
The NHS is selling your private data – here's the price list [pdf] - ghswa
http://www.hscic.gov.uk/media/12443/data-linkage-service-charges-2013-2014-updated/pdf/dles_service_charges__2013_14_V10_050913.pdf
======
tomelders
I'm not worried, there's absolutely no way anyone could identify you with only
your NHS number, your date of birth, your postcode, your gender and ethnicity,
your medical diagnoses (including cancer and mental health) and any
complications, your referrals to specialists, your prescriptions, your family
history, your vaccinations and screening tests, your blood test results, your
body mass index (height/weight) and your smoking/alcohol habits....

Oh... wait....

------
pessimizer
A comment on one of the Guardian articles:

J_smudger 24 January 2014 3:00pm

I think there is confusion amongst some commenters here. This comes from
reading a large amount of literature from the relevant pages on the NHS /
Health and Social Care Information Centre (HSCIC). The HSCIC are basically a
repository in Leeds, where all this information will be stored.

Your GP records are going to the HSCIC as pseudoanonymised information, which
as has been said does indeed include your NHS number, date of birth and
postcode. The HSCIC will then build up a database of this information. They
can indeed pass on certain of this information to certain external interested
parties, although when they do this the data becomes truly anonymised as
opposed to pseudoanoymised. You can read about this in the NHS published
guidelines (although not in the rather patronising leaflet), as well as from
the documentation of the HSCIC and the government itself.

To quote the HSCIC:

    
    
        we take out details that could identify you before we make any information available
    

At the NHS:

    
    
        there are no personal details such as your date of birth and postcode included... We would never publish this type information because there is a risk that you might be identified.
    

The HSCIC can only release identifiable information when (1) you specifically
ask them to, or (2) hypothetically, when there is a national emergency such as
a highly virulent pandemic. This would require a legal process.

[http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Pa...](http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Pages/care-
data.aspx)

[http://www.hscic.gov.uk/article/3399/Rules-for-sharing-
infor...](http://www.hscic.gov.uk/article/3399/Rules-for-sharing-information)

Or if you have a hour to spend read this:

[http://www.hscic.gov.uk/media/12931/Privacy-Impact-
Assessmen...](http://www.hscic.gov.uk/media/12931/Privacy-Impact-
Assessment/pdf/privacy_impact_assessment_2013.pdf)

... or perhaps just sections 3.3.4. and 3.3.5.

~~~
ghswa
Regulation 5b allows the Secretary of State for Health to disclose
confidential patient information for any medical purpose. No need for a
national emergency.

[http://www.legislation.gov.uk/uksi/2002/1438/regulation/5/ma...](http://www.legislation.gov.uk/uksi/2002/1438/regulation/5/made)

:edit: gohrt pointed out that I'd overlooked the restriction to medical
purposes in regulation 5, thanks.

~~~
gohrt
Not "for any reason".

Please edit your commment for correctness:

""" General

"confidential patient information may be processed for medical purposes in the
circumstances set out in the Schedule" """

------
lrei
I would just like to point out that even if they "anonymize" the records it's
generally not that hard to de-anonymize data.

During the Netflix prize, randomly generated IDs were eventually matched to
people based simply on movie ratings and matching public information in other
public sources:

[http://www.wired.com/politics/security/commentary/securityma...](http://www.wired.com/politics/security/commentary/securitymatters/2007/12/securitymatters_1213)

With medical data, it will probably be trivial (maybe easier or more appealing
to insurance companies?).

We're a lot more unique than we think. Reminds me of this EFF project:

[https://panopticlick.eff.org/](https://panopticlick.eff.org/)

Some companies will probably resell this information to potential employers,
banks (there goes your loan), etc.

Well, that's going to suck for people in the UK.

~~~
ryguytilidie
Companies are TERRIBLE at this. We used a company to do an employee feedback
survey. They promised us that the data would be delivered in a 100%,
completely anonymized format. We sit down to go over the results and slide
number one is "Men were a 100% approval while women were 73%". I'm the only
male on my team. How in the world is this anonymous?

~~~
lettergram
I know in my C.S. courses most of us guys/girls wont put down our gender on
surveys so the 4 or 5 females in the room can maintain anonymity.

------
optimiz3
This would be straight up illegal in the US due to HIPAA, which guarantees a
patient's right to privacy.

HIPAA =
[http://en.wikipedia.org/wiki/Health_Insurance_Portability_an...](http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act)

~~~
rpedela
No it isn't. U.S. health data can be sold if it is de-identified or with a
patient's permission.

~~~
tansey
But this data is not de-identified. They explicitly list prices for data with
confidential, patient-identifying information.

~~~
vilhelm_s
The main page, [http://www.hscic.gov.uk/dles](http://www.hscic.gov.uk/dles) ,
states

> The data we supply is normally pseudonymised. We only provide identifiable
> data when there is a lawful basis to do so i.e. with patient consent,
> approval under section 251 of the NHS Act 2006 which enables The Health
> Service (Control of Patient Information) Regulations 2002, or where
> appropriate statutory regulation is in place.

This "About Section 251" page,
[http://webarchive.nationalarchives.gov.uk/20130513181011/htt...](http://webarchive.nationalarchives.gov.uk/20130513181011/http://www.nigb.nhs.uk/s251/abouts251/index_html)
, states

> Section 251 came about because it was recognised that there were essential
> activities of the NHS, and important medical research, that required use of
> identifiable patient information but because patient consent had not been
> obtained to use people's personal and confidential information for these
> other purposes, there was no secure basis in law for these uses. [NB. There
> are a few exceptions where there is a legal basis for disclosure e.g.
> reporting of notifiable diseases]. Section 251 was established to provide a
> secure legal basis for disclosure of confidential patient information for
> medical purposes, where it was not possible to use anonymised information
> and where seeking consent was not practicable, having regard to the cost and
> technology available.

~~~
pbhjpbhj
>" _and where seeking consent was not practicable,_ " //

As they have your contact details and next of kin details then seeking consent
must be quite practicable.

I expect them mean "commercially financially viable". Those people the NHS
can't simply look up a phone number for (from doctor's surgery records) and
ask (or ask their guardian/parent) must be in the few hundreds [of those they
have sufficient medical information for to be used in a scientific study].

~~~
vilhelm_s
I guess that's what it says, practicable with regard to cost.

To look at one random example, the first study on the list of approvals in
2013 was the "ETPOS: European Transfusion Practice and Outcome Survey".
Apparently they took data from 10,000 patients who had blood transfusions and
tried to see if there was any correlations between practices such as "ratio of
red blood cells to other blood component therapy, such as plasma and
platelets" and health outcomes. I guess it was deemed that phoning each of the
patients was impractical.

~~~
pbhjpbhj
Robot Dialer: The NHS wish to sell your medical data for use in a study of
people who had blood transfusions. Press 1 to accept, 2 to refuse, 3 to speak
to an agent.

Robot Dialer: You pressed 1 to accept; can we use your data for future
studies? Press 1 to accept, 2 to refuse, 3 to speak to an agent.

Robot Dialer: You pressed 2, can we contact you to ask about using your data
in specific studies in the future? Press 1 to accept, 2 to refuse, 3 to speak
to an agent.

Umpteen marketing companies appear to be able to afford to do this sort of
calling (yes even though it's against the law for them to contact me as I'm on
the no-call database [which wouldn't apply to the NHS]).

If it's too costly then the studies can hardly be worthwhile? Remember the NHS
wasted £10 Billion on a single IT project over the last 10 years. What would
this auto-dialer have cost? £10k in "management", couple of thousand in IT
staff and set-up (join study NHS numbers with main database ID table and
contact info tables, select phone numbers; set-up dialer script, test,
initiate) maybe £500 in direct call costs. They most likely already have
systems in place to do auto-dialed calls for disease outbreaks [UK Environment
Agency use one for flood warnings].

------
zmmmmm
I fully expected to read the details and see that the headline was some sort
of hyperbole, as these things nearly always are. I'm still hoping someone will
tell me this isn't real.

This seems downright evil. Disgusting. There is no justifiable reason for this
data to be available in any sort of unanonymized form. Everything that is
justifiable that can be achieved with it in anonymous form can be achieved
with it anonymized.

The terrible part is that there is a good reason for a program like this.
There are real reasons to collect and know this kind of data - it can make a
huge difference to human health and well being. And that is why this is so
bad. It's going to set back participation in any sort of electronic health
record all around the world, if people see such a high profile program
manifest as a privacy disaster.

~~~
lindavers
>I fully expected to read the details and see that the headline was some sort
of hyperbole

It really is, see the source page for more details:

[http://www.hscic.gov.uk/dlesaac](http://www.hscic.gov.uk/dlesaac)

The misunderstanding going on in the comments seems to be stemming from a
failure to distinguish between personal identifiable data and personal
confidential data.

The former: "This includes patient identifiable data, such as:

NHS number Name Address Postcode Date of Birth Date of Death"

and the latter: "Personal confidential data also includes sensitive data which
may include items such as:

Racial or ethnic origin Political opinions Religious or other similar beliefs
Physical or mental health condition Sexual life Criminal record"

The patient identifiable needs explicit permission from the patient in order
to obtain, patient confidential needs a good legal reason + reviewed
application.

~~~
aaren
_The patient identifiable needs explicit permission from the patient in order
to obtain_ \- please could you link me to the official document that states
this, specifically in the context of care.data?

------
ghswa
A good explanation of the scheme, from Dr Neil Bhatia can be found at
[http://care-data.info/](http://care-data.info/)

It includes details of how to opt-out.

~~~
switch007
It's a long site so I'd just like to highlight the following:

"The data extracted - your Primary Care Dataset - will include the following:

Your NHS number Your date of birth Your postcode Your gender and ethnicity
Your medical diagnoses (including cancer and mental health) and any
complications Your referrals to specialists Your prescriptions Your family
history Your vaccinations and screening tests Your blood test results Your
body mass index (height/weight) Your smoking/alcohol habits"

\---

Go to that site. Opt out here [http://optout.care-
data.info/](http://optout.care-data.info/). It's really simple.

~~~
aaren
If you prefer, you can just write a letter to your surgery:

\- State that you wish to opt-out of care.data

\- Request that both the 9Nu0 and 9Nu4 codes are added to your GP records

\- Remember to include full names and DOBs (and your address if you are happy
to)

~~~
porker
The conundrum I have is knowing this has been done.

I wrote a letter with all of this, took it to the GP surgery. The receptionist
was bemused. There has been no acknowledgement. Can I tell if I've been opted
out, without hassling the already-overworked reception staff?

~~~
ghswa
Try talking to your practice manager - mine is very helpful and (s)he'll
hopefully be much more clued up about this than the reception staff.

------
pbowyer
Whoever gets their hands on this data should build a "20 Questions" game, to
identify a person's NHS number. Knowing something of my neighbour's recent
medical history, I'm pretty sure it'd take 10 questions or less.

Are there any restrictions on publishing the data? I can't find licensing
terms.

~~~
ghswa
Not exactly licensing terms but page 3 of the price list states that extracts
subject to an annual fee will continue to be charged that fee until it is
certified that all hard and soft copies of the data have been destroyed.

Other than that I'm guessing they will enforce some pretty draconian
restrictions on publishing and sharing the data since doing so would undermine
their ability to sell the data.

~~~
gohrt
So the UK govt aren't even claiming that this data is public information, and
charging a processing fee for it -- the govt is claiming that citizen's
personal health information is _owned by the goverment_ with privileges to
restrictively license it to commercial customers!

------
oskarpearson
I think the thing that's missing from much of the discussion is that all
released information is subject to a very clear contractual agreement and for
specific purposes. The agreements limit the ability to link supplied data with
anything else. These contracts and use of data are subject to privacy group
oversight, managed by the NHS.

The intended use is not that insurance companies can link your medical data
against you and then charge you more (or any variant on that). Instead, the
intended use is that companies with clear information controls can perform
useful research more cheaply, and stop guessing at cause and effect. I
personally support that intent, and am interested to see what comes out of it.

What's to stop the companies just doing whatever seems to get them the most
money? In my opinion, it'd be the fact that failing to stick within the
agreement would cause existential risk to the company. I think that courts,
government, the NHS, and UK society at large would come down VERY heavily on
any company contravening their contracts. Companies are going to spend
significant effort ensuring their company doesn't disappear overnight in a
storm of lawsuits with the directors in jail.

Companies wouldn't do this for the same reasons that Seagate doesn't sell the
data off RMA'd hard drives on the open market.

I trust the relevant public bodies in the UK to protect my interests here. You
may not, of course.

~~~
mortov
Let's be clear, the intention is for the UK Government to make money off your
medical data.

If Seagate wanted to make money off your RMA'd hard drive and they thought the
data on it would do the trick, you can bet it would be for sale on the open
market.

If the law says that is illegal, Seagate does not have the option to change
it. However, the Government can simply change the law to make whatever they
want to do 'legal' and their problem is solved. That's essentially what
they've done here.

Large 'healthcare' companies interested in this data are more than just health
providers, they have multiple divisions with multiple competing and tangential
aims and targets. Just because a piece of paper says it can only be used in
one way, that is not going to stop the re-use (and leaking) of the data.

Remember the UK had bankers totally screwing the country and got rewarded with
massive bail-outs - I don't recall any jail time for their bad behaviour [in
the UK]; quite the reverse. Any social science student will be able to cite
many examples of companies shielding individuals from the consequences of
their bad behaviour - it's a whole subject area.

The UK government sets up QUANGOs specifically to shift liability and risk to
prevent consequences; a Scottish care home where elderly people were burned to
death escaped prosecution as the legal entity was simply shut down and
dissolved prior to the court case starting [this did bring about legislation
changes to close that avenue in Scotland [http://www.bbc.co.uk/news/uk-
scotland-17740645](http://www.bbc.co.uk/news/uk-scotland-17740645)]. There are
dozens of ways to get away with abusing the data and walk away free - if
you're going to make a lot of money, you can afford good lawyers to help you
prepare well ahead.

Why would it be different for your health data ?

~~~
oskarpearson
Sorry, but I don't agree with the premise and the first line of your comment.
Much of the rest I do agree with.

The NHS (not "the government" \- which is an emotionally charged noun in this
sort of circumstance) is selling the data. They are in financial difficulty,
yes, but they are also responsible for broad social-health in the UK.

The NHS is in an almost unique position world-wide, in that they have access
to high quality data that can dramatically improve health at an international
level. They aren't, however, a research group. Companies just do research
better than government departments, and finding a balanced way to improve
access to the data and improve social health is critical to the NHS's future
as the population ages.

This is why they are selling health data, imho.

I think there's a balance to be struck. The global and NHS specific
improvements in health need to be balanced against individual privacy.

Unfortunately, the only way to do this is through "pieces of paper" (again, an
emotive term).

It's also worth mentioning that many of these pieces of paper have already
been in place for years, where they have been sharing hospital data. So to
some degree this extends an exiting structure that is already working. It's
just more emotive to many people since it involves a centralised location, and
their local GPs.

I'd rather have a centralised location with oversight fighting down a
multinational, than my local GP trying to manage legal contracts with them.

It's difficult to respond to your specific examples. Some are completely
valid. Some are (imho) not. "Mistakes were made" and mistakes will be made in
the future.

It's complicated, and it's a balancing act. Personally, I think it's the right
balance.

------
optimiz3
Opportunity here for the motivated - the prices seem high, so arbitrage the
price by reselling the data at lower prices to multiple buyers.

Bonus: you could set up a system where a person's data gets cheaper as more
people query it!

(Not for me thanks.)

------
ajb
What would be interesting would be to write up this 'opt out' procedure,
slightly disguised, as part of a research proposal and submit it to the UK
ethics committees. I'd be shocked if they don't all reject it. Any UK
academics - with enough tenure that it won't bork their career - up for that?

------
ed_blackburn
I await the shit storm when a public figures medical records are mined by the
media divulging something controversial.

~~~
pbhjpbhj
People with rare diseases, especially multiples, must be reasonably easy to
deanonymise. Also joining the data with newspaper reports of crimes (perhaps
only ones that are pertinent are mentioned, eg harassment of hospital staff)
or hospitalisations would seem likely to deanonymise quite a few records.

~~~
tomelders
Post code. Date of Birth. Gender.

What more do you need?

------
blueskin_
[http://medconfidential.org/how-to-opt-out/](http://medconfidential.org/how-
to-opt-out/)

~~~
rodh
Hmm. Interesting. I remember when I recently registered with a new doctor, I
was asked directly if I wanted to opt out from my medical information
collected by my GP being digitally accessible by hospitals, etc. I'll have to
admit: I chose not to opt out. Thinking "it's about time they join us in the
digital age!" Plus, from the perspective of my health, this seemed like a
positive move overall.

Of course now that I read a bit more into it, I am less sure. But I do find
the above link a little fear-mongery.

Incidentally, this document has some interesting insight into the position of
the hscic. [http://www.hscic.gov.uk/media/12931/Privacy-Impact-
Assessmen...](http://www.hscic.gov.uk/media/12931/Privacy-Impact-
Assessment/pdf/privacy_impact_assessment_2013.pdf). I am a little tickled by
this statement about preventing the data falling into the wrong hands: "The
Government itself could be considered a pair of 'wrong hands' with questions
raised over whether it would have access and therefore would be able to misuse
or exploit the data".

Not sure how they're mitigating against that risk...

------
jon_black
Let's say I believe that this data truly is anonymised (read: cannot be traced
back to an individual in any way). I still have a problem that MY data is
being sold by SOMEONE ELSE. The opt-out nature of this process stinks. It
feels as though it's someone else's data by default unless I kick up a fuss.

------
dublinclontarf
You can choose to have your information not included, it's an opt out system.

Form is here:

[http://www.connectingforhealth.nhs.uk/systemsandservices/scr...](http://www.connectingforhealth.nhs.uk/systemsandservices/scr/staff/aboutscr/comms/pip/optout.pdf)

~~~
nodata
You are spreading misinformation, almost definitely not on purpose.

Read about the correct opt-out form here: [http://optout.care-
data.info/](http://optout.care-data.info/)

~~~
takeda
And of course you're included automatically, but to opt out it is most painful
way to do it.

And not to mention that you need to know about it in the first place.

------
joshavant
Would this enable the private industry to create services and analyses based
off this cheaply available data?

Yes, it seems heinous at first, but are there legitimate, palatable Big Data
opportunities here, assuming the data is properly anonymized?

~~~
mortov
Did you look at the price list ?

Standard extract – no personal confidential data £9,565

Alternatively for just under £1,000 more :

Standard extract – containing personal confidential data £10,453

They're specifically enticing people to purchase the confidental data version
since it is only 10% extra to get all the juicy information.

Trouble connecting people to their parents, siblings, children, (ex)partners ?
Simple, they'll even do that for you - look at Patient Tracking, Cohort Event
Notification (!) etc.

The value of this data to marketers (e.g. health insurance, private hospitals
- which do exist in the UK, etc. makes the price list charges trivial and
insignificant to just slurp up everything they can and start targeting
people). Want someone to try and sell you cancer insurance 2 weeks after your
mother dies of breast cancer ? Cohort event notification report makes this
simple.

Remember the toothpaste does not go back into the tube - once the data is
sold, it's basically wild and free for all sorts of use and abuse. You have
absolutely no guarantee it will only be used by benign 'good actors'.

edit:spelling

~~~
djpowell
You can't just buy what you want from them without a legitimate legal basis.

[http://www.hscic.gov.uk/dlesaac](http://www.hscic.gov.uk/dlesaac)

~~~
gohrt
Right, you "can't". Just like developers on Facebook's Graph API "can't" use
social graph data for unapproved purposes. Because they signed an agreement.

Contracts are not the same as controls.

------
Osmium
Does anyone know if this is England-only, or if it affects
Wales/Scotland/Northern Ireland too? How does the opt out work if you've been
in multiple areas/GPs/etc.?

~~~
dawson
It's [NHS] England only (currently).

~~~
ghswa
I live in Bristol. I wonder how quickly I can move to Cardiff?

~~~
pbhjpbhj
Well in Cardiff you'll be opted in to organ donation automatically of course.

~~~
nyrina
You say this is a bad thing?

~~~
pbhjpbhj
I think government assuming ownership of [parts of] persons is a bad thing,
yes.

IMO it makes logical sense to either not assume ownership of anything a person
had in life, including their body and allow their family/executors to look
after the remains of their person , effects and assets [the status quo]. Or
you should say that ownership is void on dying and all assets, including one's
body should pass to the state.

It would make far more difference for the state to assume ownership of the
things a person had, houses, bank accounts, than it will make to only assume
state ownership of a persons body _post mortem_.

There doesn't appear to be a consistent argument to compel one to take this
middle ground.

------
angersock
I just threw up in my mouth a little.

Then I started thinking about how to make a dating service using this data--
find all eligible males with your blood type in a given area!

~~~
Fasebook
Oh don't worry, you can "opt out"

------
dawson
Will data be made available outside the NHS?* (PDF) [england.nhs.uk]
[http://goo.gl/CxqFVa](http://goo.gl/CxqFVa)

* FAQ 39.

------
quantumpotato_
You have to email them instead of querying an API?

------
vrikis
So happy I live in Scotland...

~~~
lostlogin
Once you're part of Scandinavia all your problems will be gone.
[http://m.bbc.co.uk/news/magazine-16050269](http://m.bbc.co.uk/news/magazine-16050269)

------
sarreph
£300 for a DVD copy? ...Huh?

------
tonylemesmer
2 words: thumb drive.

