Could NHS records soon be shared with tech giants?

What is the NHS database?

The National Health Service (NHS) in the UK has announced plans to centralize all English medical records in a single database, which can then be shared with private sector partners. Data from up to 55 million people could be included.

Physical, sexual, and mental health records will be automatically added to this system unless patients opt out before June 23rd 2021. After that, their data will be accessible to a variety of academic and commercial third parties, and cannot be removed from the database.

While the NHS and the UK government insist that the plans aren’t a cause for concern, the backlash from privacy advocates and medical professionals across the country is growing. So what are their objections?

Why are people worried?

One of the main reasons for the backlash is the short space of time within which people can opt out of the new system.

Many of the 55 million patients affected may not find out about the changes until it’s too late. Those that do won’t necessarily have time to fill out and deliver the necessary opt-out form. This has led some to accuse the government of sneaking the changes through without properly consulting the public.

Another major concern for privacy advocates is the lack of transparency when it comes to what organizations will actually have access to the data. The NHS is yet to make clear what parameters will determine who is allowed to view the records.

Despite the outcry, it looks like the plans will go ahead this month. So the question now is…

What’s the worst that could happen?

The centralization of NHS data could result in two very worrying scenarios.

The database is shared with unethical companies.

Even if the NHS’s initial corporate partners are justified, there’s nothing to stop them sharing the data with less ethical enterprises later.

Imagine if tech-giants like Facebook and Google could draw information from the database; health data can be incredibly valuable for online marketing. And even if patients object, they won’t be able to scrub their information from the system after June 23rd.

A massive data breach.

Centralizing huge amounts of sensitive data is incredibly risky, because it only takes one breach to leak millions of patient records. The NHS already suffers thousands of small leaks and breaches every year.

A data breach is also more likely when combined with the first scenario. If the NHS shares access to the database too widely, trusting its corporate partners to keep their own systems secure, the chances of a leak increase dramatically.

What can you do to protect your data?

If you live in the UK, you can contact your GP and fill out a paper form requesting that your information be kept off the database.

However, if you’re reading this after June 23rd, it will probably be too late to opt out of the system. That doesn’t mean you can’t protect your data in the future, however; follow these three steps to strengthen your privacy today.

1. Don’t use devices and apps that gather health data. Whether it’s a mental health app or a smart watch, many services will gather and store deeply personal information about you. And even if the company involved is an ethical organization, there’s no reason to think that they won’t suffer a data breach later on. Don’t take that risk.
2. Take control of your privacy settings. Every social media platform you use will come with a suite of privacy settings. You can decide how much of your profile is public and what data the site stores about you. Don’t rely on a website’s default privacy settings.
3. Start using a VPN. A virtual private network, or VPN, is an encryption tool that can keep your data private while you browse online. Using a premium service like NordVPN, you can protect your personal information from snoopers, third parties, and cybercriminals. Take control of your privacy with the tap of a button.