Do you want your data to be sold off?

729
Campus Health Centre. Photograph: Andrew Wong

This month, every man, woman, and child on the NHS should receive a leaflet about radical changes to doctor-patient confidentiality. Considering how few students regularly check their pigeon holes, the junk mail pamphlet isn’t likely to get much notice on campus. This would be a catastrophe.

NHS England is trying to advise people about a new database being created for the Health and Social Care Information Centre (HSCIC) by technology corporation Atos. The HSCIC was established in 2012 with powers to mine personal data from surgeries, hospitals, and clinics. The database, misleadingly named ‘care.data’, is intended to join up these records and use the resulting medical histories “to drive economic growth”. Before the economy can grow, however, the HSCIC must hand your data over to private companies.

The sick and dying talk to their GPs because they believe they are talking in confidence. Now they can’t be so sure. Any notes your practitioner has made, including your weight, family history, smoking habits, drinking habits, mental health, NHS number, and much more, are being uploaded in March. Unlike the Summary Care Record, this new database is not going to be used for your treatment. The leaflet clearly states that being uploaded has absolutely no bearing on the medical care you receive. This is because hospitals and trusts are not priority ‘customers’ for the HSCIC. Doctors, nurses, pharmacists, and any other clinician you may encounter are not authorised to use the dataset.

To make the program more palatable, HSCIC has offered some information to universities and health foundations. Using something like ‘care.data’ in research is an admirable idea. National health records were used to uncover the dangers of smoking in the 1950s and to disprove the fear that MMR jabs cause autism in the late 1970s. However, a complicated pricing structure means that, the juicier the data, the higher the charge. Medical students and charity workers won’t have the money to create such positive change with the information they receive.

Groups that can afford and may be interested in this data are insurance companies, pharmaceutical manufacturers and government think-tanks. One corporation that makes money by selling off people’s medical records, Bupa, has already received “sensitive” information privileges. What is worse is that the independent statutory body responsible for NHS data handling practices was abolished and the HSCIC does not routinely check how these companies are going to use your records.

The real cause for concern is that NHS England hasn’t made any promises that you can’t be identified from this data. This is why they are advising people: “if you do not want information that identifies you to be shared outside your GP practice, please ask the practice to make a note of this in your medical record”. Even anonymised information is risky. Data-matching has become an enormous industry. If somebody wants to find your medical record and, say, your DNA sequence isn’t precise enough, then your age and postcode should do nicely. Anything they aren’t given can be pieced together. Although abortions and STDs aren’t being included in the March upload, a patient’s prescriptions would be a dead giveaway.

Medical record leaks could become the new phone-hacking. Not only journalists, but also insurers, employers, and fraudsters could find these confidential details very useful. Are you going to be consulted before the upload? No. Health Secretary Jeremy Hunt reneged on a promise he made last April and enabled the HSCIC to gather identifiable data without your consent. The leaflet being circulated has no opt-out form and does not even mention ‘care.data’.

Two GPs have apparently broken the law by automatically opting their patients out of care.data so nobody can do this for you. If you don’t want your file on the database, you must act now. Post or e-mail an opt-out form to your GP asking for read codes 9Nu0 (which prevents HSCIC from taking your GP records) and 9Nu4 (which bars HSCIC from giving away any other identifiable data) to be put on your medical record. You do not have to give any reasons for your decision. Once the upload is complete, opting out won’t get them deleted. You can always opt back in at any time later on, though heaven knows why you would.

For a complete form template, visit www.medconfidential.org.