[Nottingham] “Anonymized” data really isn’t — and here’s why not

Martin martin at ml1.co.uk
Tue Jan 21 19:10:30 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/01/14 12:03, Jason Irwin wrote:
> On 19/01/14 21:28, Martin wrote:
>> My personal selection from surfing around the web is:
> Hit mainstream media now as well: 
> http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy

Oooooooer...

There
> 
is also:

EU proposals could outlaw giant NHS database
http://www.telegraph.co.uk/health/healthnews/10585305/EU-proposals-could-outlaw-giant-NHS-database.html

"... Under the scheme, patients’ data will be automatically uploaded
into the care.data system unless an individual chooses to opt out.

Board papers drawn up by Department of Health (DoH) officials warn
that proposed EU regulations to harmonise rules on data protection
would not allow such a system - because they state that individuals
must give explicit consent, knowing the specific purpose for which
data is being used. ..."


> People may also find this useful: 
> http://www.cl.cam.ac.uk/~rja14/Papers/caredata_trifold.pdf
> 
> One thing worries me about that PDF though. It states: "I am
> writing to give notice that I refuse consent for my identifiable 
> information"
> 
> The NHS will claim that their data does not make you identifiable
> and, but of course it it does when matched against a pre-existing
> dataset. The wording gives them far too much wiggle room. I think
> the PDF should say: "I am writing to give notice that I refuse
> consent for any information relating to me to be used for any
> purpose other than providing direct medical care."
> 
> I actually have no issue with a researcher getting my data to pull
> out statistical information, so maybe add an exception in for that
> as well.

For myself, I've little concern for genuinely *aggregated* data being
collected provided that there is very clear aggregation such that no
personal identification is included to begin with, and that the number
of samples are great enough to *make re-identification impossible* .

My own personal concern is that nowhere have I found any clear
statement that a person's medical record will not be personally
identified... (There is lot's of vagueness proffered, but nothing that
I can read as a clear statement to say that we will be protected from
commercial or other's abuse of medical records.)


So in summary:

The NHS leaflet can be found on:

Better Information Means Better Care (pdf)
http://www.england.nhs.uk/wp-content/uploads/2014/01/cd-leaflet-01-14.pdf

Alternatively, there is this version (non-NHS produced):
http://www.cl.cam.ac.uk/~rja14/Papers/caredata_trifold.pdf


My understanding is:

You are opted in by 'default', regardless of whether you know about
the scheme or not. Once your medical records are released, there is no
'getting them back'.

If you wish to opt out, the key opt-outs to give to your GP practice are:

'Dissent from secondary use of GP patient identifiable data' code
(Read v2 [system]: 9Nu0 or CVT3 [system]: XaZ89) to be added to your
record so that your identifiable data is not collected from your GP IT
system;

'Dissent from disclosure of personal confidential data by Health and
Social Care Information Centre' code (Read v2: 9Nu4 or CTV3: XaaVL) to
be added to your record so that HSCIC are not to release any
(identifiable?) data they already might have collected about you.


Note that those two 'codes' are nothing to do with such as your
Summary Care Record (hopefully only used and accessed only for primary
care). Nor for something else called SUS that records your visits to
other parts of healthcare such as visits to hospital. Do HSCIC get
"Personal Confidential Data" from SUS?...


Also, *for the "9Nu0" code* is that last character a zero or a letter
"O"? What happens if miss-entered? What feedback do you get that your
personal data really is NOT being collected?



- From The Guardian article:

http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy

"Rather than prevent this, the care.data scheme is deliberately
designed so that 'pseudonymised' data – information that can be
re-identified by anyone who already holds information about you – can
be passed on to 'customers' of the information centre, with no
independent scrutiny and without even notifying patients. It's a
disaster just waiting to happen."


Note/disclaimer for this public maillist: Completely no recommendation
from me. Merely my personal opinion/thoughts. You all have your own
choice.

Cheers,
Martin


- -- 
- - ------------------ - ----------------------------------------
- -    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- - martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- - ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAlLexhAACgkQ+sI3Ds7h07f9igCfVeak9SqK/erkBsVHjO82NREI
qgoAl2y4KfOkIRYyMdftNH4MngMHrYY=
=ziHk
-----END PGP SIGNATURE-----

More information about the Nottingham mailing list