NHS Digital explains how patient data is used
If you didn’t know, the NHS plans to make the medical records of approximately 55 million people available to academic and commercial partners later this month, unless patients decide themselves to opt out before the deadline. The change, which will bring records together in a central database, will only apply to people who live in England and who are registered with a family doctor’s practice.
There is still time to opt out of data sharing, which starts on June 23, 2021. Ahead of the upcoming deadline, NHS Digital is advocating its new policy, which it claims will be used “for research with results” into better treatments and to save lives.
A new centralized database is needed as the current system used by primary care practices, known as General Practice Extraction, is over a decade old, according to NHS Digital, which operates the country’s health IT systems. While sensitive information, including mental and sexual health data, criminal records, full zip code, and date of birth, is in the database. NHS Digital says anything that could be used to identify you from your records will be pseudonymized before being uploaded by your local GP practice.
“This means that this data is replaced with unique codes so that patients cannot be directly identified in the data shared with us. The data is also securely encrypted, ”explains NHS Digital.
However, the code to decrypt the anonymized data is stored by the NHS. This differs from the approach taken by some technology companies, including Apple and WhatsApp, which do not store digital keys that could decrypt the anonymized data. Because of this, Apple refused to help FBI investigators who were hoping to unlock an iPhone that belonged to one of the terrorist suspects.
The NHS has confirmed why it believes patients should allow their medical records to be shared (Image: GETTY • NHS)
The software for storing GP records is over a decade old, so NHS Digital centralizes everything (Image: GETTY)
According to Apple CEO Tim Cook: “In today’s digital world, the ‘key’ to an encrypted system is information that unlocks the data, and it is only as secure as the protective mechanisms around it. Once the information is known, or a way to bypass the code is uncovered, the encryption can be bypassed by anyone with the knowledge. In the physical world, it would be the equivalent of a master key that can open hundreds of millions of locks – from restaurants across Banks to shops and houses. No sane person would find that acceptable. “
NHS Digital will keep the keys to unlock its anonymized data, but says it “will only re-identify the data if there is a legitimate reason to do so and if it is necessary to comply with data protection laws”. In a sample scenario of why medical records are being decrypted to reveal the patient’s identity, NHS Digital adds, “A patient may have consented to participate in a research project or clinical trial and has already consented to their data being saved shared with the researchers for this purpose. “
NHS Digital publishes a list of who it shares its database of anonymized records with, which is updated every month. However, privacy activists say that because of the NHS ‘“opaque” business relationships, it can be extremely difficult to find out who is seeing the data. For its part, the NHS says that patient data will never be used for insurance or marketing purposes, the promotion or sale of products or services, market research or advertising.
How to prevent NHS Digital from collecting your records for its database
The NHS plans to make the medical records of around 55 million people available to academic and commercial partners from July 1, 2021. If you do not decide before the deadline, the records of your family doctor’s practice will be merged in a central database. It’s worth noting that the change only applies to those who live in England.
The deadline for opting out of data collection is June 23, 2021. Ahead of the upcoming deadline, NHS Digital is advocating its new policy, which it claims will be “used for research that leads to better treatments and” to save lives ” .
However, if you want to remove yourself from the database, you will need to fill out a form and send it to your GP.
If you don’t do so before the deadline, your medical records will become a permanent part of the NHS Digital database. Deregistration after June 23 will still work, but will only apply to future dates – all historical data will still be available to researchers, academic and commercial partners of the NHS. You will find the required form to unsubscribe Here.
If you do not agree with the upcoming changes, you still have time to unsubscribe.
However, NHS Digital says that should too many people choose to keep their medical records under lock and key, it could have serious consequences for research and innovative new treatments in England.
“When a large number of people choose to unsubscribe, the data becomes less useful for scheduling services and doing research,” warns NHS Digital in an FAQ on its website about the in-depth policy. “This is a particular problem when people from certain areas or groups are more likely to refuse. When this happens, the services may not reflect the needs of that group or area and research can lead to misleading conclusions.”
The final concern most patients will have about data sharing is, of course, whether the NHS can make money on your private health records. According to NHS Digital, that’s not going to happen.
“NHS Digital does not sell any data,” says the FAQ, “but it does charge those who want to access its data the cost of providing the data. This is because we are not centrally funded for this. The fees only cover the cost of running the service and mean that the organizations that need access to the data bear the cost, not NHS Digital. We do not make any profits from the service. “
Digital rights activists Foxglove questioned the legality of the upcoming change in a letter to the Department of Health and Welfare. According to attorney Rosa Curling, the public has not been given enough time to learn about the changes and decide whether to opt out. In a letter to the government agency, Curling writes: “Few citizens will be aware that the new processing is imminent and that it will directly affect their personal medical data.”
To remove yourself from the database, you need to fill out a form and send it to your GP. If you don’t do so before the deadline, your medical records will become a permanent part of the NHS Digital database. Deregistration after June 23 will still work, but will only apply to future dates – all historical data will still be available to researchers, academic and commercial partners of the NHS. You will find the required form to unsubscribe Here.
Advocacy advocacy MedConfidential, a privacy-focused group that was critical in raising alert about the upcoming deadline, told the Financial Times, “They’re trying to smuggle it out, they’re giving you a nominal six weeks and if you don’t act based on websites on the NHS digital site and some YouTube videos and some tweets your entire GP history could have been scraped and never erased. “
