back to article Half a million 'de-identified' patients records to be shared in Bradford

The UK city of Bradford is to share the "de-identified" medical data of half a million patients from 88 GP surgeries across the region. We're told this will help improve treatments for frailty and childhood obesity. Under the Connected Health City project, the data will be shared across two trusts, three clinical commissioning …

  1. Vimes

    Why do any charities need to have access to data, regardless of whether it has been 'de-identified' or not?

    1. tiggity Silver badge

      @Vimes - it did mention Sue Ryder charity for palliative care - so that might explain why. Plenty of charities involved in health care (in an ideal world there would be no need for health related charities, but that's a different issue entirely)

    2. Anonymous Coward
      Anonymous Coward

      'Why do charities need to have access to data'

      *** Meanwhile no one ever gets fired for privacy clusterfucks ***

      www.theregister.co.uk/2017/04/05/ico_fines_

      eleven_big_charities_over_dirty_data_dealings_chasing_funds/

    3. Korev Silver badge

      Why do any charities need to have access to data, regardless of whether it has been 'de-identified' or not?

      Sue Ryder do carry out research, although their website doesn't really go into a huge amount of detail about it.

      If I put my scientific data geek hat on I can see how this data could be useful in palliative care. You could investigate something like how long HIV or cancer patients live depending on which drug protocols are used or seeing if you can predict which patients suffer the most pain according to their medical history which could then alert doctors to act.

  2. Doctor Syntax Silver badge

    Thanks for the heads-up about TPP. They run our GP's systems. They expect the GP's staff to provide user support for which I doubt they (GP staff) are trained.

  3. Nick Leaton

    The ONS has the data that enables them to find out the names and addresses of all NHS pensions.

    The NHS says they strip the information. But they send NHS numbers.

    Then from the passport office the ONS gets NHS numbers.

    They can then put two and two together.

    1. Sir Sham Cad

      Re: put two and two together.

      Yep, nailed it. We have very strict Information Governance criteria for what we deem to be "non patient identifiable data" and stripping name and MRN number is not even close to sufficient. If they keep even part of the postcode for regional reporting, for instance, that's a huge nono.

      Also, bonus points to the article because I didn't know SystmOne was so completely fucked.

      1. Anonymous Coward
        Anonymous Coward

        Re: put two and two together.

        I could probably be identified using "anonymized data" giving a 10+ year age window, my sex, my medical conditions. and the county let alone post code, from speaking to Dr's these details alone are enough to get a 100% match as me. I have a rather unique set of medical conditions.

        funnily i give the do not share codes to my GP and wrote a letter to the data protection officer of the hospital Trust saying under the data protection act i didn't authorise the sharing of my data even when anonymized with the HSCIC or any other 3rd party organisations outside the NHS. I have since seen the letter in the front of my medical file.

        i do allow it to be used for teaching purposes WITHIN the trust.

      2. Korev Silver badge

        Re: put two and two together.

        I think you see something like female patient 12345, born in 1975, from surgery 6789 in SW England.

    2. anothercynic Silver badge
      Facepalm

      <faux shock horror>@Nick Leaton, but... but... but... the ONS would *never* do *that*.</faux shock horror>

      ;-)

  4. caffeine addict Silver badge

    So, a prize...

    ...for the first person to deanonymise the data of a Bradford MP, Lord, or NHS high-up?

    1. Anonymous Coward
      Anonymous Coward

      Re: So, a prize...

      come on you dont think those individuals will actually be in the data set before its anonymized do you there will be a "Filtering" process first. to remove anyone who has the "Power" to cause trouble WHEN the data is matched and published.

    2. Korev Silver badge

      Re: So, a prize...

      I temped in a paper medical records library for a bit. They kept the "interesting" files locked in the supervisor's office. "Interesting" meant people like players in the local (major) football team or a notorious criminal residing at Her Majesty's pleasure. Had the latter record ever been leaked then the tabloid press would have been all over the story...

  5. Dan 55 Silver badge
    Devil

    You can tell where the cuts are hitting hardest

    It'll be where hospitals and trusts roll out "innovative data solutions" first.

  6. WibbleMe

    I have a boil on my ass that sings Amazing Grace, Im sure I can be identified through that.

    1. Mephistro Silver badge
      Happy

      You're Turanga Leela...

      ... and I claim my five %currency_units%!!!

      https://www.youtube.com/watch?v=xEONsXhg4fU

  7. Scott Broukell

    "safely stored at Bradford Teaching Hospital" - yeah, for at least ten minutes.

    1. Dan 55 Silver badge
      Trollface

      Not even they can read the data without paying the Cryptolocker ransom.

  8. Adam 52 Silver badge

    How does this in any way shape or form satisfy the second data protection principle?

    "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes"

    1. Anonymous Coward
      Anonymous Coward

      HSCIC (NHS Digital) was granted a "get out of jail free card" so it can and has Legal authority given by parliament to be exempt from some of the regulation of the data protection act.

      which is partly why it is not the NHS (directly) so as its separate it is not overseen by the Health Minister Directly so they cannot be culpable for data loss.

    2. sunrise

      If it is "de-identified" correctly it will be anonymous and therefore it will no longer be defined as personal data.

      If its not defined as personal data the principles of the DPA do not apply. Onward processing is therefore lawful.

  9. Korev Silver badge

    News?

    I'm not sure how new this kind of data sharing is. A lot of this information is in CPRD, which has millions of anonymised* British patients' medical records in.

    *you can only see that a patient is at a surgery in say the South West of England, so arguably is more anonymised than just having surgeries in the Bradford area as in the article.

  10. earl grey Silver badge
    Devil

    i'm surprised no one has said

    What can possibly go wrong?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019