NHS & Care data scheme

[I1L2T3]

Because to do that they need to release personally identifiable data, right? Oh, no, no they don't.

 

Absolutely. Age, gender, postcode plus a small set of medical conditions would be enough to create a match in many cases. Even if only 33% of customers could be matched that could make it worth the effort.

 

I'd like to see the amber dataset schemas and the pseudo-anonymisation processes.

 

---------- Post added 04-02-2014 at 07:45 ----------

 

Really? You think?

 

If you think so, give me your name and the road you live on and I'll tell you all the details freely available to people like me and those I could guarantee I could get very easily. I won't post anything without your agreement dont worry. Do it seriously though. Fake details won't be traceable of course.

 

 

Posted from Sheffieldforum.co.uk App for Android

 

Really, I think.

 

This will put you at risk of being medically identified without your permission. They've admitted it.

[Moosey]

Really, I think.

 

This will put you at risk of being medically identified without your permission. They've admitted it.

 

Again, I suggest to you that all of this information is readily available to those that want it. I'll extend my offer to you again - give me your name and just the road you live on and I'll give you a list of the information freely available about you. It may well surprise you, and a lot of it is far more confidential, and far more bribe-worthy than medical records.

[I1L2T3]

Again, I suggest to you that all of this information is readily available to those that want it. I'll extend my offer to you again - give me your name and just the road you live on and I'll give you a list of the information freely available about you. It may well surprise you, and a lot of it is far more confidential, and far more bribe-worthy than medical records.

 

Nice try at shifting the goal posts there but you won't get my medical records though will you. They are not available without my permission.

 

Because there is data leaking about other aspects of peoples' lives that shouldn't be considered a green light for this. In fact it's just about the most pathetic justification for it.

 

I've already provided an overview of how re-identification could be done. And it is enough for me that the commissioner has publicly admitted that re-identification is possible from the pseudo-anonymised dataset.

 

Based on that I'll be opting out.

[L00b]

But that's my point. This information is freely available now for such purposes. Nothing is changing.

That's a bit disingenuous, Moosey. On the basis of your earlier posts, this (doctor confidential) info is not freely available, either consent has to be obtained or a Court order has to validate the access first. Court orders are not 'free', and have to be based on a dispute initially.

 

Making this info available for outright purchase (red data at £1200 a pop, isn't it? Not clear whether that's per record or per dataset, and given the amount I'd say dataset) removes the judicial requirement and oversight altogether.

 

Want to improve the insurance co's profitability? Pay £x for the dataset, cross-correlate against existing clients for ID'ing riskier ones under old contracts with less get-out boilerpate terms <etc.>, kick them out.

Really? You think?

 

If you think so, give me your name and the road you live on and I'll tell you all the details freely available to people like me and those I could guarantee I could get very easily. I won't post anything without your agreement dont worry. Do it seriously though. Fake details won't be traceable of course.

See the above. There are, of course, tons of open and semi-open/commercial sources that make this sort of data available very easily. Facebook, LinkedIN, 192.com, pipl.com, electoral register, <etc.><etc.>. But these are only as good as the data that's been fed into them, by the person or the webcrawlers. We're talking about medical-confidential info here, let's not mix apples and oranges.

[onewheeldave]

Really? You think?

 

If you think so, give me your name and the road you live on and I'll tell you all the details freely available to people like me and those I could guarantee I could get very easily. I won't post anything without your agreement dont worry. Do it seriously though. Fake details won't be traceable of course.

 

 

Posted from Sheffieldforum.co.uk App for Android

 

Again, I suggest to you that all of this information is readily available to those that want it. I'll extend my offer to you again - give me your name and just the road you live on and I'll give you a list of the information freely available about you. It may well surprise you, and a lot of it is far more confidential, and far more bribe-worthy than medical records.

 

Total strawman.

 

http://en.wikipedia.org/wiki/Straw_man

 

Of course, with a persons's name/address you can dig up all kinds of info they probably wouldn't want you having- we now live in a society where data/info=cash.

 

What you currently cannot (legally) get is data from a persons medical records (hence why your point is a strawman).

 

If anything, the abundance of data about a person that is stored/used now, without that persons knowledge/consent, is a wake up call: if people do not act now (opt-out) their medical data will be cast to paying sharks in the same way that their non-medical data currently is.

 

I've opted out- here's the link to the downloadable opt-out letters-

 

http://medconfidential.org/how-to-opt-out/

 

only a couple of weeks left while you can opt-out.

 

For anyone who's giving credence to the viewpoint that this scheme is about benefitting medical research as opposed to the selling of private data- bear in mind that if you opt-out now, you can easily opt back in in the future: if you do not opt out now, you'll be automatically opted-in with no option to opt out later.

[Moosey]

Total strawman.

 

What you currently cannot (legally) get is data from a persons medical records (hence why your point is a strawman).

 

 

It's straw nothing.

 

Of course you can legally get records, if you have a legitimate interest. It's as simple as a Court application, for £80, or more often, a letter to a practice manager of a surgery who panics when they see a threat of costs.

 

I assure you, any prospective health insurer could get your records if they wanted them. S35 DPA sees to that.

[altus]

Surprise, surprise: NHS admits it should have been clearer over medical records-sharing scheme.

 

The leaflets were apparently sent out last month. Has anyone received one yet? I haven't.

[I1L2T3]

It's straw nothing.

 

Of course you can legally get records, if you have a legitimate interest. It's as simple as a Court application, for £80, or more often, a letter to a practice manager of a surgery who panics when they see a threat of costs.

 

I assure you, any prospective health insurer could get your records if they wanted them. S35 DPA sees to that.

 

Stop wriggling. You couldn't get my medical records if I gave you my details. You have no legitimate interest in them. No insurer could either, even with S35 DPA, unless they had a specific legal reason for obtaining them.

 

Care.data potentially circumvents the need for explicit permission from an individual, or the need for forced disclosure through the courts.

[Moosey]

That's a bit disingenuous, Moosey. On the basis of your earlier posts, this (doctor confidential) info is not freely available, either consent has to be obtained or a Court order has to validate the access first. Court orders are not 'free', and have to be based on a dispute initially.

 

Making this info available for outright purchase (red data at £1200 a pop, isn't it? Not clear whether that's per record or per dataset, and given the amount I'd say dataset) removes the judicial requirement and oversight altogether.

 

Want to improve the insurance co's profitability? Pay £x for the dataset, cross-correlate against existing clients for ID'ing riskier ones under old contracts with less get-out boilerpate terms <etc.>, kick them out.

See the above. There are, of course, tons of open and semi-open/commercial sources that make this sort of data available very easily. Facebook, LinkedIN, 192.com, pipl.com, electoral register, <etc.><etc.>. But these are only as good as the data that's been fed into them, by the person or the webcrawlers. We're talking about medical-confidential info here, let's not mix apples and oranges.

 

 

I see what you're saying.

 

My point isn't meant to be difficult. The point I make is purely this:-

 

I've asked what "bad" can happen from this database - it seems to be that the only thing people can suggest is that medical insurers can obtain records to either raise quotes or refuse payments.

 

People who don't disclose their records might see lower premiums, but equally, failure to disclose is effectively fraudulent (it's obtaining a pecuniary advantage by deception certainly - lower premiums by hiding salient facts). That means that the insurer is right to demand the records pursuant to 35(2) on the basis that they need legal advice, given a fraudulent claimant.

 

If the quotes are higher, well that's because they're being quoted on all the knowledge, rather than what people might like to disclose.

 

As for whether the info is free - realistically, given the potential risk of fraudulent claims, and the anti-claimant stance at the moment, I'm certain Judges would approve such applications. You know as well as I do that Judges don't like costs being wasted, and when I make applications under DPA, my point is always that it was obvious that the application would be granted, hence my costs follow. The fear of costs against a practice makes managers very compliant in my experience. I've had schools give out pupils' educational records, in full, without any Court Order on a number of occasions.

 

---------- Post added 04-02-2014 at 12:14 ----------

 

Stop wriggling. You couldn't get my medical records if I gave you my details. You have no legitimate interest in them. No insurer could either, even with S35 DPA, unless they had a specific legal reason for obtaining them.

 

Care.data potentially circumvents the need for explicit permission from an individual, or the need for forced disclosure through the courts.

 

Not wriggling at all. I just don't agree with you.

 

I am firmly of the opinion an insurer could get those records if they wanted, and have seen it happen on more occasions than I can count.

 

You disagree with me. I'm fine with that.

[altus]

It's straw nothing.

 

Of course you can legally get records, if you have a legitimate interest. It's as simple as a Court application, for £80, or more often, a letter to a practice manager of a surgery who panics when they see a threat of costs.

 

I assure you, any prospective health insurer could get your records if they wanted them. S35 DPA sees to that.

 

Can you get all the records with a single court application? Because that's the difference here. It's not viable for a company to get all the records at £80 a pop - all of them for a few grand is another matter. This is about companies obtaining the records when they don't have a legitimate interest. If somebody has a policy with a company and makes a claim - that's clearly a legitimate interest. If someone takes out a policy but hasn't claimed - not so clear and probably not worth spending £80 on until they do claim. If somebody has no connection with the company at all - clearly not a legitimate interest. Claiming you can get the information in the first instance so you should be able to get it in all instances is simply wrong.