700,000 patient health records shared by HSCIC despite explicit written objections from every one of those people.
The body responsible for releasing NHS patient data to organisations including insurance companies has admitted information about patients has been shared against their wishes, it has emerged.
Requests by up to 700,000 patients for details from their records not to be passed on, registered during preparations for the creation of a giant medical database, have not been met.
But the Health and Social Care Information Centre (HSCIC) told MPs that it ādoes not currently have the resources or processes to handle such a significant level of objectionā and it also encountered technical issues over logging the preferences.
The UK āCare Dataā program is a sham and a shambles, and this contempt for patient privacy and safety - apparently because they couldnāt handle the massive number of objections from patients - underlines the need for individuals to have direct control over who can access their data, in all fields, not just the NHS. For example, see: My Health SAFE (Programmer/coder Questions)
Governments and corporations can not be trusted to protect our data from theft, abuse, or even to keep their word on how it will be handled.
Their servers are always going to be vulnerable, and centralising data this way makes them an irresistible, high value target. This was demonstrated yet again yesterday, as the US government revealed the theft of 4 million government employee personnel records, which included sensitive personal and security information, including security clearances back to 1980.
Assume that data can be controlled by the patient.
You go to the hospital, let them use it, and in order to do that, they need to make a copy. The same or next day, a copy leaks out.
Or, someone falls in coma, they send him to the hospital where no doctor can access his data.
It may be decades before improvements are made to the current processes.
One copy leaking it is unfortunate, but much less likely, and far less of an issue than the kind of bulk data thefts, or deliberate sharing, that are becoming routine.
The coma situation and so on are issues that need to be balanced, and can be addressed if necessary, without putting all patient data on one central database accessable remotely by thousands, and shared for unknown purposes, to unknown bodies, or sold off to corporations without individual consent - as in the OP.
Simply decentralising would make things more secure.
I donāt assume thereās any problem that canāt be solved while creating a system that makes personal data much more secure.
In the present setup, centralising creates such a high value target that it is impossible to defend. Not just against theft and hacking, but even against placing too much temptation in the hands of those in charge, to abuse, sell etc (legally or otherwise). Two very clear centralisation risks.
If you donāt agree centralisation is a fundamental problem, what do you see as the value of SAFENetwork?
I said that it will take decades before new decentralized technologies can integrate with government-organized healthcare.
For any technology to be used by the government (or in āpublicā healthcare) it must be certified/validated/approved by the govāt.
Decentralization is necessary and SAFENetwork can help. Iām pointing out that the bottleneck is not the technology, but the system.
Certainly it will take some time, but in decades it will be irrelevant. I think is itās feasible for things to happen quickly, not least because SAFENetwork or similar technology will either fail or prove itself quite quickly. Once it is working and there is a platform that delivers as we expect, all it requires is for developers to get wise to what they can do with it. It will be such stand out, and easy to apply tech, that things could happen very quickly after launch.
Weāve seen what happened with the web between 1994 and 2004 (Netscape 1.0 was 94). I think this will move much quicker. Governments wonāt be the first, but that doesnāt mean it will take decades.
Here in the US it happens every day with the current corporate caretaker role where personal health information (PHI) is used as leverage to keep patients in their system and also to keep doctors stuck in a system controlled by the corporate body. It is almost impossible to get complete, update information about patient when they have been seen by providers in other systems. I get random faxes of copies of copies of information about patients that make it obvious Iām only getting a fraction of information they have on my patient who wants me to view all of the info like labs, imaging, previous procedures.
I think this loss of privacy between patient and provider (doctor) is the most destructive element to modern computerized medical technology. This myth that PHI controlled by the individual is impossible because of cost, security, and dependability is quickly dissipating as SAFE becomes better understood. I predict personally controlled health information (PCHI) is so disruptively innovative it will be unstoppable and will likely be demanded by patients and creators of PHI (Like doctors). I can tell you as a medical provider I donāt want the caretaker role of PHI and I as a patient I definitely do not want government/corporate states to be the caretaker of my PHI.
It is amazing how quickly a centralized approach to data quickly becomes destructive. @happybeing thanks for the reference. This is one of many reasons I am so passionate about taking our PHI (Creators and patients) back and keeping it like Hippocrates intended (Hippocratic oath) āsecret.ā
Yes, unfortunately security was at that time almost a zero concern. Workload etc. was a much higher issue, so anything that made things easier was priority. I am not surprised really that this happened and I think we will see more again in public companies who are stretched to breaking. Research, security and care seem to be the first casualties of a system that becomes cash poor and has their resources stretched.
Well it should make access to data certain regardless of your PC, however we would need to spend time looking at what an infected client could do. It looks like it should be much better, but that may mean thereās a much larger issue we donāt see just yet. The attack vector should be different for sure though. If an attacker got to a client they could delete stuff, but a client could undelete it (roll back MD etc.). So I imagine SAFE should be able to help a lot, but this local OS thing is a PITA and the edge cases of infection are so wide that itās not easy to reason about it all. I feel we do need to have a real movement to a secured OS and hardware combination really. If we do that (as a society) then SAFE can secure the network part. Then it gets much more interesting and easier to reason.