NHS Digital launches new de-identification system for sharing patient data
- 4 July 2018
NHS Digital is launching a new de-identification system to anonymise patient data for the purpose of sharing it across various health and care settings.
The organisation has signed a contract with privacy software company Privitar to deliver the technology, which is designed to prevent an individual’s identity from being connected to their patient data.
The de-identification (De-ID) process will enable NHS Digital to better protect identifiable information in cases where patient data is shared for research and planning purposes, to help deliver a better picture of how care services are delivered across the NHS.
While NHS Digital already employs means of de-identifying data across the NHS, the De-ID system provides a single means of doing so across the organisation’s entire estate.
A procurement notice for the system was put out in February this year.
Tom Denwood, NHS Digital’s executive director of data, insights and statistics, said: “The health and care landscape is rapidly changing, and we can improve individual patient care if our systems can deliver a complete picture of their health and care.
“So instead of each individual NHS team managing their own de-identification processes, De-ID provides an automated and standardised way of removing the identifying values in a patient record across all data collections, allowing data to be linked across different care settings.
“It’s not only more efficient; enabling us to safely produce useful data for research and analysis, but it’s also transparent, so we can improve tracking and auditing of how data is used across the system.”
London-based Privitar was chosen to deliver the software that will form the foundation of the De-ID system following a “rigorous tendering process,” according to NHS Digital.
The company does not handle or process any personal data as part of product offering.
Speaking to Digital Health News, CEO Jason du Preez said: “Our contract with the NHS gives us the opportunity to deploy our privacy engineering products in a large and complex healthcare environment. Data science has the potential to revolutionise healthcare but we need methods for effectively protecting and provisioning data access first.
“The new De-ID service will standardise data de-identified across the NHS, protecting patient privacy, enabling effective linkage and safely providing data for research and analysis. We are very pleased to be working closely with NHS Digital to deliver this programme.”
7 Comments
It would be nice if the NHS stopped trying to deceive patients and talked plain English and asked for consent when sharing data. There would be no need for multi-million pound contracts to link anonymous data that isn’t anonymous.
Well said!
I think the point is that the data is not “effectively de-identified” any more than pseudonymised, or “sufficiently anonymised” data, or data processed using the “Patient Identity – Identity Withheld Structure” were ever effectively de-identified.
They need to pretend that they are de-identifying our data, when they are not in fact doing so, in order to exempt their data sharing from opt outs that do not apply to de-identified data.
This complex web of duplicity is all about harvesting identifiable data while pretending we can opt out of this. The truth is that opt-outs are simply being disregarded, either by this means, or overruling them on invalid grounds. Probably all processing of patient data by NHS Digital is illegal. That is what NHS Digital is there for – to misppropriate our data while (they hope) concealing this from the data subjects. NHS Digital should be called the NHS Staasi.
How can you “effectively” de-identify clinical information and then share it across healthcare organisations for the purposes of direct medical care, “tailored treatment”? That is simply not possible.
Unless the data is pseudonymised – in which case it is not de-identified, and remains personal data (under GDPR).
Perhaps NHS Digital could be honest and say that this is *purely* for secondary uses of medical information : commissioning, analytics, “population health management”, commercial, research etc.
“The de-identification (De-ID) process will enable NHS Digital to share patient information across health and care settings to help offer more consistent, tailored treatment, while ensuring the privacy of the individual.”
Does anyone understand what this is supposed to mean? It might be more comprehensible to the whole UK population if translated into Chinese, Serbo Croat or Swahili. Just how, exactly, can information that cannot be related to the patient, be used to offer the patient “more consistent, tailored, treatment”? I suggest that what we have here is deliberate obfuscation. If patients cannot understand what the NHS say they are doing, they hope that nobody will know how to object. The way to object is to say loudly and clearly that this is deliberately incomprehensible and therefore processing of data using this system contravenes Article 5(1)(a) of the GDPR. It is illegal.
I believe that this new system is just more duplicity, involving the usual Hunty Dumpty approach of making words mean anything they want them to mean. Using words in their normal meanings, no data that is genuinely anonymous or unidentifiable as belonging to a particular data subject, can possibly be linked to other data belonging to the same data subject. If they are trying to suggest otherwise, they are lying. This is just one more attempt to deceive NHS patients. As such the data processing in question is unfair and illegal.
Will the system rely on providers sending identifiable data into NHS Digital where it will then be de-identified, or will it be a service providers can utilise on-site to perform the de-identification prior to sending data?
Are there pilot sites identified to test this out? If so where?
Comments are closed.