Concerns over the sharing of confidential medical records
Unless patients complete and send an opt-out form to their GP practice by the 23rd June 2021 they are granting the NHS to share their confidential medical records with third parties. The NHS is effectively releasing the responsibility of keeping medical records confidential for patient and surgery use only. Unless we as individual patients proactively opt-out, our data will be made available to other parties. Patient groups are stating that insufficient information around this decision or sufficient notice is being provided by the NHS.
The NHS Digital state that if you do not want your personally identifiable information to be shared outside your practice you have to register to opt-out.
Type 1 Opt-out form
The so-called 'Type 1 Opt-out form' can be found eventually (it is quite well hidden), by scrolling down the following page:
scrape the medical histories of 55m patients
Commenting on this new development, the Financial Times say, "England’s NHS is preparing to scrape the medical histories of 55m patients, including sensitive information on mental and sexual health, criminal records and abuse, into a database it will share with third parties".
Healthcare IT News say, "Privacy fears have been raised over controversial plans to share NHS medical records from every GP patient in England with third parties".
Medconfidential say, "Every use of data should be consensual, safe, and transparent. In matters of health and care, your relationship with your doctor is based on a very human spirit of confidentiality. Not the cold law of data protection".
Reuters have previously reported that, "Your medical record is worth more to hackers than your credit card".
Expressing their deep concerns over the legality of this move, they go on to say, "Confidentiality, and trustworthiness, is based on patients’ expectations of boundaries. And so, as data subjects, any processing that breaches duties of confidence cannot be considered Fair – so cannot be lawful".
As previously reported in Total Health despite the efforts of initiatives including GDPR existing policies cannot always protect from invasive activity and abuse. According to an article in The BMJ, "The boundaries of digital data rights and responsibilities are wide and fuzzy. Although individuals may be classified as data subjects, the information about them may be simultaneously “owned” by different individuals, organisations, governments, as well as by society".
Are you taking personal responsibility for your medical records?
So, we must all take more direct responsibility for ensuring the confidentiality of our own medical records. Unfortunately, our data is too valuable a resource not to expect access to it to be the priority aim of other organisations with different agendas to your doctor.