FT readers respond: NHS plans to share patient records

This cuts across all norms of medical ethics and patient privacy. It should be resisted at every level, starting with parliament. — Narrow Gauge

As a doctor I am utterly appalled by this brazen attempt to monetise people’s most sensitive data without an opt-in. It’s outrageous! — DocX

Online opt-out can be done here: https://your-data-matters.service.nhs.uk/ but this form is only for over 13-year-olds. — myopinions

Thank for bringing this to my notice. I’ve just opted out. Interestingly, for under-13s, it requires a pdf form to be filled and emailed by a parent or guardian, making the process a little more complex than it is for over-13s. — +

In the last week there have been at least two hacks into medical records (Ireland and New Zealand) and possibly more. The current data points are clearly not secure and introducing more data points can only worsen the risk.
Worst-case scenario? All our medical records could be for sale on the dark web. Can you imagine the bribery emails? And all with no means of tracing the criminals.
They should be ashamed of this proposal. They are putting their own interests ahead of privacy and security. — Miname

Information processing should be kept within the NHS rather than transferring data sets to other users. Plenty of research projects work this way and it reduces the possibility of data escaping or being combined in ways we don’t want. — Pete

Everyone knows the NHS sits on a treasure trove of data, because it’s so vast and so particular. Yes, it should be pooled, because only then will its value be realised. But first and foremost it has value to the NHS itself.
Secondly, absolutely grant access to bona fide academic researchers under strict conditions. But the data should remain under NHS control. We are just discovering the power of machine learning and it will benefit humanity if we use it right. But I hope thousands opt out of these ill defined sharing arrangements. I will encourage my friends to do so. — Wessel

If the NHS is going to be allowed to do this, the least it should be required to do is publish both a list of entities who have purchased access to this data (an extension of what the NHS already does to a limited extent) and the exact terms of such access including pricing.
If you are going to force people to sell their data (and yes I use that word because the opt out is horrendously complicated for everyday people who don’t have time on their hands) then the least you can do is show them how much money you’re making from it.
My guess is the NHS will essentially give access for basically nothing to commercial entities who will run their hands at this treasure trove. — RuleOfLaw

I can see a lot of people are going to get excited by this and there will be opt-outs but I won’t bother for two reasons — the first is that analysis of mass data does offer the opportunity for more effective national health treatment based on more accurate analysis and the second is that some of the best analytical opportunities are going to come at the interface between the NHS and private enterprise so that bringing responsible private enterprise into the game is perfectly rational.
There is one other consideration which won’t be shared by others. I am often puzzled by the psychology of privacy when, in a modern tolerant society (one bending over backwards in this respect), there are very few things that really harm a person by being revealed.
In fact, not a lot is being revealed in practice that can be linked to a person and the Government does seem mindful of basic protections — the Information Commissioner is not a bad check on excesses and errors will result in later controls and regulation. The wider public interest seems to be for state use of big health data and its sharing with trusted partners. It’s probably less risky than being on Facebook. — Tim Pendry

Of course the devil is in the detail, as always — but can we all agree that the principle makes complete sense, with very exciting upsides for scientific research? — Upton

I might be missing something here but exactly how is this a problem to anyone? Only in very rare and implausible circumstances — such as the one you’ve invented — could a patient ever become identifying.
And even then, the data isn’t available to the general public so your theory relies on someone at a research agency from a likely totally different location to the subject knowing who the subject is from a very limited set of data. In that 1:1,000,000 chance game, why are you framing this as such a big problem? Please educate me. — Alphabetti Spaghetti

The outrage is understandable but the potential benefits from having this data available for research are enormous. If you want to benefit from healthcare “free at the point of use” then this is the sort of thing that you have to accept as the price. Alternatively, you could try moving to Montana, live off grid and get yourself a gun (or several). — An auld Scots engineer

As someone who runs a medtech company that is looking into using this dataset, I feel that people are kinda missing the point — access to this sort of data will improve countless lives! Also under GDPR you need the patient’s explicit consent to access patient level records, unless there is an incredibly strong reason why you shouldn’t which the minister has to sign off on. People get all freaked out about their data yet use FB, WhatsApp, and Instagram all day long. Ridiculous! — Odean111

Google has the information already, nothing new here — Rationality

Thank you and well done FT for putting this on the front page. It’s disturbing how little coverage this infringement upon privacy is receiving in the rest of the press. — Kvv