February 24, 2014

Shot in the foot

The UK is trying to set up a national research database of medical records from the National Health Service. That’s a good idea. New Zealand has one, and many of the larger fragments of the US medical system have their own.  As well as helping improve the performance of the National Health Service, the UK database could be used for research that would help people around the world; for example, detecting adverse effects of drugs.

A UK drug safety system would be more informative than the NZ one, because it involves so many more people. It might even be more informative than the US systems because the NHS it is comprehensive, not selective. That’s only true if everyone’s data is in the system, and that will only be possible if most people trust the system to protect their privacy.  Since it’s not really possible for the average person to tell if the system is trustworthy, it needs to be designed and implemented well enough that there aren’t any reasonable people with serious criticisms for inevitable opponents of the scheme to point to.

Sadly, the promoters of the database have at best been a bit careless about some of their claims, as Ben Goldacre describes. Some descriptions of the system have implied that making the data anonymous — removing obvious identifiers — is a strong safeguard. It isn’t: re-identification is often possible. It isn’t clear whether this was an omission in describing the safeguards or in designing them, but it’s unfortunate either way.

Worse still, the Telegraph has a story claiming that 13 years of complete British hospital records were sold to insurers, who used them to improve risk estimates and increase premiums. This is a problem because one of the key guarantees of the system was going to be that data wouldn’t get to insurers. The data release was under the old rules, not from the new proposed database, but it still is Not Helpful if you’re trying to persuade people not to worry.

 

avatar

Thomas Lumley (@tslumley) is Professor of Biostatistics at the University of Auckland. His research interests include semiparametric models, survey sampling, statistical computing, foundations of statistics, and whatever methodological problems his medical collaborators come up with. He also blogs at Biased and Inefficient See all posts by Thomas Lumley »

Comments

  • avatar
    Paul Bieleski

    I often hear that a …. occurs every …. minutes/hours/days.
    The journalist has taken an average and made it “every …”.
    Dont they have to be more accurate?
    P.B. Nelson.

    11 years ago

  • avatar
    David Hood

    As I am starting to read it, it may have been legal for the insurers to get the records at the time, but they may have breached EU Data protection laws when they sent them to servers outside the EU.
    http://boingboing.net/2014/03/03/full-nhs-hospital-records-uplo.html

    11 years ago

    • avatar
      Thomas Lumley

      I think it’s still very unclear what happened and whether it was legal. That in itself is a big enough problem when you’re trying to set up a system that has individual opt-out.

      11 years ago