NHS Digitisation: Sunlight is the best disinfectant

Consider two write ups in Financial Times:

NHS to digitise records and share them:

NHS Digital, which runs the health service’s IT systems, confirmed the plan to pool together medical records from every patient in England who is registered with a GP clinic into a single lake that will be available to academic and commercial third parties for research and planning purposes….
Patients have until June 23 to opt out by filling in a form and taking it to their GP before their historical records will become a permanent and irreversible part of the new data set. Patients who opt out after the deadline can stop future data from being funnelled into the new system.

As it happens, general populace is unaware of the privacy dimensions of widespread sharing of data. Assuming it is concentrated, it represents a significant honey pot for anyone willing to perform “modelling” and worse- “hack it away”. The spate of ransomware shouldn’t be lost on the ageing infrastructure as well as foreboding privacy risks in the future. The next wave of attacks won’t be entirely “security of the digital assets” but will require significant investments in ensuring the “data integrity”. As medical practitioners, it is critical to ensure that we can rely on what our eyes see. It will require an audit trail of presented data and wrapped up in strong encryption layers. I am not sure how they are going to structure the entire infrastructure.

The accompanying editorial raised it’s concern about “third parties”:

Attempts by NHS Digital, which runs the health system’s IT, to assuage concerns leave more questions than answers. It says that it does not sell data but that it does charge organisations for access. “We do not allow data to be used solely for commercial purposes,” it pledges. The word “solely” does much heavy-lifting in that sentence.

While there is a fair bit of self-congratulatory tone about the “unique data trove-anywhere in the world”, it raises the above mentioned concern. Notes are as good as the people transcribing them. Digitisation (and therefore OCR recognition) will require tremendous effort. NHS has Google in the same bed, and I am assuming that they have some opaque structure to shield themselves from the ongoing process. The details are not linked out in public domain. However, it will remain the first ever population level data that stretches back to several decades. I am curious to see the outcomes of this partnership.