/ Technology

Opinion: why it’s good to share our health data

We must look beyond privacy in the data-sharing debate, says Which? Computing columnist Rory Cellan-Jones. Do you agree?

What personal data are you most sensitive about and would not like to see shared widely online? Your date of birth, your mother’s maiden name, your home address – all useful to phishers and scammers?

No, I would bet it’s your medical records. The idea of deeply personal information about anything from a period of depression to a cancer diagnosis turning up online is understandably many people’s worst data nightmare.

No wonder there was an almighty hoohah last year about the plan to share the GP records of 55 million people across England with both academic and commercial researchers. Privacy campaigners cried foul, warning this was all being done in secret. ‘NHS Big Data Grab’ read one headline over a piece claiming that any promise that the data would be anonymised was worthless.

Soon, the scheme was put on the back burner while further consultations took place.

Sure, the policy was poorly communicated, and patients should be given the chance to opt out of such schemes. But in this case and in the wider debate about health data, the other side of the argument also needs to be heard. Because I want my sensitive health data – and yours – to be shared more widely.

Privacy and sharing of patient data

As someone with a serious eye condition and a more recent Parkinson’s diagnosis, I have been struck time and again by how paranoid the Health Service is about privacy and the sharing of patient data.

One example – on my annual trip to the excellent high street optometrist, something new appeared to pop up in a scan, and the signs of a malignant melanoma behind my eye were first spotted.

But the optometrist told me the system didn’t permit someone who wasn’t on the NHS network to email the scan to my GP or the hospital. Instead, she suggested I should take a photo of it on my mobile and show that to my doctor.

Even within the NHS there is caution about sharing data between different hospitals and GPs. That can mean important information is kept in silos. It turns out, for instance, that ocular melanoma and Parkinson’s can be connected, but I had to tell each of my consultants about that link because neither they nor their separate data stores talked to each other.

‘Fine,’ I hear you say, ‘go ahead and share your records, but don’t expect us to copy you.’ But for all the talk that our personal data is valuable, the truth is that it’s only in the aggregate that it is worth much.

Poorer health outcomes

If GP health records are to be of much use in investigating the causes of Parkinson’s, working out where budgets should be spent or predicting the spread of a new virus, researchers need as many of them as possible. If we’re persuaded to opt out of record-sharing in great numbers, there is the risk that incomplete data will result in poorer health outcomes for some.

We saw a similar row over privacy during the development of the NHS Covid-19 contact-tracing app in 2020. Campaigners warned a centralised app where some data would be held on a government server would somehow usher in an era of mass surveillance.

After some delay, the government switched to a decentralised system mandated by Google and Apple, which provided less detailed information about the spread of the virus.

Once again, vague fears about a threat to civil liberties seemed to carry more weight than the very real limits on our freedoms imposed by the lockdown regulations, which the app might help ease.

It’s easy to paint a lurid picture of the dangers of health records going astray. Let’s try as well to look at the brighter future that sharing our data could usher in.


Sharing medical data routinely between all “official” providers like doctors, hospitals, clinics, optometrists, dentists and the like seems in your personal interest. Some years ago after a cancer diagnosis in a relative at a local hospital we sought a second opinion on treatment at a national cancer hospital. When we arrived they had no access to the other hospital’s records, scans etc so the consultation was pretty futile.

I guess many people worry their records might fall into the wrong hands, but I would think protecting the patient’s identity should be possible. That would matter when medical data was to be shared among researchers, whether public or commercial, but the benefits to society would be very worthwhile.

Just what concerns people about disclosing their medical data? Is their evidence tha individuals have been disadvantaged in the past?

I agree.

I guess one of the concerns people have is that their employer, pension provider or insurance company might be able to discover something about their medical condition that they had not previously disclosed. In my view that is highly unlikely to occur.

People might also be worried that companies might be able to obtain private medical data and use it for commercial purposes. That can be made illegal with very high penalties attached.

malcolm r says: 25 April 2022
Just what concerns people about disclosing their medical data? Is their evidence that individuals have been disadvantaged in the past?

Huge evidence. I suspect one very obvious reason to be concerned is the track record the government and most companies have of safeguarding such important data. From laptops left on buses and tube trains, to careless use of “Reply all” in emails, to any one of the numerous instances of government and private company employees taking their laptops and data home with them distributing your data freely is fraught with dangers.

Sharing health data is also a minefield, especially in small communities where someone quite understandably might well not want their neighbours knowing their most intimate details.

We opted out of the NHS sharing and, amusingly, the surgery contacted us to find out how we’d done it, as none of them wanted their data to be shared.

The second opinion thing is also fairly nebulous. The records could easily have been obtained from the first hospital by those seeking the second opinion and taken with them.

These concerns are very much first world, 21stC concerns. And no reputable hospital will give a second opinion before they do their own tests, anyway.

”The second opinion thing is also fairly nebulous. The records could easily have been obtained from the first hospital by those seeking the second opinion and taken with them.” Really? Much of the key information was held electronically. It should not be necessary these days to carry files of personal data between hospitals. Having been referred for a second opinion by one hospital it seems quite reasonable to expect the relevant information to have been made available.

As for ‘their own tests”, indeed so but these would follow on from test results already completed. The issue in this case was treatment, not diagnosis.

”These concerns are very much first world, 21stC concerns.”. Utter nonsense. These days information can be shared so easily. That is the subject of this Conversation. It would be transporting paper that is “first world”.

This comment was based on personal experience of a deficient system. I hope we improve it.

Malcolm said:

”These concerns are very much first world, 21stC concerns.”. Utter nonsense. These days information can be shared so easily. That is the subject of this Conversation.

I believe calling another poster’s comment ‘utter nonsense’ contravenes the guidelines for acceptable posting in this forum. That’s before I point out that you appear to have misunderstood.

My main point was that computerisation for the NHS has only been extant for around 20-25 years; prior to that it was all on card and paper. Our society is actually 1st world, and not 3rd world. The concerns for having digital access to our files are, therefore, very much “first world, 21stC concerns”.

“The second opinion thing is also fairly nebulous. The records could easily have been obtained from the first hospital by those seeking the second opinion and taken with them.” Really? Much of the key information was held electronically. “

The patient is entitled to ask for their records in whatever form they wish and they must be given to them upon request. However, what you have just posted and what you posted earlier differ somewhat:

Original post: Some years ago after a cancer diagnosis in a relative at a local hospital we sought a second opinion on treatment at a national cancer hospital.

Recent post: Having been referred for a second opinion by one hospital it seems quite reasonable to expect the relevant information to have been made available.

If you had been referred by one hospital to another then it was the referring hospital’s responsibility to ensure the records were sent across. You, however, failed to mention that you had been referred, and only posted “we sought a second opinion, the clear implication being that you had not been referred but had acted unilaterally.

A “first world” concern or problem is usually taken to refer to something minor that mainly affects people living in the relatively privileged, more affluent, countries with effective systems and administrations. In the “first world”, lifestyle rather than basic existence is the preoccupation. Thus, whether medical records are shared around the health service and accessible digitally by doctors and consultants is a “first world” concern since in the “third world” there might be no organised health service, no doctors and consultants, and no systematic medical records to worry about.

I don’t if technology has changed how the NHS works now, but can tell you that 10 years ago, patients records were sent in paper form from the GP to the local NHS hospital. Maybe it is still done like this in some areas.

Even though the referral was made by the GP and the appointment was weeks away, the consultant was still waiting for those paper records to arrive.

Crusader says:
25 April 2022

What if you suffer with something inherited and absolutely appalling, like far more severe misophonia so bad that it utterly destroys your whole life, so bad that you cannot work, or socialise, or find any personal company, or even go out for a meal etc. You don’t want every tom, dick and harry knowing about stuff like that as it could lead to appalling abuse. And besides anyone like military intelligence can find out just about anything they want about any one of us whatever options we choose. But I wouldn’t want all manner of private businesses knowing sensitive stuff about me, it’s none of their business, unless it’s something like stuff that someone like a dentist for instance needs to know, like which drugs I’m most allergic too, and I carry a little card around with me to show in situations like that and then I can show them just what they need to know and nothing more. But they definitely should NOT be allowed access to my full medical profile, no chance!

The purpose of medical data sharing is to enable the NHS and other relevant health service bodies to be fully informed of a patient’s condition when treatment is required or taking place. There is no suggestion that any old “Tom, Dick or Harry” would have access to such information. In any case, such data is not much use to many people outside the medical profession and for those that might have an interest there are strict controls against misuse. Employers, pension providers and insurance companies would not have a right of access to such information without the individual’s consent.

I agree, I have no issue with my medical records being shared with NHS services and see no real danger in this information being available.

Crusader says:
25 April 2022

Another thing that’s REALLY important here is the absolutely ESSENTIAL need for thorough end to end encryption to keep all manner of illegal hackers and any other thieving criminals out of our private profiles. Top of the range maximum security encryption should be made absolutely compulsory for all organisations who hold anything sensitive about any of us, whether it’s the NHS or dentists, or opticians, or supermarkets etc. the list goes on. But of course such security will most likely be expensive so not every organisation or site etc. will be able to afford it which is all the more reason not to so liberally spread our sensitive stuff around.

I would go further and say it is our civic duty to ensure that our medical information is shared within the NHS – anonymously of course. Many of the treatments and advances in health today – including the rapid development and authorisation of Covid-19 vaccines – have come about because others have been generous enough to partake in medical trials and share their histories with the drug companies involved.

Anyone who has benefited should put back into the system during their lifetime. We shouldn’t have to wait until they die to access their data – GDPR does not apply to the deceased.

Refusing to share data over fears of leakage and abuse doesn’t actually protect data or make it less vulnerable. It already exists somewhere in nearly every GP surgery, hospital and insurance company ever contacted. If anyone imagines that these separate data silos are all secure, then they are simply deluded.

I understand the concerns about data leakage but I believe the benefit of a comprehensive sharing of data within a controlled network is overwhelming.

I do not know whether there have been many data leaks within the NHS. I am not aware of any recently but I expect records exist and the figures could be ascertained. In most cases these would be instances of carelessness rather than targeted and no subsequent misuse occurs. Nevertheless, that risk does need to be taken seriously and preventive measures put in place.

I don’t suppose our medical records are the most useful sources of information to the usual suspects who want to plunder our funds. As for knowledge spreading around in small communities, I have never known such willingness to talk freely about their ailments and personal conditions as I have found among village people!

Phil says:
26 April 2022

Might be of use to criminals looking for vulnerable victims or the targeting advertising of quack treatments. I wonder if your villagers would talk freely about having treatment for a mental health condition or an STI.

Yes, that could happen today . . . but does it?

As I wrote previously, strict controls and heavy penalties for misuse of data would be essential. There are easier scams.

The worrying saga of the NHS and ‘confidential patient data’.

From the Independent 3.7.21

The private data of thousands of NHS patients has been wrongly shared with strangers, including a case where a person’s HIV status was released, The Independent has learned.

The latest statistics from the Information Commissioner’s Office (ICO) show that 3,557 personal data breaches were reported across the health sector, the majority within the NHS, in the two years to 31 March this year.

Not all data breaches have to be reported, so the total is likely to be much higher.

Meanwhile, the government has been forced to put on hold a major plan to share the health records of 55 million patients, which would see data from GP surgeries collected in a single database and made available to private organisations for health and research work.

In September 2019, the ICO launched an investigation into a major data breach at Wrightington, Wigan and Leigh NHS Foundation Trust in the northwest, after more than 2,000 patients’ data was wrongly accessed.

Multiple staff at the trust were alleged to have accessed patient records without proper authorisation.
Full story here

It would be interesting to know whether lessons have been learned and further breaches prevented.

A U.K. law firm is bringing a class-action style claim over a patient health data scandal that dates back to 2015 and involves the Google-owned AI company DeepMind, after it was quietly passed medical information on more than a million patients by an NHS Trust as part of an app development project.

Law firm Mishcon de Reya announced the legal action today, saying a “representative action” has been filed on behalf of a U.K. citizen, called Mr Andrew Prismall, and the approximately 1.6 million others whose confidential medical records were obtained by DeepMind/Google without their knowledge or consent.
Full story here

From the stories above it’s clear that security in the NHS is a joke. But what about those who advocate, regardless, that sharing health data is a good thing?

With all due respect to Rory, whose arguments are compelling, what he says does seem to boil down to limited communication between different arms of the same service.

“the optometrist told me the system didn’t permit someone who wasn’t on the NHS network to email the scan to my GP or the hospital.”

I assume from that the optometrist wasn’t on the NHS network, yet I’m only too aware that our local optician makes the name and address of our GP its first port of call, and has been routinely copying in my GP with anything it finds for many many years, which make me deeply suspicious about the Optometrist’s claims.

I also believe this to be far more than

a vague fears about a threat to civil liberties

Phil’s already illustrated a worrying possibility for those living in small communities and what I believe was the single biggest error, apart from the ham-fisted way in which the proposals were first announced, was the government’s insistence on making ‘opt out’ the only feasible option for those who don’t trust governments to hold data securely.

If they want the system to work, then making opt-in the default position is a more acceptable approach. Certainly allow those who wish their data to be held centrally to choose that but otherwise switching to another optometrist might be the safe choice.

As a diabetic, hubby has regular eye checks with the NHS that include a deep-scan (can’t remember what it is called).

His optician also gives him the same scan as he doesn’t have access to the diabetic scan.

Is this just one more example of there being no standardisation with the NHS and relevant medical associates?

I had an eye test for a new prescription at the opticians the other week and they apologised for not being able to take the usual picture of my eyeballs because of a fault in the apparatus. I said it wasn’t necessary because I had an annual examination at the NHS eye clinic in view of my diabetic status and any points of concern would be identified then. I formed the impression that there was no cross reference between the NHS and the opticians carrying out an NHS eye test.

Isnt it true to say that opticians are a private practice and they carry out eye tests for and on behalf of the NHS?

Some optometrists are employed by the optician businesses they work at, some are contracted as consultant practitioners, some work for the NHS in eye clinics and other specialties, and some have their own optician businesses.

Optician businesses are able to undertake contract eye testing for the NHS, but not all do so as they might prefer to operate entirely privately. When doing NHS work for patients not eligible for a free eye test they may only charge a set fee; for private eye tests and examinations they can charge whatever fee they consider reasonable.

It is generally agreed that the NHS fee for eye tests does not properly recompense optician businesses for the costs involved, they therefore make up for that through the prices they charge for the prescriptions they dispense. Because of stronger competition nowadays the headline price of spectacle frames and lenses has reduced, or stopped rising. Opticians therefore have recouped additional income from the sale of additional pairs at little extra cost, additional coatings or tints, variations in lens design, contact lenses, fancy glasses cases, and more spectacular shaped or styled frames.

Opticians providing an NHS examination cannot require the patient to have their prescription dispensed by that service provider; they can take it to any other dispensing optician.

The principle Rory seemed to be suggesting was that health data should be within a system that allowed it to be widely shared among appropriate institutions. I agree with that principle. But the system should be secure. While it is relevant to point out any weaknesses in the existing system there needs to be a proper balance struck between the benefits to society, and individuals, and a minimum of security failures. Nothing will be perfect but, in my view, we should not condemn a principle and its implementation just because of some past failures.

https://www.bbc.co.uk/news/technology-58761324 It would be interesting to know what harm has come to individuals from the disclosed information in developing this app.

From experience a year or two ago, my optometrist seems not to pass information directly to my GP but advised me to contact them.

I love the suggestion that we should object to medical data sharing on the basis of past failures, at least until we can be absolutely sure that our own personal data won’t be compromised in future. At least those who die of some incurable illness or disease can do so, safe in the knowledge that their data was protected during their own lifetime and without regard to those who will follow in their footsteps.

I have no objection to anonymous data being shared with institutions that have a legitimate interest. Statistics can help identify trends both good and bad in identification, treatments and developments.

Full data should be available to anyone receiving treatment for a condition such as GP, hospital or specialist.

Our data should not be used to sell to fringe interests such as those selling ‘health’ benefits.

There needs to be a standardised system of our data, not the mish-mash that currently exists.

We can log into the NHS or Patient Access or use our date-of-birth to access the GP . . . . and you still can’t find what you want.

For our GP we are supposed to go through Patient Access. Many of the options are switched off such as messaging the GP and patient history. The GP sends us messages on Patient Access, but deletes them after 7 days, so many will go unread.

There is no way to message or email our GP, so we either have to pick out a form and adapt it for our needs or waste much time trying to phone them.

If the NHS can’t sort out our data for our needs, how can it control what happens to it in the bigger picture?

Alfa, like you, I have found that many of the facilities that were available via Patient Access have now been disabled. The only functionality I now have available through Patient Access is to request a monthly repeat prescription.

Previously, I could check to see whether test results had been returned and see the results, but this is now disabled, but what I found most useful was the ability to book an appointment with a Doctor. Having access to an appointment calendar and being able to book an appointment online for a week or two ahead was so simple and avoided the long wait times associated with calling the Surgery, which usually resulted in being advised no appointments are available and to try again the next day.

Sadly, the ability to book an appointment online is now disabled, which is most likely due to GP’s being stretched, but it’s a real shame that online appointment booking is no longer available.

You wonder what is the point of patient access? Who decides what facilities are available? It seems a very expensive system to maintain if all you can do is order a repeat prescription that can also be done by logging into the NHS or ordering via the chemist.

I don’t know whether booking an appointment works or not, it just always says something like ‘No appointments available to book’.

What I have noticed, is they respond very quickly to online forms being filled in. They might not read them properly of course and you have to make several attempts to get them to understand your request . . . .

My understanding was that Patient Access holds all of our medical history from birth, so I wonder whether it might be tied in some way to the system GP’s use to access our records, whereas patients only have limited access?

Em says today: At least those who die of some incurable illness or disease can do so, safe in the knowledge that their data was protected during their own lifetime

That’s an interesting perspective. But I’m curious to know what positive effect the widespread sharing of our health data with anyone who wants it, as seems to be the case, would have on someone ‘dying of some incurable illness or disease’.

Vast clinical studies are continuously underway throughout the world examining every detail of mortality statistics from numerous sources, so there’s no lack of data for those investigating terminal illnesses. But this resistance to not sharing our personal health data seems conveniently to overlook several crucial facts:

1. Data is available to those who need it for studies approved by major health centres and universities.
2. Our health data is exactly that: ours. Many people are rightly concerned that information about their Psychiatric health could affect future employment opportunities. At the very least we ought to have the right to determine what data we allow to permeate the ether.
3. Rory’s piece lacks evidence. He does make several assertions, but much of what he claims lacks substantiation. If we examine his reasons for wanting data sharing of health data in detail we see only single instances and thereafter significant extrapolation.

For example:
* “the optometrist told me the system didn’t permit someone who wasn’t on the NHS network”

but we’re not told what system, what the NHS ‘network’ is or who has access to that network.

* “ocular melanoma and Parkinson’s can be connected, but I had to tell each of my consultants about that link because neither they nor their separate data stores talked to each other”

but surely that was easily transmitted information by the patient themself? Would sending a message to the two consultants actually have improved things that much? Or at all, even?

* “for all the talk that our personal data is valuable, the truth is that it’s only in the aggregate that it is worth much”

Indeed. Exactly the point I’m making. The millions of researchers and thousands of studies that obtain data do so through anonymised data retrieval. It’s only in bulk that health data even become meaningful.

* “We saw a similar row over privacy during the development of the NHS Covid-19 contact-tracing app in 2020.”

I seem to recall that was a more about government incompetence and lack of demonstrated ability to maintain security, use vast data troves in a meaningful way. Aggregated data tells us a great deal about how the government managed or mismanaged the Covid Pandemic. It’s one reason why we had one of the highest per capita death tolls in the world.

* “It’s easy to paint a lurid picture of the dangers of health records going astray. Let’s try as well to look at the brighter future that sharing our data could usher in.”

I, for one, remain unconvinced that the data will be used in any meaningful way and certainly would be no better than the arrangements under which researchers currently operate.

The arrangements under which the researchers you refer to operate, though, are precisely what Rory is advocating – people have consented to their data being used for this purpose.
The key point, which I feel is never explained clearly enough, is that research data is anonymised. Researchers on large-scale studies do not know or care what your name is or where you live. All they want is a population sample that is representative enough forThem to produce reliable results. If too many people are put off sharing their data because they do not understand how it will be used, then we all lose out in the long run.

I agree and am going off Patient Access. As someone who has lived in many different countries, I have tried to obtain and keep my own copy of medical records (though I believe the NHS disposed of my original paper records due to the length of time I was outside the country).
I was very happy when I could see test results in Patient Access, but that seemed erratic, perhaps due to lack of resources to enter the results?? – I found I had to continue asking my specialist for test results. I could not rely on Patient Access.
I was less happy when Patient Access started touting lots of private for-profit services.
More and more I use the NHS App now (not the COVID one… the other one)

Kevin says:
27 April 2022

This story fails to distinguish between ‘legitimate’ use of data sharing, such as that between clinicians to deliver individual healthcare, and the distribution of patient data to third parties for their research, or distribution for commercial benefit. It is at best poor journalism, at worst it is misleading.

There is nothing to stop an optometrist sharing images with the NHS, but they have to ensure it is [properly] encrypted in transit. This can be via an encrypted email attachment, but is better served by having a data sharing portal on NHS net which such third party clinicians could access securely if they are not directly on NHS net, or maybe by registering for an NHS email account, eg for social care:

For clinicians accessing data from other medical systems, a proper multifactor authentication system is necessary; this would require an overarching NHS identity management system to ensure adequate security and allow an audit trail to help police the system. Such an arrangement does not prevent misuse but with proper training and monitoring would allow better management than currently exists.

For data sharing which is not for the direct purpose of treating the patient, we are in much trickier territory. Many people simply do not understand how hard true anonymisation is, most are fairly clueless when it comes to data security (eg thinking a password protected document is the same as proper encryption), many involved in medicine simply do not believe privacy really matters, many think data is essentially worthless so no-one would be interested in it, so why care. And of course, many are the same people who get caught out by fairly basic online scams on their bank accounts – they’re unlikely to be more security conscious about other peoples data.

A big part of the value of NHS data is it’s scale, 50-60m people, 70 years, it’s probably unique. There are huge potential benefits from analysis of the data, but it needs to be done openly, with proper security standards, and it should provide a proper financial return to the NHS where it’s commercially exploited, perhaps by having a royalty, or patent rights on any derived medical treatments or products.

Government and NHS IT is littered with expensive failures, the current situation is a mish mash with no accountability or strategic vision (see NHSIA, NPfIT, Connecting for Health, Health and Social Care Information Centre, NHS Digital etc etc), serving an organisation subject to change on the whim of incompetent health ministers. Perhaps before we hand over our data to Google we should invite them in, with other independent recognised actual experts on security such as Ross Anderson, to come up with a single model of data management for the NHS.

Concern for private data in a complicated and largely unregulated digital world should not be dismissed by phrases such as “vague fears about a threat to civil liberties”; that statement gives me REAL fears about the state of digital health in the UK, coming from a senior BBC ‘technology’ journalist.

Bob James says:
29 April 2022

What a sad world we live in where people actively resist sharing medical data that would in the long run benefit us all. The more health staff know and share about my particular set of “conditions” the better as far as I am concerned.

This is not about “health staff know(ing) and shar(ing) about (your) particular set of “conditions””. It’s about confidentiality and keeping extremely sensitive data secure. And simply allowing all and sundry to access your records is exceptionally unlikely to benefit you as an individual.

From past experience with projects such as Deep Mind, we can be certain that those who benefit will be Google, major AI companies, Google, the Pharmaceutical trade and–oh, did I mention? Google.

The government has proved in spades that they cannot look after data. They still haven’t tracked down what happened to almost a million items of NHS paperwork. To entrust them with your date of birth, gender, occupation, any Psychiatric treatment you may have had, any gender reassignment surgery and any cosmetic work is, to me anyway, naïve in the extreme.

And don’t forget: when you say “sharing medical data that would in the long run benefit us all” is not how it works. For medical data to be useful to researchers it has to be in the hundreds of thousands and millions, even. And it has to be anonymised.

Remember, this is the same government that steered the UK into one of the highest death tolls in the world, who happily sent infected patients back into care homes and who has repeatedly demonstrated a marked lack of ability to keep data safe.

“Remember, this is the same government that steered the UK into one of the highest death tolls in the world, who happily sent infected patients back into care homes and who has repeatedly demonstrated a marked lack of ability to keep data safe.”

Very, very, very good comment Ian.

I suppose if the hospitals had not discharged so many in-patients back to their care homes there would have been far fewer hospital beds available to accommodate the thousands of Covid patients. It is a moot point whether the overall mortality rate would have been much different.

If at the onset of the virus, there had been proper discrimination on death certificates between patients who had died of Covid and those who died with Covid, the UK’s relative ranking might have looked different. Certifying the cause of death as Covid, rather than Influenza or Pneumonia for example, was not necessarily a bad policy in cases where it was difficult to determine the precise cause.

malcolm r says:
29 April 2022

Perhaps care homes should not have accepted Covid-infected patients and left the hospital to sort them out, or perhaps they should have had measures in place to isolate infected patients and deal with them accordingly, as the hospitals would have to have done. They do charge substantial amounts for the service they offer and need to take on the consequent responsibilities.

John Ward says: 29 April 2022
It is a moot point whether the overall mortality rate would have been much different.

Perhaps John, but what is not moot is that the Prime Minster failed to attend the first five COBRA meetings until finally attending the sixth on March 2nd, the same PM who halted the daily updates on the pandemic following a 70% spike in UK cases, the same PM who set the example of attending the Six Nations match with 82,000 others and who, on the 12th March, stated that banning events such as Cheltenham would have little effect, the same day as an Imperial College study found the government’s “plan” was projected to kill half a million. Currently, as of last Tuesday, we’ve only had 175,552 deaths, so we’re doing fine, albeit the worst in Europe and most of the world.

…..so we’re doing fine, albeit the worst in Europe…...
Well, I suppose it depends on the interpretation of the data and, while I cannot verify Statista’s figures (they did get toilet roll usage per person badly wrong) these data of deaths per 1 000 000 paint a different picture.
where, far from being the worst, we are just above half way in a sensible interpretation of data.
Perhaps the comment above could be substantiated?

A pertinent question raised earlier (by John Ward I think) concerned the recording of the cause of death. That is, deaths recorded of someone who had Covid, but with another condition that was the primary cause of death. How consistent is this method of recording throughout the world as otherwise it distorts data, and leads to misleading statements?

Boris might be PM but, thankfully, does not single-handedly run the country. If he did we could reward him with praise for being the sole saviour of countless lives by devising and implementing what would seem to be one of the best vaccination programmes around. So let’s keep Boris bashing (while we can), but important information should be supported (and maybe Statista are wrong?).

I couldn’t say. But my stats are from Johns Hopkins University board and seem to be very well respected by the international community.

Boris might be PM but, thankfully, does not single-handedly run the country.

Well, I assumed being PM meant he was the leader. Does it not? And I was unaware he was a friend of yours. I, thankfully, am not on first name terms with someone who has demonstrated dereliction of duty in countless ways and does, in fact, seem to mirror Trump’s beliefs and behaviour, as well as adherence to the rule of law and personal integrity.

Of course, you are correct to note that the data are only as good as the countries which report them accurately, which is why I noted Europe as a reliable comparator.

The JHU data seems rather similar. Quoting total deaths is not appropriate, they need to be related to population although other factors are also relevant. Your link does not work (on my iPad anyway).

”….And I was unaware he was a friend of yours…”. OK 🙂

It’s fair to say I am not terribly interested in what the Prime Minister might have been doing while he could have been at a COBRA meeting. I doubt his participation would have been essential and have no idea whether or not his absence made any significant difference to the conduct of the coronavirus emergency. Pinning everything that went wrong on him does not seem rational. No doubt this will all be exhaustively raked over when the official inquiry gets going.

During any crisis for which we have no advance preparation some things will go wrong, or even badly wrong. The important thing is to learn lessons so that if something similar happens again we are better prepared.

I recognise that it is not very sensitive to those who have lost relatives to continue discussing the political processes surrounding the epidemic. I sometimes wonder whether full-blown inquiries are more likely to heal or reopen such wounds. I am particularly disgusted by the manner in which many politicians have purloined the grief of the Covid victims’ relatives for the purposes of political hostility in relation to ‘partygate’ so it might be best to say no more.

Kevin says:
30 April 2022

I’m not sure why the No10 controversy is being called Partygate, when it’s actually Lyingtoparliamentgate.

Bob James says:
1 May 2022

I am afraid you fail to grasp the whole point of pooling data for the benefit of everyone. When you have lost someone who might have been saved by medical staff knowing more about certain medical conditions then you would realise that all this verbiage about confidentiality pales into insignificance.

What you’re suggesting is that simply sharing notes on patient conditions could save lives. Well, several points about that: we know well several GPs and a consultant surgeon, none of whom thought sharing such data to be useful in any sense.

The point about sharing notes is not to act as a de facto information and learning exchange. Patient notes are generally unsuitable for that purpose, given that they’re brief (of necessity), written using abbreviations and generally unhelpful to those seeking to acquire specific knowledge. They are useful for showing the treatments and advice the patient has received.

As has been explained in detail above, in terms of advancing medical knowledge, the data have to be many and varied. A single set of patients’ notes are likely to be slightly less than useless in the circumstance you suggest.

There is a good explanation of the NHS scheme and its objectives here https://www.which.co.uk/news/article/nhs-patient-data-sharing-what-you-need-to-know-about-gpdpr-axsU10c8TVtc

I see no problem sharing my data that is pseudonomised, and the opt-out deals with those who are bothered.

The accusation of poor security is, of course, valid in principle. But the issue surely is the extent of security failures out of the whole gamut of data keeping, and that is not explained. A huge amount of data is stored about us in one way or another – financial, buying habits, cctv tracking, as well as medical information. The issue is to ensure that security of data is controlled to as good a level as possible, but it can never be perfect.

So what advantage can someone gain from access to pseudonomised medical data? That needs explaining. The potential benefits outlined in the NHS summary given by Which? seem to be very worthwhile to our future healthcare and to outweigh any possible risk.

Kevin says:
29 April 2022

Malcolm, the opt-out does not deal “with those who are bothered”; from the ICO:
Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent

Health related personal data is surely the most extreme example of a requirement for explicit consent.

” data… is pseudonymised”
This is a bit like the [bad] argument for backdoors in encryption software, since the data can be de-anonymised
“… decode the data in certain circumstances and where there is a valid legal reason…”
Criminals generally don’t require legal reasons

“Studies have shown that it can only take three pieces of anonymous data to identify someone personally”
In some cases it’s trivially easy to work back from ‘anonymised’ data, for example if redaction of only part of the postcode is deemed satisfactory.

So what advantage can someone gain from access to pseudonomised medical data?
Social engineering is the most common method of enabling exploitation of people, the more data you have, the easier that is, and it would also allow scammers to refine their targeting to the most vulnerable people. Criminals are highly innovative and motivated, if they can get the data, they will find a way to monetise it.

Most people would regard mental health and sexual health information to be highly confidential, once it’s off-premises you have no control over it and rely on the integrity and competence of other organisations. A quick review of conversation topics shows how much confidence we can have for commercial organisations to operate ethically or even competently.


Everything you ever wanted to know about medical confidentiality and its importance.

A number of DNA testing services (23andme perhaps being the first) are looking to collect health information… and I am happy to provide it. I am willing to take the risk that their site will be compromised, or the data de-anonymized, because I hope that it will lead to research that will improve/extend my life, or that of my family.
One reason some people are against this kind of data collection is that they object to the idea of a private company making a profit out of “their” data, but it is not as if they paid the tests themselves (in most cases), nor that “their” data would be of any value on it’s own. However, I would be more happy if this research was being done by the UK/State/Academia, than by overseas companies.

Nono says:
30 April 2022

As someone who has experienced numerous breaches of my medical records within the NHS and private medical organisations, I understand the damaging impact that can and does result when breaches happen. I do not want any of my medicals records shared because I have suffered enough. If others choose to share their medical records that is their choice. My choice has been arrived at after very careful consideration of the facts, ethics, personal health and wellbeing relating to this matter.

That’s fine, Nono — You’re not opposing the sharing of medical records under controlled conditions in principle but exercising your right to exclude your own personal data from the scheme.