Targeted junkmail "from" your GP?

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Tue, 01 Jul 2008 11:15:04 +0100 

David Hansen wrote:
> On 30 Jun 2008 at 17:11, Peter Fairbrother wrote:
> 
>> To give an example, suppose an AIDS trial. The researchers prepare a set 
>> of criteria which is passed to GP's surgeries. Surgeries then run the 
>> criteria against their records (they get paid for this BTW), and report 
>> the number of results.
>>
>> The results will be almost identical to those generated by a centralised 
>> database survey, the difference being Surgeries who don't perform the 
>> search - which would not be in the interest of their patients, so 
>> probably not many losses here - plus the people who opt-out of a 
>> centralised database. Overall I'd guess that the gains would far 
>> outnumber the losses, especially after surgeries get used to running 
>> searches.
>>
>>
>> Surgeries then write to any possible candidates (they get paid for this 
>> too), and things go from there.
> 
> I think this is the right approach, though details could be discussed 
> in order to refine them. It is the sort of approach I was thinking of, 
> though had not put into words.
> 
>> I'd suggest three categories of search - one mandatory, for NHS 
>> administration purposes only, and all results must remain within the NHS 
>> administration (unless they pass them on to the Police for investigation 
>> of misconduct, Shipmanism, etc).
> 
> I think that this should be subject to some real regulation. It is not 
> good enough for some official to think it is a good idea to scoop up 
> say 25 million records and then put them on an unencrypted piece of 
> plastic.
>  
>> Second, mandated research. Surgeries must perform these searches. These 
>> searches should be approved by the NHS, a privacy committee, and an 
>> ethics committee.
>>
>> Third, voluntary research. These searches should be approved by a 
>> privacy committee and an ethics committee. Surgeries get paid extra for 
>> running these searches.
> 
> I'm not sure that such a distinction is useful. What sort of things 
> were you thinking of putting into each category?

This isn't something I'm going to defend in detail, as it's just a rough 
direction rather than a specific suggestion, but eg epidemiological 
research commissioned by the NHS or BMA (do I mean BMA?) could go into 
category 2, and commercial drug research into category three.

It might be an idea to have a fourth category, voluntary unpaid 
searches, for academic researchers etc. Surgeries don't get paid for 
this, but it should only take them about ten minutes a week - or no time 
at all if automated - consider it a pro bono service.



There is one possible disadvantage to this scheme - it takes a while to 
get a search approved. If researchers have unlimited access to an entire 
dataset then they can do lots of searches in much less time, modifying 
the search terms between searches. Searching at semi-random, or by 
hunch, can actually be quite useful, as often you don't know what is 
going to be significant before you find it.

However if this much access is granted then all control over privacy, 
indeed over the dataset, is in practice lost, and I don't think, even 
for the privacy-ignoring invisible people in charge of NHS IT, that that 
was ever the plan - I think there was always meant to be some form of 
prior approval required for each search.

If I am correct about that then there is very little difference between 
distributed and centralised databases from a search efficiency 
viewpoint, and a distributed database is about half the cost. far more 
robust and secure, and almost infinitely more privacy-preserving than a 
centralised database.

-- Peter Fairbrother


> 
>> The privacy committee should look at the results to be submitted - eg in 
>> many cases it might be "we have 6 patients matching the criteria".
> 
> That is a very good point
> 
>> Full 
>> records should not be made available without patient consent.
> 
> I can imagine the howls from the medical research mob about this.
> 
>