PKC

Ken Brown ukcrypto at maillist.ox.ac.uk
Tue, 26 Sep 2000 13:47:51 +0100 

Chris Wells wrote:
> 
>  >3. Value. Where is the threat of mass hacking of/ interception
>  >of NHS data? What is the value of the information?
>  >To whom? For what purpose?
> 
> It may also be prudent to consider emergent medical technologies; genetic
> testing is going to become much more widespread.
> If I was an insurance company, I reckon a trust's database of patients'
> results would be very valuable to me.
> When I was at med school, it was drilled into me that this data would be
> valuable to insurance companies. Even the requesting of tests is valuable
> meta-data, never mind the results.
> 
> The medical profession seems to think insurance companies.
> Personally, I believe drug companies would also be interested.
> 
> Maybe it would be better to ask how everyone gets what they want:
> Epidemiologists get raw data
> Insurance companies get a risk quantification
> Patients get confidentiality
> Drug companies get raw data
> Doctors get a PDA that they can use to request results, enter notes,
> prescribe drugs, schedule care, etc...(maybe I should build one)
> 
> All done with a reasonable level of infomation security.
> 
> None of the above groups can be denied access to data, because they can all
> argue that it belongs to them in part.

I don't see how private medical data belongs, even in part, to the drug
companies or insurance companies. They are in this for a profit, if they
want patient information they should do a deal with the patient and pay
them for it.  When I buy a can of baked beans the grocer doesn't retain
the right to know how I eat it. 

(Of course that doesn't apply to anonymised statistical information
which ought to be freely available to everyone, & these days often is:
http://www.phls.co.uk/publications/cdr.htm href=http://www.cdc.gov/mmwr/
although in cases like http://www.cdc.gov/ncidod/eid/vol5no1/hardie.htm
I'd rather be told which hotel it was!)

The big exception is obviously epidemiology/disease control where, for
interests of public health & self-defence society (or at any rate the
government) might need to demand personal data, which could be just
notification but might be as detailed as who ate what or who slept with
whom. These issues are going to get more important as infectious disease
once again becomes more significant (in rich countries - the poor didn't
have our 50 year antibiotic holiday from serious infection of course). 
There are perhaps circumstances in which it is right for public bodies
to demand full details of an infection & so would in the limit have to
be able to force medical professionals  to divulge details of patients
(cue old Typhoid Mary films...)

Ken