Secret plan to sell our confidential medical records to private companies for as little as £1 has been drawn up by officials3
October 2, 2013 by Protect Our NHS
From the personal to the local – impact of NHS “reform” and your medical records
We don’t often quote the Daily Mail on this blog, let alone start a piece with one of their articles, but Paul Dacre’s organ is bang on the money with this one: In August 2013, it reported that:
“A secret plan to sell confidential medical records to private companies for as little as £1 has been drawn up by officials.”
“The records – held for every person registered with a GP – will contain details of medical conditions, as well as ‘identifiable’ information including a patient’s NHS number, postcode and date of birth.”
“Private firms such as Bupa can then apply to the Health Service to buy and use data from the records for research.”
Jeremy Hunt argues that sharing GP records with universities and private companies will provide a valuable tool for medical research, monitoring flu outbreaks and screening for common diseases. Oh yes? And what else?
medConfidential say: ‘He’s presenting this as some anodyne thing that’s only going to be used for health research. But this is a massive re-engineering of how everybody’s medical records are going to be used. It is an unprecedented threat to our medical confidentiality.’ (http://www.dailymail.co.uk/news/article-2396362/Your-confidential-medical-records-sale–just-1-Hunt-insists-plan-sell-details-private-firms-vital-combat-epidemics–critics-fear-unprecedented-privacy-threat.html)
Sensitive medical information will be included – for example whether a patient suffers from a condition such as cancer, heart disease or depression – as well as lifestyle information such as alcohol consumption.
Names and addresses will not be uploaded, but ‘patient identifiable data’ including date of birth, postcode, gender and ethnicity will. Using publicly available records such as electoral rolls – which contain postcode and dates of birth information – malicious individuals could then identify who the patient records belong to. Do you know what’s in your medical records now?
NHS Summary Care Record
Now let’s start the blog proper with an apparently innocuous letter we’re all receiving from our local Clinical Commissioning Group.
If you haven’t received it, you will shortly. It’s all about the NHS Summary Care Record (SCR). The government proposes to collect everyone’s medical records into centralised databases.
A new NHS computer system is being rolled out across England, called the Summary Care Record (SCR). GPs are being asked to create a summary of your medical notes and upload this to a centralised IT system. This will be called the General Practice Extraction Service (GPES). 12-16 weeks before your details are due to be uploaded you’ll receive a letter about this.
If you do not respond in time, you will be assumed to have given your consent.
Read the letter
And like everything. We are here given a choice
• “I would like a summary care record”
• “No I don’t want a summary care record”
i.e. it’s an opt out rather than specific request to say ‘yes’.
In Bristol, there’s also 2nd record called the Connecting Care Record – this is for local IT data purposes.
Experts like Ross Anderson, Professor of Security Engineering at the University of Cambridge Computer Laboratory, argue that the national database of national electronic database of patient records is not fit for purpose and illegal. See http://news.techeye.net/security/uks-anonymous-health-records-are-wide-open
The British Medical Association (BMA) and many doctors have serious reservations about the system. And even Prominent Conservative MPs have questioned the legality of the Government’s data extraction programme, saying it poses an ‘enormous threat’ to patient privacy and trust in the health service. http://www.pulsetoday.co.uk/20004575.article#.UkxeZSNwaM8
Former shadow home secretary and a previous Conservative party leadership contender David Davis, MP also said the care data extraction would present a ‘honeypot of data’ to hackers.
It is essential that patient medical records are only be uploaded with the explicit consent of patients.
The campaign group MedConfidential (see: http://medconfidential.org/) says the SCR should be abandoned for reasons of safety, functionality, clinical autonomy, patient privacy, and human rights. Information will not be anonymous when it leaves your GP’s surgery; it will be extracted with your personal details still attached. The government’s Health & Social Care Information Centre (HSCIC) (http://www.hscic.gov.uk) which runs the General Practice Extraction Service (GPES) – will then determine which parts of your information it will share with others, and whether this will be in a form that identifies you. NHS England, for example, has already been granted a legal exemption to pass identifiable data about patients between various commissioning bodies.
European Data Privacy Regulation
Now let’s do a leap to Europe …
The European Commission wants a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. On April 26th 2013 corporate lobbyists went to a meeting in Brussels to fight for their case for amending stricter regulations on data protection.
Ross Anderson was there and he noted that a senior executive from the Association of British Insurers found it “painful that the regulation might ban profiling” (using data to determine information about individual) that was unfair or discriminatory. See: (http://www.lightbluetouchpaper.org/2013/04/28/how-privacy-is-lost) for more information.
At that meeting there was also resistance to anonymisation of data.
Helen Wallace (GeneWatch) says “profiling is not always helpful, such as health data being used to profile customers to deny them insurance.” “If everyone is tagged and categorised using their DNA, privacy will be wiped out”, warned Dr Wallace. “The motivation isn’t better health, but marketing by private companies and surveillance by the government”. See: http://www.genewatch.org/article.shtml?als%5Bcid%5D=539478&als%5Bitemid%5D=565571.
And she’s right
Selling your Medical Data – GB to the USA
The HSCIC manages all medical heath data and currently charges tens of thousands of pounds for carrying out a typical ‘data extract’ request.
But in August 2013 Geraint Lewis, chief data officer at NHS England, announced proposals to reduce these costs to just £1 a time. Eventually NHS England wants to include full medical records going back 20 years.
Now let’s take a trip across to the US.
There, as hospitals and clinicians shift to digital medical records, administrators promise patients better care and shorter waits. They often neglect to mention that they share files with state health agencies, which in turn sell the information to private data-mining companies.
The records often contain patients’ ages, Zip Codes, and treatment dates – enough ‘metadata’ for an inquiring mind to match names to files or for aggressive companies to target ads or hike insurance premiums. Read http://mobile.businessweek.com/articles/2013-08-08/your-medical-records-are-for-sale for further information.
Companies that buy the state data include IMS Health, a provider of prescription data; and UnitedHealth the biggest U.S. health insurer. And here’s the rub, as more and more private healthcare providers with their health insurance arms have access to this data, the more it supports the health insurance market, essential to a privatised health service.
I won’t go into details about the US but I suggest Google, and read online, “25 SHOCKING FACTS THAT PROVE THE ENTIRE US HEALTH CARE INDUSTRY HAS BECONE ONE GIANT MONEY MAKING SCAM” (see: http://endoftheamericandream.com/archives/25-shocking-facts-that-prove-that-the-entire-u-s-health-care-industry-has-become-one-giant-money-making-scam)
Back in the UK 55 organisations are accredited to apply for identifiable or sensitive data and they can apply for information from this new General Practice Extraction Service (GPES).
And so now what about the link with the private health care providers. For guess who has the contract to provide the £8m five-year to deliver and service the General Practice Extraction Service (GPES)? Yes, it’s our favourite outsourcing company …
Let’s remind ourselves that Atos is an international information technology services company with revenue of €8.8 billion and 76,400 employees in 47 countries. (read http://uk.atos.net/en-uk/ and http://www.atoshealthcare.com/ to get a real feel of their operations.
As most people know (or do they?) it works in manufacturing, retail, public services, health, transport, financial services, telecoms, media, and energy utilities. In the UK, its healthcare activities are in two main areas. It has the contract for the Work Capability Assessment for the DWP and the GPES contract. Again I’m not going to go into all the details, but please examine the relationship between the Department for Work and Pensions, Atos Healthcare and a corporate American healthcare insurance giant, known as Unum Insurance. Because, make no mistake, the introduction of the WCA, as designed in collusion with Unum Insurance, was the next step as successive UK governments planned to destroy the Welfare State, to be eventually funded by private healthcare insurance. See http://blacktrianglecampaign.org/2013/08/28/unums-unaccepatable-influence-in-the-formulation-of-uk-dwp-atos-disability-assessment-regime-letter-to-president-of-the-faculty-of-occupational-medicine-royal-college-of-physicians/
So you have the company who has access to patient records nationally via GPES, who has access to GP records, who work for the DWP and have links with a giant insurance company. A FoI question is (at September 2013) currently being asked ‘is the DWP are one of the 55 organisation accredited to access GPES data?’
To summarise: The General Practice Extraction Service (GPES) is the centrally managed primary care data extraction service that will, for the first time, extract information from GP IT systems for a range of purposes at a national level.
GPES is the only national means of extracting primary care data from general practice systems. It comprises two main parts and is being delivered by a number of IT services organisations.
ATOS have been awarded the contract to provide the tool that will produce the extract queries, whilst the extractions themselves will be conducted by the GP practice system suppliers – EMIS, TPP, Microtest, INPS – all private companies. Read http://www.hscic.gov.uk/article/2226/GPES-overview for more details.
We suggest patients OPT OUT NOW from the SCR
The NHS – People Before Profits