In February this year, it was reported that the U.K government was planning to “sell” the medical records of the entire population to drug and insurance firms with a view to allow payers to serve the public more efficiently, and pharma organizations to better target their life-saving new drugs. A single database (care.data) of medical data of the U.K population mined from general practitioner and hospital records was created for the purpose. The information available for sale would include the smoking and drinking habits of patients, diseases such as cancer, mental health conditions etc.
Privacy experts did raise their bristles warning that the public will have no way to find out who had access to their medical details and how their healthcare information would be used. The information disclosed would contain NHS numbers, postcode, date of birth, ethnicity, and gender. The concern was that the information could not be made completely anonymous though a process called ‘pseudonymisation’ that involved the scrubbing of some personal identifiers was carried out.
Close on the heels of the above report, came another report in February itself that revealed the fact that healthcare details of almost 50 million NHS hospital patients were sold for insurance purposes. Patients were apparently kept in the dark about this.
There have been reports that almost 13 years of hospital data covering millions of patients was obtained by a major insurance society in the UK with the view to help companies “refine” their premiums. The Staple Inn Actuarial Society said it was able to use NHS data covering all hospital inpatient stays during the period 1997 – 2010. This helped them trace the medical histories of patients, combine the details obtained with info from credit ratings agencies that record the lifestyle habits of millions of consumers. This data was used to advise companies how to refine their premiums. It is said that the details were collected from Hospital Episode Statistics (HES) that is an information system that has been collecting data from hospital systems since the 1980s.
According to an NHS spokeswoman, care.data is a totally new initiative commissioned by NHS England from the HSCIC (Health and Social Care Information Centre). It will start in Fall this year, and collect data from general practice and safely link it to hospital data in order to improve services for patients. With care.data, patient information can be used only with regard to benefits for patients, and any other kind of use would be unlawful. The spokeswoman assured that no data would be made available for selling or administering any kind of insurance. Assurance was given that the patient details completely protected and would not identify any individuals.
Payers usually need patient healthcare records when it comes to settling injury claims. In such cases they can legally request for the release of these records for purposes of medical record review and appropriate claim settlement. As legal evidence, medical records have great value and need to be protected. When governments take decisions such as the above, the concern remains whether they can ensure adequate protection and confidentiality to the healthcare data and prevent any kind of misuse.