Two cheers for the NHS

Of all the categories of sensitive data, it is information about our health and our medical histories that is perhaps the most personal and private.

For example, you wouldn’t want a stranger – or worse, a colleague – knowing that you’re being prescribed Anusol Ultra for your chalfonts, would you? Nor would you want your boss to know about the methadone prescription, or your mother to know about your latest suicide attempt. Unless, of course, it was a cry for help.

But even if it contains nothing as dramatic as an overdose, we tend to guard our medical history very jealously.

So it may come as a shock to learn that not only has the NHS amassed a central database of around one billion confidential records of patient visits to hospital, it is routinely sending some of these records to an academic organisation outside the NHS. These records contain personally identifiable information, such as postcodes and NHS numbers, as well as medical information, including diagnoses and any treatment given.

Now, a certain breed of querulous privacy advocate will start whining the moment they hear the words “giant database” in conjunction with “confidential data”. Not so data grub: we understand that there are often the very best reasons for aggregating personal data, as long as stringent measures are in place to ensure absolute confidentiality.

In this case, the aim is to use this vast resource of information to improve the NHS’s service and treatment outcomes, which I think we can agree is a Good Thing.

The other good news is that both the NHS and the academic organisation that uses this data, the inanely-titled Dr Foster Unit, seem to have taken decent precautions to protect patients. All data is held on encrypted discs and is sent by secure courier, which is a pretty good start. Then, at the Dr Foster Unit, the data is kept in secure offices, on disc-less workstations which have no link to the Internet.

While this compares pretty favourably with the cavalier approach towards data security shown by other public sector bodies, among them the Ministry of Justice, the MoD and the Department for Work and Pensions, it’s certainly far from perfect.

Our main gripe is that personally identifiable information (PII) is contained within the data that’s being sent out of the NHS. While PII such as postcodes may be vital for making distinctions between different areas of a town or the country, surely the NHS should secure people’s informed consent if they are to use their data in this way?

So, two cheers for the NHS and the Dr Foster Unit for at least trying to apply best practice to the use of sensitive data. But, as we asked at the beginning, why should anyone other than one’s doctor be able to look at your confidential medical history, even if it’s just some academic at Imperial College?

Now, if they anonymised this PII irreversibly, ensuring that records cannot be traced to an individual, while at the same time remaining useful to the bean counters (all perfectly possible with today’s technology), well – that would be just what the doctor ordered.