04.04.14
More than 50 private sector firms accessing NHS data
In the first audit of data disclosures by the Health and Social Care Information Centre (HSCIC)it was revealed that data has been released on more than 450 occasions, including 56 times to private sector firms.
In its efforts to deliver greater transparency, the register covers data releases approved by the HSCIC from the point it was established (1April 2013) to 31 December 2013. However, what it did highlight was that a number of healthcare providers and consultants, including Bupa, Care UK, McKinsey, PwC, and Ernst & Young, had received patient data in the past.
In a breakdown of the data releases, HSCIC stated that 347 releases were ofpseudonymiseddata and there were 75 releases of identifiable data, all with an “appropriate legal basis for sharing in place”.
The vast majority of releases (104) were made to health and social care organisations, such as NHS trusts and bodies such as universities and charities, but 56 private sector organisations which provide services to the healthcare system also accessed data.
Kingsley Manning, HSCIC’schair, said: “By placing this register before the public the HSCIC is taking an important step towards the full transparency needed to help the public gain confidence in the services we provide.
“We are absolutely committed to encouraging scrutiny of our work and we welcome feedback on today's register, which is important towards informing the structure and clarity of future publications and indeed to the organisation as it develops
However, the data register has come under fire. Phil Booth, coordinator of medConfidential, an independent campaign fighting for confidentiality and consent in health and social care, said: “Despite saying it has turned a new leaf, HSCIC is deliberately concealing releases of data that might cause itself, or ministers or other officials, embarrassment or political damage. The Information Centre’s lack of transparency is clearly not as “innocent” as its Chair has claimed.
“HSCIC continues in its ridiculous assertion that pseudonymised data is not sensitive or identifiable when tools its customers have built show you can track individuals visit by visit through hospital – and with information published in press reports, social media posts or the date your child was born make it possible to pick out a named individual and read off their entire record.”
Following on from the releases of the register, a proposed amendment to the Care Bill, which is currently before Parliament, is for the Confidentiality Advisory Group (CAG) to advise the HSCIC on data releases. The HSCIC has welcomed this proposal and has identified a number of areas of the register where it will seek guidance from CAG and any other such bodies established by Parliament, including on the use of data by commercial organisations.
Tell us what you think – have your say below, or email us directly at [email protected]