This essay, on the the new NHS medical database, was my Observer column this week. It was published on 6 June 2021, under the headline “Tell me how you’ll use my medical data. Only then might I sign up”.

Would you allow your medical data to be anonymised and used for research into cancer or to aid future pandemic planning? Most people would probably say yes. I certainly would. But what if that data could be accessed by tech giants such as Google, medical corporations such as Babylon Health, security firms such as Palantir, or coercive state institutions like the police or immigration service? That raises a few red flags. And what if that anonymised data could in fact help pinpoint who you are? Now you’re getting me worried.

That’s the problem with medical data. It is indispensable for research and planning. And yet it can also be used in ways that invade our privacy or harm our future. It’s a tension likely to shape the character of healthcare and medical research. Rarely, though, do we have an open debate about this, an honest public conversation about the good and the bad. Governments, public institutions and private corporations – all would rather simply grab our data with the least amount of fuss.

That is just what is happening right now. Last month, the government quietly announced a scheme called General Practice Data for Planning and Research (GPDPR) under which, from July, all data held by GPs about their patients will become part of a central database that can be accessed by researchers and private corporations. You can opt out – but only until 23 June. Beyond that date, even if you object, the database will still keep the information it already has. The project, the opt-out and the deadline have all barely been publicised. Many doctors are hostile to the scheme, worried about questions of privacy and trust.

There are two kinds of medical databases important to the NHS. The first allows clinicians to access the records of patients they may be treating. So, for instance, if someone allergic to penicillin turns up at A&E, that information will be available to doctors there. One might have thought that such joined-up thinking already exists. Not so. A survey of NHS medical record-keeping in 2019 found 21 electronic systems, many of which could not share information. A quarter of NHS trusts were still using paper records. A new national system called Shared Care Records is expected to be in place by September, though there are still questions about privacy and access.

The second kind of database aggregates information from millions of people, allowing researchers and planners to see the big picture, from geographic or ethnic variations to hidden links between health issues. In 2013, NHS England launched its project to create such an information store. The government was forced to close it down, however, after controversies over poor privacy safeguards and the sale of data to private companies.

That disaster may have been one reason for the new project being pushed through by stealth. The new database will include even more sensitive data, including on criminal activity, personal relationships and child abuse, as well as medical history. Yet a number of the problems that doomed the earlier scheme remain unresolved.

Many studies, for instance, have shown the possibility of identifying individuals even from anonymised data. The sale of such data to private corporations is still a live issue. In October 2019, NHS England’s top brass met big tech and pharma executives to discuss how they may be able to exploit the proposed database. There is, in principle, nothing wrong with private researchers accessing the data. The problem arises when it can be used potentially to snoop into our lives or to undermine the health service, for instance, by companies that want to take over GP surgeries.

Then there’s the issue of consent. Most medical procedures and research projects require “informed consent” – they cannot proceed without the explicit assent of individuals involved. The NHS data scrape rests on “presumed consent” – people are assumed to have agreed to give up their data unless they specifically opt out. This turns informed consent on its head. The problem is exacerbated by the almost furtive way in which the project has been set up. It’s the opposite of how an open, transparent system should work and could serve to undermine public trust in the NHS and in science.

When I die, I intend to leave my body for medical research. While I am alive, I am happy to donate my data for the same purpose. But I want that to be my decision. I want to know what the data is being used for. And I want to ensure that the public health service is not being damaged by the push for private profit. That’s not too much to ask, is it?

One comment

  1. Martin

    My issue is much more profound. It is my professional experience in the NHS and at the DOH as an infomation specialist, and from much personal and anecdotal experience, that most medical data is superficial at best, and generally wrong. Some years ago I carried out a six-week survey of patient records at an acute general hospital that discovered that fewer than 50% of the in-patients had been given any recognisable diagnosis either on admission, during their stay, or upon discharge. The monthly and annual returns from that hospital were largely made up by the non-medical staff given the task of guessing a diagnosis. If you have never smoked, never known anyone who has ever smoked, never been within a thousand yards of a lighted cigarette, and die at the age of 115 from one of a specific range of medical conditions, you will be entered in the statistics as having had your life cruelly cut short by a “smoking-related disease”. The average age of death of a COVID-19 patient in the UK is something over 80 years: COVID is merely a lighted match: thrown it into a healthy youthful puddle it will fizzle out; toss ii into a fragile elderly paper sack crammed with tissue soaked in petrol and it will destroy it. Nobody mentions that the increase in Diabetes cases in the UK occurred as soon as GPs were paid a cash sum for each diabetic they diagnosed. Medical records should be the property of the patients to whom they relate, not the organisation that records them.

Comments are closed.

%d bloggers like this: