"The NHS will last as long as there are folk left with the faith to fight for it"
Aneurin Bevan

Monday, 5 December 2011


There is nothing new about the collection of medical data. The industrial revolution had a huge effect on the lives of many people, particularly the poor, but it was the Boer War that brought public health to the forefront. The military found that a large proportion of recruits for the war were unfit for service. Although there were philanthropic health visitors before then, the scandal of the Boer War was the impetus to expand the service. By the end of the First World War there were more than 3,000 health visitors with a specific mandate to work with mothers and promote infant and child care and the prevention of the spread of infection. The Victorians were enamoured with figures, and health visitors, of course, could record lots of figures. A century of data of child development is valuable for people researching the subject.

When you look at data, you can look at it from one end of the telescope or the other. Holding the telescope normally, you can get detailed information about an individual. If you access health records from the early part of the 20th century you could get information about people who are still alive. Such data may be so detailed as to make it personal, but such information will have little importance other than to the individual. If you turn the telescope around and look at aggregated data, you get a much bigger picture, one which allows you to make decisions about large groups of people. However, since detail is a hindrance aggregated data means that the individual cannot be seen.

The announcement that the government intends to hand our medical records over to private companies worries some people because they feel their privacy will be invaded. Can you say that the data that the health visitors gathered a century ago was an invasion of the privacy of those children? In response to the government's plans to hand NHS data to private companies the campaign group Patient Concern said:

'This is the death of patient confidentiality. There is no guarantee that information will be anonymised. In any case, anonymised data can just as easily be re-identified.'
This is nonsense. Anonoymising data is one-way: once you have removed identifying data there is no way that someone else can put it back in. The suggestion from Patient Concern is as believable as homoeopaths claiming that water has "memory", the campaign group seems to be suggesting that patient data has "memory".

However, as I explained in my last blog, it depends on how you interpret the data. For example, a friend was an administrator in the transplant unit of a large hospital. At that time George Best needed a new liver. My friend told me that in his hospital a young person died. This person had indicated that they wanted to donate their organs and their family had agreed too. The person was an appropriate tissue match for Best, but the family were not told this because donations are anonymous, however, they were told that the young person's liver had been transplanted. This tiny piece of information was significant because a few hours later the media reported that Best had received a new liver. The family could easily put two and two together, and (so my friend told me) were upset that their child's liver would be transplanted into someone who would abuse it (as proved to be the case).

A small piece of information - the organ that had been transplanted - allowed the family to find out who had received the organ. While it is possible to anonymise a process, or to anonymise data, it has to be done carefully, particularly when you are handing a single patient's anonymised data. This does not mean that anonymised data can "easily be re-identified" but it does mean that sometimes people can make intelligent guesses. When data is aggregated even more detail is lost, and even the most intelligent cannot make guesses about the individuals involved.

@NO2ID tweeted this article from the security guru, Bruce Schneier (if you have the chance, read Schneier's "Beyond Fear"). In the article he reports studies that have essentially used external data to make "intelligent guesses" with online databases.


  1. I dont think confidentiality is an issue. What is an issue is health care companies being able to map where the money is to be made and where the failings are that they can tap in to.

    Plus all this talk of private records just alienates patients even more from their GPs or NHS hospitals.

    Me, cynic? Noooo, never

  2. @Mary Taylor

    Yup, that's my point of view too, and is the next blog...