Privacy campaigner Phil Booth of medConfidential discusses how the exploitation of medical data is betraying the public
“This excuse of anonymous data has fallen away. Members of the public need to be aware. While Boris Johnson may be saying ‘the NHS isn’t on the table’… One thing that’s most definitely on the table is NHS patients’ data.”
Who Has Access to my Medical Data?
The current fears of data exploitation surround The Clinical Practice Research Datalink (CPRD), which has been operating for about three decades. The CPRD accesses information from about 20% of patients across the UK through GP practices and sends the data out to a range of customers. They sell this data license for £330,000 a year.
“CPRD has not declared on its website all of the companies they are selling data to, which includes several multi-nation pharmaceutical companies. It has also been made clear that this was not anonymous data. The customers have said that they can identify and follow up individual patients over long periods and are even able to request extracts from a persons on-going GP notes. This is clearly not anonymous. We will be questioning them on this, and if they can’t provide answers, we will look at taking it to the next stage which will be making a formal complaint to the Information Commissioner and the National Data Guardian.”
Medconfidential is a medical privacy campaign founded in 2013, supported by grant funding and donations. The campaign was headed by Phil Booth and Terri Dowty in direct response to the ‘data grab’ threat posed by radical changes to NHS confidentiality.
How Was medConfidential Founded?
I have been campaigning in the areas of medical privacy and data for quite some time. After I stepped down from NO2ID in 2012, doctors got in touch with me to discuss the new legislation passed that year, the health and social care act. They saw some problems buried down in the clauses, deep in the bill. We founded Medconfidential. We campaign to ensure that every use of patients data is consensual, safe and transparent. The problems with the NHS data grab were that they were trying to do it in secret, without an opt-out which fortunately we managed to get. And, as it transpired later in 2014, for purposes involving commercial exploitation.
How Does medConfidential Campaign Against Medical Data Exploitation?
Everything that we do seeks to ensure that data is treated consensual, safely and transparently. On consent, there needs to be an opt-out available that works across the system. The National Data Opt-out, launched in 2018 is a good candidate for being that mechanism.
For safety, we believe in a Five safety model which is a safe setting that protects against possibilities of breach and misuse of data. This must be highly secure and only provide researchers with non-disclosive data.
On Transparency, we push very hard to make sure that everything is publicly published. After 2015, the NHS digital had to start publishing data release reports. We have continued to press for that to be more detailed and comprehensive. We repurpose this to make it more human-readable on our website, theysolditanyway.com. We put it into a format that shows people which institutions have respected their opt-out, and it becomes visible where there have been contractual breaches and breaches of the law.
Why is Medical Confidentiality Important?
Medical confidentiality is fundamentally important because it lies at the heart of the doctor-patient relationship. If you cannot trust that what you tell your doctor will not be shared inappropriately, people will decide either not see a doctor or not to tell them something. This can potentially lead not only to harm for themselves but also to public health. Medical confidentiality is absolutely essential for the trust on which the entire medical profession and health system operates. Cutting across that, whether it be for commercial or governmental reasons, will undermine that trust.
Some people are not comfortable with the idea that their medical records and being used by commercial companies. It’s often claimed that the data sold is anonymous – it isn’t. It is pseudonymised, which is classed as identifiable data under the terms of the law.
We’ve had cases where we’ve had to make companies known to the international commissioner when certain contracts or deals, say with Google Deepmind, are found to be unlawful. I think it is fair enough not to expect your medical history is being fed to an AI without your consent. Some people may be happy with that, and we’re in favour of ethical research, but every patient should know how their data is used and have meaningful choices about that.
For more information see: https://medconfidential.org/