NHS hospital records of nearly 50m patients sold to insurers

Feb 24, 2014

News comes days after controversial plan to share NHS medical records from GPs was put on hold

MEDICAL records for every NHS hospital patient in the country have been sold for insurance purposes, according to the Daily Telegraph. The Staple Inn Actuarial Society, a major organisation for UK insurers, reportedly obtained 13 years of hospital data, covering 47 million patients. It includes data for all hospital in-patient stays between 1997 and 2010, tracking the medical histories of patients identified by date of birth and postcode. By combining the hospital data with socio-economic profiles, the society says it was able to better calculate the likelihood of certain diseases, in particular lung cancer. As a result, the Telegraph says "most" customers below the age of 50 faced an increase in insurance premiums last year.
The revelation comes just days after controversial plans to share NHS medical records from GPs were put on hold for six months. NHS England was due to begin compiling the Care.data system in April, but the work will now begin in the autumn following concerns that the public have not been properly informed about how their private data will be used.

What is the new database?

Care.data will be a giant database of medical records showing how individuals have been cared for across the NHS. So far this information is only available from hospitals, but NHS England wants to extend the project to GP surgeries. The data would include details such as family history, vaccinations, referrals for treatment, diagnoses and information about prescriptions. It might also include a patient's blood pressure, body mass index and cholesterol levels. The patient's date of birth, full postcode, NHS number and gender, but not name, will be used to link their GP and hospital records on the system. Once this information has been linked, a new record will be created, which has been stripped of identifiable data and will include only the patient's gender, age group and home area. However, any third party organisation can apply for those safeguards to be lifted in exceptional circumstances, such as during an epidemic or with the permission of the health secretary.

What would the NHS database be used for?

Basically, it will be a research tool. The database is designed to help researchers better assess diseases, examine new drugs, identify infection outbreaks and monitor the performance of the NHS. Medical experts will be able to better understand the causes and outcomes of illnesses and develop new treatments, says NHS England, and therefore improve patient care.

Why are critics against the database?

Concerns have been raised about keeping such a large amount of data in one place, making it vulnerable to data breaches or hackers who might be able to identify individual patients. Critics have also raised privacy issues, with the prospect of data being shared with organisations outside the NHS. Individuals can opt out of the project, but there has been widespread criticism that the public has been "left in the dark" over the plans. NHS England organised a mass mail-out to every household in England at the start of the year, but the leaflets were not addressed to individuals and did not contain an opt-out form. A BBC poll of 860 people found that fewer than a third could recall receiving them. The British Medical Association and the Royal College of GPs have backed the project in principle but said NHS England needs to do more to guarantee "the support and the consent of the public".

Why has it been delayed?

NHS England has conceded that the project needs to be better publicised. A spokesman said the delay would allow more time to build public understanding of the benefits of the system, explain what safeguards are in place and show people how to opt out if necessary. The communications campaign might include high-profile television and radio advertising to raise awareness.

Can the GP data be sold to insurers?

Those in charge of the new database have repeatedly said it would be illegal for information extracted from GP files to be sold for insurance purposes. Referring to the sale of hospital records, the Department of Health said the rules changed last year so "this would no longer be allowed". A spokesman added that "information like this can only be accessed now if there is a clear benefit to improving health or health systems". Nevertheless, Phil Booth, from privacy campaign group medConfidential, said today's revelation "blows out of the water the idea that patients' privacy is being protected".

Sign up for our daily newsletter

Disqus - noscript

Is anybody naive enough to believe that anybody with money will not be able to buy any NHS records that they want

when the NHS was going to be fully online a few years ago medical records were sent to india to be transcribed, before being bought back because they did an utterly woeful job. They'll have sold them.