Praising the Grauniad!
November 1st, 2006Normally, discussion pieces leave us with that empty feeling of, ‘yes, but what are you going to DO about it?’.
Well, here’s a piece – the leader piece in today’s online Grauniad – which fills that gap.
Warning over privacy of 50m patient files
Call for boycott of medical database accessible by up to 250,000 NHS staff
!!! Immediate, and so unexpected as to be almost missable, is the link to The Proposed Solution.
David Leigh and Rob Evans
Wednesday November 1, 2006
The GuardianMillions of personal medical records are to be uploaded regardless of patients’ wishes to a central national database from where information can be made available to police and security services, the Guardian has learned.Details of mental illnesses, abortions, pregnancy, HIV status, drug-taking, or alcoholism may also be included, and there are no laws to prevent DNA profiles being added.
The uploading is planned under Whitehall’s bedevilled £12bn scheme to computerise the health service.
After two years of confusion and delays, the system will start coming into effect in stages early next year.
Though the government says the database will revolutionise management of the NHS, civil liberties critics are calling it “data rape” and are urging Britons to boycott it. The British Medical Association also has reservations. “We believe that the government should get the explicit permission of patients before transferring their information on to the central database,” a spokeswoman said yesterday.
And a Guardian inquiry has found a lack of safeguards against access to the records once they are on the Spine, the computer designed to collect details automatically from doctors and hospitals. The NHS initiative is the world’s biggest civilian IT project. In the scheme, each person’s cradle-to-grave medical records no longer remain in the confidential custody of their GP practice. Instead, up to 50m medical summaries will be loaded on the Spine.The health department’s IT agency has made it clear that the public will not be able to object to information being loaded on to the database: “Patients will have data uploaded … Patients do not have the right to say the information cannot be held.”Once the data is uploaded, the onus is on patients to speak out if they do not want their records seen by other people. If they do object, an on-screen “flag” will be added to their records. But any objection can be overridden “in the public interest”.
Harry Cayton, a key ministerial adviser, warned last month of “considerable pressure to obtain access to [the] data from … police and immigration services”, but he is confident that these demands can be resisted by his department.
Another concern is the number of people who can view the data. The health department has issued 250,000 pin-coded smart cards to NHS staff. These will grant varied access from more than 30,000 terminals – greater access for medical staff, and less for receptionists. Health managers, council social workers, private medical firms, ambulance staff, and commercial researchers will also be able to see varying levels of information. Officials say the data will be shared only on a need-to-know basis. But Guardian inquiries show a lack of safeguards.
Although data protection laws supposedly ban unnecessary build-ups of computer information, patients will get no right to choose whether their history is put on the Spine. Once uploading has taken place, a government PR blitz will follow. This will be said to bring about “implied consent” to allow others view the data. Those objecting will be told that their medical care could suffer.
The government claims that computerised “sealed envelopes” will allow patients selectively to protect sensitive parts of their uploaded history from being widely accessed. But no such software is yet in existence.
It is being promised for an unspecified date. Some doctors say “sealed envelopes” may be too complex to be workable. The design also allows NHS staff to “break the seal” under some circumstances. Police will be able to seek data, including on grounds of national security. Government agencies can get at records, according to the health department, if “the interests of the general public are thought to be of greater importance than your confidentiality”. Examples given of such cases include “serious crime and national security”.The department’s guidelines say: “The definition of serious crime is not entirely clear … Serious harm to the security of the state or to public order, and crimes that involve substantial financial gain or loss will … generally fall within this category.” The health department says confidentiality can already be breached in such cases.At present, police have to persuade a GP, who knows the patient, to divulge limited facts, or insist on a court order.
Under the new system, data may be disclosed centrally and anonymously, at the touch of a button. Health department privacy advisers say they do not wish to allow police to have clinical information. But they are prepared to disclose patients’ addresses.Another safeguard initially promised was that all patients would be able to check their records on the internet for mistakes. But a system involving the issue of smart cards to patients has not yet been tried out.
Current criminal penalties are so weak they have failed to stop tabloid journalists and private detectives raiding such data on an industrial scale, according to a recent special report by Richard Thomas, the information commissioner.
Sir John Bourn’s National Audit Office also wrote a recent report warning of significant concerns among NHS staff “that the confidentiality of patient information may be at risk”. But officials persuaded the NAO to delete the warnings in the published version.The original draft said: “Patient confidentiality remains a controversial issue among critics … both as regards the adequacy of the planned safeguards to protect information, and whether patients should have a right to opt out of having their information recorded”.
Stunning! That those charged with serving your best interests treat you with such open contempt. You are meat. You are data. You are a commodity belonging to the nation, and anything you have or hold can be stolen and sold for ‘the public interest’. Are you ready to sold?
So, coming back to the good and bad of this article… it is a good stand-alone piece. However, no database now stands alone. It is clear from the above how police, immigration et al want access to every detail of peoples lives. This cannot be pointed out strongly enough. And it must be resisted with every fibre.
No apathy, apathy is complicity. No compliance, compliance is treachery. No NIR registration, registration is slavery.
What can you do? Today, against this NHS database, you can go back to the top and follow the link.
November 1st, 2006 at 2:29 pm
“What interest
November 1st, 2006 at 3:29 pm
Vaccination records…
These statistics are available on a gross population level. No personal details needed. Whether YOU personally are vaccinated and against what is your business.
With this database information available, your kids may be refused entry to nursery/school if you haven’t made them have the jabs. For example.
November 1st, 2006 at 5:39 pm
And that is why they want this information and that is the justification they will give for breaking these imaginary seals.
Now, in a perfect scenario, if you were tempted to roll out a system like this, first of all, you would give each ‘customer’ the choice of wether they wanted their data on the spine or not. Then, each ‘consumer’ is issued with a card that contains their gpg public key, which needs a pass-phrase to unlock any part of their medical records. That means that HMG can have all your data on the spine, but its useless unless the cardholder has swiped and unencrypted the ‘irdial envelope’. It means that HMG is reduced to being a data storage body, and YOU the patient customer has control of who gets to read your stuff, since its encrypted to your private key.
If you lose your key, your records are toast. This is the only way we can have a project like this silly Spine and retain absolute privacy. If your records are encrypted with a safety key so they can be unlocked in an emergency, then they are not private at all, since this system is open to abuse. If you are forced to escrow your private key and pass-phrase, the system is insecure, since these escrowed keys can be used ‘behind your back’ to get at your stuff.
The fact is that there are many ways a ‘Spine’ like this could be used to increase efficiency without compromising privacy, but the fact is that this system was designed with the intention of being a privacy violating instrument.
We all know that it is far more efficient for each GP office to be kitted out with off the shelf hardware running standards compliant open source software with record keeping in non proprietary formats, interchangeable via XML. That way, the networked, non centralized way, everyone benefits and no one is allowed mass unmonitored access.
Let me show you how it works.
If you are sick and are being sent to the hospital, your GP simply gives access to your records to the person who is in charge of you at the hospital. She logs into your GP office network over the internet and can see your records. When your operation is over, your GP block access to your records again, which is the default setting for her office and all offices up and down the country.
That is a clean, hygienic way to control patient records; in a distributed, case by case basis where access is granted manually, and only where needed. It makes leaking information traceable. It puts the onus on your GP. You know who and why your medical records are being accessed. You can control your records with the assistance of your doctor.
And its cheaper to roll out, and is more likely to actually work.
This mass agglomeration that HMG is obsessed with is brain dead, uncreative, vendor driven and simply inSaNe.