Data Sharing Review

PeteM ukcrypto at chiark.greenend.org.uk
Fri, 18 Jul 2008 09:29:40 +0100 

Ian Batten wrote  on 17-07-08 15:42:
> Here are your records Mr Batten, on this USB stick.  (Seen those Super 
> Talent Pico-C ones?  Very neat).  It's not encrypted, but there are 
> binaries of our recommended encryption for OSX, Windows, Linux and 
> Solaris on the stick too.  If you want the source, it's there too: feel 
> free to audit it yourself or pay someone you trust to do it.  Or use 
> another encryption package, your choice, provided it is a drop-in 
> replacement.  It's up to you, though: if you encrypt it and don't have a 
> way to get the keymat to us in event you're not capable of telling us, 
> or you simply don't have the stick available, it might affect your 
> treatment.  And if _that_ worries you, then we'll look after a replica 
> on our spiffy computers and make it available over the network when you 
> attend the hospital, under this governance policy.
> 
> Personally, see above, I'd shove the stick unencrypted in my wallet: 
> it's of no more value than anything else in there.  I'd make a few 
> backup copies, though, and those I'd lightly encrypt.  Others, perhaps 
> those with, er, chaotic lifestyles, will take the online option.  Others 
> will encrypt all the copies.

Do you mean you would like this USB stick to be the *only* copy of your 
medical notes? That is not possible: each practitioner who deals with 
you has a right to keep a copy of the encounter in order to protect his 
*own* interests. He may need to defend himself in a negligence suit you 
bring against him. He may be audited by the NHS Counter Fraud people to 
ensure that he hasn't been forging his quality of service claims, or 
writing phoney prescriptions for you that he then gives to somebody else.

The debate is not whether doctors should be allowed to keep copies of 
your medical records - they must. It is about how and where the doctors' 
copies of your records are stored, and who else has the power (both 
legal and de facto) to examine them.

Personally I am much more afraid of the government's abuse of my medical 
records than I am about any third party's. Partly because the government 
has far greater power over my life than anyone else, and partly because 
they have form in misusing personal data. And if the government wants 
access to my records, they won't need to worry about whether they are 
encrypted, because they'll have the key. That's why I don't think 
encryption is really an issue in this debate at all.

-- 
Pete Mitchell