Create a centralized database to make patients’ medical records easily accessible to all NHS services, such as hospitals, GP practices and ambulances. These so-called ‘patient passports’ are the most important innovation of the government plan unveiled on Mondayon October 21 to transform the NHS from ‘analogue to digital’ over the next decade.
Wes Steering, the Minister of Health, promises that these changes will modernize the country’s healthcare institutions to significantly speed up patient care and reduce human error. A new law, the Data (Use and Access) Billis also expected to support this transition and create a standard system in which sharing these digital documents is the new norm.
On the face of it, solving the problems currently crippling the NHS by embracing the power of digital tools seems like a much-needed step. Some European countries have been using a similar system for years – Estonia In 2008, she started digitizing all patient files. Yet privacy experts (myself included) can see how easy it could be for this ambitious plan to turn into yet another privacy nightmare, at the expense of our most sensitive information.
NHS has a poor record of protecting our data
Let’s start with the obvious: so far the NHS has been very poor at protecting patients’ health data from hackers.
British citizens’ health data has been leaked several times this year and ended up on the dark web. For example, on March 15, a ransomware gang hacked into Into NHS Dumfries and Galloway’s digital database and stole identifying information from both staff and patients, including children’s mental health data.
Pathology services provider Synnovis also suffered a major attack in June, causing hundreds of gigabytes of sensitive patient data to leak online. A director of the National Cyber Security Center (NCSC), Professor Ciaran Martin, warned at the time of the risk of further attacks caused by the NHS’s IT systems being “outdated”.
I don’t trust the NHS to take good care of my data anytime soon
More recently, in August, the UK Information Commissioner’s Office (ICO) issued an interim fine of £6 million following the 2022 medical records hack, which compromised the personal data of almost 83,000 people.
2023 was also a bad year for the security of people’s health data. More than a million NHS patients have had sensitive information leaked following a ransomware attack on the University of Manchester, which compromised 250GB, or more than a decade, of patient data. Worse, the NHS’s security problems date back to 2012, when personal information from more than 1.8 million patients and staff was exposed.
This trend is only likely to increase given that cyber attacks are more frequent and destructive than ever thanks to the proliferation of AI and machine learning software. According to experts, healthcare is among the hardest hit areas.
All of this is even more worrying considering that the government’s ambitious plan is only in a consultation phase at the time of writing – i.e. “we still need to figure out how to make these patient passports hack-proof.”
Well, I don’t know about you, but as the situation stands, I don’t trust the NHS to take good care of my data anytime soon.
No clear plan to escape the ‘Big Brother’ effect
In addition to data security, there is another pressing question: how does the government intend to prevent privacy abuse? The plan, says Steering, is “to ensure that patient data is protected and anonymized.” That’s great – on paper at least. Again, the authorities have no idea how to do that in practice – and who knows if they ever will.
As health privacy advocates group medConfidential noted, these patient records will be accessible to any of the NHS’s 1.5 million staff. “Wes Streeting is planning a ‘big brother’ database,” said Sam Smith, a spokesman for the group. according to the Guardian. “A gift to stalkers and creeps who abuse NHS systems to find out the most basic private information that people only tell their doctors.”
Such a centralized database also increases the risk of private medical data being sold to big pharmaceutical companies and other companies without patients’ knowledge. After all, something similar has already happened with the current messy and scattered medical records system. Last year, an observer study shed light on how a secret tracking tool placed on the websites of 20 NHS trusts collected browsing information for years and shared it with Facebook.
I also agree with privacy expert Jamie Akhtar, co-founder and CEO of CyberSmart, when he says that medical records will move from being managed by healthcare professionals to being “controlled by politicians, who could decide to use this sensitive information to sell to the highest bidder. ,” as Yahoo News reports this.
NHS APP: now and tomorrow
Although an NHS app already exists, it comes with limitations as patients are still retained locally (on their GP’s system and hospitals visited). The new app will de facto bring together all information about a patient from all parts of healthcare in one place.
As we’ve seen, there’s still a lot we’re doing not be aware of the current UK government’s action plan to deliver on its ambitious goal of making the NHS great again. What we do know is that the British are not hopeful about the idea.
A public consultation published in May paints a grim picture of public confidence in Britain’s healthcare institutions, with respondents showing a complete lack of confidence in the NHS’s cyber security system. Four in five patients believe that NHS systems are vulnerable to cyber attacks. Furthermore, almost half (49%) strongly believe the NHS can make mistakes when handling their data.
Wes Steering is now urging both NHS staff and patients to join the ‘national conversation’. You have until early next year to express your concerns and exchange ideas change.nhs.uk.
Yes, we all know the NHS needs to get better, but to do that it’s crucial to have a solid action plan to protect the privacy and security of people’s data. Noble ideas alone cannot protect our most sensitive information from leaks and misuse.