You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Not sure if this has been posted but the NHS digital team is seeing up to "anonymise" and pool the nations medical records to allow for wider use by the nhs and third parties.
Guardian link
I just feel extremely concerned as given this is the nhs and the hand of government i suspect the risk of deanonymising is probably reasonable.
I don't have any issue with the pooling of data when ecology consent is given (i.e. in clinical trials), but this feels extremely underhand and hidden.
If you want to make sure your data isn't released then I found the nhs consent webform
nhs webform
Sorry if this reads like a shitpost but my job is in data privacy and clinical trials and this makes me really uncomfortable
If you look at the list of exceptions to your guaranteed privacy you may as well not bother opting out lol
eg, if we think we should share it because we think so then we will anyway.....
Presumably you're unaware it already happens?
I'm sadly aware yes.
I have 2 main issues with this.
True anonymised data should be fine as the level of protection should prevent identification of individuals without a massive data mining effort.
I am more concerned that they are linking each data point with a unique identifier that would allow deanonimisation "if the legal situation requires it".
The second is that unless given explicit consent in a clinical trial we are not allowed to do that with data and also if requested data must be removed.
None of that protection is present in this situation
I also deal with NHS patient study data.
And the value of this data to science and improving healthcare is truly huge, the NHS represents a huge opportunity.
But I'm also twitchy as anything about this, the third parties are the problem as much as anything, a government this blase about breaking rules on donations or their own ministerial code, wont give a flying fk about who gets this data.
And it could definitely be traced back and deanonymised, there's loads of way this can be done.
I'd be interested to see how MPs vote on this- I know one who had a major cancer op a couple of years ago, they're still an MP, but the fact they had cancer never made the press.
The second is that unless given explicit consent in a clinical trial we are not allowed to do that with data and also if requested data must be removed.
None of that protection is present in this situation
This bit is mind blowing, anyone who works with patient data knows this is a cornerstone of how data is managed
It also completely contravenes UK GDPR, a year ago this would've gone straight to the ECJ
The value of this data to Insurance Companies is almost incalculable. If they can Geolocate the data then the chance/cost of pensions, life insurance, critical Illness cover etc etc is going to be interesting.
Its a ****ing disgrace that this is being done.
Cheers for the heads up.
Sure GDPR won’t exist in another year or two either…
Assuming this kind of stuff can be used to help in future pandemics (there will be more), then the idea of it is sounds good. However, not being experienced in patient studies or this level of data, I'm rather concerned about how this will be implemented and used as I suspect this will end up all being on a spreadsheet with someone hiding a cell that identifies individuals, so isn't going to be a suitable solution.
Just read tha Guardian article.
I'm not worried about the principles of sharing the data but the idea that someone somewhere will hold the key to decoding all that data back to individuals is frightening.
I've seen a few articles explaining this. As trust for this government is low to start with, I've completed the type 1 opt out form for my GP and the national nhs digital opt out online.
The information on the NHS site seems to contradict itself.
We will not sell your data. We reserve the right to recover costs. WTF!
Sure GDPR won’t exist in another year or two either…
It will, not because they want it or believe in it but because cooperation with the Eu makes it necessary. But expect every opportunity for “official purpose” and “required by legislation” type loopholes to be exploited.
... a year ago this would’ve gone straight to the ECJ
presumably any EU citizen still can try that? I’m a little cloudy on the ECJ and the UK now, but the EU GDPR applies to its citizens data even if they are outside the EU!
Meanwhile I’d expect someone like the GoodLawProject to take this to judicial review here. Well actually, you’d expect the ICO to intervene but they are as weak as a rich tea that’s been dunked!
If maintained at same level of security as the data I use daily, I have no issues. The data is incredibly valuable. Scotland’s integrated healthcare IT has delivered more useful information than England’s on coronavirus.
Patients in trials can withdraw their consent at any time in the future and have their data removed from the historic datasets. Our individual data is made public if someone has a reasonable reason to use it. The work involved in removing one subject from the hundreds of datasets per trial cannot be understated. It’s vet very rare to need to.
Off to code with datasets now as it happens
Sure GDPR won’t exist in another year or two either…
Nope, GDPR was the UK's idea
GDPR is enshrined in UK law, anonymous data sets are allowed but and its a *ing big but as these data sets can be used to "model" services by groups/locations etc. This in turn can lead to the withdrawl of services...
I.e if you live in an area that has high obesity, cardiovascular, Cancer etc. An insurance company can tell you to * off, also a more insidious approach as it is possible for health care funding to be targeted at better "outcomes" and would allow private sector health services to pick and choose their markets. This is the thin end of a US style wedge.
I think my issue is more that this isn't true anonymised data as it contains code that would allow deanonymisation, i do not trust the government systems to keep that encryption secure.
If it were true anonymised then i would have less issues
I used the NHS thingy to contact my GP on their website and had some guy phone me to try and sell me a tracking device and alarm for £40/month.
He got short shrift off of me.
He was still quicker than the GP's response.
I think my issue is more that this isn’t true anonymised data as it contains code that would allow deanonymisation,
Its pretty easy to deanonymise without any sort of 'key'
from an article by Ben Goldacre:
The data will be "pseudonymised" before release to any applicant company, with postcodes, names, and birthdays removed. But re-identifying you from that data is more than possible. Here's one example: I had twins last year (it's great; it's also partly why I've been writing less). There are 12,000 dads with similar luck each year; let's say 2,000 in London; let's say 100 of those are aged 39. From my brief online bio you can work out that I moved from Oxford to London in about 1995. Congratulations: you've now uniquely identified my health record, without using my name, postcode, or anything "identifiable". Now you've found the rows of data that describe my contacts with health services, you can also find out if I have any medical problems that some might consider embarrassing: incontinence, perhaps, or mental health difficulties. Then you can use that information to try and smear me: a routine occurrence if you do the work I do, whether it's big drug companies, or dreary little quacks.
Yeah massive issues with this in terms of trust in this and future governments, failure and opacity in large, centralised gov IT projects, the ability of corporates consuming the data to find loopholes, and most of all developments in analytical techniques that will make it easier (trivial??) to de-anonymise. And that’s before I even consider the stealthy nature in which this is being introduced. I don’t doubt it’s hugely useful but define ‘useful’ through a capitalist lens....
I had twins last year (it’s great; it’s also partly why I’ve been writing less). There are 12,000 dads with similar luck each year; let’s say 2,000 in London; let’s say 100 of those are aged 39. From my brief online bio you can work out that I moved from Oxford to London in about 1995.
Anyone see a glaring issue with this?
Anyone see a glaring issue with this?
what do you see?
Dr Goldacre describes some of the issues Paul Ohm addresses in some of his work https://www.semanticscholar.org/paper/Broken-Promises-of-Privacy%3A-Responding-to-the-of-Ohm/804b7301d0b6837a8eff365b6ea1ee070820aab3
https://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-in-databases-of-ruin/
Privacy and data sharing consumed a chunk of my professional time some years back.
what interests me is the NHS part of this. I’d thought that the different trusts and organisations were still somewhat un-integrated in their data. For example there is a big project in Manchester to attempt to bring these data together https://healthinnovationmanchester.com/thegmcarerecord/
I think Rob might be referring to the instance of Goldacre uses the fact of him being a father of twins - your fatherhood of anyone probably wouldn't be a factor of your medical records.But the last time I checked there are quite a lot of people who are mothers. He's writing an article about how personal information can be de-anonymise your medical data but he's not openly inviting you to de-anonymise his.
But the point about relocation is a very good one - I've moved through 9 or so health boards in my life for instance. You'd be able to extrapolate a lot of that from a CV or even a LinkedIn profile. Theres likely to be very few people who've taken the same route on roughly the same dates and if there are you probably only need to know one more thing about me to be sure the rest of that data pertains to me.
who owns the data in england?
In Scotland the GP owns it, so this sort of thing always gets refused
I think Rob might be referring to the instance of Goldacre uses the fact of him being a father of twins – your fatherhood of anyone probably wouldn’t be a factor of your medical records.
Bingo!
I don't disagree with the overall point he's making; that's just a bad example. I had a ponder about the datasets I have access to as a population health analyst and I wouldn't be able to identify him from the pseudonymised data.
The concerns people are expressing in this thread are real, though. This can be done well, but there are many IG issues to cover.
If anyone's familiar with WSIC they will be aware with just how bleeding difficult it is to get & retain access to the pseudonymised datasets, not to mention the jumping of hoops required to actually get the data when things are tightly controlled.
NHS using the data for medical research and planning - All good but they can do that anyway so no need to change anything.
Selling data to 3rd parties. Not so good. These 3rd parties are not paying for something that they do not expect to make more money out of than they paid.
The most obvious stuff is Healthcare, Insurance and even Mortgage companies performing a personalised risk assessment based on your complete medical history rather than a general group assessment. This leads to some people being unable to get health care or potentially more seriously life insurance. If you cannot get life insurance then you cannot get a mortgage or buy a house.
The trouble is that the insurance companies can quite rightly argue that the more accurately they understand the individual risk, the better the policy and premiums can reflect this. They can ask if you are a heavy smoker or drinker and adjust their premiums accordingly. That is fine so why not assess the last twenty years detailed medical history and that of your parents to identify any other likely risk flags?
Legal, moral and historic practice and precedent make it a mucky area
Sure GDPR won’t exist in another year or two either…
The economy will be truly down the toilet if this happens.
Ben Goldacre's OpenSAFELY shows how it should be done. Researchers never get the raw data - "instead, trusted analysts can run large scale computation across near real-time pseudonymised patient records inside the data centres and secure cloud environments of the electronic health records software companies."
The cool thing here is that the data isn't being copied - queries are run against the data where it's already held.
I've just opted out on the recommendation of Operation Ouch's Dr Xand.
Anyone who thinks the tories can be trusted with this need their heads checking. Its clearly to provide profit for various companies not about medical research. I would be my house that insurance and private medical companies have bribed multiple tory MPs to get this thru
Opt out as strongly as you can is my advice. i would be refusing that any of my data gets shared
GDPR is going to go as well.
i would be refusing that any of my data gets shared
you opted out of SPIRE then?
Cheers for that. Didn't realise the online form i had completed was for non gp data and the paper form is for gp
Yep, it’s very important that the form for the GP gets filled in and sent.
I took mine and my wife’s in earlier today, just to make sure that’s what they needed. The receptionist knew exactly what they were before she’d even opened them, yet as I say, there’s nothing at all on their website. The cynic in me wonders if they’re keeping schtum on purpose! 😉
I dropped our type 1 forms off this morning and asked for a receipt, or an email for the practice manager so I could send them electronically as well. They had no idea what I was there for. Either I'm the first, or I live somewhere that is particularly unaware.
from an article by Ben Goldacre:
And in the 7 years since Ben Goldacre wrote that, there has been a lot of progress in data analysis, so the sort of de-anonymisation he identifies is much easier now. Even so, I still can't really see why they propose to use the 'secret code' to allow individuals to be identified. It's bound to leak at some point, making a mockery of their claims of privacy.
My gp has a little article on their website front page about it with a link to the form.
I did both opt outs, the online one and the GP form.
It is a real shame, as studying the massive amounts of data availablle that the NHS has could really lead to some significant medical science progress. But our (and many others) governments have shown they just cannot be trusted handing over data to commercial enterprises.
There was an interesting "infinate monkey cage" episode anout it a couple of years ago.
We really need a generation of governemnts showing that they can be trusted to use and proect data for the common good, rather than just allowing corporations to use it for profit and to maginalise sectors of socioty before this kind of research should go ahead.
However I think it will just go ahead wothout our knowledge anyway.
Indeed, it's a good idea in principal but the amount of trust I have in government/mega corps not to abuse the data, and the amount of trust I have in NHS systems being up to scratch from a security perspective means opting out was an easy choice. Although I'm not totally convinced opting out offers full protection either.
who owns the data in england?
In Scotland the GP owns it, so this sort of thing always gets refused
There's a huge debate about who "owns" data, especially "medical data", but there is a strong argument that it is the patient.
There’s a huge debate about who “owns” data, especially “medical data”, but there is a strong argument that it is the patient.
A strong argument? No argument, I’d have thought, it’s data pertaining to me, personally, so it belongs to me specifically, and nobody else! Anyone arguing otherwise is doing so for their own personal gain.
Anyone who says otherwise can sodding well do one.
I’ve done the NHS online form, and I’ve saved a pdf of the GP form, I think I can fill it in electronically on my pad, then I can email it. Thanks for the links provided, it’s saved a fair bit of phaffing around. 👍🏼😎