back to article GP records soon wide open again: Just walk into a ‘safe haven’

The government is preparing to resume its GP patient data-sharing plan, even though its chief scientific advisor admits it can’t guarantee your privacy. The initiative was put on hold in February – but it will shortly resume with two exciting new Orwellian additions to our vocabulary. In theory the GP data is …

  1. Neil Barnes Silver badge

    No one should be allowed to opt out...

    No - provided that the data is used - and *only* used - for medical research purposes.

    But the minute that data is sold - anonymised or not - the kindly include me out. Insurers are the last people who should be allowed such data; for some reason, when they say 'we want to reduce your premiums' they never remember to say 'and increase somebody else's, unless that somebody else is you'. Insurance is supposed to spread the risk, not focus it on a particular person or group.

    And as for advertisers getting it? 'Dear patient xxxxx, we notice you've been prescribed a lot of gliclazide lately. May we interest you in our new publication, 'Diabetes made easy'?'


    1. The_Idiot

      Re: No one should be allowed to opt out...

      @Neil Barnes

      With respect sir - and a genuine and sincere respect for your views - may I disagree?

      In your first line, you make a statement:

      "No - provided that the data is used - and *only* used - for medical research purposes."

      that appears to decide something for everyone. And, as a result, takes that decision away from _them_.

      But then, later, you unilaterally identify a set of circumstances under which you can make a decision to exclude yourself:

      "But the minute that data is sold - anonymised or not - the kindly include me out. "

      If you have the right to decide when your data can be excluded, then logically everyone else does also - which may include the circumstances and choice in your first line. And if nobody else has the right to decide their data should be excluded, to satisfy your first line, then I regret to suggest _you_ cannot logically decide when to exclude your own data.

      While I may, or may not, agree with your views in either case or both - logically either your data is yours, and everyone else's is theirs, at all times - or it isn't. For your or them.

      Or so it appears to me. Of course, I'm an Idiot...

      1. Neil Barnes Silver badge

        Re: No one should be allowed to opt out...

        Perhaps I'm being the idiot.

        I don't have a problem with system whereby data is anonymised and used by the medical profession. I do, however, have a massive problem with the ability to deanonymise the data - I hear that it includes a post code in the data, and I'm absolutely certain that there is no-one in my postcode with the same issues I have. I - and I have little doubt my neighbours - am uniquely and unequivocally identifiable from my medical record.

        But there's a deeper objection. I object to people selling data about me, without asking me to whom I might permit that data to be sold (hint: at present, no-one). I particularly object when said data requires an opt-out rather than an opt-in in the first place .

  2. teebie


    So I guess now the publicity campaign to tell everyone how awful this is has to start up again. Will this lead to another 6 month delay and half-arsed window dressing?

    Fortunately I am with a surgery that makes is fairly easy to opt out.

  3. Anonymous Coward
    Anonymous Coward

    Nothing to worry about...

    ...if you've got nothing to hide

    Anon. for obvious reasons..

  4. Anonymous Coward
    Anonymous Coward

    it's a lifelong disease

    with every government they get obsessed with an idea and no matter how it sucks in real world, no matter the cost, they WILL plod on :(

  5. PaulWizard
    Big Brother

    Opting out?

    Any chance of some info on how to opt out of this mess?

    1. Anonymous Coward
      Anonymous Coward

      Re: Opting out?

      Opt-out form - and more details about this Orwellian mess.

    2. Martin Gregorie Silver badge

      Re: Opting out?

      I had a quick scan through the docs on the page Andrew linked to, and found the following:

      - in Pathfinder Proposal 1, section 2 (Options):

      3d "what happens if [the patients] have already opted out and"

      3e "their rights to change their mind at any time"

      - notes from the meeting on 25th of June:

      Page 3 under "Fair processing principles" I found this gem:

      d) Opt out/in - this is not a legal issue/right; but is a fair processing issue so has to be included

      I'm going to be totally pissed off if these bloated bureaucrats think they are going to make us opt out for a third time or simply decide to ignore opt outs. Given the attention that their masters in Parliament give to public sentiment or to doing anything they promised to do in order to get elected, I wouldn't put it past to do either or both of these things, seeing that they seem to be, in the words of FZ "Totally commited to the fifty bucks".

  6. Oldfogey


    Spotted this in the papers a few days ago. It was obvious from even a short paragraph that no changes had been mad, and the trial areas are just testing the best way to spin it.

    Not relevant to me, as I live in Wales, but I have friends and relatives in England who will be getting a heads up and copes of opt-out forms as necessary.

  7. Graham Dresch
    Big Brother

    I am opposed to any sharing of my personal data by anybody for any purpose, unless I have given explicit consent.

    Opt - out form get it now before somebody notices and has it removed

  8. Anonymous Coward
    Anonymous Coward

    When this is finished

    They move on to the next Ponzi scheme.

  9. alain williams Silver badge

    Subject data access request

    I wonder what would happen, if in a few years time, I were to demand that the insurance company were to give me a copy of all the information that it has on me. This would have to include anything obtained from the GP records.

    1. John Smith 19 Gold badge

      Re: Subject data access request

      "I wonder what would happen, if in a few years time, I were to demand that the insurance company were to give me a copy of all the information that it has on me. This would have to include anything obtained from the GP records."

      Good question.

      Does the FOI Act apply to private companies.

      My guess is not.

      1. VinceH Silver badge

        Re: Subject data access request

        "Does the FOI Act apply to private companies.

        My guess is not."

        Subject data access requests are nothing to do with FOI. They're an individual's legal right under the DPA to see what information is held on them by any data controller - such as insurance companies - and which should therefore include any medical data they have obtained from GP records.



      2. Andy Barker

        Re: Subject data access request

        I think it's a Data Protection Act issue -

        "You can ask the organisation you think is holding, using or sharing the personal information you want, to supply you with copies of both paper and computer records and related information."

        Of course if the information is considered to be anonymised, then you may not get the result you want.

  10. AnoniMouse

    There is no such thing as anonymisation any more

    Once again, this is not a question of whether people wish to share data or not, but the circumstances under which, and by whom that personal data may be accessed.

    I have no problem in my personal medical sharing data for the purposes of medical / epidemiological research. But it's quite another matter if Insurance compaies purchase personal datasets in bulk, join it with other datasets using Big Data processing, to de-anonmise the personal dataset, and then use that to set insurance premiums.

  11. Trigonoceps occipitalis

    "The Department of Health has simply ordered an extra layer of administration:"

    Now, why doesn't that surprise me?

  12. Ken Hagan Gold badge

    Insurance companies

    This is easily dealt with. You pass a law making it illegal to vary premiums according to your medical condition unless it is self-inflicted. (Heavy smokers and alcoholics might be liable unless they could prove that their addiction had a genetic basis.) This would bring "your health" into line with "your sex", insofar as you can't (reasonably) change either and therefore it is only fair that insurance companies have to ignore them.

    In the long term, the insurance industry wouldn't actually care. (I think they already word the policies so that they won't pay out for a pre-existing condition. The "no bias" rule merely stops them using your genetic pre-dispositions against you.) They aren't interested in protecting your future. To them, the whole thing is just gambling. The rules determine what they are allowed to gamble on, but don't significantly change the amount of money you can win if the gambles pay off.

    In the short term, lazy or crap insurers who couldn't be arsed to learn the new game might make a lot of noise. Fuck 'em.

    1. Anonymous Coward
      Anonymous Coward

      Re: Insurance companies

      And pray tell who defines "self-inflicted"? I'm more likely to break my leg if I play rugby than if I don't. Is that self-inflicted - I don't have to play rugby after all? What about if I get hit by a car when dashing across a road instead of using a public crossing - self-inflicted? Are my weight-related health problems due to genetics or poor diet / lack of exercise? If I don't go to a doctor when I have a pain that then turns into a more serious condition... self-inflicted?

  13. John G Imrie Silver badge

    Dear Tim Kelsey

    Please forward all your medical records from birth until the present day, please include

    a) Any trips to STD clinics while you where a student

    b) Records from any hospital, GP, Pharmacist while on holiday

    c) Long-term illnesses

    Please also include medical records for all your relatives, living and dead for that last 100 years.

    Please also include all the above for your spouses/girlfriends/boyfriends/one night stands, current and previous.

    Please note that although you can anonymise the data we will do our best to match it to publicly available records do work out exactly who's medical record is who's.


    The British Public.

  14. Mark 85 Silver badge

    Once upon a time...

    you had to opt-in. Now it's "opt-out" and good luck finding the checkbox. Or as I've discovered on some sites.. multiple check-boxes. Miss one and you're automatically in. Privacy is rapidly becoming a myth.

  15. sam tapsell

    Support this

    Honestly, this has fantastic chances to benefit health and it needs our support.

    Of course there are genuine risks associated with compiling this data, but bigger benefits. I think the politicians will protect this data - its got their embarrassing past too. Sexual infections and such like are not included.

    Genetic medicine can unlock really important stuff. My mate died of a heart attack aged 30, I know a 33y old mum just diagnosed breast cancer. To get these at at young age is largely genetic. Tracking the health of millions of people could solve lots of questions.

    I respect El Reg for its sceptical approach to the tech news cycle, but this is a worthy cause for the geeks to bother to understand and then get behind. Suppose I can't post anon then?

    1. Christoph Silver badge

      Re: Support this

      Help for research is a minor side effect at most. This is about making money for big business and advertisers, plus the idea that our personal information is the governments to do what it likes with - and it likes doing as much as possible with it to keep us controlled.

      Guess what, there will be exceptions to make sure that government ministers' visits to the VD clinic won't get included.

    2. Anonymous Coward
      Anonymous Coward

      Re: Support this

      While I'd agree in principle with most of what you say, the fact that it is being stuffed down our throats with all the deception and guile Whitehall can muster tends to make most of us see red to the point 'useful' takes a very distant second place. This is not happening in isolation; there is a battle going on for the principals of sovereignty over personal data, of which this is just one part, albeit looming large.

      Notwithstanding the obvious general dangers that arise from anyone having unconditional access to whatever datasets they take a fancy to, personally I object entirely to the notion of private companies profiting from my data without prior consent or even interaction with them. The principle of personal choice simply outweighs any unspecified future medical benefits because its loss undermines the notion of society itself, in that we are individuals who consent to certain things and restrictions for the common good. Lack of choice - or at least a far clearer set of reasonable and commonly agreed restrictions on use - undermines democracy.

      It would be very, very easy to have got this right, but our self serving bureaucrats have clearly made a very conscious decision to get it utterly and completely wrong.

  16. Henry Wertz 1 Gold badge

    Not for commercial use

    Agree mostly with Neil Barnes. I don't think anyone should be *forced* to give up their privacy to get free services. But, I wouldn't object to sharing my medical info IF it were being aggregated for statistical purposes. It's being sold to private companies? Oh, yes, I would definitely opt put of this.

    1. Roj Blake Silver badge

      Re: Not for commercial use

      Of course people do give up their privacy to use a free service all the time - it's called Facebook.

      The thing to remember though is that the NHS isn't free - we all pay for it through taxation (and yes, even people on benefits and children pay tax)

  17. Anonymous Coward
    Anonymous Coward

    ASH em

    The sponsoring bureaucrats and implementers should be ASHed themselves!

  18. Tony W

    What will change?

    I've found that life and health insurance companies demand complete disclosure of your medical records anyway. At age 55 I was refused insurance for being too ill to work because my records showed that I had been referred to a psychologist at age 24. It was such a minor thing that I'd actually forgotten the event - a single visit with no treatment nor followup. I'd had no psychological problems in the 31 years since, during which I'd been happily married and continuously employed. But insurance companies don't take risks.

    So, although I'm in principle in favour of privacy, I wonder what difference this will make in practice. A doctor's appointment made in your youth can already come back to bite you when you're old.

  19. batfastad

    Consultation period!

    We've taken on board your views and have decided to ignore them and do whatever we want anyway.

    That pretty much covers the attitudes of all Govs, red or blue. Doesn't seem like democracy's working, best to ignore it.

  20. Marky

    As I understand it, the opt out only sets a flag in the individual's record to say not its not to be used, but data is still provided. I'm sure the commercial companies will take a lot of notice of that then.

  21. Ewan Robson opy out

    Hi all to all that have commented. If as implied the data is to be uploaded was identifiable I totally agree with everyones thoughts however it is not as simple and should be taken into context. The process of use of data for medical research or statistical purposes has been around for years and is a vital way of planning healthcare in England aand Wales. Be wary that by opting out it could effect your health. There are two processes here:

    1 - You can opt out of your data being uploaded to the Health and Social Care Information Centre. This is where they de-identify the data before handing it over in an unidentifiable format to NHS England. This is completed by specific staf fin the DMIC or DSCRO's. Not all of your record goes to them only what is relevant.

    2 - You can opt out of data going to NHS England

    SystmOne has this option and a GP Practices have the opt out form you can sign.

    People have been concerned that staff in HSCIC can access data when they are nto invovled in the care of that patient. This role of anonimysation has been carried by similar staff but under a different name for years and there has never been a percieved problem.

    I welcome the proposal of use of my pateint data for medical/reasearch purposes and if anyone uses that data for anything other than those purposaes can be sued under section 13 of the DPA. They can also be fined up to £500,000 for misuse of personal data. This may be increased to 1,000,000 up to 100,000,000.

    If anyone wishes any further guidance or help including negative ones please contact me.

    1. teebie

      Re: opy out

      The "similar staff" you mention are NHSCIC, which was given a facelift but largely left unchanged when it became HSCIC

      As for there never being a perceived problem search The Register's for "careless data-sharing plans" or "Triple-headed NHS privacy scare" to read about them selling, inappropriately sharing and failing to protect data.

    2. John G Imrie Silver badge

      Re: opy out

      That's all true, but apart from the government, you, me and the rest of the El Reg, comentards, who

      a) knows this exists

      b) knows you can opt out

    3. Andrew Orlowski (Written by Reg staff)

      Re: opy out

      Ahem, Ewan: I think it would be fair to declare your interests in this subject with the readers. Over to you.

    4. Graham Cobb

      Re: opy out

      Personally (others may differ), the issue is less about who has the data than what they are allowed to use it for. I don't care about the NHS (or even associated companies) using my data for caring for me, for planning and monitoring its own operations, for research into providing better care, etc. I don't even mind commercial companies using the data for research into new drugs/treaments or even for insurance companies to better plan their costs and become more profitable.

      What I care about is that there has to be a legal requirement, with very strong penalties (fines of about 1% of global revenues and/or criminal prosecution of individuals, financial compensation to all individuals involved of several times any extra costs they incurred due to the offence) that the data cannot be used to discriminate between individuals, families, geographic areas. genetic makeup, etc in the provison or cost of products or services (such as insurance), nor for any purpose to do with marketing (such as targetting a person or ethnic group). The same thing goes for other data they may be able to find out (such as the rugby team membership an earlier commentator pointed out).

      The purpose of both health insurance, and a national health service, is that the service is available to everyone, equally. Costs are shared, between the healthy and the sick, the old and the young, etc.

      Ewan Robson's post talks about legal protections under the DPA, but it is not clear and unambiguous that all the things I mention above are prohibited. Also fines are extermely limited (the limits are small and in reality fines are usually non-existant), especially for a global drug company or insurer. If there is such protection, then I suggest they shout it from the rooftops before restarting this process. If not, abandon it.

    5. Anonymous Coward
      Anonymous Coward

      Re: opy out

      The fines are supposed to sound impressive to the rest of us, but really just don't; the cases of them being enacted at all, let alone meaningfully, are slightly rarer than hens teeth and apart from those administering data protection always appearing to be very much on the defensive, their understanding of what it should do seems a very long way from the the public's perception of what they would wish to see.

      All of which leads to the need, if you wish to shovel crap like this down the public gullet, for clear, unequivocal and accountable statements of exactly what will be done with the data, when and by whom, what the financial benefits will be and the health benefits likely to be, as suggested by Graham Cobb above an ironclad legal guarantee that transgressors will rue crossing the line.

      We've been collectively screwed far too many times by civil servants and businesses over data to take it on trust that this would be any less of a privacy-reaming debacle than the usual steaming pile from another chocolate teapot.

  22. Zap

    No confirm of Opt out

    BTW I opted out of this data sharing, I checked with my GP and I was still opted in, unlike other organisations there is not even a letter or email generated to confirm that you have opted out.

  23. Zap

    NOT JUST GP - Your Health Data is not Safe and not Anonymous, this data will be updated

    I worked for many years on various projects in the NHS with numerous different NHS organisations managing huge amounts of data in systems, in integrating data and in providing research data.

    Putting aside the complete amateurs who are often left in charge of NHS data and who will dump a whole SQL database rather than figure out what data the requester is entitled to, there are bigger issues.

    The NHS already has exemptions from the Data Protection Act, I attended an annual meeting of doctors who were users of a clinical management system. The presenter was asking for patient data and questions were raised about confidentiality, these were dismissed by the presenter who said

    "part of our exemption is where there is a benefit to the patient, well we can argue that all research is beneficial."

    This cavalier attitude is rife within the NHS, there are constant power struggles in the NHS between Doctors who think they are Gods (they save lives don't you know), managers and the executives. It is so political that you can lose your job if you go up against the wrong person or fail to immediately comply.

    I saw so called "studies" carried out, these were funded by drug companies trying to make data say that their drugs should be used for a larger cohort of patients. In these "studies" they would pick a group of 50 patients that met their criteria, each patient was asked to participate in the study and even paid £60 for filling out a questionnaire 3 times during the study, of course the patient was told that it would all "benefit" the future treatment of patients (bollocks). The doctors were paid £600 per patient for overseeing the "study" and putting their name to it. A nice little earner!

    So let's look at the data, it is going to be updated, that means that there is a key field that links the so called anonymous data to the live patient record, the simple fact that this key exists in both datasets means that data can be "reconnected"

    However, the biggest threat is this data being combined with other data in the public domain, this includes voter records, director records, credit reference agency records, census records, Land Registry records to mention just a few and added to these all the voluntary information that we "give up" for free on social media, websites or in local papers.

    Add to the all the companies that breach data protection and the hackers who steal information and then publish it on forums.

    We already have credit reference agencies covertly getting access to the NHS spine, I have seen reports of this and what is more troubling is that they seem to be getting "event" data, that means they are getting say an update every time the patient attends any NHS facility and the coding can even tell them why, be being found drunk in A&E or for a cancer treatment.

    They are not supposed to have this data and nobody knows how they are getting it, but they are getting it and the NHS is just too big to figure out how. The NHSnet has over 100,000 nodes, there are trusted organisations working inside and outside the NHSnet who have access to it. Some are multi billion pound organisations and others are small little companies.

    I know of Doctors who have run reports of all Doctors and exported that data to their own business that they run on the side. This is a prime example of he can so he will.

    So let’s start with some innocent information provided anonymously in the NHS data, a partial postcode

    PR8 2

    They also have the patient date of birth, but let’s just say they just have the year of birth 1961

    Innocent enough but if you are into "profiling" you combine this with other data that tells you the subject of this data (the patient) is living with a lady who does not use his name, she is originally from Liverpool but now living in Southport who supports Everton, likes "Strictly" , listens to Barry Manilow, enjoys Italian food and holidays in Seville in Spain.

    That they bought their house on 9th Mar 1998 for £233k and are actually selling it right now for £685k (it is sold STC) and they had been trying to sell it since July 2014. The pictures in the property listing tells you a measure of their wealth, that they like to play music (Piano and Guitar) and she likes to decorate rooms in red!

    Whilst the original subject of this enquiry tries to keep off social networks his efforts are only as good as those around him and their security is lax.

    The information "brokers" will use this information is a number of ways; some will combine it with other so called anonymous data used for "retargeting" you in marketing campaigns, but others might use it to deny you or your kin to services such as insurance. If that data includes HIV information you may be prohibited from travelling to certain countries. There are many opportunities that you may never hear about because of your data; employment agencies may exclude you or you could end up on a do not employ list or troublemakers list.

    I was able to reconcile this data in just a few minutes and I am not even trying very hard. I got the full home address and loads of information I did not include because you never know what kind of nuts read this, but the information is out there. Each piece of information allows someone to "connect" with you and that connection might make you trust them.

    It amazes me how gullible the people who have commented here are.


    The potential uses are infinite because as as they CAN access the data, they will find new opportunities to sell access to this data.

    When people discovered that cookies got deleted and people used different browsers they started using dom storage and flash settings to "track" users and profile you by where you go on the web. Some just display ads, others a lot more. The more information they have the more they can do with it.

    At the VERY LEAST The NHS data should be OPT-IN ONLY, once it is out there it is too late, data is never deleted, just excluded from certain queries.

  24. Zap

    My long message has not been published? Can the mod please contact me to explain why, I can always go post it on a blog if preferred?

    1. gazthejourno (Written by Reg staff)

      It got caught in the manual moderation filter. Something evidently tripped it off, possibly the length. Either way it should have appeared by now.

  25. Anonymous Coward
    Anonymous Coward

    What does the ICO have to say about this?

    Last I heard from ICO officials was that they were not happy that the programme had been consistent with Principle 1 of the DPA, given the poor privacy notice flyer that was tucked in with pizza leaflets earlier in the year, to those specially selected areas (where the postie didn't throw it away so he didn't have to carry and post it) that were even sent a copy. The ICO informally has been quite open about this. Unless new legislation has been passed (I lose track between SIs), I imagine their concerns still stand - i.e. this could prove, if challenged, to be a breach of the DPA.

    GP opt out codes only cover certain data flows - you'd be amazed at those 'automatic' data flows that you have not been made aware of and hence data shared without your knowledge. I'm fairly convinced if you got your GP practice to add all the opt-out codes for the various automated data extractions (you do realise there are probably >10 of these, didn't you?) to your record, it would still be shared (without your consent or knowledge)...

    One of the most basic parts of the DPA is do with fair processing. It's also potentially one of the weakest areas of the Act. It is up to those wanting the data to produce something to "reasonably" attempt to raise awareness of data being used in such a way. They do not need to be able evidence they have provided that this information or that it indeed being disseminated. This is because this would be the Data Controller's responsibility to manage. It's a pity that most Data Controllers do not realise that should be monitoring this more proactively - GPs and their practices I find to be extremely naive about this (ever asked a receptionist to add an opt-out code to your record)... wonder why... [opens next can of worms]

  26. David Pollard

    Too late to change to a distributed database?

    Perhaps the way to make more acceptable would be to change the order of collation and analysis, by pre-processing queries at the local level, at the GP surgery, clinic or hospital, and then sending in the statistical results securely to build up the complete picture. In most cases the pre-processed data would be truly anonymous rather than being in the form of records 'anonymised' and tagged for central collation.

    Rather than creating an extra copy of all data to be collated in an additional large and potentially vulnerable central database this alternative approach would use only the presently held distributed data. Security would be much greater. There would be much less likelihood of loss, theft, malfeasance, system creep or covert access.

    In addition the uses to which the data was being put would be open to inspection. This aspect could even be enhanced with appropriate choice of query language so that queries would be reasonably easy to interpret, perhaps for comment in the public domain.

    The gain in accountability and consequently in public trust would be immense. And none of the benefits that are being claimed for the centralised system would be lost.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019