NOT JUST GP - Your Health Data is not Safe and not Anonymous, this data will be updated
I worked for many years on various projects in the NHS with numerous different NHS organisations managing huge amounts of data in systems, in integrating data and in providing research data.
Putting aside the complete amateurs who are often left in charge of NHS data and who will dump a whole SQL database rather than figure out what data the requester is entitled to, there are bigger issues.
The NHS already has exemptions from the Data Protection Act, I attended an annual meeting of doctors who were users of a clinical management system. The presenter was asking for patient data and questions were raised about confidentiality, these were dismissed by the presenter who said
"part of our exemption is where there is a benefit to the patient, well we can argue that all research is beneficial."
This cavalier attitude is rife within the NHS, there are constant power struggles in the NHS between Doctors who think they are Gods (they save lives don't you know), managers and the executives. It is so political that you can lose your job if you go up against the wrong person or fail to immediately comply.
I saw so called "studies" carried out, these were funded by drug companies trying to make data say that their drugs should be used for a larger cohort of patients. In these "studies" they would pick a group of 50 patients that met their criteria, each patient was asked to participate in the study and even paid £60 for filling out a questionnaire 3 times during the study, of course the patient was told that it would all "benefit" the future treatment of patients (bollocks). The doctors were paid £600 per patient for overseeing the "study" and putting their name to it. A nice little earner!
So let's look at the data, it is going to be updated, that means that there is a key field that links the so called anonymous data to the live patient record, the simple fact that this key exists in both datasets means that data can be "reconnected"
However, the biggest threat is this data being combined with other data in the public domain, this includes voter records, director records, credit reference agency records, census records, Land Registry records to mention just a few and added to these all the voluntary information that we "give up" for free on social media, websites or in local papers.
Add to the all the companies that breach data protection and the hackers who steal information and then publish it on forums.
We already have credit reference agencies covertly getting access to the NHS spine, I have seen reports of this and what is more troubling is that they seem to be getting "event" data, that means they are getting say an update every time the patient attends any NHS facility and the coding can even tell them why, be being found drunk in A&E or for a cancer treatment.
They are not supposed to have this data and nobody knows how they are getting it, but they are getting it and the NHS is just too big to figure out how. The NHSnet has over 100,000 nodes, there are trusted organisations working inside and outside the NHSnet who have access to it. Some are multi billion pound organisations and others are small little companies.
I know of Doctors who have run reports of all Doctors and exported that data to their own business that they run on the side. This is a prime example of he can so he will.
So let’s start with some innocent information provided anonymously in the NHS data, a partial postcode
They also have the patient date of birth, but let’s just say they just have the year of birth 1961
Innocent enough but if you are into "profiling" you combine this with other data that tells you the subject of this data (the patient) is living with a lady who does not use his name, she is originally from Liverpool but now living in Southport who supports Everton, likes "Strictly" , listens to Barry Manilow, enjoys Italian food and holidays in Seville in Spain.
That they bought their house on 9th Mar 1998 for £233k and are actually selling it right now for £685k (it is sold STC) and they had been trying to sell it since July 2014. The pictures in the property listing tells you a measure of their wealth, that they like to play music (Piano and Guitar) and she likes to decorate rooms in red!
Whilst the original subject of this enquiry tries to keep off social networks his efforts are only as good as those around him and their security is lax.
The information "brokers" will use this information is a number of ways; some will combine it with other so called anonymous data used for "retargeting" you in marketing campaigns, but others might use it to deny you or your kin to services such as insurance. If that data includes HIV information you may be prohibited from travelling to certain countries. There are many opportunities that you may never hear about because of your data; employment agencies may exclude you or you could end up on a do not employ list or troublemakers list.
I was able to reconcile this data in just a few minutes and I am not even trying very hard. I got the full home address and loads of information I did not include because you never know what kind of nuts read this, but the information is out there. Each piece of information allows someone to "connect" with you and that connection might make you trust them.
It amazes me how gullible the people who have commented here are.
INFORMATION IS POWER
The potential uses are infinite because as as they CAN access the data, they will find new opportunities to sell access to this data.
When people discovered that cookies got deleted and people used different browsers they started using dom storage and flash settings to "track" users and profile you by where you go on the web. Some just display ads, others a lot more. The more information they have the more they can do with it.
At the VERY LEAST The NHS data should be OPT-IN ONLY, once it is out there it is too late, data is never deleted, just excluded from certain queries.