back to article NHS Digital heads accused of being 'suppliers', not 'custodians' of UK patient data

The heads of the Digital arm of the UK's National Health Service have been accused of acting as suppliers, rather than guardians, of the data belonging to patients under their care by handing address information to the Home Office for immigration enforcement. Chief exec of NHS Digital Sarah Wilkinson, and the organisation’s …

  1. Halfmad Silver badge

    the Digital arm of the UK's National Health Service

    No it's not, it only covers NHS England.

    1. iron Silver badge
      Boffin

      Re: the Digital arm of the UK's National Health Service

      I was just coming here to say that. It always annoys me when Reg articles talk about "the UK NHS" because there is no such thing or even just "the NHS" because I have no idea if what they are talking about affects me in Scotland (usually it doesn't).

      (and presumably Wales)

      1. Teiwaz Silver badge

        Re: the Digital arm of the UK's National Health Service

        Or the various Health Boards in N.I.

  2. Anonymous Coward
    Anonymous Coward

    No evidence...

    ... and no motivation to look.

  3. Chris G Silver badge

    Oh by the way Mr Bloggs, this prescription can only be filled at a police station.

    1. Pen-y-gors Silver badge

      No, no...Mr Bloggs is a good English name... more likely it's

      Oh by the way Mr Al-Jamil, this prescription can only be filled at a police station.

  4. James 51 Silver badge
    Big Brother

    “Patient data is a national asset"

    No it is not. My data belongs to me. The NHS gets to hold onto it to do its job but that does not mean that it belongs to the NHS or the nation.

    1. Zog_but_not_the_first Silver badge
      Unhappy

      @James51

      Us "I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own!"

      Them "Ha, ha, ha, ha, ha, ha, ha!"

      1. Teiwaz Silver badge

        Us "I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own!"

        They'll not debrief me, I went commando...

    2. walatam

      Patient data is a national asset

      That jumped out at me too. Sadly, I suspect the extension of this will be someone will suggest that we need to fund the NHS by allowing some ever-so-carefully selected companies access to this "national asset". And those organisations will never ever use it for anything nefarious (but it will be profitable) and then someone will come along and decide that we should have "monetised" the data within the NHS ourselves.

      1. ACZ

        Re: Patient data is a national asset

        They're already doing that with allowing the likes of Google to access patient data on NHS Spine and do analytics/ data mining on it. At a fundamental level, that kind of thing (subject to *proper* data protection) has a real potential to deliver clinical benefits for patients. However, for that to happen the data custodian must guard the data and ensure it is properly protected. Without that, nobody will trust the NHS and, hey presto, a large group of patients (inevitably including some who are highly vulnerable) won't engage with medics / the NHS.

      2. Gio Ciampa

        Re: Patient data is a national asset

        <broken>

        They have form after all... the DVLA comes to mind

        </record>

    3. Jove Bronze badge

      Ha. Th real world is just beyond the keyboard - engage, occasionally, but otherwise leave it to the big boys.

    4. Rainman

      @James 51

      > “Patient data is a national asset"

      > No it is not. My data belongs to me. The NHS gets to hold onto it to do its job but that does not mean > that it belongs to the NHS or the nation.

      Alas law enforcement and bodies responsible for national security are exempted from GDPR. They could quite easily deem that enforcing immigration is both. No, the NHS should not be sharing our data but in this instance if they didn't share it this way then I'm sure it would just get shared via some other much less overt manner. In light of everything I'd much rather it happened like this so we know about it and it can be scrutinised, than for it to happen under the radar.

      Since it's going to happen one way or the other, then perhaps having the transaction (rightly or wrongly) out in the open then it serves as a warning and to dissuade any non-UK parties considering a trip to the UK for free treatment.

    5. Pen-y-gors Silver badge

      "Patient data is a national asset"

      No it isn't. It's confidential.

      What it is, is an NHS asset. Incredibly valuable for optimising access to the wonderful services offered. In the right circumstance an invaluable resource for medical research. But NOT for law enforcement.

      These Home Office people really are scum. "Good morning Doctor. Could you tell me when you've stitched up Mrs Shirzai's caesarean please? We've got a plane waiting to take her back to safety in Afghanistan"

  5. Doctor Syntax Silver badge

    Gordon said the body was only providing information “of an administrative kind” to those who were seeking to pursue criminal offences. He said the body saw the MoU with home office as “lawful and proportionate”.

    I wonder if Mr Gordon will be taking legal advice before May because I'd have thought that this:

    191

    (1)Liability of directors etc

    Subsection (2) applies where—

    (a) an offence under this Act has been committed by a body corporate, and

    (b) it is proved to have been committed with the consent or connivance of or to be attributable to neglect on the part of—

    (i) a director, manager, secretary or similar officer of the body corporate, or

    (ii) a person who was purporting to act in such a capacity.

    (2)The director, manager, secretary, officer or person, as well as the body corporate, is guilty of the offence and liable to be proceeded against and punished accordingly.

    puts him right in the firing line.

    1. Commswonk Silver badge

      I wonder if Mr Gordon will be taking legal advice before May because I'd have thought that this...

      Would that it were that simple. Article 23 of the GDPR provides for Member States enacting certain exemptions; see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/exemptions/.

      IANAL but I cannot see any government having too much trouble finding a way around some troublesome restriction elsewhere in the regulations should it be minded to do so.

  6. Anonymous Coward
    Anonymous Coward

    Google DeepMind

    that is all.

  7. Anonymous Coward
    Anonymous Coward

    Ah the old switch and bait. Get some people on side by using it for immigration then start selling it to credit agencies, parking enforcement, insurers and debt collectors etc... Then give it away to police, courts and councils.

    Welcome to the digital future.

    1. NonSSL-Login
      Big Brother

      You mean like anti-terrorism law RIPA being used by half of councils for waste and littering offences or BBC for licence enforcement?

      This is exactly what the committee is getting at and I am impressed they have stuck up for everyone with a decent argument. Yet nothing will change, making the whole thing pointless.

  8. Gordon Pryra

    Same old crap

    NHS have been selling our data for years.

    Their last big cash grab failed when everyone told their Doctors to keep their medical records away from the central database. Watching some Tory MP spout technobabble about anonymised data being "linked to a private key which is then linked to the user so its all safe and not identifiable" was both funny and scary at the same time.

    The NHS are not fit to hold our private data.

    Their systems are not patched and are all out of service date. Having a sizeable Windows XP estate is proof enough of this. Their blatant bollocks regarding being hacked by North Korea as an excuse for Wannacry is proof positive that they are not capable of either controlling their IT infrastructure nor do they feel they need to tell us when they screw up.

    That last point, where they feel they can lie through their teeth as if it were 1980 and technical knowledge was low therefore we believe what they are saying is the biggest sign that tells me they should never ever get our data.

    If they are selling car-parking spaces outside A+E for 4 quid an hour, then they are either selling our data to life insurance companies or swapping it for shiny toys with Google. Eye-scans from Morfields given to the one company who can unanonymise this data is no joke....

    1. Pen-y-gors Silver badge

      Re: Same old crap

      Maybe, just maybe, NHS England has crap IT and does some dodgy money-grubbing deals because

      1) Successive governments have failed to fund it properly - what comes first, cancel an operation or cancel an XP upgrade?

      2) Too much power in hands of administrators who decide that balancing the books (e.g. charging for patient and visitor parking) is more important than a caring clinical service. A friend kept having to leave the labour room every four hours to feed the meter!

      1. Anonymous Coward
        Anonymous Coward

        Re: Same old crap

        @Pen-y-gors

        1. NHS Scotland still have XP machines, granted there are very few of them and most are air-gapped or have some other form of hardening in place and actively being removed when equipment is upgraded.

        2. Most hospitals in Scotland don't charge for car parking at all and some don't even monitor car park usage. This does cause problems with lack of spaces though - it's not a perfect solution.

        NHS England is enormous, it's also got more layers of bureaucracy than the other NHS organisations, I've always wondered if that was part of the problem. It's also the one which is most likely to be restructured by Westminster and that's never cheap or quick.

        I've also noticed that NHS England is the trailblazer for things that other NHS organisations consider too risky data protection wise like use of cloud storage, working with private companies on a large scale with patient data and engaging in patient portals for access to health records.

  9. adnim Silver badge

    The patients are the suppliers.

    Everyone else seems to be distributors or wholesalers

  10. BebopWeBop Silver badge

    While I do not agree with Wollaton's general political approach (but then I did not vote for her), She appears to be one of the few Tories with both common sense/technical knowledge and a spine

    1. Anonymous Coward
      Anonymous Coward

      She appears to be one of the few Tories with both common sense/technical knowledge and a spine

      That's her ministerial career over before it started. Same is true on the opposition benches. Look at the estimable Dennis Skinner. A man who should have led the Labour party and been PM (as I'm a child of Maggie, praise comes no higher).

  11. JohnMurray

    funny.

    The NHS data, even the highly personal data, has been available to the DWP for years, and is shared with various departments of local councils.

    That's without the Digital economy Act...which authorised data sharing between all govt departments.

    Here is the NHS confidentiality policy...

    https://www.england.nhs.uk/wp-content/uploads/2016/12/confidentiality-policy-v3-1.pdf#page=4&zoom=auto,-70,707

  12. JohnMurray

    And if it disappears, I've saved it!! (no confidence in any govt documents getting frequent hits staying available for long!)

  13. Anonymous Coward
    Anonymous Coward

    Home Office

    Of course you realise that Sarah Wilkinson did work at Home Office Digital a few years ago, and is now passing NHS digital data to her old chums at the Home Office!

  14. Anonymous Coward
    Anonymous Coward

    NHS Digital NOT part of the NHS

    NHS Digital is NOT part of the NHS it is an executive non-departmental public body of the Department of Health and was re-branded as NHS Digital from the Health and Social Care Information Centre (HSCIC) after its bad press due to the care.data fiasco.

    For that matter Public Health England is not part of the NHS either.

    NHS Digital and Public Health England not being part of the NHS also means that they are not covered by the NHS’s code of practice on confidentiality. so if they get DATA from the NHS they can and have been proved to sell or give the data away.

    Examples: like when Sir Nick Partridge when he was deputy chairman of the Health and Social Care Information Centre (HSCIC) sold information to insurance firms and other companies without proper checks and balances. also data at some point in time (by HSCIC's prdessesor before a previous rename) sold health data to actuaries.

  15. Anonymous Coward
    Anonymous Coward

    The self-entitlement demonstrated here is frightening

    More mission creep.... Even with the 'Deepmind' scandal fresh on many patient's minds! Its more of the tact, we know what's best for you, and like God 'you'll take what you're given and be grateful'. - Can GDPR stop this?

    1. Anonymous Coward
      Anonymous Coward

      Re: The self-entitlement demonstrated here is frightening

      "Can GDPR stop this?" Don't be ridiculous. The government can stick whatever GDPR exemptions it wants in the law. The law only applies to the little people.

  16. Anonymous Coward
    Anonymous Coward

    Essentially Tory Britain is a feudal state. Its the little people who get to pay taxes, have their data shared, are excluded from the law, are given debt for life and then tossed aside when they can't earn the elite money. Weirdly the little people seem to like it - because they keep voting it in.

    1. Zog_but_not_the_first Silver badge
      Unhappy

      "Weirdly the little people seem to like it - because they keep voting it in."

      Depressingly true.

  17. paulc

    Gordon said the body was only providing information “of an administrative kind” to those who were seeking to pursue criminal offences. He said the body saw the MoU with home office as “lawful and proportionate”.

    I would expect the people pursuing criminal offences to come with a warrant asking for specific information based upon reasonable suspicion...

  18. anonymous boring coward Silver badge

    "1984"

    ---

    The post is required, and must contain letters.

  19. Anonymous Coward
    Anonymous Coward

    ...and it's not just the NHS....

    ....the police are planning to store records on AWS (Amazon) so that PC Plod can use Alexa to access police records. Fake news?.....not really.....see:

    - https://www.msn.com/en-gb/news/world/amazon-alexa-joins-the-fight-against-crime-as-uk-police-recruit-smart-virtual-assistant/ar-BBHMdM1?li=AA54rU

    "Alexa, write up a new murder report with Jane Doe as a suspect"

    Signed: A Dinosaur

    1. Anonymous Coward
      Anonymous Coward

      Re: ...and it's not just the NHS....

      and again it's only one area of the UK: Lancashire Constabulary

      Yet it's described by you as being UK wide, which it won't be anyway. Not saying it won't happen but I doubt it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019