The NHS election: our health data is worth £9.6 billion. What happens to it after Brexit?

As the collection of health data becomes more common, the only effective pressure to keep it safe may come from patients

December 09, 2019
article header image

Rising concerns over private industry’s future in the UK’s healthcare sector has been further fuelled by the recent news that Amazon has been granted free access to NHS data to develop its products.

Last Friday, the campaign group Privacy International published details of the contract, which states the US company will be able to obtain all “healthcare information, including without limitation symptoms, causes, and definitions, and all related copyrightable content, data, information and other materials.” A spokesperson for Amazon has since responded, telling the Guardian that “General health-related content from the NHS website is now available to Alexa users via voice technology. The new option is particularly useful for those with accessibility needs who may not have been able to easily access nhs.uk content via a mobile device or computer in the past.”

 Although individual patient data is apparently not included in the deal, the news shows how health data has become the new privacy battleground. The issue has also featured high up on the news agenda during the general election campaign, due to leaked documents which Labour leader Jeremy Corbyn has claimed reveal that the free flow of NHS data would be a “top priority” for US officials in any post-Brexit trade deal. The revelation provoked a storm of outrage from across the political spectrum, and Corbyn has demanded the US president, Donald Trump, provide assurances that the NHS "will truly be taken off the table".

A £9.6bn problem?

Trump had already stoked fears earlier in the year that the NHS database, which holds the medical records of over 60 million people, might be sold off. He said he wanted the NHS to be considered in any potential deal, a claim he later retracted. The speculation over the NHS’s future has continued, however.

At the heart of the issue is the enormous value of NHS patient data, which is estimated to be worth £9.6bn per year, according to auditors Ernst & Young. Health apps are a booming business, particularly in the US, so it’s no great shock that Silicon Valley might want access to a treasure trove of data to develop their products.

Apps such as Babylon Health have become an increasingly popular way to monitor our health and even track our moods. But there have been rising concerns about the implications of the widespread collection of health data.

Sam Smith, coordinator of the medConfidential campaign group, explained that NHS patient data tracks illness, treatment and recovery across a person’s lifetime. “Each record is the uniquely identifiable fingerprint of everyone,” he says, “whether that’s from the dates of birth of the maternity events of mothers, or the known health incidents of those we know - allowing you to find the entire health history of people from a single known event.”

Smith said the database is a goldmine for those who wish to “exploit” it and “sell” what they learn back to the NHS. “The NHS should tell each patient how data about them is used,” he added. 

The new normal

Although data sharing and selling is not new, it is becoming much more common due to the rise in technology-assisted health products. Companies can use patient data if they are working with the NHS to provide care and carry out health-related research.

To deter companies from misusing the data, ministers in 2014 discussed the introduction of a “one-strike” rule, which would ban companies who breached it from accessing NHS medical records. This measure has yet to be implemented, said medConfidential. 

In 2017, London’s Royal Free hospital was found to have insufficiently informed patients of its data sharing scheme with DeepMind, a UK-based AI company acquired by Google in 2014. DeepMind was provided with details of about 1.6 million patients by the Royal Free Hospital to test one of its apps. The Information Commission ruled the trial failed to comply with privacy laws, finding that the hospital did not give patients enough information about how their data was being used.

Smith says there are likely to be similar incidences in the future. “[We will see] many of them. The ‘business models’ work of the NHS and Department for Business, Energy and Industrial Strategy is a prescription for increased private exploitation and broader public distrust,” he said.

Business model approach

The business model approach has led to the private finance initiative (PFI) being more frequently used in the NHS. PFI is a way of funding public services, such as the building of new hospitals or production of equipment, through the private sector, who pay the upfront costs. PFI schemes have resulted in hefty multibillion-dollar bills for hospital trusts. medConfidential reported that “the PFI was used to fund over fifty new hospitals, only for the bills to become due a decade later—sometimes with devastating consequences. This same approach is now being applied to our data.”

Although the Royal Free hospital was censured for not being sufficiently transparent, it is actually common practice for the NHS to keep patients in the dark over the issue, claims Smith. “Patients have other things to spend their time on,” he says, “and so when the NHS tells people ‘we’ll use data to improve care’, that should be true. The claims the NHS makes about how patient data is protected should also be true - and that’s where they always get into trouble.”

“Most people don’t really want to spend their time looking at the intricacies of a research project and the pipeline to produce new treatments, but do want their data to be used in ways that are beneficial but not exploitative.”

While increased regulation of patient data should be welcome, Smith says it would simply be an improvement if companies simply followed existing data privacy laws. That way patients can make informed decisions about data usage and fully understand their options.

As Smith puts it: “Where the companies are minor attachments of large US multinationals—as DeepMind is to Google—the only effective pressure comes from patients and the public being informed how data is used, and being able to see how while the letter of the law may be narrowly being followed, the spirit is being broken.”

Update: Amazon has provided a statement noting: “Alexa does not have access to any personal or private information from the NHS. General health-related content from the NHS website has been freely available to the public and is now available to Alexa users via voice technology. The new option is particularly useful for those with accessibility needs who may not have been able to easily access nhs.uk content via a mobile device or computer in the past. Learn more here.”