NHS England patient data ‘uploaded to Google servers’, full disclosure demanded

The UK government has been debating illegal disclosures of patient health data: “The issue of which organisations have acquired medical records has been at the centre of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments and private health providers had either attempted or obtained patient data.”

The article closes with quotes from Phil Booth of medConfidential:

  • “Every day another instance of whole population level data being sold emerges which had been previously denied”.
  • “There is no way for the public to tell that this data has left the HSCIC. The government and NHS England must now come completely clean. Anything less than full disclosure would be a complete betrayal of trust.”

Far worse privacy violations are the norm in the US, yet our government won’t acknowledge that US health IT systems enable hidden sales and sharing of patients’ health data.  US patients are prevented from controlling who sees their health records and can’t obtain real-time lists of who has seen and used personal health data.

Learn how the data broker industry violates Americans’ strong rights to control the use of personal health information in IMS Health Holdings’ SEC filing for an IPO:

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

Data brokers claim they don’t violate our rights to health information privacy because our data are “de-identified” or “anonymized”—-but computer scientists have proven it’s easy to re-identify aggregated, longitudinal data sets:

deb

This blog was written in response to the following article: NHS England patient data ‘uploaded to Google servers’, Tory MP says

NHS legally barred from selling patient data for commercial use. When will the US wake up?

When will US bar sale of patient data for commercial use?

1st: Public has to wake up.

2nd: The LIE of sale of patient data for research must be exposed.

US law permits any corporation to buy/sell/sell/share patient data for commerce (i.e. BIG DATA analytics and proprietary products without patient consent or knowledge). This is a fact.

deb

This blog was written in response to the following article: NHS legally barred from selling patient data for commercial use

Re: David Cameron ready to put chunks of NHS up for sale, says Labour

The British Prime Minister proposes opening up and selling the health information of British citizens, ie copying the US model of data sales because he sees it’s worth tens-hundreds of billions in annual revenue to those in the US selling data. For at least the past decade, US industry has been violating Americans’ expectations and strong rights to health privacy by selling and using sensitive patient health information without consent, and without public awareness, much less, debate.

See more here: David Cameron ready to put chunks of NHS up for sale, says Labour

Key quotes:

  • Prime Minister “[Cameron] sees no limit on the involvement of the private sector and says he wants it to be a ‘fantastic business’. In his desperation to develop a credible industrial strategy, he seems willing to put large chunks of our NHS up for sale.”
  • Roger Gross, from the pressure group Patient Concern, said that allowing private firms access to NHS data would mean “the death of patient confidentiality”.
  • “We understand GP surgeries will have the right to refuse to release their patients’ records, but whether patients will ever be told what is happening, let alone have the choice to protect their privacy, is still unclear,” Gross said.

Discussion on Targeting in the UK using the National Health Service

UK patients are outraged over whether the government NHS (National Health Service) data base was used to find individual cancer patients and pressure them to vote for the Labour party.  See article here.

Even if NHS data was not used, CLEARLY there is enough commercial data for sale in both Britain and the US for cancer victims’ addresses to be found and re-identified.

Allowing the secret US data mining industries that steal, collect, aggregate, and sell all Americans’ sensitive personal health information, health-related searches, health-related posts on social websites, email about health, and health-related purchases to continue doing business-as-usual is a prescription for disaster.

It’s a key reason we are seeking 500,000 people to sign the Do Not Disclose list. If Congress gets 500,000 signatures, they will pass a law to restore our control over our digital health records and set up the list.

Don Berwick MD, President Obama’s nominee to lead the Centers for Medicare and Medicaid, agrees that health information should belong to patients—and doctors should have to ask us to see it. See his article on patient empowerment: What ‘Patient-Centered’ Should Mean.

Yes, it’s illegal for employers and banks to use health information—but if they have it, they can use it—and there is no way to stop them.

We should be able to stop anyone from getting our health information. A national Do Not Disclose list would ensure we decide who sees our health information and who doesn’t.

It’s time to prevent corporations and government from being able to get our sensitive health information without consent. Sign the Do Not Disclose list!

Quotes:

  • “The Conservatives and the Liberal Democrats have attacked the Labour Party for sending “alarmist” literature to cancer patients, and called for an inquiry into whether NHS databases had been used to identify recipients. The row erupted after Labour sent cancer patients mailshots saying that their lives may be at risk under a Conservative government.”
  • “Experian, the data management company, confirmed that both Labour and the Conservatives use its Mosaic database, which divides voters into 67 groups. The databases can use anonymised hospital statistics, including postcodes and the diagnoses of patients, to identify the likely addresses of those with particular illnesses.”

UK: Labour [Party] attacked over mailshot to cancer patients

The Conservatives and the Liberal Democrats have attacked the Labour Party for sending “alarmist” literature to cancer patients, and called for an inquiry into whether NHS databases had been used to identify recipients.

The row erupted after Labour sent cancer patients mailshots saying that their lives may be at risk under a Conservative government.

Andrew Lansley, the Shadow Health Secretary, said: “It is shameful that the Labour Party, knowing that we are the only party that is going to increase investment in the NHS, have decided to deliberately scare patients and misrepresent what we have said.

PPR responds to NHS sending patient information to India

In response to article: NHS sends confidential patients’ records to India despite pledges it would not

In the US, the use of “cloud computing” for sensitive electronic health information creates EXACTLY the same dangers that British health records are exposed to in India: hundreds or thousands of staff can access and sell health records.
Quotes:

  • “Indian data entry staff will have access to the names, addresses and NHS numbers of patients – along with private information about medical appointments.”
  • “The risks of transferring data overseas were highlighted last year when undercover reporters for a TV programme were able to buy health records from a private London hospital, which had been processed in India. The sellers said they had access to thousands of British medical records.”

It is impossible to ensure ironclad security for health data in far-away nations –actually we don’t yet have a way to be sure that health data in America has ironclad security protections in place either. And it’s impossible to hold cloud servers in other countries liable for the theft, sale, or breach of privacy of your health data—which they probably NOT report to us anyway. Which nation’s cloud servers would you trust with your sensitive health records?

NHS sends confidential patients’ records to India despite pledges it would not

The NHS is sending millions of patient records to India for processing, it emerged yesterday.

In the latest privacy scandal to hit the Health Service, Indian data entry staff will have access to the names, addresses and NHS numbers of patients – along with private information about medical appointments.

Managers have given the green light to the scheme despite concerns over poor security at some Indian companies.