Big doubts on big data: Why I won't be sharing my medical data with anyone - yet

Big doubts on big data: Why I won't be sharing my medical data with anyone - yet

Summary: Delays to the implementation of a scheme to share patients' data in the UK with companies and healthcare bodies alike is welcome - it's an initiative that's too important to get wrong.


If ever there was an open goal for big data, healthcare should be it.

By gathering information from doctors, patients, drug companies, insurers, and charities, and putting the big data machinery to work on analysing it, we should be able to get better insights into a range of conditions and then come up with better ways to treat them.

The NHS, one of the largest public health organisations in the world, understands this well. In a few months' time, it is due to begin extracting and sharing confidential data from NHS patients' medical records with other healthcare bodies, as well as private companies, under the banner of "improving patient care".

The scheme, called, will see patients' data shared by their GPs with the HSCIC (Health and Social Care Information Centre). The HSCIC can then share those details, along with patients' hospital records, with businesses, as long as those companies compensate them financially. Whether this constitutes 'selling patients details' is an ongoing semantic battle between's supporters and opponents.

The data does not come with a patients' name attached, per se — according to HSCIC, will not release "person-identifiable data", and stats will be provided in "aggregated or pseudonymous forms only". In future, however, it is likely to include identifiers that allow organisations to track an (unidentified) individual moving through the healthcare system – to link person A who went to their doctor with complaint B with the person that later turns up in A&E with a related complaint — or let person-identifiable data be released with their consent.

The data will be put to a variety of uses, HSCIC says – showing patients which healthcare bodies have the best performance in certain fields, improving NHS' predictive modelling, identifying healthcare trends, or measuring which treatments work best in which circumstances. Such an enormous repository of information should theoretically help identify patterns in disease and treatment that may not have come to light before, and therefore help improve the health of the nation.

Yet, not everyone's in favour of the move. According to those opposed to the new initiative, could give police a shortcut to access individuals' medical records and, because it is pseudonymised (rather than anonymised) it could still be reverse engineered to link medical histories to the individuals they come from. Others object to the half-way house of allowing private companies to access the (pseudonymised) data at a cost — either that they are accessing the data at all, that they are paying do so, or they are not paying enough for the privilege.

While I am convinced there is merit to sharing the NHS' data stores, I have already opted out of the scheme.

My opting out of will mean little to the NHS. Two years ago, my medical notes were seemingly lost – fact that no NHS organisation noticed until I went hunting for them. Decades of notes got lost in the system, and none of the half-hearted attempts, made over several months and at my repeated request, to rediscover them have yet resulted in them being sent to my current GP.

'Government IT project' has long been another name for 'disastrous IT car crash'. Despite a few successes, the National Programme for IT went billions over budget and years over deadline, with the most catastrophic part of the project being the plan to provide a basic digital patient record for English and Welsh citizens, known as a Summary Care Record.

The NHS is trapped between its paper past and its digital future, a rock and a hard place it can't get out of.  UK patients' notes have traditionally been kept on paper, which has the advantage of being lossless and less leaky than its digital counterpart. However, as my own and many others' experience shows, the NHS' addiction of paper has all the downsides of the format with none of its benefits. Before the NHS could ever hope to make the best use of the scads of data it has, it must render it all into digital form, securely, and easily accessible. The electronic patient record fiasco showed how difficult such a task would be, and that involved a small section of the data the NHS holds on its patients.

Despite repeated promises that government really has learned lessons from the tech foul-ups of its past, the progress of Universal Credit and a delay to the implementation of, announced today, suggest otherwise.

Initially scheduled to begin operation in April, the database that will underpin will now go live in the autumn. The delay was ostensibly introduced because NHS England was persuaded by the complaints of the British Medical Association and others that not enough had been done to educate the public about the scheme and its implications. and the furore that surrounds it is almost a direct replay of what happened with Summary Care Records: privacy concerns, a roundly-ignored NHS leafleting campaign, public confusion about opting out, implementation delays.

NHS England will now spend the extra time before's launch promoting the scheme to the public.  "We have been told very clearly that patients need more time to learn about the benefits of sharing information and their right to object to their information being shared," NHS England national director for patients and information Tim Kelsey said in a statement.

The NHS would do well to educate users about the risks too: the benefits are obvious to most people, as are the downsides. The NHS, like most government bodies, has a history of data breaches and the fines that go with them. While leaving a USB stick with sensitive patient information on the train is unforgiveable, the potential for harm to individuals from a breach of such a large, centralised database is mind-boggling. Reverse engineering a link between an individual and a pseudonymised medical history could be of benefit to everyone from security agencies to insurance companies, and therefore hugely damaging to all of us.

And what of our right to change our minds? This too should be considered. Under the current scheme, if, having shared your data, you subsequently decide you'd prefer not to be included in the database, your record can't be removed. Data-sharing should not be such a binary proposition: the data defines an individual, it should be up to them to decide whether, when or where it's included in or not.

These problems can be circumvented, but they must be dealt with, publically and soberly, if the NHS really does want to win public confidence. The NHS should approach selling the scheme to the public as if was opt-in, not opt-out, then work to convince us to join it. Tell us how sharing our data can help, but tell us what risk too.

Let us decide if that balance is worth it. If it's found wanting, the NHS must go back to the drawing board and retool the scheme until it is. It's just too important to get wrong.

Topics: Big Data, Government UK, Security, EU, United Kingdom

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is frighteningly seen in many areas

    Personally, allow me a certified copy of my data I can take with me and the ability to allow the medical professional to amend to it. This an option I feel more comfortable with.
    • Sharing Medical Data

      rhonin is spot on
  • It's more than de-personalised data

    At the moment it is only your GP or maybe your local hospital that has your medical records. When they are easily accessible online by any GP or health worker, how long before information is sold to the newspapers by one or two people who have access to this database? e.g. A famous actress who has had a secret abortion or an actor who is being treated for drug addiction, etc. etc. Is all user access logged? What safeguards are there against abuse?
    • HIPAA

      Have you heard about HIPPA in the US? I am sure UK and EU have similar safeguards. You do realize that access to these db is not like scrolling through the excel spreadsheet file with columns with names and procedures they undergo. Every query in your data gets recorded so it will be pretty easy to figure out who leaks the info. I believe this happened before and this is exactly how the person of interest was found. Regarding the actors and actresses, do you seriously believe that they do not leak this "secret" information themselves just to get attention of the media?
      • Edward Snowden...

        ...leaked plenty of information from the NSA - that 'S' in the middle stands for 'Security'.
  • Will your medical data.

    Jo, would you be willing to provide your medical data posthumously?
    • How would that even be possible?

      If she could that posthumously, could she also change her mind again, and tell them to make her records private and unshared? ;)
  • Abuse

    As someone who is being treated for a terminal illness, I would love it if the hospital consultant and GP had access to each other's records. As someone who worked in IT, that wish frightens me too. Every system is open to some kind of abuse, whether it's seemingly harmless (finding details for your new neighbour) to some serious breaches where records are sold to the highest bidder.

    Audit trails are fine -- as a systems security officer I was never once asked to audit any of the 400 users on our system and there were no fire-drill like tests carried out. Just imagine what will happen when many hundreds of people will have access to every living person's records (70 million at last count?)
  • Hmmmm

    Nothing like having your premiums raise because the area you live in starts to show a serious health trend.
  • NHS heath data

    Private Eye magazine provides published information this week which will no doubt be of interest. I quote:
    "NHS England is...very keen to collaborate with the private sector. Tim Kelsey, the NHS England director for patients and information, came from the private data-mining company Dr Foster; and Kingsley Manning, founder and managing director of health and information consultancy firm Newchurch, has been appointed chair of the Health and Social Care Information Centre (HSCIC), which NHS England has trusted to oversee the "" program (sic). HSCIC's new chief executive Andy Williams has worked for IBM, Alcatel-Lucent and CSC." Source: Private Eye No. 1360, 21 February-6 March 2014, page 9.
    Elsewhere in the same issue of Private Eye (page 5) it mentions that Sir Stuart Rose, the former Marks & Spencer chief executive and current Ocado chairman has been appointed an unpaid adviser to the NHS and health secretary Jeremy Hunt. Private Eye goes on to say, and I quote:
    "However, Hunt seems rather less keen to mention Rose's other current chairmanship - of Bridgepoint Capital, a private equity firm that owns at least three private health businesses in Britain, including care home provider Care UK, dental chain Oasis and 'telehealthcare' firm Tunstall."
    Care UK is apparently in the running to take over the George Eliot NHS Hospital Trust – one of 14 hospital trusts in Sir Stuart’s review of NHS management. Is this a conflict of interest?
    Such information provided by Private Eye and quoted above is, of course, in the public domain and clearly does not in itself imply that the named individuals have done anything wrong or likely to do any wrong but there is a wider picture here which needs to be considered. Whether we like it or not, the NHS is being privatised via the backdoor and without any consultation whatsoever.
    In truth, and in these circumstances of creeping privatisation, both the government and NHS England are just not trusted to keep vast volumes of confidential medical information safe and secure, nor can they be trusted not to sell for profit such information to private companies. Do we need reminding of the HMRC scandal back in October 2007 when the personal details of all families claiming child benefit were lost? Data can and does get lost and you will have absolutely no say in where your data will end up - none whatsoever.
    The patient identifiers for this NHS scheme include: patient NHS number, date of birth and postcode. It would not take a proficient data mining organisation long to ferret out and piece together individual records - all a marketing research organisation needs is your postcode and one other unique numerical identifier. I should know - I am a marketing professional.
  • NHS data

    It has been reported today (24 February 2014) that The Staple Inn Actuarial Society has said that they "used NHS data covering all hospital in-patient stays between 1997 and 2010 to track the medical histories of patients, identified by date of birth and postcode." What more proof is needed that your NHS data is not safe?