Millions of NHS records sold to 178 private firms: And officials don’t even know where details of 1.3m patients ended up
- Dates of birth, postcodes and diagnoses sold to hundreds of private firms
- Details of up to 1.3m patients went missing because no record was kept
- Data is anonymous, but review found it was easy to deduce patient identity
Millions of NHS medical records were sold to 178 firms including five insurance companies without sufficient checks, health officials admitted yesterday.
The ‘intensely private’ information includes dates of birth, postcodes and diagnoses and was used for such things as calculating insurance premiums.
Incredibly, the details of up to 1.3million patients effectively went missing on at least two occasions because no record was kept of which firms they were given to.
Millions of NHS medical records – including details such as dates of birth, postcodes and disgnoses, were sold to 178 firms including five insurance companies, it has been confirmed (library image)
Although the data is anonymous, a review found it would be possible to ‘deduce’ the identity of patients involved. Officials acknowledged that the data had been passed on too freely, without sufficiently rigorous checks to establish exactly what the organisations intended to do with it.
An investigation by the Government body responsible for NHS records – the Health and Social Care Information Centre (HSCIC) – found that patient data was handed to the 178 firms a total of 588 times between 2005 and 2012.
The firms given the data included management consultants and private healthcare company Bupa. The NHS charged admin costs, but did not make a profit.
The insurance companies involved used the information to help set premiums by looking at illnesses in terms of who got them, at what age and in which areas.
‘Bullied’: Dr Gordon Gancz who is opposed to the scheme so has opted all patients out
Public health expert Sir Nick Partridge, who led the HSCIC investigation, said there had been ‘significant lapses’, where officials had not properly checked how organisations were planning to use it.
He added: ‘The public simply will not tolerate vagueness about medical records that may be intensely private to them. We exist to guard their data and we have to earn their trust by demonstrating scrupulous care with which we handle their personal information.’
He found that ‘in some cases the decision-making process was unclear and records of decisions incomplete’ and concluded: ‘This is unaccaptable.’
Although the HSCIC said it now imposed much stricter controls on who can access the data, the findings have added to concerns about the latest controversial proposals to harvest GPs’ files. Presently the NHS only stores information electronically about patients who have been to hospital.
But this autumn, a new scheme called Care.data will extract information from GP records to be stored on a giant database and passed on to private firms as well as universities for research.
These files contain far more personal, sensitive data that patients have told their doctors in confidence about anxiety, sexual problems or conditions they have never mentioned to friends and families. Although patients names will not be passed on, campaigners are concerned they can easily be identified and that their details could be published on the internet.
Care.data was postponed after the British Medical Association (BMA) and the Royal College of GPs (RCGP) expressed concerns.
NHS officials claim the scheme will help patients by highlighting poor care, long waiting times and potentially unlocking new cures.
Patients’ data will automatically be harvested unless they ask to be opted out by their GP. But the Mail has reported how some doctors are so opposed to the scheme they have opted all patients out, including Dr Gordon Gancz in Oxford, who accused the NHS of ‘bullying’.
How the Mail have covered the scandal: A series of headlines from the paper
Phil Booth, of the campaign group medConfidential, said: ‘The Government says it will stop the sale of patient records to insurers, but what about the millions that have already been sold?
‘All our data that should never have been given away must be deleted.’
Andy Williams, chief executive of the HSCIC, said: ‘I want to draw a line under the past.
‘We need to move forward and focus on ensuring our processes and decisions are robust, clear and transparent.’