The UK could face a data version of the Alder Hey child organ scandal if the public do not know what is happening to their medical records, a professor of computer security has claimed.
Ross Anderson of the University of Cambridge said that it was impossible to fully anonymise medical data for use in research and that there was an inescapable risk of individuals’ privacy being breached. “What we are facing here really is a major ethical crisis,” he added.
There has been a string of controversies around the security of medical data recently. In February, NHS England delayed the roll-out of the care.data programme, which links general practice records to hospital data to create a database for researchers, after criticisms about how the public information campaign was run. The following month, concerns surfaced about a mapping company that had access to a nationwide database of hospital information.
Speaking to Times Higher Education, Professor Anderson hit out at comments made by the chief executive of the Medical Research Council, Sir John Savill, to The Times on 21 March. The article reported Sir John as saying that sharing medical data would make the UK the “best clinical laboratory in the world”. He added that studying “de-identified data” in a “safe haven without specific consent” did not threaten confidentiality. Earlier this year, Sir John also raised concerns about proposals by a European Parliament committee to tighten the rules that protect people’s personal data.
But Professor Anderson said: “Once people know how little effort was made by the NHS and the medical research community to protect our confidentiality, [they] would say there is no way we are going to trust these people again.”
He likened the situation to the Alder Hey Children’s Hospital scandal of the late 1980s and early 1990s, when it emerged that the organs of children who had died at the hospital had been removed and stored without authorisation.
“We have to have an open public debate about what sort of access researchers will have to medical information and under what sort of controls,” Professor Anderson said.
However, Andrew Morris, chief scientist of the Scottish Government Health and Social Care Directorates and director of the Scotland branch of the Farr Institute, a UK network of health informatics centres, said that “few things in life have zero risk”. He added: “The approach that we have taken is to put privacy and confidentiality as number one [priority], and devise really careful safeguards.”
Safeguarding measures at the Scottish institute include linking datasets to answer only specific research questions approved by privacy, ethics and advisory committees, and then giving each project a specific encryption and de-identification algorithm. Only accredited researchers are allowed to access data, and datasets can be linked only in secure and audited environments.
On 24 March, the MRC, the Economic and Social Research Council, the Wellcome Trust and Cancer Research UK also announced that they would withdraw funding from any researchers found to be re-identifying individuals from anonymised data.
Professor Morris added: “The research community needs to clearly articulate the benefits of this type of research and how it has clearly changed not only population health but also individual patient care.”