If you live in the UK, your medical records could soon be shared with private companies, without you ever giving consent. A new NHS system will see up to 55 million patient records compiled into a central database, accessible to corporate third parties. So — what could possibly go wrong?
The National Health Service (NHS) in the UK has announced plans to centralize all English medical records in a single database, which can then be shared with private sector partners. Data from up to 55 million people could be included.
Physical, sexual, and mental health records will be automatically added to this system unless patients opt out before June 23rd 2021. After that, their data will be accessible to a variety of academic and commercial third parties, and cannot be removed from the database.
While the NHS and the UK government insist that the plans aren’t a cause for concern, the backlash from privacy advocates and medical professionals across the country is growing. So what are their objections?
One of the main reasons for the backlash is the short space of time within which people can opt out of the new system.
Many of the 55 million patients affected may not find out about the changes until it’s too late. Those that do won’t necessarily have time to fill out and deliver the necessary opt-out form. This has led some to accuse the government of sneaking the changes through without properly consulting the public.
Another major concern for privacy advocates is the lack of transparency when it comes to what organizations will actually have access to the data. The NHS is yet to make clear what parameters will determine who is allowed to view the records.
Despite the outcry, it looks like the plans will go ahead this month. So the question now is…
The centralization of NHS data could result in two very worrying scenarios.
Even if the NHS’s initial corporate partners are justified, there’s nothing to stop them sharing the data with less ethical enterprises later.
Imagine if tech-giants like Facebook and Google could draw information from the database; health data can be incredibly valuable for online marketing. And even if patients object, they won’t be able to scrub their information from the system after June 23rd.
Centralizing huge amounts of sensitive data is incredibly risky, because it only takes one breach to leak millions of patient records. The NHS already suffers thousands of small leaks and breaches every year.
A data breach is also more likely when combined with the first scenario. If the NHS shares access to the database too widely, trusting its corporate partners to keep their own systems secure, the chances of a leak increase dramatically.
If you live in the UK, you can contact your GP and fill out a paper form requesting that your information be kept off the database.
However, if you’re reading this after June 23rd, it will probably be too late to opt out of the system. That doesn’t mean you can’t protect your data in the future, however; follow these three steps to strengthen your privacy today.