Backbench Tory campaigner promises judicial review of data grab of English GP patients unless UK government changes tack

Trove too tempting for computer criminals while public unaware of their rights, says David Davis

A judicial review will inevitability challenge the UK government's plans to extract millions of sensitive medical records held on GP systems in England, according to a high-profile backbench Conservative MP.

Speaking in Parliament last night, David Davis said that if privacy campaigners' concerns over the government's plans for General Practice Data for Planning and Research (GPDPR) were not addressed, they would seek a formal process to stop it.

"If the government does not take corrective action to address our concerns, there will inevitably be a full judicial review," he told MPs.

Davis had backed a letter threatening such a review – also supported by technology law campaigners Foxglove, Just Treatment, Doctors' Association UK, the Citizens, openDemocracy, and the National Pensioners Convention – shortly before the data extraction was put back from 1 July to 1 September.

But in Parliament yesterday, Davis called an adjournment debate in the Commons to argue that the database risked patient confidentiality, government could share the information with private tech companies, and presented a tempting target for criminals.

"Patient trust is vital to our NHS so foreign tech companies like Palantir, with their history of supporting mass surveillance, assisting in drone strikes, immigration raids and predictive policing, must not be placed at the heart of our NHS," he told MPs.

"We should not be giving away our most sensitive medical information lightly under the guise of 'research' to huge companies whose focus is profits over people."

Davis lambasted plans to store pseudonymised patient data because it is impossible to fully anonymise medical records, a fact well understood by experts in the field.

"The government has failed to explain exactly how it will use the data, failed to say who will use the data, and failed to say how it will safeguard this treasure trove of information," he said.

Medical histories including psychiatric conditions, history of drug or alcohol abuse, sexually transmitted infections, and pregnancy terminations would be held on record.

"Revealing this may not be embarrassing for everyone. But it could be life-destroying for someone," Davis said.

Meanwhile, holding a central store of medical histories would inevitably attract nefarious actors wanting to illegally break into the system. Davis pointed out that a 2017 ransomware attack brought parts of the NHS to its knees causing trusts to turn away patients and cancel 20,000 operations.

"These highlight significant problems the Government has yet to address," he said.

The backbench MP also said communication with the public over their rights to opt out of the scheme was severely lacking.

"Where are the texts, the emails, the letters to the patients?" he asked. "On the Today programme earlier this week, the Health Secretary indicated he was now willing to contact every patient. This is welcome and he should now be writing to every single patient involved in this proposed database and informing them properly."

The GPDPR is to store historic and ongoing GP records of 55 million people in England. When it was quietly announced in May, NHS Digital told citizens they'd need to opt about by 23 June before the 1 July implementation.

Davis advocated the OpenSafely approach to NHS patient data and analytics, created by Dr Ben Goldacre, science campaigner and director of the DataLab at Nuffield Department of Primary Care Health Sciences, and others.

The approach, sometimes dubbed Trusted Research Environments (TREs), avoids extracting sensitive patient records and instead runs analytics with the data in place within its original data store. Any analysis is carried out by a select group of data scientists and the only data leaving the group is summaries of specific queries.

Davis commended OpenSafely because it is "distributed across a range of databases – not centralised. Their software maintains health data within the secure systems it was already stored on – it is not transported outside the existing servers.

"This is important because the biggest risk with any new data system is losing control of the data dissemination – once it is out there, like Pandora's Box, you can't close the lid."

Replying in Parliament, Health Secretary Matt Hancock also appeared to advocate the OpenSafely/TRE model, but with one crucial difference. NHS Digital, effectively a branch of the government, would extract GP patient data into a central data store, and then apply the TRE model, rather than applying it to data where it already resides in GP systems.

"I have heard the concerns people have about using dissemination of pseudonymised data, we will not use this approach in the new GPDPR: the new system will instead use trusted research environments," Hancock told MPs. "All data in the system will only ever be accessible through a TRE. And this means that the data will always be protected in the secure environment, individual data will never be visible to the researcher and we'll know and will publish who has run what query or use which bit of data."

Critics might point out that trust in this approach would depend on trust in NHS Digital, which will run and control the central data store of patient information after it has been extracted from GP systems.

Hancock did not repeat his promise to write to patients to inform them of their rights to opt out of the data grab. ®

Narrower topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022