British Patient Data ‘Uploaded To Google Servers'
By Christine Kern, contributing writer
Entire start-to-finish HES dataset across all three areas of collection – inpatient, outpatient, and A&E – now online, patient data linked to Google maps
Healthcare IT Outcomes previously reported fierce opposition from patients and doctors had sparked a six-month delay in the implementation of a controversial British NHS project to harvest data from medical records. The delay was enacted to ensure communication to the public of the purposes for which their details will be used and how they can opt out.
The controversy has intensified according to The Guardian, which reports the Health and Social Care Information Centre admitted giving the insurance industry the coded hospital records of millions of patients, using pseudonyms, but re-identifiable by anyone with malicious intent. The data was used by actuaries to calculate the likelihood of death depending on various features such as age or disease, to help inform insurance premiums.
Now, The Guardian reports, the entire NHS hospital patient database for England was handed over to management consultants who uploaded it to Google servers based outside the UK. The patient information had been obtained by PA Consulting, which claimed to have secured the "entire start-to-finish HES dataset across all three areas of collection – inpatient, outpatient and A&E."
The data set was so large it took up 27 DVDs and a couple of weeks to upload. The management consultants said, "Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds." These startling revelations have raised questions about how Google maps could have been used unless some location data had been provided in the patient information files.
The issue of which organizations have acquired medical records has been at the center of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments, and private health providers had either obtained or attempted to obtain patient data. Additionally, a Hertfordshire-based online mapping company, Earthware, claimed to allow users to locate areas in England that a single individual had gone for specialized treatment. The service was closed down as Health authorities launched an investigation into the site amid concerns it had apparently acquired millions of identifiable patient records without regulatory scrutiny.
This whole story proves what The Guardian had pointed out last summer when it wrote, “There’s one rule of thumb that should be borne in mind whenever any data-protection proposals are on the table: Any time someone speaks of relaxing the rules on sharing data that has been ‘anonymized’ (had identifying information removed) or ‘pseudonymized’ (had identifiers replaced with pseudonyms), you should assume until proven otherwise that he or she is talking rubbish.”
Anonymizing data is a sticky wicket. When it comes to anonymizing, there are three high-profile failures that get widely cited: AOL’s 2006 release of anonymous search data; the State of Massachusetts’ Group Insurance Commission release of anonymized health records; and Netflix’s 2006 release of 100m video-rental records. In each case, researchers showed how relatively simple techniques could be used to re-identify the data in these sets, usually picking out the elements of each record that made them unique.
The lesson here for Americans is that the devil is in the details. As we move to digitize records and increase exchange of healthcare information electronically, it opens the doors to abuses, breaches, and mistakes.