code=one house. We regularly have applications for approval where the identifier is going to be "anonymised to a code, being initials and post code"! They don't get very far with that up to now, but a worry is researchers saying "Well, this is what the information gives, so where is your problem?". I know of one NHS data safe haven with very robust privacy and anonymising protocols that is extremely unhappy about

  24. Anonymous Coward
    Anonymous Coward

    Remember the Telecom phone book on a CD

    About 20+ years ago British Telecom were promising again and again that the soon to be released phone book on a CD would be encrypted so that you couldn't sort the contents in ways that are/were illegal. Well the sortable hacked version was freely available before the formal CD was officially launched.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019