Viewing 39 posts - 41 through 79 (of 79 total)
  • NHS patient-data sales
  • Premier Icon batfink
    Full Member

    Company x are looking at a vaccine/drug to cure disease Y. They ask NHS digital for data on GPs with patients who have disease Y and ask them to take part in a trial. Patient of the GP give consent to company x and with consent as proof, are given reversed data on patients.

    It would only work this way if it was a non-interventional/retrospective study or some sort of treatment registry. Usually these are done by the NHS or various research foundations to understand how patients with a disease are actually treated in the real world. They are of very limited use commercially.

    Commercial research tends to be interventional/prospective in nature – you are usually testing a new drug. When you consent to take part in that study, you are agreeing for the trial sponsor (pharma company), it’s agents (me) and a whole raft of other people: auditors, regulators etc, to have full access to your entire medical record. Any data that is collected has personal identifiers removed. A link still exists between the patients unique trial subject number and their actual name… but that’s limited to a single piece of paper that’s retained by the doctor. We check that they are recording the names, but we don’t ever collect them.

    In fact we have rafts of policies and procedures for how to deal with doctors who inadvertently send us the names of their patients – it’s like that scene out of monsters inc when they find the sock on the monsters back

    Premier Icon tjagain
    Full Member

    They have caved in on this now and said that it will offer patients the option to opt out at any stage, with historic data being deleted even if it had been uploaded.

    I had not ;picked that up but its still half assed – how are they going to extract that data from the data sets that have already been given out?

    Premier Icon dangeourbrain
    Full Member

    how are they going to extract that data from the data sets that have already been given out?

    Same way they would under gdpr, a nice letter followed by considering whose pockets are deeper, followed by a strongly worded letter and forgetting all about it. At least this time they’re being honest about their unwillingness/inability to enforce it.

    Premier Icon Onzadog
    Free Member

    They don’t always sell data, didn’t they give some of it away to Amazon recently? I assume that was because Amazon couldn’t afford it and said pretty please.

    Premier Icon Drac
    Full Member

    They don’t always sell data, didn’t they give some of it away to Amazon recently?

    No.

    Premier Icon dangeourbrain
    Full Member

    They don’t always sell data, didn’t they give some of it away to Amazon the next person who happened to use the bus stop recently?

    FTFY

    Premier Icon johnx2
    Free Member

    Dispiriting thread. The way this has been pitched ain’t exactly great (bmj editorial here) , at a time when we really don’t want to undermine trust in the NHS, but you won’t find many researchers (uni or industry based) who think opting out is somehow a good idea. You’re really not socking it to the man by doing this. All you’re doing is skewing the data a bit and making vital research more difficult to do.

    Premier Icon tjagain
    Full Member

    the problem is not medical research – I have no issue with this. Its that it seems more likely that all sorts of other folk can get their hands on personally identifiable data from this as the tories will want to monetarise it and its set up for them to do so

    they make a big fuss about the medical research side – but refuse to say insurance companies for example will be banned from getting it

    Its also the fact that its not properly anonymized as it should be.

    Premier Icon chrismac
    Full Member

    Im opted out on the simple basis that I don’t trust Boris further than I can throw him. Based on his current form if he says something can’t or won’t be done then it’sa racing certainty it will be. After 13 years in the NHS I have no confidence in the senior management to do anything except what their political matters tell them

    Premier Icon tjagain
    Full Member

    Amazon was given access to NHS data under a shady deal. NOt patient data but everything else.

    https://www.theguardian.com/society/2019/dec/08/nhs-gives-amazon-free-use-of-health-data-under-alexa-advice-deal

    the contract will also allow the company access to information on symptoms, causes and definitions of conditions, and “all related copyrightable content and data and other materials”.

    Premier Icon dangeourbrain
    Full Member

    the contract will also allow the company access to information on symptoms, causes and definitions of conditions, and “all related copyrightable content and data and other materials”.

    So the sort of thing that might come in handy for saying “alexa, my child has a cough and a temperature, what’s wrong with them” that sort of thing?

    Premier Icon nickc
    Full Member

    Its also the fact that its not properly anonymized as it should be.

    This is untrue, for the third time….

    Premier Icon nickc
    Full Member

    that sort of thing?

    yes, exactly that sort of thing.

    Premier Icon tjagain
    Full Member

    Nickc – its simply is true. If it can be de anonymised then its not done properly

    this is one of the major criticisms with it. the data can be tracked back to individuals – indeed the bill actually has a built in method to do so and also it can be done without permission using modern data mining techniques.

    check the BMJ for this.

    You really need to read up and understand this.

    Premier Icon johnx2
    Free Member

    check the BMJ for this.

    yes, do

    From Angela Coulters ed https://www.bmj.com/content/373/bmj.n1413 her view is that:

    This is indeed a sensitive issue but opting out may not be the best response

    matty handjob being **** or whatever, johnson being a massive shit, is not going to be cured by anyone opting out. Though clearly (again from the editorial):

    For too long arguments about who should have access to their data have raged above patients’ heads or behind their backs. Opting out is an unsatisfactory solution. It is time to make more strenuous efforts to involve the public in designing and implementing secure systems for extracting benefit from this important resource.

    Distracting irrelevancies about amazon aside, for sure folks don’t trust our pols – does this mean they should opt out of organ donation? Donating data is similarly contributing to the common good.

    Premier Icon tjagain
    Full Member

    the best response is for the government to put proper anonymization in place and proper legal safeguards in place including no exemption from GDPR

    As they refuse to do this and its 100% clear that the data can be traced back to individuals and can me misused then opting out is the only way a citizen can be sure their personal data is safe

    Once again – its not the medical research that is the issue – its all the other ways the data can be used to the detriment of individuals and groups

    there is a lot of criticism in the BMJ over this

    If your data is safe why exempt it from GDPR

    Are you really happy with the use of it for marketing? for insurance ?

    Premier Icon nickc
    Full Member

    wrote so0mething deleted it, I’m not going to engage/spend any more energy arguing with you about it.

    Premier Icon stevie750
    Full Member

    For Scotland TJ is right, all the PII can be brought back

    Premier Icon tjagain
    Full Member

    Nickc – you have shown that you do not understand the differnce between anonyonised and pseudo anonymized and they way you desribed data being used for research is as batfink pionted out currently illegal and unethical

    I ask again – are you happy that insuance companies and marketing companies will be able to access individuals personal and sensitive data with the individuals identified- because under this proposal they can

    Premier Icon johnx2
    Free Member

    its not the medical research that is the issue – its all the other ways the data can be used to the detriment of individuals and groups there is a lot of criticism in the BMJ over this

    link please

    Premier Icon andrewreay
    Full Member

    TJ – I think we do understand it (anonymised data).

    Just because an encryption key exists to reverse the anonymisation does not mean it is not anonymised.

    When the data is given the key is not.

    Credit card data works in exactly the same way. Details are encrypted but without the key, it’s impossible to decipher, much like the anonymisation.

    There may be occasions where it is necessary to identify a source (say someone with some mutant gene that threatens humanity). In this case, the key might be requested by the data user.

    Whether that is available to the user will be up to the quango.

    Just because that function exists for extreme circumstances is not the same as saying the data is not anonymised.

    And anyway, the receptionist at the GP will likely have far more juicy access to personal info than any pharma org, which I’d be far more worried about!

    Premier Icon Drac
    Full Member

    Just because an encryption key exists to reverse the anonymisation does not mean it is not anonymised.

    CSI: Edingburgh will crack the code.

    Premier Icon nickc
    Full Member

    you have shown that you do not understand the differnce between anonyonised and pseudo anonymized

    I absolutely do understand it, it’s literally part of my job. I get that you’re anti technology, I get that you constantly need the affirmation of sticking it to the man. Crack on. Go you. It’s absolutely not worth my time or effort to get into this with you as experience as told me, you’re not interested in discussion, you’re interested only in seeing the world your way, so there’s the end of it.

    Premier Icon tonyd
    Free Member

    They are very welcome to my data, if there is even the slightest hint that it will make even the tiniest difference in making another human beings life better then that’s enough for me.

    I realise to most that that might seem like a naive and trusting approach but what’s the worst that could happen to me? Those nasty Tories run off with £50 notes overflowing from their swag bag, or maybe, maybe, one day an insurance company charges me an extra £10 because I once had haemorrhoids.

    I’m also on the organ donor list, perhaps I should cancel that in case Boris tries to cash it in early and I wake up in a bath full of ice cubes. He’s bound to you know, he’s done it before, my aunty Joan told me.

    Premier Icon bikesandboots
    Full Member

    I just know people will be trying (and succeeding) to use this data to screw people over, and I fully expect one day they’d be successful against me. Specifically that I’d be made to pay/contribute more towards some healthcare provision, within whatever form the healthcare industry system will look like in 20 years.

    Premier Icon tjagain
    Full Member

    No nickc – you neither understand my motivations, nor want to understand them nor do you understand the issues here

    Its not about sticking it to the man, its about understanding the real harm that misuse of the data can cause

    You want to be willfully blind to the potential harm – then keep on sticking your head in the sand

    its not about medical research. its about the other companies such ass insurers or marketing that can get this data

    its about the total refusal of the government to put in simple safeguards to protect the data

    if its as benign as you think why will they not anonymize it properly?

    if its only totally ethical medical researchers then whey will the government not limit it to them?

    Answer me that. If its as benign as yo claim then why is there no legal method to ensure its benign?

    if the data was to be properly controlled, anonymized and not personally identifiable then I would have no issue

    so why does the government refuse to do this?

    You are so determined I have nothing of value to say that yo will not listen not will you even attempt to understand how this data with so minimal legal protections could be used for massive harm. any alternative point of view you have to shout down because you do not and do not want to think about the implications

    I say again – its not about medical research. I trust them in general. Its about the lack of controls on who gets the data and what they can do with it

    Premier Icon tjagain
    Full Member

    It would be very easy for the government to ensure the safety of the data and to ensure privacy but they refuse to do so. why?

    Premier Icon grahamt1980
    Full Member

    @batfink IQVIA, Parexel or covance?
    Or are you at one of the smaller ones?

    I started a similar thread before they extended the deadline, i have opted out. I disagree with the pseudo anonymised data, plus i fail to see why they are not using the existing process of data access which is actually controlled.
    Fwiw i work as a clinical trial auditor and we would be shut down if we tried some of the stuff that could be possible with this data.
    GDPR doesn’t apply to scientific research (look at the exclusions), but secondary use of data is a potential minefield.
    My concern isn’t medical use, more the other potential usages

    Premier Icon tjagain
    Full Member

    Thank you graham – showing I am not a paranoid loony on this but actually understand the implications of the lack of controls

    Premier Icon oldmanmtb2
    Free Member

    The worst that can happen? Well Mr non smoking fit as **** individual due to previous health outcomes and social/geographical conditions we have decided to cancel your life policy….

    Not £10 for your piles…. thats the best that could happen.

    Risk management is all about known risks which are formed into a risk model/algorithm, this data allows a risk model that will drive up profits and reduce loss.

    On more basic note, why do you think the Tories want to sell it? For the greater good?

    Premier Icon oldmanmtb2
    Free Member

    As someone who works in this area…

    OPT THE **** OUT.

    Premier Icon bikesandboots
    Full Member

    Risk management is all about known risks which are formed into a risk model/algorithm, this data allows a risk model that will drive up profits and reduce loss.

    Let me elaborate a bit about this for anyone who’s interested. There is an entire industry of companies, with thousands of people (statisticians, programmers) working with data to produce risk models for all kinds of insurable risks (weather, fire, health… dozens). All those people working away at this, and getting good money for it. They use terms like “management of loss cost” when talking about death in service cover. When talking about health/life, they use terms like “longevity risk” (you living longer than the insurer hoped) and refer to “mortality improvement” (advancements in medicine) as if it was a problem (which for them, it is). Whether you’re health as a nut (Garmin data please?) or the opposite (Clubcard data please), they’re hungry for data and it won’t be used for your benefit. It doesn’t even matter if it’s not data about you specifically; they’ll match you to a cohort based on what they think you’re like.

    Premier Icon pondo
    Full Member

    This is at the direction of the government, yeah? I’m out.

    Premier Icon Cougar
    Full Member

    There’s a lot I want to say about this, it is part of my day job, but it’s gone 2am so I’ll just drop two things.

    1) “Pseudo-anonymised” is bullshit. It’s either anonymous or it isn’t. If data can be used to identify an individual or, crucially, if it is anonymous data which could be combined with other data to personally identify an individual, then it falls under GDPR.

    2) Remember the early Track & Trace debacle where the government originally wanted to create their own central-database oriented system rather than use globally recognised and developed API-based systems? In isolation I likely wouldn’t care about this and regular readers will know that I’m not one to reach for the tinfoil, but that’s a coincidence too far for my liking and I’m deeply concerned about their motivations here.

    Premier Icon Cougar
    Full Member

    And point 3 out of 2,

    Of course, this has all been well publicised and everyone is well aware of it.

    Oh.

    Premier Icon hels
    Free Member

    On a technical point, UKGDPR absolutely does apply to scientific research if personal data is processed. There are exemptions for some types of research from certain data subject rights if a number of safeguards are applied, so lots of qualifiers. That’s a dangerous misunderstanding to say it doesn’t apply across the board d so just to clear that up.

    Premier Icon grahamt1980
    Full Member

    Apologies, the specific area gdpr does not apply to is the right to be forgotten and opt out after entry into a clinical trial or data usage where it could affect regulated data, i can see how they would take that item to apply to medical data but it would be a very poor interpretation of the rules.
    I realised after the edit window had closed

    Premier Icon shinton
    Free Member

    “Pseudo-anonymised” is bullshit. It’s either anonymous or it isn’t.

    Not quite. My understanding is the data elements that can identify a person will be tokenised e.g. changing my NHS number of 1234 to WXYZ using some clever hashing algo, after all the 3rd party consumers have to have some kind of unique identifier to piece together events for a patient over time. In theory the ‘good side’ will have access to the token management system for things like adding/deleting data records and the ‘dark side’ will have access to a meaningless token that still allows them to uniquely identify a set of related events. My worry is that the token management system will be abused in the future.

    Premier Icon tjagain
    Full Member

    That and the data is so granular that data mining could certainly get down to very small groups and in some cases individuals.

    If the anonymisation can be undone then its not anoymous

Viewing 39 posts - 41 through 79 (of 79 total)

You must be logged in to reply to this topic.