Originally Posted by
Saracen
Sorry Noxvayl, but that is SO full of misinterpretations I'm really not sure where to start. But I'll have a stab at it.
Firstly, that care.data system ABSOLUTELY DOES transfer identifiable personal medical information, That is the whole point of it - to extract that data, monthly, from all GPs and transfer it to a body set up to warehouse it. That data WILL include, for example, your NHS number, postcode, gender and so on. It is NOT anonymised data. Once it gets to HSCIC, they then exercise control of what's done with that data, not your doctor and certainly not you. Once it's there, you have NO ability to get it deleted, though you can stop further uploads, and you can, up to a point, prevent further dissemination after you object.
Anonymous and aggregate data has been going out for years, as has data necessary for running the NHS.
But this "extraction" process takes it way, WAY further.
Not only does the extraction process contain sufficient data to identify you, but a vast array of medical data about you, including prescriptions, referrals, treatments, outcomes, blood and other test results (*) .... and your ethnicity. It also includes whether you've been given certain types of advice by your doctor, like advice on exercise, on alcohol consumption, on smoking, and so on. And what I've said here is a very superficial list. It's VERY extensive coverage.
(*) At this stage, it DOESN'T include "sensitive" data, like HIV/AIDS status, STDs, terminated pregnancies, UVF treatment, etc. But notice I said "at this stage". Those aren't covered in "release 1", so won't be extracted. But there is a commitment to consider those in release 2.
As for this information being released to anyone else, it can't be released without your permission or other legal right. However, legislation covering patient record-keeping specifically introuduced such a right, known as Regulation 5, or s.251, that gives the authorities exactly that ability. It is NOT available for anyone to just wander up and ask, but there are a series of conditions in which "approved persons" WILL get access, and you will not even be told, never mind asked in advance.
And those "approved" may include medical charities, university or other researchers and, yes, commercial bodies, like drug companies. Information can also be supplied, in certain circumstances, in "identifiable" form, not anonymised, or pseudonymised. You just don't know what form it may be supplied in, or to whom, or when, or for what purpose.
...
See, your medical data can't be given out with your explicit consent or you can sue .... unless legal cause exists, and the s.251 authority in that 2012 SI controlling patient records creates exactly such a legal cause, overriding the GPs duty under the Data Protection Act and compelling them to disclose your records, and giving HSCIC the ability to disclose records, including "identifiable" PCD (Personal Confidential Data ), if their disclosure protocol is satisfied.