National-Data-Guardian-for-Health-and-Care%E2%80%99s-Review-of-Data-Security2c-Consent-and-Opt-Outs-%E2%80%93-Big-Brother-Watch-Response

Recommendations

Info

Furthermore the debate relating to medical records being excluded from bulk personal datasets in the Investigatory Powers Bill 1 must be considered. It is one thing to use health data to protect national security in the face of a health epidemic; it is quite another to use individuals medical or health records as a targeted or bulk surveillance capability. Definitions should be published as part of the proposed security standards in order to make exactly clear when personal confidential data can be shared or used, and what exactly is deemed to be “lawful and appropriate”. Without clear definitions the opportunity to extend what is appropriate beyond the principles outlined in the review may occur, subsequently undermining the work of the National Data Guardian (NDG). Standard 6: A clear and easily understandable description of the process when a data breach occurs would be beneficial. This would clarify exactly how a report is to be made and who - in addition to the proposed senior management - will receive the report, handle the problem and subsequently oversee the process. We believe there would be benefit in involving an independent commissioner who has an expertise in data security, data breaches and data misuse. Their expertise would be a boon in assisting senior management in resolving the breach efficiently. We are surprised that an annual audit is not outlined as part of this standard. An annual audit would be beneficial as it would ensure the reporting of the number of data breaches, as well as any incidents of misuse or hacking. Ideally any audit would be undertaken by the National Data Guardian with the results being published as part of an annual report. By publishing a single report it would provide an easily accessible overview of how all the different bodies were approaching data protection. Having the National Data Guardian undertake audits and publish an annual report would also give a sense of independence to the process. Standard 9: We acknowledge the reference to the Government’s Cyber Essentials Scheme but it would be helpful if greater specific detail were provided which indicated clear that data will need to be encrypted, hashed and stored in secure data centres. Without exact guidance - supported by the Cyber Essentials Scheme more broadly - there is a risk that good intentions will be undermined and patient information will be left vulnerable. Standard 10: There is no detail about how suppliers will be held to account. More information needs to be published to clarify whether or not suppliers will be subject to publicly published annual audits and what penalties suppliers will face if they fail to protect personal confidential information? Question 10: Do you agree with the approaches to objective assurance that we have outlined in paragraphs 2.8 and 2.9 of this document? “HSCIC should work with other regulators to ensure that there is coherent oversight of data security across the health and social care system.” 1 Investigatory Powers Bill, Public Bill Committee: Twelfth Sitting, 26 th April 2016, http://www.publications.parliament.uk/pa/cm201516/cmpublic/InvestigatoryPowers/160426/pm/PBC_Investigatory%20P owers%2012th%20sit%20(pm)_26_04_2016.pdf 2
We support this intention but would like to see greater detail about which other regulators are being considered and what role they will play. It would be preferable if an independent, non-health care body, whose sole purpose was oversight and data protection, were on hand to assist HSCIC, rather than a body which looks at these areas as part of a broader remit. Question 11: Do you have any comments or points of clarification about any of the eight elements of the model described above? Standard 4: The new definitions offer greater clarity than before, however we are disappointed with how narrow they are. We do not support the view that citizens should not be able to opt out from sharing confidential information with studies conducted by third party researchers. The recent revelation that Moorfields Hospital signed an agreement to share data with Google’s DeepMind project without seeking explicit consent from patients is one example as to why informed consent in the form of an opt in is critical. Furthermore it must be made clear to patients exactly what it is they are choosing to opt in or out of. Based on the definitions provided in the consultation document not enough information is provided for an informed choice to be made. Standard 7: If anonymised data is not subject to an opt out, citizens must be informed that their data may be at risk of re-identification. To be clear, even if the risk is small, the citizen should be told. We say this because we remain concerned about the weight placed on anonymisation as a fool proof and secure method of protecting people’s identity. It is not. There is a wealth of research which shows that anonymisation does not categorically protect people from re-identification. We draw your attention to the work of the UK Anonymisation Network 2 . Their recent publications emphasise that anonymisation is merely a way of balancing risk; not removing the capability of identifying a person. A 2015 study conducted by Professor Latanya Sweeny Phd (Professor of Government and Technology at Harvard University, Director of the Data Privacy Lab and former Chief Technologist at the Federal Trade Commission) proved that 100% re-identification was possible even when the data was anonymised. By taking the South Korean Resident Registration Number which closely matches the make-up of the UK’s NHS number, Professor Sweeny was able to re-identify all citizens using two entirely different methods. 3 Professor Sweeny’s ought to be assessed 4 , because much of her work demonstrates that anonymisation is not without risk and cannot guarantee the security of personal information. 2 UK Anonymisation Network: http://ukanon.net/ 3 Technology Science, De-anonymizing South Korean Registration Numbers Shared in Perscription Data, 29 th September 2015: http://techscience.org/a/2015092901/ 4 Latanya Arvette Sweeney Ph.D: http://latanyasweeney.org/cv.html 3
Page 1: National Data Guardian for Health a
Page 5 and 6: Our unique research, based on Freed
Page 7: mobile phones to inform on populati

National-Data-Guardian-for-Health-and-Care%E2%80%99s-Review-of-Data-Security2c-Consent-and-Opt-Outs-%E2%80%93-Big-Brother-Watch-Response

Create successful ePaper yourself

Delete template?

Save as template?