NHS England has admitted that there is a risk of patient data being identified following the launch of a new central database, despite promises that the records will be pseudonymised when extracted from GPs’ systems.
The news will likely prompt concern from citizens and critics of the recently announced care.data scheme, which has suffered from growing concern and claims that the system will undermine patient privacy.
The NHS will sell access to the datasets on to private companies and researchers, which supporters claim will greatly improve advancements in healthcare.
Critics have hit out the scheme and said that although the data will be 'pseudonymised', it will only be a matter of time before identifiable patient data will be held by a number of companies across the world and patients won't be able to do anything about it.
To support this, NHS England’s own analysis of the new database warns that patients could be “re-identified” if database data is combined with other information, according to a document seen by the Telegraph.
It says: “While there is a privacy risk that the analysts granted access to these pseudonymised flows could potentially re-identify patients maliciously by combining the pseudonymised data with other available datasets (a technique known as a jigsaw attack) such an attack would be illegal and would be subject to sanction by the Information Commissioner’s Office.”
The NHS has also said that if patients lose trust in National Health Services, then this could undermine the quality of care, as those visiting GPs may be less inclined to share all of the information to those treating them.
The document continues: “The risks described include threats associated with 'cyberspace’ such as hackers attempting to access the data illegally.”
Statistics revealed over the weekend also show that health services were losing or breaching the safety of 2,000 patient records every day – more than 2 million serious data breaches by the NHS have been logged since the start of 2011.
There have also been questions raised about why patients aren't being given online access to care.data records and the ability to go to a website and opt out themselves. Instead they are being given a short lead time before the system goes live to tell their GP that they do not want their data extracted.
NHS England is currently distributing leaflets to households across the country about the benefits of care.data, which it claims provides “low-cost answers” to questions about the quality of care that would have been difficult to answer previously.
However, a poll for BBC Radio 4’s PM programme has found that less than a third of adults recall getting a leaflet about the changes to the handling of medical records. Only 29 percent of 860 adults polled by ICM research recalled getting one.
The poll also found that approximately 45 percent of people remain unaware of the plan to share data from their GP medical records.
NHS England told the BBC that the leaflets were only one way it was informing people about the changes, but it would look into why so few people reported receiving information through their letterboxes.
Dr Geraint Lewis, NHS England's chief data officer, told the BBC: "We are hearing that certain patients have not received the leaflets, so we're working very closely with the Royal Mail."