The opt-outs from care.data, the government’s centralised patient information database, will not remove patients’ details from the system, as promised, according to Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory.
Instead, all patients’ clinical data will be uploaded as a single record, with only name, date of birth and postcode removed. “The government will simply pretend this is anonymous, even though they well know it is not.
This is clearly unlawful,” wrote Anderson in a University of Cambridge blog.
The non-opt-out is required because care.data will also be used to pay bonuses to GPs for hitting central government healthcare targets.
For example, for vaccinations or particular treatments for patients with particular ailments.
However, so-called anonymisation rarely works in practice because patient records will have plenty of other information that can be used to identify individuals.
For example, although postcodes may be removed, the GP’s name and surgery will still be in there – effectively highlighting a patient’s location anyway.
The decision was made in late-January, according to Anderson, suggesting that NHS England and the Health and Social Care Information Centre (HSCIC) are still making up the specification just one month away from when uploading of patient data from GPs’ surgeries to care.data is due to start.
It has also been revealed over the weekend that police will have access to the care.data information – without even requiring a warrant or court order.
Anderson, a respected cryptographer, has campaigned on computer privacy issues in the past.
He believes that care.data in its current form is unlawful. “Our advice is to opt out anyway while we lobby ministers to get their officials under control, deliver on Cameron’s promise and obey the law.”