Friday, October 27, 2006

When we say "opt out"...

You really need to read this if you want to understand what the controversy over the NHS Care Records Service is about. The aforementioned Professor of Security Engineering at the Cambridge Computer Laboratory, Ross Anderson, has given us permission to reproduce his email explaining why the government's offer of an opt-out is misleading:

"Unfortunately, the 'opt-out' offered by Lord Warner isn't what it seems. He is referring simply to an opt-out from some data sharing. If this is the only option you exercise, then your medical data will still be stored on the national database and your dissent from information sharing can and will be overridden for a whole host of purposes.

"It also may not work, as the access control software still has to be written and tested; some systems folks say privately that it can't be done given the architecture they're committed to and/or the fact that the project is years late and struggling. Your data will be centrally available for some years before the privacy controls arrive, if they ever do.

"There is also no plan for the software (even if it's written, works and is installed) to control access to everything; scanned images, for example, will not be protected. And lots of people will be able to override the access controls - the police and others using judicial powers, any physician who says it's an 'emergency', and officials for secondary uses such as audit, cost control and health service management.

"Data may also be released if it's declared to be 'anonmyised' (even though removing names and addresses from records is rarely enough to stop a patient being identified). Patients may also be bullied to access their records by PC from home (battered wives, teenagers etc) and lose privacy that way.

"So the "opt out" the minister is offering is not really an "opt out"at all. That is why there's a conflict with the genuine "opt in" which the BMA is demanding.

"The issue is further confused by the existence of other "opt out" options. For example, you can ask to be "stop-noted" on PDS (the NHS central address book) if you do not want your real home address and phone number to be available to the NHS's hundreds of thousands of employees. This is prudent for celebrities, battered wives, people in witness protection and so on. However, the systems are being designed so that if you get stop-noted, you will not be able to get electronic repeat prescriptions or use NHS Direct.

"Another example is the NHS Secondary Uses Service (SUS) which contains summaries of all hospital treatment going back several years. You can apply to opt-out from this under section 10 of the Data Protection Act, if the prospect of large numbers of people having access to, e.g. a sensitive record of a pregnancy termination, causes you distress.

"Behind this fog of confusion and complexity, the government is building a system that will centralise the nation's medical records and make them available to administrators, researchers and others. Perhaps fortunately, the project is getting bogged down. For more on the project's problems see "

Ross Anderson


Post a Comment

Links to this post:

Create a Link

<< Home