Decrease font size
Increase font size
Topic Title: Questions over NHS patient data sold to commercial companies
Topic Summary:
Created On: 24 February 2014 02:39 PM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 24 February 2014 02:39 PM
User is offline View Users Profile Print this message


Posts: 1059
Joined: 05 September 2004

Hospital records of all NHS patients sold to insurers

Since the telegraph story is vague on the exact content of the date of birth and postcode information sold along with the patien records, I have today written to the Department of Health with the following questions to clarify the issue...

Was any NHS patient information data sold between 1997 and 2010 to commercial companies, including insurers, actuaries etc, which contained the full date of birth of the patient (Day, Month, Year) and their full postcode?

If not to what was the maximum resolution of the date of birth data (e.g. year only) and postcode data (e.g. first two letters only)?

Using full date of birth and postcode information it would be very easy for insurers to access our personal health records on an individual by individual basis. Anyone even remotely familiar with relational database systems could do this after a week of training.

James Arathoon
 24 February 2014 11:50 PM
User is offline View Users Profile Print this message


Posts: 1059
Joined: 05 September 2004

Update in Telegraph

Patient records should not have been sold, NHS admits

"Last night a spokeswoman for the Health and Social Care Information Centre (HSCIC), which is now in charge of NHS data, said its predecessor body was wrong to sell the information to the insurance industry.

The £2,220 purchase in 2012 was made by the Institute and Faculty of Actuaries - a professional body for professionals who work for insurance and investment companies. It was then handed to another society for actuaries, which published guidance on how to "refine" critical illness cover.

The spokeswoman for HSCIC said: "The HSCIC believes greater scrutiny should have been applied by our predecessor body prior to an instance where data was shared with an actuarial society."

"We would like to restate that full postcodes and dates of birth were not supplied as part of this data and that it was not used to analyse individual insurance premiums, but to analyse general variances in critical illness," she added.

The organisation said it would publish details of the bodies to whom it supplies such data later this year."

This does not answer the question of whether or not data on individuals could be queried from the data when matched with other types of information commercial insurers collect in addition to postcodes and dates of birth.

13 years of hospital data - covering 47 million patients - is worth £2,200 to government apparently - i.e. virtually valueless and not worth spending serious money on protecting.

James Arathoon
 25 March 2014 04:14 PM
User is offline View Users Profile Print this message


Posts: 8443
Joined: 15 January 2005

Good job it was a 'professional' body. Goodness knows what might have happened otherwise.
It should be easy to undo the deed as it shouldn't have happened in the first place. That will be interesting if it could actually happen.

Thinking about it, they would have ensured it couldn't be passed on to any third party by simply locking it. In this day and age, if microsoft can do it, then governments would find it a piece of cake.

Sorry but it's been a funny old day and I really shouldn't take the p!


See Also:

FuseTalk Standard Edition v3.2 - © 1999-2016 FuseTalk Inc. All rights reserved.