Viewing 40 posts - 1 through 40 (of 79 total)
  • NHS patient-data sales
  • Premier Icon p7eaven
    Free Member

    Anyone weigh in on this? Anyone here opted out? If not, you have until 25 Aug (thanks to an extension)

    patients were given just over a month to be made aware of the project and opt out if they wished to do so. NHS Digital released the plans on 12 May this year and gave a deadline of 23 June for people to omit data from the GPDPR, which has since been pushed back to 25 August following pressure from the Doctors’ Association UK (DAUK). If patients do not opt out by this time, they will not be able to do so in future.

    The information set to be included in the database includes data about: sex, ethnicity, sexual orientation, diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health. Notably, it includes details about which staff have treated patients.

    https://www.medicaldevice-network.com/features/nhs-data-grab-gpdpr/

    Premier Icon JohnnyPanic
    Full Member

    Opted out.

    Premier Icon Onzadog
    Free Member

    Yep, opted out of both bits. Think I might have been one of the first at my practice as they didn’t seem to know what the firm’s were about.

    Premier Icon reluctantjumper
    Full Member

    Thought I’d missed the deadline for this, will get myself opted out ASAP!

    Premier Icon tjagain
    Full Member

    england only so no need to opt out

    Premier Icon FunkyDunc
    Free Member

    Slightly playing devil’s advocate, if the data is anonymised, then what is the issue, it will make a very powerful dataset to inform decision making making on how to deliver future healthcare.

    Can someone point me to the evidence that shows it’s a really bad idea for me, or the country?

    Premier Icon Onzadog
    Free Member

    If the data was staying with the NHS and I was confident that the NHS would remain a public body for the long term, then yes, use my data to improve the system.

    It’s the bit about them saying They’ll not “sell” your data but will recover costs from 3rd parties.

    The Tories tried this in the past, and fortunately failed. If it’s so legitimate, why try and sneak it through quietly during a pandemic

    When the NHS is finally sold off and the insurance companies refuse or hike your premium for where you live think back to this.

    At some point, the frogs need to realise the water is getting warmer.

    Premier Icon tjagain
    Full Member

    The data is not properly anonymised. Its quite easy to unravel it and work out who is being referred to is my understanding. the parts of the data that make people identifiable will not be removed – but replaced with a code which can be reversed – there is even a clause that allows commercial companies to reverse this. If it was properly anonymized then there would be no way to reverse engineer the anonymization – instead a clear pathway to do so has been deliberately left in

    Note exempting it from GDPR =- that means they intend and expect that personally identifiable information will be sold

    NHS data has always been available for proper research. this is to sell it to commercial concerns like insurance companies who will dig down into the data to at best use it to disadvantage certain groups ie if they work out that people is ( for example) a particular postcode in conventry are more likely to do certain develop certain illness then they will use that to alter the way they offer insurance – which will have the effect of disadvantaging particular ethnic groups.

    The data is so granular that identifying individuals will be possible from it as well as identifying individuals from reverse engineering the anonymisation

    Premier Icon batfink
    Full Member

    We (my company – we run drug trials for pharma and biotech) buy data like this from the US insurance providers.

    We use it to identify doctors/clinics that treat a large number of the types of patient that we are looking for to be enrolled one of our trials, eg: have been diagnosed with disease x within the last 12 months, and are currently being treated with drug Y or Z. We can then approach that doctor to see if he wants to be an investigator in our trial. My understanding is that you can tweak the sensitivity to hone-in on a reasonably small subset of patients – but we would never be interested in actually identifying those patients (we are prohibited from doing so anyway).

    The commercial side of pharma might use the data to identify potential prescribers of their new product, in order to focus their sales efforts I suppose – but there is no particular impact on the individual.

    In the UK you are pretty well protected against the evil pharma empires by the national regulations, pharma codes of conduct and the NHS. As always, its the US constantly plumbing the depths of commercial shitf**kery that tends to set precedents for this kind of stuff, particularly in the context of their dumpsterfire of a healthcare industry.

    I am pretty relaxed about this.

    Edit: who knew that shitf**kery wasn’t in the swear filter? Edited-out in consideration of the sensitivities of small children, the elderly and infirm.

    Premier Icon tjagain
    Full Member

    We use it to identify doctors/clinics that treat a large number of the types of patient that we are looking for to be enrolled one of our trials,

    My understanding is that you can tweak the sensitivity to hone-in on a reasonably small subset of patients – but we would never be interested in actually identifying those patients (we are prohibited from doing so anyway).

    exactly the sort of use of the data that would be illegal under EU law and GDPR and this data grab removes those prohibitions

    And does anyone really believe that a ” code of conduct” will prevent this? Its insurance companies that are the real worry not pharma. If they can identify individuals and its in their commercial interest to do so then of course they will

    Premier Icon batfink
    Full Member

    And does anyone really believe that a ” code of conduct” will prevent this?

    I wrote:

    In the UK you are pretty well protected against the evil pharma empires by the national regulations, pharma codes of conduct and the NHS

    The threats of massive fines are certainly effective in driving compliance in my industry.

    No idea about the US insurance industry

    Premier Icon Drac
    Full Member

    Can someone point me to the evidence that shows it’s a really bad idea for me, or the country?

    Never any I’ve been convinced by just some saying it might be. I’ve not opted out.

    Premier Icon olddog
    Full Member

    Link to NHS Digital pages on this

    https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/advice-for-the-public

    The data isn’t sold for profit – there is cost recovery for providing the data, and these costs are really modest compared with what it cold be sold for commercially

    The same system/processes have already been in place for hospital data for years – it’s being extended to GP data as this is now extracted from GP systems and held centrally.

    There is a massive public good in this dataset being available for research which needs to be balanced against the risk of misuse or data breach. If you aren’t happy then opt out

    Premier Icon intheborders
    Free Member

    I am pretty relaxed about this.

    +1

    Companies (pharma and healthcare logistics) I’ve worked for use to buy data plus sell theirs, it’s one of the reasons modern medicines work so well.

    Premier Icon tjagain
    Full Member

    Do you really think there will not be creep on who has access to the data? its obviously being set up to do so by the removal of safeguards and exemption from GDPR

    Obviously the use of nhs data for research can be good. Its also obvious that this goes well beyond that and the lack of proper anonymization shows this

    if it was just for research it would be properly anonymized. FFS there is even clause to allow removal of the psuedoanonymisation

    Once your data has been put into this scheme when there is further creep in scope in the future you will not be able to remove your data from it.

    the government have also done the bare minimum to tell people about the use of this data and to tell people of their rights to opt out

    Premier Icon tjagain
    Full Member

    The same system/processes have already been in place for hospital data for years – it’s being extended to GP data as this is now extracted from GP systems and held centrally.

    the hospital data is anonymised properly and has safeguards built in . This data grab does not.

    Premier Icon DickBarton
    Full Member

    This is definitely just for English NHS data? I’m liking the idea of sharing the data, but it would have to be fully anonymised and not able to be identifiable. I’ve no real concerns of people knowing that A person or persons have had a twisted low energy lightbulb removed from a body cavity, but I’d have real concerns if they could identify me as one of the people who has had to have said low energy twisted lightbulb removed (and even more so if it reported the number of times it had to be removed).

    I’m slightly concerned but not enough to do something yet as it seems to be English NHS data only…if/when it comes to rest of the UK, then I suspect I’ll be opting out.

    Premier Icon tjagain
    Full Member

    This is definitely just for English NHS data?

    Yes

    IIRC Scotland has a system to to share data for research but with much better protections. Certainly I have heard no protests about scottish NHS data and that vocal minority of SNP / Sturgeon haters would be all over it if they could.

    Premier Icon ravingdave
    Full Member

    I’ve opted out along with my NHS wife nurse

    Premier Icon nickc
    Full Member

     FFS there is even clause to allow removal of the psuedoanonymisation

    Of course it does, how else do you think it will manage allowing people who’ve consented to take part in a research project to share their data? Or for approved research projects to find volunteers for projects?

    They’ve made pretty strong statements about what they’re not going to do with the data. If that changes, I’ll reconsider my options, as it stands at the minute, I’m content for my data to be collected.

    Premier Icon tjagain
    Full Member

    Research does not need people to be personally identifiable. The “medical research” bit is anyway a cover for selling this data to commercial firms. How on earth do you think they can do research now with properly anonymised data? Note its going to be GDPR exempt.

    Once it changes and it will – and the words given are very different to what the bill allows – it too late – you cannot get your data back.

    Their fine words contain safeguards but the bill does not.

    there is no way on earth a company should be allowed to trawl the data, find individuals and ask them to join a research project. Thats reversal of consent and goes totally against all the principles of confidentiality.

    Premier Icon dangeourbrain
    Full Member

    They’ve made pretty strong statements about what they’re not going to do with the data. If that changes,

    But given these laws, codes of conduct and statements have worked for the last few decades you’ve got to realise they’re going to suddenly be ignored surely? After all, the government wears blue ties and, especially under the guidance of someone with so little desire for their own beatification as Boris, is absolutely dead set on the political and career seppuku that would be the dismantling of the NHS.

    Premier Icon tjagain
    Full Member

    , I’ll reconsider my options, as it stands at the minute, I’m content for my data to be collected.

    You cannot do this. Once your data is shared thats it. You cannot withdraw the consent.

    Premier Icon batfink
    Full Member

    there is no way on earth a company should be allowed to trawl the data, find individuals and ask them to join a research project. Thats reversal of consent and goes totally against all the principles of confidentiality.

    Is that going to happen?

    As I explained, we’re not allowed to do that now – it’s literally against the law, and nothing to do with gdpr

    Premier Icon tjagain
    Full Member

    Thats what Nickc thinks is going to happen and its allowed for in the bill. The pseudoanonymised data contains a code for the personally identifiable information that can be decoded on request and of course can be reverse engineered.

    Nickc seems to think its needed for research

    If they have no intention of doing so why build the capability into it?

    Premier Icon olddog
    Full Member

    The circumstances where pseudonymisation can be reversed is covered in the NHS Digital Q&A I provided a link to above

    Either you accept what NHS Digital say or you don’t and can opt out

    Premier Icon dangeourbrain
    Full Member

    Thats what Nickc thinks…

    Nickc seems to think

    No disparagement of Nickc intended, but if this was a conversation about vaccine take-up you’d be less than complimentary about an argument based on “but I read on social media”.

    Premier Icon tjagain
    Full Member

    I didn’t say nickc was right. My comment batfink quoted ( brilliant name BTW) was to point out the issues with what Nickc was stating.

    Premier Icon nickc
    Full Member

    there is no way on earth a company should be allowed to trawl the data, find individuals and ask them to join a research project. Thats reversal of consent and goes totally against all the principles of confidentiality.

    Company x are looking at a vaccine/drug to cure disease Y. They ask NHS digital for data on GPs with patients who have disease Y and ask them to take part in a trial. Patient of the GP give consent to company x and with consent as proof, are given reversed data on patients. No one is having to trawl through personalised data

    You cannot do this. Once your data is shared thats it. You cannot withdraw the consent.

    If they make such huge changes to the scope of the data use, than they will have to ask again to make sure people are still content. If that’s not the case and they don’t, I’ll probably make this face

    9 Babies Making the Grumpiest (and Cutest!) Faces We've Ever Seen

    And get on with my day,

    Premier Icon dangeourbrain
    Full Member

    Please tell me that’s an actual photo of you nick

    Premier Icon tjagain
    Full Member

    If they make such huge changes to the scope of the data use, than they will have to ask again to make sure people are still content. If that’s not the case and they don’t, I’ll probably make this face

    there is no way of doing this. Once your data is included then it cannot be removed

    Its not a huge change – its in there now that this can be done. why build in the capability if not to use it?

    Premier Icon andrewreay
    Full Member

    I feel it’s my civic duty to take part.

    The benefits of large data sets and the new super-computing tools to analyse that data are only going to improve the standards of healthcare and drugs for society as a whole.

    That far outweighs the risks. It’s like giving blood or getting a vaccination, there are risks and my data may get leaked or I may suffer some sort of medical issue, but there are societal benefits and to me the risks are worth it.

    The reality is the vast majority of the most effective drugs are and have been developed by private organisations. There may be risks sharing data (and it is highly anonymised) but they are worth it.

    I’ll put my hard hat on.

    Premier Icon DickBarton
    Full Member

    But given these laws, codes of conduct and statements have worked for the last few decades you’ve got to realise they’re going to suddenly be ignored surely?

    It’ll be those last few decades where we were part of the EU and had a strong set of principles that governed the EU – now we have left the EU, we don’t have so much principle – hence this sort of thing being done. I suspect this has been getting worked on since the start of Brexit murmurings.

    And as much as I hate being the saddo that waves Brexit about, it has had a massive impact on this – if we hadn’t left the EU, we wouldn’t be discussing this as it wouldn’t be happening. This is about maximising profit from things that were previously not available to be profiteered in such an open way. If it wasn’t, then it would be entirely anonymised.

    Premier Icon nickc
    Full Member

    Please tell me that’s an actual photo of you nick

    Obviously 🙂

    Premier Icon tjagain
    Full Member

    and it is highly anonymised

    This is the point. It is not anonymised. Itsd pseudoanonymised, the pseudo anonymisation can be reverse engineered and there is a route to remove the anonymisation actually in the legislation – and its allowed to breach GDPR

    If it was properly anonymised it would be impossible to trace individuals from the data set. If yo can trace individuals then its not anonymous

    Premier Icon shinton
    Free Member

    You cannot do this. Once your data is shared thats it. You cannot withdraw the consent.

    They have caved in on this now and said that it will offer patients the option to opt out at any stage, with historic data being deleted even if it had been uploaded.

    But it sounds a bit like trying to put a genie back into a bottle.

    The data is held centrally for ‘users’ to run queries against rather than get copies of the entire dataset, but in practice there is nothing to stop you running a query that can extract the entire contents and can be done very easily and I’m guessing often. I’d like to know how this type of behaviour will be monitored.

    Premier Icon andybrad
    Full Member

    how do you withdraw your consent?

    Premier Icon nickc
    Full Member

    Opt out details are here

    Premier Icon Watty
    Full Member

    I feel it’s my civic duty to take part.

    ..said the lemming to his lemming friends. Jump he said, and they did.

    Thankyou Teej, but I think you’ve made a slight error according to what I’ve read. You CAN opt out in future, but all the information they’ve already collected belongs to them, they just won’t be allowed to collect any more.*
    Not much help then really is it?
    Anyone who thinks this is for the good of anyone, other than the American insurance and pharmaceutical companies waiting to hoover-up the NHS, is in my opinion, a fool.

    *Edit, I stand corrected.

    Premier Icon nickc
    Full Member

    This is the point. It is not anonymised. Itsd pseudoanonymised

    Your NHS number, date of birth and Postcode are coded, and can be un-coded. (pseudorandomised) the rest of the data is anonymised (name address etc) and is only shared by consent

Viewing 40 posts - 1 through 40 (of 79 total)

You must be logged in to reply to this topic.