NHS England defends security of its care data

NHS England has rebuffed critics who say individuals could be identified from data collected for its care.data programme as it relaunches the initiative.

The health information collection scheme was put on hold last year following a poor public awareness campaign and fears of security breaches, but pilot ‘pathfinder’ schemes are starting again.

The NHS response was aimed particularly at the suggestion by Sky News that it would be ‘easy’ to uniquely identify any one person through the data collected for care.data, saying that was ‘incorrect’.

‘The likelihood of being able to identify an individual is negligible,’ it went on, explaining that GP records, including NHS numbers, dates of birth and postcodes, could not be cross-referenced with publicly available data, as had been suggested by Sky News, as they would not be accessible so therefore could not be linked to social media.

It also stressed that credit rating agencies or health insurers would not be granted access to the NHS’ secure data facility (SDF) where the information will be held.

‘The networks and computer systems used by the NHS have strict controls in place to ensure patient details are protected. Infrastructure security is routinely and robustly tested and monitored to ensure it meets recognised international standards,’ it went on, adding that, once the information database was initiated, all confidential data would be held on secure servers in protected, independently assured data centres, with only a small number of authorised personnel granted access.

Furthermore, confidential data is always encrypted whilst in transmission and the secure networks are regularly tested and monitored for any type of attack, it reported.

‘To access the data collected as part of care.data, applicants will need to go through an approvals process and, in the pathfinder stage, can only see it on-site at a SDF and with identifying details removed.’

Data is de-identified and protected through pseudonymisation, which replaces identifiers in a record with alternatives more than 100 characters long, from which identities of individuals cannot be inferred.

Though NHS England says the data collection will provide vital information to support research into new medicines and the better treatment of disease, it faces an uphill struggle to convince the public that personal information will be stored and used appropriately.


UK pledges digital health records for all by 2018

Don't miss your daily pharmaphorum news.
SUBSCRIBE free here.