Wednesday 19 November 2008

The Greater Good

There has been much interesting discussion in the press recently about individuals’ privacy rights and the threat to them from the development of now consolidated medical databases. In one of this week’s thought-provoking articles in The Guardian, the view is put forward that the privacy of millions of patients of the UK’s National Health Service could be swept aside by a government plan to let medical researchers have wider access to our personal files.

I’m in favour, of course, of medical advancement. Almost all of us are. It’s a necessity. But this project is just one of a series of public sector database consolidation projects. With each consolidation comes additional risk, as small, local communities in which all users are known, become replaced by national access systems with thousands of authorized users. Spotting the few careless or corrupt users then becomes a totally new challenge. The Contact Point project mentioned is the one that causes me most concern, as it contains data on the UK’s children, made available to every local authority in the land. Data security is primarily passive – coming via authentication and an audit trail, it appears. Chilling.

The companies building the architectures would gladly include the additional layers of security needed were the government to specify the highest level of database security for each project - but this is a new area and budgets were often tightly specified a while ago.

I'm a scientist by training and have worked with pharmaceutical and biotech companies for two decades. Their world is changing dramatically, with collaborations forming between competing drug companies, clinical research organizations, hospitals and academic groups to tackle complex therapeutic challenges. Data - often sensitive data - are washing around between all of them. Tracing who is using (and losing) data, is a huge new problem. But we need to remember that this type of data is the lifeblood of these important projects.

We need, reluctantly, to accept that data about us is out there in countless places – very few of us can practically avoid this. But we do need to be adamant that we own what defines each of us and that we retain the right to know how and where it is handled and especially, we have the right to know when it has been lost or stolen - whatever the UK Government and Information Commissioner's Office may say on the issue of breach disclosure.

I'm personally totally in favour of the right of any individual to opt out of having their medical (and other) data shared, though I may well, nervously, remain opted in myself. We have so much to gain from the medical advances that some of these projects are seeking to address. I guess it’s just a question of the greater good?

Paul Davie

Posted by at