Your GP medical records are easily some of the most sensitive records that exist about you. They contain the history of events that have affected your mental and physical health. NHS Digital has now announced that that very same data may be shared about any living patient that is registered at a GP practice in England. Thankfully, we can opt-out.
The collected data will be "disseminated" - shared and spread. Now, alongside this, the government has commanded NHS Digital to instruct their GP to hand over a copy of their lifelong medical history to be sold. Surely, a majority of the population don't know about this. What right do the government have to sell our private data like that? This is our lives, already we don't have much privacy. Just look at Facebook. The government doesn't need to know the slightest detail about me.
NHS Digital will be able to share your data "about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.” This will also include data about “staff who have treated patients”, and data “on sex, ethnicity and sexual orientation”, as well as other sensitive data.
Yes, the extraction starts on July 1st, but, you have until the 23rd of June to opt-out of the data collection. The press release for the matter does state that you can "opt-out at any time". But, if you look into the privacy notice, it states that data that has already been collected before you registered the Type 1 opt-out will still be held by NHS Digital. As in, if your data has already been collected by the time you opt-out, that's it. They're not deleting it.
Now in order to "protect our privacy", NHS Digital states that “there are lots of protections in place to make sure patient data is used securely and safely”. Wouldn't our data be safer if they didn't share our data with their customers? Anything close to the government isn't safe.
Apparently, there is going to be a secure data processing facility that has a layer of rules, approvals, protections, and monitoring. But the Government has not made it mandatory for patients’ GP data to only be accessed via this highly secure, heavily audited environment. So, who says that NHS Digital's customers aren't going to continue accessing our private data?
Some of NHS Digital's customers are audited when they receive copies of data. Not all of them. Many audits have revealed that organisations do actually break the protections in place. But as well as that, they do not stop getting access to data once they have been broken. What kind of protection is that? Yes they have rules. But if organisations break those rules, nothing changes. Some of these protections are legal obligations, but audits have shown that one public body did not even conduct a legally required data protection impact assessment.
Escape having your data stolen and used freely. The government has done NOTHING to make us trust them. So why should they get their grubby, filthy hands on our personal data? They shouldn't.
Now to fully opt-out from having your data used for other than your healthcare is a two-step process.
Save your privacy. Make sure you opt-out by the 23rd June.