HIPAA = http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...
The price list looks so cheap that Russian or Nigerian scammers can afford these extracts and it would save them a hell of a lot of time setting up ID scams and instantly make them much more profitable.
No longer any need to mass mail in the hope of finding someone likely to buy V!agr4, the NHS will give you a list of likely marks to direct market to and save all the useless pitches to women !
>Latanya Sweeney, the director of Harvard University’s Data Privacy Lab, identified 35 patients from a Washington database by buying state medical data and creating a simple software program to cross-reference that information with news reports and other public records. “All I have to know is a little bit about a person and when they went to a hospital, and I can find their medical record in this kind of data,” Sweeney says. She says data in 25 other states are just as vulnerable.
The whole article is an interesting read. Apparently the data is sold pseudoanonymised in some states, leaving it up to the purchaser to truly anonymise the data.
[1]http://mobile.businessweek.com/articles/2013-08-08/your-medi...
The Harvard researcher probably fell under research for public health. I'd hope private researchers can access public health data. The goal for "ICD" global standardized diagnoses codes is to help research.
There are rules for distribution and compliance that should carry over to each handler of the data sets.
Given all that, I still have anxiety of bad actors handling the private information.
"Your NHS number Your date of birth Your postcode Your gender and ethnicity Your medical diagnoses (including cancer and mental health) and any complications Your referrals to specialists Your prescriptions Your family history Your vaccinations and screening tests Your blood test results Your body mass index (height/weight) Your smoking/alcohol habits"
seem 'de-identified'?
It includes details of how to opt-out.
"The data extracted - your Primary Care Dataset - will include the following:
Your NHS number Your date of birth Your postcode Your gender and ethnicity Your medical diagnoses (including cancer and mental health) and any complications Your referrals to specialists Your prescriptions Your family history Your vaccinations and screening tests Your blood test results Your body mass index (height/weight) Your smoking/alcohol habits"
---
Go to that site. Opt out here http://optout.care-data.info/. It's really simple.
Considering recent government actions, I find it unsurprising that this is the only method - as far as I can find - to opt-out.
A simple form or email address would have been great. But we couldn't possibly have that for an online data service, oh no.
- State that you wish to opt-out of care.data
- Request that both the 9Nu0 and 9Nu4 codes are added to your GP records
- Remember to include full names and DOBs (and your address if you are happy to)
Yes, it seems heinous at first, but are there legitimate, palatable Big Data opportunities here, assuming the data is properly anonymized?
Standard extract – no personal confidential data £9,565
Alternatively for just under £1,000 more :
Standard extract – containing personal confidential data £10,453
They're specifically enticing people to purchase the confidental data version since it is only 10% extra to get all the juicy information.
Trouble connecting people to their parents, siblings, children, (ex)partners ? Simple, they'll even do that for you - look at Patient Tracking, Cohort Event Notification (!) etc.
The value of this data to marketers (e.g. health insurance, private hospitals - which do exist in the UK, etc. makes the price list charges trivial and insignificant to just slurp up everything they can and start targeting people). Want someone to try and sell you cancer insurance 2 weeks after your mother dies of breast cancer ? Cohort event notification report makes this simple.
Remember the toothpaste does not go back into the tube - once the data is sold, it's basically wild and free for all sorts of use and abuse. You have absolutely no guarantee it will only be used by benign 'good actors'.
edit:spelling
A quick glance at some of the approvals suggests that yes, the information is very personally-identifying indeed but the cohorts are pretty small and not obviously commercially valuable, and the types of organisations getting the data sound no more likely to resell it than my GP (and even less likely to make a profit on it). And my GP and his admin staff and various other NHS employees have had access to it for some years now.
the data is not anonymized.
J_smudger 24 January 2014 3:00pm
I think there is confusion amongst some commenters here. This comes from reading a large amount of literature from the relevant pages on the NHS / Health and Social Care Information Centre (HSCIC). The HSCIC are basically a repository in Leeds, where all this information will be stored.
Your GP records are going to the HSCIC as pseudoanonymised information, which as has been said does indeed include your NHS number, date of birth and postcode. The HSCIC will then build up a database of this information. They can indeed pass on certain of this information to certain external interested parties, although when they do this the data becomes truly anonymised as opposed to pseudoanoymised. You can read about this in the NHS published guidelines (although not in the rather patronising leaflet), as well as from the documentation of the HSCIC and the government itself.
To quote the HSCIC:
we take out details that could identify you before we make any information available
there are no personal details such as your date of birth and postcode included... We would never publish this type information because there is a risk that you might be identified.
http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Pa...
http://www.hscic.gov.uk/article/3399/Rules-for-sharing-infor...
Or if you have a hour to spend read this:
http://www.hscic.gov.uk/media/12931/Privacy-Impact-Assessmen...
... or perhaps just sections 3.3.4. and 3.3.5.
http://www.legislation.gov.uk/uksi/2002/1438/regulation/5/ma...
:edit: gohrt pointed out that I'd overlooked the restriction to medical purposes in regulation 5, thanks.
Please edit your commment for correctness:
""" General
"confidential patient information may be processed for medical purposes in the circumstances set out in the Schedule" """
Annual Service Charge: £300 Per data set per year £262 Per additional year (per data set) £64
Either that's an incredibly bad title for that particular service, or they're selling data containing 'personal confidential data'. I'd like to know a little bit more about what that actually is.
Just ask the victims of the AOL leak.
During the Netflix prize, randomly generated IDs were eventually matched to people based simply on movie ratings and matching public information in other public sources:
http://www.wired.com/politics/security/commentary/securityma...
With medical data, it will probably be trivial (maybe easier or more appealing to insurance companies?).
We're a lot more unique than we think. Reminds me of this EFF project:
Some companies will probably resell this information to potential employers, banks (there goes your loan), etc.
Well, that's going to suck for people in the UK.
http://www.connectingforhealth.nhs.uk/systemsandservices/inf...
Have a look at some UK medical information and see if you can de-anonymise it.
http://www.ons.gov.uk/ons/rel/subnational-health4/suicides-i...
Here's some data for suicide.
There are problems with confidentiality in the NHS - people leave patient records on monitors or send letters to the wrong address. But this kind of project is very different.
Medical data can't be got back.
The intended use is not that insurance companies can link your medical data against you and then charge you more (or any variant on that). Instead, the intended use is that companies with clear information controls can perform useful research more cheaply, and stop guessing at cause and effect. I personally support that intent, and am interested to see what comes out of it.
What's to stop the companies just doing whatever seems to get them the most money? In my opinion, it'd be the fact that failing to stick within the agreement would cause existential risk to the company. I think that courts, government, the NHS, and UK society at large would come down VERY heavily on any company contravening their contracts. Companies are going to spend significant effort ensuring their company doesn't disappear overnight in a storm of lawsuits with the directors in jail.
Companies wouldn't do this for the same reasons that Seagate doesn't sell the data off RMA'd hard drives on the open market.
I trust the relevant public bodies in the UK to protect my interests here. You may not, of course.
If Seagate wanted to make money off your RMA'd hard drive and they thought the data on it would do the trick, you can bet it would be for sale on the open market.
If the law says that is illegal, Seagate does not have the option to change it. However, the Government can simply change the law to make whatever they want to do 'legal' and their problem is solved. That's essentially what they've done here.
Large 'healthcare' companies interested in this data are more than just health providers, they have multiple divisions with multiple competing and tangential aims and targets. Just because a piece of paper says it can only be used in one way, that is not going to stop the re-use (and leaking) of the data.
Remember the UK had bankers totally screwing the country and got rewarded with massive bail-outs - I don't recall any jail time for their bad behaviour [in the UK]; quite the reverse. Any social science student will be able to cite many examples of companies shielding individuals from the consequences of their bad behaviour - it's a whole subject area.
The UK government sets up QUANGOs specifically to shift liability and risk to prevent consequences; a Scottish care home where elderly people were burned to death escaped prosecution as the legal entity was simply shut down and dissolved prior to the court case starting [this did bring about legislation changes to close that avenue in Scotland http://www.bbc.co.uk/news/uk-scotland-17740645]. There are dozens of ways to get away with abusing the data and walk away free - if you're going to make a lot of money, you can afford good lawyers to help you prepare well ahead.
Why would it be different for your health data ?
The NHS (not "the government" - which is an emotionally charged noun in this sort of circumstance) is selling the data. They are in financial difficulty, yes, but they are also responsible for broad social-health in the UK.
The NHS is in an almost unique position world-wide, in that they have access to high quality data that can dramatically improve health at an international level. They aren't, however, a research group. Companies just do research better than government departments, and finding a balanced way to improve access to the data and improve social health is critical to the NHS's future as the population ages.
This is why they are selling health data, imho.
I think there's a balance to be struck. The global and NHS specific improvements in health need to be balanced against individual privacy.
Unfortunately, the only way to do this is through "pieces of paper" (again, an emotive term).
It's also worth mentioning that many of these pieces of paper have already been in place for years, where they have been sharing hospital data. So to some degree this extends an exiting structure that is already working. It's just more emotive to many people since it involves a centralised location, and their local GPs.
I'd rather have a centralised location with oversight fighting down a multinational, than my local GP trying to manage legal contracts with them.
It's difficult to respond to your specific examples. Some are completely valid. Some are (imho) not. "Mistakes were made" and mistakes will be made in the future.
It's complicated, and it's a balancing act. Personally, I think it's the right balance.
Supposing a leak happened. What makes you think you'll be able to tie it down to a single company? The data could be leaked anonymously, and the risk of such a leak becomes higher the longer this care.data scheme carries on for.
Form is here:
http://www.connectingforhealth.nhs.uk/systemsandservices/scr...
Read about the correct opt-out form here: http://optout.care-data.info/
And not to mention that you need to know about it in the first place.
This seems downright evil. Disgusting. There is no justifiable reason for this data to be available in any sort of unanonymized form. Everything that is justifiable that can be achieved with it in anonymous form can be achieved with it anonymized.
The terrible part is that there is a good reason for a program like this. There are real reasons to collect and know this kind of data - it can make a huge difference to human health and well being. And that is why this is so bad. It's going to set back participation in any sort of electronic health record all around the world, if people see such a high profile program manifest as a privacy disaster.
It really is, see the source page for more details:
http://www.hscic.gov.uk/dlesaac
The misunderstanding going on in the comments seems to be stemming from a failure to distinguish between personal identifiable data and personal confidential data.
The former: "This includes patient identifiable data, such as:
NHS number Name Address Postcode Date of Birth Date of Death"
and the latter: "Personal confidential data also includes sensitive data which may include items such as:
Racial or ethnic origin Political opinions Religious or other similar beliefs Physical or mental health condition Sexual life Criminal record"
The patient identifiable needs explicit permission from the patient in order to obtain, patient confidential needs a good legal reason + reviewed application.
Are there any restrictions on publishing the data? I can't find licensing terms.
Other than that I'm guessing they will enforce some pretty draconian restrictions on publishing and sharing the data since doing so would undermine their ability to sell the data.
What more do you need?
Of course now that I read a bit more into it, I am less sure. But I do find the above link a little fear-mongery.
Incidentally, this document has some interesting insight into the position of the hscic. http://www.hscic.gov.uk/media/12931/Privacy-Impact-Assessmen.... I am a little tickled by this statement about preventing the data falling into the wrong hands: "The Government itself could be considered a pair of 'wrong hands' with questions raised over whether it would have access and therefore would be able to misuse or exploit the data".
Not sure how they're mitigating against that risk...
Then I started thinking about how to make a dating service using this data--find all eligible males with your blood type in a given area!
Oh... wait....
Bonus: you could set up a system where a person's data gets cheaper as more people query it!
(Not for me thanks.)
* FAQ 39.