Out-Law News 3 min. read

Government admits anonymisaton of data does not always secure individuals' privacy


Health and care service providers and private sector life scientists will have access to anonymised medical data relating to individuals who consent to the sharing of their records under a new 10 year information strategy outlined by the Government.

The Department of Health (DoH) published the new health sector strategy for England and claimed that better sharing of medical data would help deliver improved patient services and better inform research. However, it has admitted that anonymisation of records does not necessarily prevent that data being attributed to individuals. As a result it said the "granular" nature of the information should be reviewed before it is "released".

"While it is right and proper that Government should assume that it will make data available to support public accountability it must have in place a systematic approach to ensuring that it has considered any risks to individual confidentiality, and taken appropriate measures to address these," DoH said in its strategy document.

"Although publicly available datasets will always be anonymised there can be a risk of ‘jigsaw’ identification. For example if data at hospital episode level were to be released – if someone knows the hospital, admission date and approximate age of a patient, they may well be able to deduce which record relates to that person."

"The risks are low and there are ways of mitigating it (eg. removing low numbers or aggregating data sets) but these can also reduce the value of the data. Our view is therefore that the level of granularity of data to be released needs to be reviewed carefully on a case-by-case basis for each dataset," it said.

Privacy campaigners and academics have previously expressed concern with an approach that relies too heavily on anonymisation of data to protect individuals' privacy.

DoH said it would keep in mind any "data protection and related issues" when considering when to release datasets and would consult with the UK's data protection watchdog, the Information Commissioner, where it was "necessary" to do so.

There will be "secure" online "clinical portals" where health and care professionals can access medical records, DoH said. Individuals' data will be made anonymous after being "combined" with others' records, but only if those individuals consent to the sharing of their data.

DoH said that patients that give consent would give the Government the right to use their data and that the Government would be responsible for explaining "exactly what we plan to do with it and, when sharing it, to take all reasonable steps to protect your confidentiality."

"Across social care, public health and healthcare, the intention is for combined then anonymised data from individual records, along with other sources, to become the main source of the information used to drive system improvement, our health and care choices, integration, efficiency, research, support growth and allow robust measurement of care outcomes," DoH said.

The Department said it hopes that its information strategy will lead to secure sharing of medical data between different providers of care in a manner that allows "data to flow between systems" whilst keeping confidential details "safe and secure". It said it would not be prescriptive about what kind of systems service providers use and would only intervene "where systems need to be coordinated centrally."

"Government is committed to moving away from an approach where it expects every organisation to use the same system, to one where it helps connect and join up systems," it said. It added that the use of modern technology in the provision of health and care services should become "widespread" in order to make those services "more convenient, accessible and efficient."

A drive towards better transparency should also allow the public access open and easy access to information about services and the quality of care that is stored by Government and other health and care bodies, DoH said.

As part of the strategy doctors surgeries in England will have to set up a system that allows patients to access their medical records online, DoH said.

"All NHS patients will have secure online access, where they wish it, to their personal GP records by 2015 (by the end of this Parliament)," it said. "By 2015, all general practices will be expected to make available electronic booking and cancelling of appointments, ordering of repeat prescriptions, communication with the practice and access to records to anyone registered with the practice that requests these services."

Earlier this year the Information Commissioner's Office (ICO) outlined its own information rights strategy and said it would give "particular regulatory attention" to health organisations as it announced it was focusing on specific areas most likely to result in damage to people's rights. The Data Protection Act requires organisations to take particular care over the processing and storage of sensitive personal data, such as medical records.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.