The NHS has admitted that its new medical records database could be vulnerable to hackers or could be used to identify patients maliciously.
According to the Telegraph, the database will include information about past illnesses, medication, weight and blood pressure; information that will be taken from medical files next month and put into a central database. Those behind it said that it will improve healthcare and help medical research, as well as allow access to health researchers and private firms for the benefit of patient care or to enable further scientific advances.
However fears that the data could be misused has raised the concern of family doctors and privacy campaigners, as even though data will be anonymised, a risk assessment by NHS England warned that patients could be “re-identified” if database data is combined with other information.
It says: “While there is a privacy risk that the analysts granted access to these pseudonymised flows could potentially re-identify patients maliciously by combining the pseudonymised data with other available datasets (a technique known as a jigsaw attack), such an attack would be illegal and would be subject to sanction by the Information Commissioner’s Office.”
Chris McIntosh, CEO of ViaSat UK, said: “Moving patient data to a centralised database naturally has its risks and while information needs to be useable it also needs to be secure since health records will inevitably be seen as a lucrative target for hackers. Sensitive information like this can be used by malicious parties for blackmail and extortion both now and even years down the line. As such, the NHS needs to be doing all it can to ensure it has all the safeguards in place, both for the sake of public trust, and to avoid the risk of fines from bodies like the ICO.
“We only need to look at some of the data breaches within the NHS from the last couple of years to see some of the financial penalties involved with the mishandling of data. In order to avoid fines worth hundreds of thousands of pounds in the future, the NHS needs to ensure that all the information in its new database is encrypted, and patient confidentiality is preserved as we move into the age of digital health services.”
A recent YouGov poll by SumOfUs.org found that 65 per cent of respondents to a petition were overwhelmingly opposed to their personal medical history being sold to medical and private companies.
Martin Caldwell, UK campaigner for SumOfUs.org, said: “It doesn’t really get more personal than what you discuss with your doctor. They know some of the most intimate details about our lives. If this information is matched up with other publicly available data, there is a risk that individuals could be identified. The consequences for ordinary people potentially could be huge.”