UK: NHS patient data to be made available for sale to drug and insurance firms
Randeep Ramesh reports:
Drug and insurance companies will from later this year be able to buy information on patients – including mental health conditions and diseases such as cancer, as well as smoking and drinking habits – once a single English database of medical data has been created.
Harvested from GP and hospital records, medical data covering the entire population will be uploaded to the repository controlled by a new arms-length NHS information centre, starting in March. Never before has the entire medical history of the nation been digitised and stored in one place.[…]
Once live, organisations such as university research departments – but also insurers and drug companies – will be able to apply to the new Health and Social Care Information Centre (HSCIC) to gain access to the database, called care.data.
If an application is approved then firms will have to pay to extract this information, which will be scrubbed of some personal identifiers but not enough to make the information completely anonymous – a process known as “pseudonymisation”.
Read more on The Guardian.
Given the NHS’s repeated failures to adequately secure patient information, this just seems to be a privacy Chernobyl waiting to happen. And no, I’m not just talking about the risk of re-identification, which they identify as a “small, theoretical risk.” I’m thinking of hacks, insider breaches, and other sources of compromise, too.