NHS email encryption

PeteM ukcrypto at chiark.greenend.org.uk
Thu, 30 Aug 2007 10:57:16 +0100 

Roger Hayter wrote:
> In message <46D2CC59.2010300@callnetuk.com>, PeteM <otcbn@callnetuk.com> 
> writes
>> Roger Hayter wrote:
>>>  As I remarked on this thread, users of NHS systems can have no 
>>> expectation of privacy *from* the government.
>>
>> We certainly have the right to *demand* privacy from the government, 
>> though whether we can get it (or some of it) is another matter. The 
>> battle may not yet be lost.
>>
> Not if we are NHS employees (or patients) transacting NHS business: 

The NHS is bound by the law like any other organisation. Some laws - in 
particular the DPA - grant privacy rights to all citizens including 
patients. Such laws can in principle be enforced.

> unless you are talking about unenforceable "natural" rights.

In the long term all rights, legal or natural, are unenforceable because 
the legislature can remove them by changing the law. In the short term 
they can be enforced by the courts, or simply by the pressure of enough 
people asserting  them. This has already happened once with the DH 
conceding right to withhold one's GP records from the "spine".

> 
>>> The government already  assert the right to use hospital 
>>> administrative and care record data for  central administrative 
>>> purposes and for clinical audit.  There is a lot  of pressure to 
>>> allow it to be used it for medical research (which would  include 
>>> selling the information to drug companies).
>>
>> *Anonymised* data, which (pace Ross) is a lot less sensitive than 
>> identifiable medical records.
> 
> Administrative and audit data is only anonymised "if possible", 

Really? Who says? I thought it was the other way around. Anyway, in what 
circumstances would it not be possible to anonymise personal data? I can 
see that in some circumstances it might be necessary to *break* 
anonymity that had been imposed, but I can't see how it might be 
impossible to impose it in the first place.

and for
> audit, generally, the actual notes have to be checked by someone. 

AIUI, typically a senior clinician who would be bound by professional 
obligations of patient confidentiality.

> Research data has the name clipped off but is not to be aggregated. Age, 
> sex, post code, ethnic origin,

Is the *full* postcode to be attached, in clear, to records used for 
research?

past medical history, drug history and
> allergies is plenty to identify most people down to single figures, 

These items cannot be used to identify a subject - i.e. discover his 
name and address - because each particular (named) individual's drug 
history is not in the public domain, unlike his age, sex, address etc.



-- 
Pete Mitchell