Safeguarding patient data

March 20, 2014

The Medical Research Council’s Sir John Savill (“Duty to share data”, Letters, 6 March) claims that MRC-funded research will use “rigorously de-identified data in an approved research environment with robust technical and security standards”. Yet none of the systems being promoted for the purpose comes even close. The Medicines and Healthcare Products Regulatory Agency refused to disclose the mechanisms used to de-identify Clinical Practice Research Datalink data, arguing that this would jeopardise security; the Hospital Episode Statistics data uploaded to the Google cloud appear to have patient postcodes as well as ages; and the records are fully identifiable. Again and again, we’ve been assured that our data are anonymous only to find that the assurances were false.

Pseudonyms do not work for medical data if individual care episodes can be linked. For example, it is public knowledge that Tony Blair had treatment for atrial fibrillation at Hammersmith Hospital on 19 October 2003; if all his other care episodes are linked to that, in a database to which thousands of researchers have access, his privacy is gone. This is common sense, but medical researchers appear to have great difficulty understanding it.

The only solution is transparency. We need to know who has access to our data, in what form and what they’re doing with it.

Ross Anderson, professor of security engineering, University of Cambridge
Ian Brown, associate director, Cyber Security Centre, University of Oxford, and senior research fellow, Oxford Internet Institute
Jon Crowcroft, Marconi professor of communications systems, Cambridge
Fleur Fisher, former head of ethics, science and information, British Medical Association
Douwe Korff, professor of international law, London Metropolitan University

Times Higher Education free 30-day trial

Please login or register to read this article.

Register to continue

Get a month's unlimited access to THE content online. Just register and complete your career summary.

Registration is free and only takes a moment. Once registered you can read a total of 3 articles each month, plus:

  • Sign up for the editor's highlights
  • Receive World University Rankings news first
  • Get job alerts, shortlist jobs and save job searches
  • Participate in reader discussions and post comments

Have your say

Log in or register to post comments

Most commented

Summer is upon northern hemisphere academics. But its cherished traditional identity as a time for intensive research is being challenged by the increasing obligations around teaching and administration that often crowd out research entirely during term time. So is the 40/40/20 workload model still sustainable? Respondents to a THE survey suggest not. Nick Mayo hears why

25 July


Featured jobs