We have seen in recent times how secure our national databases are. HM Revenue & Customs, the Ministry of Defence, the Department of Health, the Foreign and Commonwealth Office have all been reprimanded for serious ‘lapses’ that have put at risk the personal data of millions of UK subjects. On a wider scale, The Information Commissioner reported in January that there had been over 400 data breaches by government and the NHS in the past two years. Last month, the national children’s database, which records details of England’s 11 million under 18 year olds, was described as ‘not stable’ – official-speak for yet another security breach. Our national databases, it seems, are about as secure as a paper bag full of water.
Against such a backdrop, one might expect a prudent government to exercise some restraint in expanding its collection of leaky databases. But then our government is nothing if not imprudent; and therefore it comes as no surprise to learn that, in its zeal to establish a centralised national database of NHS patient records for England, it has resorted to stealth to speed up the creation of its so-called Summary Care Record (SCR) database across five NHS ‘early adopter’ regions.
The SCR – initially containing limited information including medication and allergies, but expected in time to expand to full medical records – is intended to provide crucial medical details whenever and wherever they are needed in the NHS. On a lofty note of worthy idealism, Connecting for Health, the body charged with setting up the database, allows patients to opt out of the scheme but – crucially – has adopted a wheeze called the ‘Implied Consent Model’ that assumes consent unless the patient specifically says ‘no’:
“Summary Care Records are being uploaded under a model of informed implied consent…Under an informed implied consent model, patients are assumed to be happy to for their records to be created unless they specifically opt out.”
Putting aside the subterfuge involved in assumed consent, the key word here is ‘informed’. For ‘implied consent’ to have meaning, patients must know they have a choice. If they remain in the dark, unaware of the scheme, then consent has no meaning – which means they have not consented.
It now appears that, in the breakneck rush to establish the database before the election, lest the Tories win and scrap the £600 million scheme – over one million records have already been created, and a further 8.9 million are imminent – patients have received only scant, virtually meaningless information about the scheme. Those who have considered opting out have faced a battery of bureaucratic hurdles and official scare-mongering – including heavy-handed ‘you have been warned’ hints on the opt out form that their future care may suffer if they do refuse:
“What does it mean if I DO NOT have a summary care record?
Health-care staff treating you may not be aware of your current medications in order to treat you safely and effectively.
Health-care staff treating you may not be made aware of current conditions and/or diagnoses leading to a delay or missed opportunity for correct treatment.
Health-care staff may not be aware of any allergies/adverse reactions to medications and may prescribe or administer a drug/treatment with adverse consequences.”
The nanny state, it seems, is quite happy to adopt bullying tactics when it suits. Patients unsure about whether they wish to allow the records to be uploaded might wish to review the findings of the Joseph Rowntree Reform Trust report ‘Database State’, published last year. The report assessed 46 public sector databases and says among its conclusions:
• A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.
• Fewer than 15% of the public databases assessed in [the] report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.
• Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.
• The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.
• The UK public sector spends over £16 billion a year on IT. Over £1 00 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.
Of the SCR, the report had this to say:
“There are 29 amber databases including:
The NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, although some in the Department of Health appear to want to develop it into a full electronic health record that will be available nationally. In Scotland, where the SCR project has been completed, there has already been an abuse case in which celebrities had their records accessed by a doctor who is now facing charges. The Prime Minister’s own medical records were reported compromised. There is some doubt about whether patients will be able to opt out effectively from this system, and if they cannot, it will be downgraded to red.”
Amber means that a database has significant problems, and may be unlawful.
Damp paper bag security is, it seems, is only one of a host of problems facing the SCR database. Dr No expects he will opt out.