NHS data privacy plans 'flawed'

News by John Walker

Big Data analysis allows identification of individuals via anonymised data.

Controversial NHS plans to transfer patient records from local GP practices into a national database has raised concerns around a claimed lack of adequate security controls to ensure that such sensitive data assets are robustly protected. The NHS project ‘care.data' aims to upload anonymised records onto a centralised national database which will facilitate free access for drug companies, academics, and researchers.

This is yet another example of a government project that has missed its deadline, but on this occasion, it's not because of any technical issues, but is a stall connected to security and privacy concerns around sensitive patient records. But notwithstanding the delay, it is understood that as of January 2015 no further enhancements have been applied to address these concerns.

According to a report co-authored by Professor Ross Anderson of Cambridge University, a major flaw in the plans is indicated. Whilst the data is anonymised and focused towards subject areas, such as drug-prescribing statistics, it is in the bigger picture where the real risk to security and privacy exists. In the area of Big Data, those with access to the database may associate a wider search criteria to a series of patient-related episodes over an extended period of time, which in turn could make it a trivial exercise to identify a living data subject.

According to the Health and Social Care Information Centre the collected data will encompass:

·         NHS Number

·         Date of Birth

·         Postcode

·         Gender

·         Ethnicity

·         Medical Diagnosis

Whilst the NHS has stated that at no time would anyone's name, full address, or notes be disclosed it wouldn't be difficult to create a data-to-person association by exploiting the data-fields which are present in the care.data' database. With such a sensitive data-set there is also an assertion that the access control, and enrolment process to view such sensitive information would be robustly enforced to assure patients that the content is subject to appropriate dissemination, but this is yet another area in which doubt exists.

Sarb Sembhi of STORM Guidance Ltd commented to SCMagazineUK.com: “Here is a clear example of the UK Government not understanding the commercial value of such sensitive data, and they are giving away valuable resources to the international community for free - which in fact could realise millions in potential revenue to fund the NHS.” He went on to say that, with respect to privacy, when he last looked at care.data, the enrolment process was not arduous, and thus could be potentially provisioned to those who may not use the database for its intended purpose.

Tim Holman CEO of 2-sec told SCMagazineUK.com: “The fun starts here for the information security professional, when we have to work out exactly how this data can be securely shared.  It's very sensitive information that insurance companies would just love to get their hands on, and it only takes an insider in the guise of an Ed Snowden to download the whole lot onto a USB stick and sell it to a FTSE 100 pharma company.”

Holman went on to add: “There is of course still the chance to get this right, and I'm not saying it's already broken, but given the size of the NHS, the number of GPs and the number of disparate patient records, then it's likely something WILL go wrong.  Watch this space!”

We live in a society in which data is pervasive, and this state must dictate that the level of care which is exercised over what is made public should consider all options of its potential usage, both good and bad to ensure it is not open to the potential of exploitation for illicit, or other such criminal purposes. What may appear to be innocent information to one person, could represent high-grade intelligence to another.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews