UK national health records database to have ‘backdoors’ for police, govt?
The database known as ‘care.data’, which is to come online in May, will store private medical records collected from family doctors across the country. It will also link records with those collected by the hospitals.
While care.data will not store the names of the patients, it will include National Health System numbers, dates of birth, postcodes, ethnicity and sex, in addition to health condition and prescribed drugs. The goal is to sell access to the data to university researchers, health insurance companies and other parties, which can make use of the information.
Critics of the plan say it exposes too much personal data – enough to identify people on the database – to a system lacking oversight and transparency. Health records in themselves can tell much about the identity of the patient.
For example in 1990-s a similar ‘anonymized’ database was released by the Massachusetts Group Insurance Commission. Latanya Sweeney, a then-graduate student in computer science, successfully used it to find medical records of William Weld, then-Governor of Massachusetts, in response his assurances that the identities were safe.
The ramifications may be dire indeed for those same people in power who are advocating the creation of the database, argues Gordon Gancz, a family doctor practicing at Oxford. He is among the vocal critics of the care.data plan.
“We never stop hearing about how many members of the current government are Oxbridge graduates,” he wrote in a letter to the Daily Mail. “What if a hacker were able to access medical records from 25-30 years ago and, just like that clever Massachusetts graduate student, put records and patients back together? Who knows what youthful indiscretions could come back to haunt our now august political leaders?”
Apart from this potential vulnerability, the health officials are also blamed for making data collection an opt-out, rather than opt-in, which means that many Britons may part with confidential information about them without even knowing it.
But apparently even an informed decision not to participate will not spare a person from having his or her health records sucked into the database. And police will be able to access them without a court warrant while investigating serious crimes, David Davis MP, a former shadow home secretary, told the Guardian.
"The idea that police will be able to request information from a central database without a warrant totally undermines a long-held belief in the confidentiality of the doctor-patient relationship," he said.
The police will have to provide the correct identity of a suspect to request his or her medical records, Davis said, citing Health Services Minister Dan Poulter, who revealed the existence of such ‘backdoors’ in parliamentary questioning.
“When we have police accessing from a database that people have opted out from, and companies being able to buy this data, I think we need to have a debate about whether my property, which are my patient records, can be sold and used," Davis said.
The government defends the database, saying it will provide crucial data needed to identify side-effects of drugs or evaluate performance of the healthcare system. It also denies criticism that it gives out too much private information.
"There are strong legal safeguards in place to protect patients' confidentiality,” a Department of Health spokesperson said. “Any release of identifiable data without consent would only be in a very limited number of exceptional circumstances, where there is a clear basis in existing law – such as for the police to investigate a serious crime."