Under plans to digitise the NHS in England and make anonymised medical data available for wider use, the Health and Social Care Information Centre (HSCIC) is to start accumulating data from GPs and public health bodies in March and form a new database, known as 'care.data', which it will have the power to grant access to in certain circumstances.
According to HSCIC's public assurance director Mark Davies the process for anonymising personal medical information, aggregating the data and selling it to third parties such as medical researchers and insurance companies does not have to guarantee individuals' privacy to comply with UK data protection rules.
According to a report by the Guardian, Davies has admitted that there is a "small risk" that the data which has been anonymised before it is handed over to third parties might be able to be linked back to individuals if companies accessing the information match it to data they already hold or otherwise have access to.
"You may be able to identify people if you had a lot of data," Davies said, according to the Guardian's report. "It depends on how people will use the data once they have it. But I think it is a small, theoretical risk."
The Data Protection Act (DPA) applies rules to the collection, processing and storage of personal data, but it does not place conditions on the use of personal data where that information has been anonymised.
The concept of data anonymisation was dealt with by the Information Commissioner's Office (ICO) in 2012 when it released a code of practice on anonymisation. The watchdog said that data anonymisation techniques do not have to provide a 100% guarantee to individuals' privacy in order for it to be lawful for organisations to disclose the information.
Organisations that anonymise personal data can disclose that information even if there is a "remote" chance that the data can be matched with other information and lead to individuals being identified, it said. The ICO said that the DPA "does not require anonymisation to be completely risk free".
In "borderline" cases, organisations have to assess the individual "circumstances of the case" to determine whether there is too great a risk that disclosing anonymised data would lead to individuals being identified, the ICO said.
NHS England is currently in the process of distributing leaflets to households across England to explain to people that their health data is to be accumulated and that it could be used by third parties. Individuals have the option to opt out of the data sharing scheme.
Data protection law expert Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said, though, that he was keen to see the precise terms on which the leaflet deals with which parties will have access to the data and how informative it is about the purposes of that sharing.
"The most important safeguard is that there is an auditable trail identifying which parties have had access to data under the scheme," Dautlich said. "That will allow individuals some form of potential control over the use of their data."
"There has been some suggestion about a parallel with electoral roll data, in the sense that a legal challenge many years ago over the availability of the electoral roll resulted in two versions of the electoral roll," he said. "Individuals are obliged to provide their details to local electoral roll officers for inclusion on the electoral roll, but the automatic selling of that data to businesses for marketing purposes was deemed unlawful meaning there are now two versions of the electoral roll. The edited version does not include details of those individuals who have opted out of consenting to the use of their data for commercial purposes."
"NHS England’s leaflet of course already takes on board that basic element of choice, though how this is presented to individuals across the country – will they mistake the leaflet on their doormat for junkmail? – and what sort of safeguards are in place in the scheme – for example an audit trail of the type mentioned above – will be of great interest," he added.
"For organisations seeking to access the data so shared, they will need to undertake a careful assessment as to whether Mark Davies’ comments work for their particular circumstances, or whether in their case there is a more than remote prospect of re-identification. They will need to weigh that against many undoubted research benefits from such 'open data' initiatives," Dautlich said.
Expert in life sciences at Pinsent Masons, Helen Cline, said that anonymised data sets are not always of most use to medical researchers.
"Big data is the game changer in the development of innovative solutions to the prevention and cure of disease," Cline said. "It has the potential to reduce uncertainty, facilitate more targeted drug discovery and make personalised medicine and earlier access to medicines a reality."
"In many circumstances, to fully understand a clinical phenomenon the snapshot of a patient's medical condition needs to be integrated with data on his or her past clinical and lifestyle history. European legislation, regulations and policies must be updated to fully leverage the potential of this data to revolutionise and 'individualise' diagnosis, prevention and treatment," she said.