DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Patient data-sharing may not take account of anonymisation concerns

Posted on December 9, 2011 by Dissent

Earlier this week the Government announced proposals (40-page / 2.1MB PDF) to change the NHS Constitution so that information stored about patients would be automatically shared with life sciences researchers via a new anonymised database unless patients elect for their details not to be included.

While welcomed by the life sciences industry as a boost to research, the proposals raised concerns about the use of patient data.

[…]

“Let me be clear, this does not threaten privacy, it doesn’t mean anyone can look at your health records, but it does mean using anonymous data to make new medical breakthroughs,” Cameron said in a speech detailing the Government’s plans, according to a report by the BBC.

Mr. Cameron may firmly believe that, but studies on re-identifying supposedly “anonymized” data make it clear that data are often not as “anonymized” as one might think or home when the data are combined with other data often readily available in public databases.

The article also quotes Paul Ohm, who has been instrumental of increasing awareness about the risks of relying on “anonymization:”

Academic Paul Ohm, Associate Professor at University of Colorado Law School, told Out-Law.com in 2009 that research had shown that it is possible to use anonymised data to identify individuals. He said at the time that misplaced trust in anonymisation had been enshrined in privacy legislation.

“Virtually every privacy law allows you to escape the strictures and requirements of the privacy law completely once you’ve anonymised your data,” he said. “Every policy maker who has ever encountered a privacy law, and that’s in every country on earth, will need to re-examine the core assumptions they made when they wrote that law.”

Ohm said at the time that, in some fields of research such as health, it would be possible to open up much more data than is currently permitted as long as access to the information was controlled.

“We can’t trust technology any more but at the same time we don’t want to keep this information from researchers. So my solution is that we shift our trust from the technology to the people,” he said. “We write down the rules of trust among health researchers … [we say] you can get my data but only on a need to know basis,” he said.

Read more on Out-Law.com

Part of determining trustworthiness of a research clearly needs to be assessing their security and privacy protections, as the researcher may be professionally trustworthy, but if they outsource their database security to another party, well….

No related posts.

Category: Uncategorized

Post navigation

← Breaches without details (updated)
Huge amount of email accounts from past 24hrs →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.