As it relaunches the controversial care.data initiative, NHS England has responded vigorously to contest fresh media reports over patient confidentiality concerns.
In particular, it has attacked Sky News which ran a report which claimed that it would be easy to identify any one person through the data collected for care.data is incorrect. Joss Wright, a research fellow at the Oxford Internet Institute at Oxford University, told the broadcaster that “because there are so many individual points of data, it would be very easy to uniquely identify an individual from the sheer volume of data”.
Mr Wright went on to say that “the Hollywood nightmare scenario is the hacker who gets the whole database and can use this to blackmail people”. He noted that there are other bodies who want to access the data and “sometimes that can be a good thing - pharmaceutical companies conducting studies on drugs”.
However, he warned that credit rating agencies or health insurers could use it to determine that a person has “a higher likelihood of certain conditions, so your premiums should be higher”.
Sky suggestion 'incorrect'
NHS England said the suggestion by Sky is incorrect, saying the likelihood of being able to identify an individual “is negligible”. It adds that GP records, including NHS numbers, dates of birth, postcodes, and cross referenced with publicly-available data, as suggested by Sky, “would not be accessible so therefore could not be linked to social media” and credit rating agencies or health insurers would not be granted access to the NHS’ secure data facility where the information will be held.
NHS England pointed out that “firstly, there is no database of information for the care.data programme yet as we are in a ‘pathfinder’ or testing phase”. Were an individual to try to ‘hack’ the system, this would be a criminal offence, it adds, noting that the networks and computer systems used by the NHS “have strict controls in place to ensure patient details are protected”.
Secondly, “however negligible, the risk of identification is something that we take very seriously and therefore all confidential data is held on secure servers in protected, independently assured data centres. Only a small number of authorised personnel can access”, NHS England notes, and confidential data “is always encrypted whilst in transmission and the secure networks used to transfer data are regularly tested and monitored for any vulnerabilities”.
It adds that once a patient’s record has been matched, “the information that could identify a patient is removed and the pseudonym is allocated to the record instead”. Pseudonyms can be converted back to the original identifier “only by using the specific encryption key that created the pseudonym” and this is “only ever disclosed in very exceptional circumstances”.
The scheme was put on hold last summer on the back of a public awareness fiasco and strong concerns over privacy issues. Earlier this week, Tim Kelsey, national director for patients and information in the NHS, confirmed that pilot schemes are starting again.