NHS email encryption
Roger Hayter
ukcrypto at chiark.greenend.org.uk
Mon, 27 Aug 2007 17:27:55 +0100
In message <46D2CC59.2010300@callnetuk.com>, PeteM <otcbn@callnetuk.com>
writes
>Roger Hayter wrote:
>> As I remarked on this thread, users of NHS systems can have no
>>expectation of privacy *from* the government.
>
>We certainly have the right to *demand* privacy from the government,
>though whether we can get it (or some of it) is another matter. The
>battle may not yet be lost.
>
Not if we are NHS employees (or patients) transacting NHS business:
unless you are talking about unenforceable "natural" rights.
>> The government already assert the right to use hospital
>>administrative and care record data for central administrative
>>purposes and for clinical audit. There is a lot of pressure to allow
>>it to be used it for medical research (which would include selling
>>the information to drug companies).
>
>*Anonymised* data, which (pace Ross) is a lot less sensitive than
>identifiable medical records.
Administrative and audit data is only anonymised "if possible", and for
audit, generally, the actual notes have to be checked by someone.
Research data has the name clipped off but is not to be aggregated. Age,
sex, post code, ethnic origin, past medical history, drug history and
allergies is plenty to identify most people down to single figures,
overkill in rural postcodes. This data is to be protected by the
researchers.
--
Roger Hayter