Thing is, it's not the NHS doing this, it's this government.
It is this time, but under the colour they're all "chums", certainly not "chumps" as some appear.
Thing is, it's not the NHS doing this, it's this government.
It could be just apathy, but how long before you can just google someones medical record out of the cloud?
Weeks rather than years I suspect!
I say this as an NHS admin worker, with legitimate access to patients' medical histories - but there is no generally accessible, central repository containing the records of all NHS patients (or even just NHS England). It would be possible, the NHS number would be an ideal tracking method, but the cancellation of NPfIT stopped the move to a shared electronic health record (EHR).The other thing is, anyone with an NHS smart card, has total access to your/our info.
I think a higher level should be needed to access anything other than basics.
though I agree that's probably harder to do than tripe.
Any company, insurance or otherwise, attempting to use partially anonymised health data (e.g. postcode, date of birth etc) supplied by care.data (or any other source) in an attempt to identify the person that health data belongs to is likely breaking the Data Protection Act; namely Principles 1, 2 and 6.
Once the cat is out of the proverbial bag, I'm not sure what happens to the data should someone be caught using it against the terms under which it was licensed. I hadn't considered that.So, they might be caught, they would be fined (it might be worth it) but the data is still out there somewhere...
To be fair, all crime is punished retrospectively. To punish before the crime has been committed is reminiscent of a Philip K Dick short story.... We lost it before we even knew about it, and laws are fine, but they don't stop anything, just maybe punish afterwards.
You'd hope the "up to" £500,000 fine per breach would be enough of a deterrent for the company. Or am I just being naive?
You'd hope the "up to" £500,000 fine per breach would be enough of a deterrent for the company. Or am I just being naive?
You're not being naive, and it would certainly put me off.:Biggrin2:
But you have to know about it, then prove it, and then there's the "up to". The real deterrent may be the "per breach" and how it's defined.
E.g is a breach one record, or one database, to take extremes. Depending on that, it may be an "affordable" risk, or even an investment,
to an insurance, or drug company. Insurance premiums could be slowly increased for some individuals according to potential risk, or just declined.
They do that already, but the knowledge will allow more precision, and be difficult to prove...
This isn't my area, and the annual NHS training focuses on responsibilities under DPA and FOI rather than what happens when it goes wrong, but I was under the impression a breach was per person, per event. e.g. someone selling the reason behind a celebrities recent attendance to hospital to a newspaper would count as one breach, where as the lost of a single USB drive that contained the entirety of several patients' medical histories would count as multiple breaches.Maybe you just didn't run the numbers? Think bigger Let's say 10 million records 'escape' to a sales operation, on a typical conversion rate of 1% and an average profit of £50 that would be £5,000,000 which makes the 'up to' fine a bit of a joke.
Of course the demographic data etc. will probably make the conversion rate higher and they'll probably go for a higher value sale.
https://en.wikipedia.org/wiki/Data_Protection_Act_1998#Complexity said:The UK Data Protection Act... has a reputation for complexity.
Quite rightly, clinical staff would rather look after patients than fill forms and tick boxes. So certain admin staff - such as myself - need some access to your medical record.I want my medical information on tap, to any medical person, for any medical reason, and my personal treatment.
That makes perfect sense to me, but there it should stop. There will be individual errors, we all make them, but widespread sale is another matter.
I say this as an NHS admin worker, with legitimate access to patients' medical histories - but there is no generally accessible, central repository containing the records of all NHS patients (or even just NHS England). It would be possible, the NHS number would be an ideal tracking method, but the cancellation of NPfIT stopped the move to a shared electronic health record (EHR).
For what it's worth; I can see the records from our hospital trust and the GP data for patients in the area. Other trusts, might share data with one another if they have the same patient administration system (PAS). But this would be a local setup and not the norm.
However, I was always under the impression that data sent to HES and SUS were anonymised. This doesn't seem to be the case, and I wonder if it changed with the move to Payment by Results (PbR) in the mid 2000's or if the person that told me they were anonymised was mistaken.
Any company, insurance or otherwise, attempting to use partially anonymised health data (e.g. postcode, date of birth etc) supplied by care.data (or any other source) in an attempt to identify the person that health data belongs to is likely breaking the Data Protection Act; namely Principles 1, 2 and 6.
Have you got a source for that, because this is from the horses mouth as it were:I was not talking about how things are now. but how things were planned to be. selling personal NHS data was one things that was directly stated as an aim of the changes.
and IF it is implemented, any holder of an NHS smart card would have full access to all your health records.
I don't care if most are honest. there should still be a graduated access system based, on the necessity for information relating to your current stay or treatment...
http://systems.hscic.gov.uk/rasmartcards/strategy/outlineuse said:Individuals are granted access to patient information based on their work and level of involvement in patient care. This means that, for example, someone working in an administrative role rather than a clinical one might only be able to see the demographic information needed to process an appointment, not the full clinical record.
As an NHS staff member, I'm supposed to stay politically neutral... The speed at which the government halted and then delayed the introduction of this system. makes the cynic in me think it just another way the Troys are using to sow mistrust, of the NHS, amongst the electorate.
leading eventually to its destruction.
because , lets face it, people who can't afford the treatment, should not get treated right?. it's a basic Tory mantra ever since the inception of the NHS.
So you can see why career politicians felt so comfortable with them.:Biggrin2:ATOS have a proven track record of Incompetence, Inefficiency, Mendacity, Non-Compliance and Failure !! And of course a large number of the British Public have no Trust in them.!
So you can see why career politicians felt so comfortable with them.:Biggrin2:
Yet, despite all this occurring they continue to be awarded new multi Billion Pound Contracts !!!
Surely something underhand must be occurring for this to be the case. In my opinion, the problems must not only be occurring in these Companies but also in
the Civil Service Departments awarding these contracts.
We use essential cookies to make this site work, and optional cookies to enhance your experience.