I am waiting for a letter from my GP’s surgery asking me whether I consent to having my medical data uploaded on to a national database and made available to researchers, but it doesn’t seem it is going to come.
In fact, I wouldn’t be surprised if there are millions of people in Britain who are unaware that, unless they formally object by June 23, then a week later their health records will be added to an NHS Digital database, which could then be shared, in anonymised form, with universities, pharmaceutical companies and technology companies.
The NHS says it has tried to make people aware of the move since 2018 when it launched a poster campaign in surgeries and hospitals — and put the information on its website.
Given that we have been discouraged from face-to-face appointments with our GPs over the past 15 months, I wonder how many people have ever seen such a poster. I certainly can’t remember it.
The past 15 months have shown us the importance of data collection in fighting a pandemic. Without the NHS being able to collect data on how many people are being infected, hospitalised and dying from Covid-19, we would have no way of knowing how the disease was spreading — and therefore little hope of fighting it
The NHS also says that you can opt out of sharing your health records via the NHS app — the pre-Covid app it launched in 2018 to help people book appointments and access advice on health conditions.
But then if you are the sort of person who is worried about the misuse of personal data there is a strong chance you haven’t signed up for the NHS app or, indeed, any app — given that apps in general seem to be elaborate devices to harvest our personal data.
Should I send in a letter to my surgery asking it to keep my data private? I am quite conflicted.
The past 15 months have shown us the importance of data collection in fighting a pandemic.
Without the NHS being able to collect data on how many people are being infected, hospitalised and dying from Covid-19, we would have no way of knowing how the disease was spreading — and therefore little hope of fighting it.
Moreover, without pharmaceutical companies having the ability to study personal data on symptoms and side-effects we would not now have the vaccines which are helping to beat the disease.
Nor would we have found out that dexamethasone reduces the death rate in hospital patients.
Many other medical breakthroughs, too, have been reliant on epidemiological studies which require the processing of vast quantities of personal medical data.
When you think of the medical advances we have benefited from in the past generation alone, it seems a small price to pay to share anonymised data about your bunions and the slight pain in your left ear.
The NHS says it has tried to make people aware of the move since 2018 when it launched a poster campaign in surgeries and hospitals — and put the information on its website
Yet there is a big difference between, say, a drug trial and what NHS Digital is proposing.
Drug trials work with volunteers who have actively made the decision to participate in a piece of medical research. They know that their personal information is going to feed into a study which will be published for all to read.
When it comes to developing a Covid vaccination, for example, huge numbers volunteered — not just to share their data but to be injected with an unproven vaccine.
Building a database containing our personal data with no specific purpose is a different matter. Such data has huge commercial value, and there are concerns that it could end up being used for, say, marketing purposes.
The fact that data will be anonymised provides little comfort. To take one example of the potential of this data, it could identify, say, that your postcode had a high obesity rate and be used to target you and your neighbours with advertisements for slimming aids.
More seriously, were the insurance industry able to get hold of this sort of data it could be used to blacklist certain postcodes for life insurance.
The information that you had given your GP on your drinking habits or your depression could — in theory at any rate — come back to bite you in the form of higher insurance premiums or prevent you from getting a mortgage.
NHS Digital rebuts any suggestion that the data could be used in this way. It has put out what it calls a ‘myth-busting’ document stating that ‘We do not sell health and care data’ and ‘We do not share data with marketing and insurance companies’.
That is not very reassuring. Sceptics will already have noticed that it uses the present tense — it doesn’t promise that our data will not be sold to commercial interests in future.
Moreover, it doesn’t say that our data won’t be shared with organisations other than marketing and insurance companies.
Indeed, the whole purpose of the database is to collect data so that it might be used for developing new drugs and treatments.
Pharmaceutical companies and the like will have to be able to access the data, otherwise there would be no point in collecting it.
When challenged on these points, NHS Digital is a little more forthcoming. It is, it says, forbidden by law to sell patient data. Yet it admits that private companies might well profit from products developed using data that is shared with them for free.
From the patient’s point of view it seems the worst of both worlds: we get our data used for private profit, yet the NHS is deprived of any revenue which could help subsidise services.
The other justification which NHS Digital offers for setting up a national database of patients’ records is shocking.
Individual GPs surgeries are already sharing anonymised patient records with commercial organisations and have been doing so for years. Moreover, they are allowed to enter into such agreements without seeking our permission — although they are supposed to offer us a general opt-out from sharing our data.
How many people are aware of that?
Collecting the data in one place, I am told, will make it easier to enforce data-sharing agreements so that the information is not misused — the argument being that NHS Digital has the resources to do this where individual GPs surgeries do not.
Yet the NHS’s record on data breaches does not inspire much confidence. In 2012, for example, someone who bought a second-hand computer on the internet was shocked to find that the hard drive contained confidential data on 3,000 NHS patients.
In turned out that NHS Surrey had sold 40 computers without first destroying the hard drives or wiping the information on them.
This sort of thing is still going on: just last year the NHS accidentally uploaded personal data relating to 18,000 patients who had tested positive for Covid-19.
There are legitimate reasons why our healthcare records should be used, in some circumstances, for medical research. If it helps develop new drugs and treatments, why not?
But it is unacceptable that we are not properly being asked for our consent — and that the rules for using our data are not more clearly defined in law.
We know what the world of Big Data is like — give it half a chance and it will make a grab for vast quantities of material on us.
The Government has failed to communicate to the public the creation of the new database.
No wonder NHS Digital is complaining that there are a lot of ‘myths’ circulating on the internet over its plans.
If it wants the public on its side, the very least it could do is to write to every one of us explaining what it wants to do with our data — and give us a proper chance to say no.