NHS data grab does have some benefits – just as the road to hell is always paved with good intentions

We’ve all heard the saying ‘don’t put all your eggs in one basket’. This is arguably as true for sensitive data as it is for anything else. And this is why the NHS plan to share GP patient data carries risks.

There is a plan to amalgamate patient records held by English GPs into a central database run by NHS Digital. The data will date back 10 years and include “information on patients’ physical, mental and sexual health, including details of diagnoses, symptoms, test results, medication and immunisations.” 

NHS Digital asserts that the presence of a central database will allow new treatments to be developed in a more efficient manner and claims that such GP data makes it easier to pinpoint and safeguard vulnerable individuals throughout the COVID pandemic, set up the vaccine programme and find treatments to prevent further deaths amongst patients hospitalised from coronavirus. 

It further asserts that the central database will not contain patients’ names and addresses and makes the point that data collected from hospitalised patients is already centrally stored and can be used for purposes “such as research and planning health services” as well as helping develop and assess government policy.

Why we should be concerned 

Private data belonging to NHS patients has fallen into the wrong hands before, on occasion resulting in compensation payouts. According to the Information Commissioner’s Office, there were over 3,500 known data breaches between 1 April 2019 and 31 March 2021 that included personal data being stolen, misplaced, being sent to the wrong person, or accidentally disclosed (including HIV status).

Two professional medical associations – the British Medical Association and the Royal College of GPs – are unhappy “about the lack of communication with the public” as few people are aware of NHS Digital's plans, let alone the fact that they can opt out should they wish. 

The medical organisations called for the project to be delayed to enable people to learn more about it and have the opportunity to decline having their GP records added to the database. 

Recent media attention has hopefully gone some way towards raising awareness, though undoubtedly many will still be oblivious of the proposal. Following pressure, the deadline to opt out was pushed back from 1 July to 1 September. To do so, English residents need to complete a form and deliver it to their GP surgery before the beginning of September.

Furthermore, the UK’s current excuse for a government can hardly be expected to rely on the public’s trust. And while we are speaking about the health service, let’s not forget former health secretary Matt Hancock’s incompetence. His failures included allegedly lying about there being no shortage of personal protective equipment (PPE) during the coronavirus pandemic, failing to mention that in 2019 his sister’s firm, in which he had shares, won a contract to provide services to the NHS or, despite warnings, overseeing the discharge of thousands of elderly and vulnerable hospital patients back to their care homes without a coronavirus test at the start of the pandemic. This subsequently allowed the virus to propagate amongst those most susceptible, with the result that thousands of care-home residents died.

Whilst having a single database containing millions of people’s medical records could have some credible benefits, as stated above, it also carries future risks. 

Furthermore, although the creators’ intentions may be benign (if we give them the benefit of the doubt), the whole concept seems to conform with an increasingly worrying trend where millions – in the UK and abroad – find themselves increasingly monitored. Numerous parties, including doctors themselves, have expressed apprehension about NHS Digital’s intentions and the stealthy manner in which it has gone about its plans. 

There are concerns that third parties, including private companies, could in certain situations have access to potentially sensitive information about a person’s physical, mental or sexual health. 

Last month the UK Labour Party’s shadow health minister Alex Norris also expressed apprehensions about the scheme and warned about the risk of “unknown commercial interests” having access to the records.

With regards to increasing surveillance of the general public, last month the UK Information Commissioner expressed alarm at the implications of Live Facial Recognition (LFR) technology which is capable of scanning faces in real time as people enter a premises or go about their business in public. She warned that LFR could be used “inappropriately, excessively or even recklessly,” warning about the possibility that significant quantities of data could be collected without individuals’ “knowledge, choice or control”.

Meanwhile the Police, Crime, Sentencing and Courts Bill, giving UK police more powers to restrict demonstrations and even outlaw protests conducted by a single individual, is gradually pushing its way through the legislature. At the same time, the UK government is thinking about introducing mandatory vaccine passports in autumn to enable access to pubs, bars and restaurants.

With the government looking at telling us when we can protest, social media companies and the woke users who stalk cyberspace censoring out news and views that we aren’t supposed to see, and the future increasing looking like an Orwellian nightmare, is it any wonder people might be reluctant to hand over their medical records? In the longer term, who knows where the data may end up or for what purposes it could be used?

Like this story? Share it with a friend!