I think there is confusion amongst some commenters here. This comes from reading a large amount of literature from the relevant pages on the NHS / Health and Social Care Information Centre (HSCIC). The HSCIC are basically a repository in Leeds, where all this information will be stored.
Your GP records are going to the HSCIC as pseudoanonymised information, which as has been said does indeed include your NHS number, date of birth and postcode. The HSCIC will then build up a database of this information. They can indeed pass on certain of this information to certain external interested parties, although when they do this the data becomes truly anonymised as opposed to pseudoanoymised. You can read about this in the NHS published guidelines (although not in the rather patronising leaflet), as well as from the documentation of the HSCIC and the government itself.
To quote the HSCIC:
we take out details that could identify you before we make any information available
At the NHS:
there are no personal details such as your date of birth and postcode included... We would never publish this type information because there is a risk that you might be identified.
The HSCIC can only release identifiable information when (1) you specifically ask them to, or (2) hypothetically, when there is a national emergency such as a highly virulent pandemic. This would require a legal process.
Regulation 5b allows the Secretary of State for Health to disclose confidential patient information for any medical purpose. No need for a national emergency.
Bespoke extract – containing personal confidential data
Annual Service Charge: £300
Per data set per year £262
Per additional year (per data set) £64
Either that's an incredibly bad title for that particular service, or they're selling data containing 'personal confidential data'. I'd like to know a little bit more about what that actually is.
> Personal confidential data is data in which individuals are clearly identified, or there is a high risk of individuals being identified. This includes patient identifiable data, such as: NHS number, Name, Adress, [...] Personal confidential data also includes sensitive data which may include items such as: Racial or ethnic origin, Political opinions, Physical or mental health condition, [...]
Imagine a researcher working on suicide prevention. We have good suicide statistics in the UK. The publicly released data contains some gaps. Where less than 5 people die by suicide in an area you only get the numbers of people that died and not any ages or genders. That's because it is possible to identify an individual if the age and gender is released.
But for our researcher these bits of information are important, so they apply and are assessed and they get access. And now their stats will include the age ranges and genders for the towns with less than 5 deaths.
Note that names or postcodes or etc are not included. Just the number of people dying by completed suicide; their age range; and their gender.
Medically identifying is inerpreted broadly because we know about the risks of seanonymizing data, and so small details can be identifying and not released without cautious assessment.
If you read the PDF: "Bespoke extract – containing personal confidential data: A one-off extract tailored to the customer’s requirements of specified data fields containing patient identifiable data, sensitive data items or both."
The NHS has a lot more experience of anonymising data. They employ real scientists and statisticians. When they take pseudoanonymous data and anonymise it I am confidant that it is going to be hard to turn it into identifying data. They release it to approved researchers. And someone who deanonymises that data risks criminal prosecution - depending what they do with it.
You seem to think that the NHS is releasing all this information.
It is not.
GPs send this "pseudo-anonymous" information to HSCIC. The HSCIC needs the extra information to create statistically useful cohorts. The HSCIC control access to that data. The HSCIC do some of their own statistics work and they release the results (but not the data sets!) which are often reported in UK news. Researchers, after being assessed, get access to anonymised sets of data. Researchers do not get all the information, but get an anonymised version of the pseudo anonymous data.
Note that reports released are also carefully anonymised.
You also seem to think that your GP holds your full medical history which is laughably wrong.
> Researchers do not get all the information, but get an anonymised version of the pseudo anonymous data.
Where are you getting this information from? Because the price list seems to say that there's identifiable data. Do you have some evidence to the contrary? Just saying "It is not" isn't really enough to go on.
> You also seem to think that your GP holds your full medical history which is laughably wrong.
It isn't laughably wrong at all. They do have your full medical history, either in paper form and/or on a practice management system like Emis. Sometimes you may have moved from one GP to another, and the old GP would print the record to paper and the new one would scan it in, therefore losing the Read clinical-coding (Yeah, for real!). Worst case, you move GPs and your record gets lost. In those cases the next time you go to your GP he/she will ask for your significant medical history, drug history, allergies, family history etc.
So even without storing everything your GP has all the pertinent facts about you. Those facts when in the wrong hands ...
Disclosure: I develop a practice management system used in the NHS and private sector in the UK.
But there are various safeguards in place for who can get database extracts containing personal data. The typical case is that all patients affected first need to sign a consent agreement. They charge a fee to cover the cost of processing the application.
In general, I'm kindof annoying with whoever submitted this URL to hacker news. I guess there are various complaints one can make about this system, but showing the price list in isolation seems calculated to just cause outrage without understanding...
I thought that your GP did hold your full medical history. I did some work doing data entry for a GP, and most patients had their full medical history on file at the surgery - in both physical and digitised form for the majority.
J_smudger 24 January 2014 3:00pm
I think there is confusion amongst some commenters here. This comes from reading a large amount of literature from the relevant pages on the NHS / Health and Social Care Information Centre (HSCIC). The HSCIC are basically a repository in Leeds, where all this information will be stored.
Your GP records are going to the HSCIC as pseudoanonymised information, which as has been said does indeed include your NHS number, date of birth and postcode. The HSCIC will then build up a database of this information. They can indeed pass on certain of this information to certain external interested parties, although when they do this the data becomes truly anonymised as opposed to pseudoanoymised. You can read about this in the NHS published guidelines (although not in the rather patronising leaflet), as well as from the documentation of the HSCIC and the government itself.
To quote the HSCIC:
At the NHS: The HSCIC can only release identifiable information when (1) you specifically ask them to, or (2) hypothetically, when there is a national emergency such as a highly virulent pandemic. This would require a legal process.http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Pa...
http://www.hscic.gov.uk/article/3399/Rules-for-sharing-infor...
Or if you have a hour to spend read this:
http://www.hscic.gov.uk/media/12931/Privacy-Impact-Assessmen...
... or perhaps just sections 3.3.4. and 3.3.5.