NHS Connecting for Health (CFH) are conducting a public consultation about sharing medical data for research and other purposes. I've filled it in in a bit of a hurry since I'm buried in various things again but I'm hoping the consultation gets a large and informed response.
At several points the survey claims that patients have no legal right to control information they have given the NHS about themselves once it has been anonymised. Thanks to Nicholas Bohm via the ORG list for pointing out that as a matter of law this claim is false. Information given in confidence may not be used or disclosed except for the purpose for which it was supplied unless the person supplying the information gives their consent.
The consultation also contains several underlying questionable assumptions. It talks about data being held in sealed envelopes. AFAIK these electronic sealed envelopes still don't exist and some of the proposed versions of them are not very secure. Richard Clayton and Ross Anderson at Cambridge University would be the people to check that with. The consultation also seems to seriously underestimate the real practical complexities of securing large amounts of medical data across a range of big networked databases.
They are suggesting setting up an office of an "Information Custodian" essentially to manage the sharing of medical data for a variety of purposes and "some of the tasks the Information Cusotdian might do" would be:
• manage the way patient data is anonymised
• link data from different sources using a code and then remove the identifiers
• perform data quality checks
• receive applications from researchers and others who want to use patient data and decide which ones to allow
I noted some concerns about this in my own rushed response:
"The idea of setting up such an office, the purpose of which is to be responsible for making patient data available for uses other than patient care, undermines the whole basis of medical privacy and patient doctor confidentiality. The nature of bureaucracy is also such that were such an office to exist the pressures to open up access to patient data would be difficult to withstand."
Towards the end they asked for suggestions on a list of organisations they should consult about the data sharing plan. I suggested about 25 including FIPR, ORG, Privacy International, the BMA, the Royal College of Nursing, the BCS, the Association of Medical Research Charities.