A headline in the Telegraph yesterday read
Hospital records of all NHS patients sold to insurers
The article said the medical records of every NHS hospital patient in the country have been sold for insurance purposes.
Those in charge of the programme have said it would be illegal for information extracted from GP files to be sold to insurers, who might seek to target customers or put up their prices.
“However, a report by a major UK insurance society discloses that it was able to obtain 13 years of hospital data – covering 47 million patients – in order to help companies “refine” their premiums.
“As a result they recommended an increase in the costs of policies for thousands of customers last year. The report by the Staple Inn Actuarial Society – a major organisation for UK insurers – details how it was able to use NHS data covering all hospital in-patient stays between 1997 and 2010 to track the medical histories of patients, identified by date of birth and postcode.”
The NHS Hospital Episode Statistics were said to be a “valuable data source in developing pricing assumptions for ‘critical illness’ cover”.
The Department of Health has always denied that the identities of patients could be obtained from anonymised or pseudonymised statistical data, although the disclosure to some commercial and research organisations of dates of birth and postcodes, even without names of patients, has always made it theoretically possible to identify individuals, especially those with unusual illnesses.
Now the Health and Social Information Centre in its comments to The Guardianseems to hint that it might have been possible in the past to identify individuals.
Sharing “anonymous” NHS statistics with NHS researchers is one thing. Sharing it with insurance companies is quite another. Albeit with a 6-month delay, the Health and Social Care Information Centre is going ahead with plans for a database of GP-held patent data (as opposed to hospital data which has long been held on a SUS database by BT).
The HSCIC is staffed by some of those from predecessor agencies. Can its staff be trusted with patient data?