Security guru Professor Ross Anderson has criticised the government's latest plans to make NHS medical records all-electronic, shared not just throughout the NHS, but with care homes and social services, too.
Under plans unveiled today, all prescriptions, diagnoses, operations and test results will be stored centrally by the end of 2014. By 2018, all parts of the NHS will be able to actively share this data - encompassing hospitals, GP surgeries, and the ambulance service. In addition, health secretary Jeremy Hunt is pushing for local authorities to sign up so that social services and care homes will also have access to sensitive medical records.
But Anderson does not believe that the plans have been thought through and that they would almost inevitably mean the end of privacy for people's medical records, given the wide access to the records across the public sector and its contractors.
Anderson pins the blame on Prime Minister David Cameron's appointment of Tim Kelsey as his "privacy tsar". Kelsey was previously a lobbyist working for the health IT sector, claims Anderson, but was appointed regardless of this apparent conflict of interest.
"It's all been downhill from there. The minister says we have an opt-out; but no-one seems to have told him that GPs will in future be compelled to upload a lot of information about us through a system called GPES if they want to be paid (they had an opt-out but it's being withdrawn from April)," he wrote in his blog.
Anderson was consulted when digitisation of medical records was first mooted in the mid-1990s. "Seventeen years ago, I was advising the British Medical Association on safety and privacy, and we explained patiently why this was a bad idea. The next government went ahead anyway, which led predictably to the disaster of NPfIT [the National Programme for IT]. Nonetheless enough central systems were got working to seriously undermine privacy," Anderson wrote.
Both the Liberal Democrats and Conservatives, in opposition, promised to "roll back the database state", and started by abandoning the ContactPoint database of all children in the UK - branded "sinister" by opponents - and by getting the Identity Cards Act 2006 repealed.
However, opponents noted that even these modest rollbacks were not all they seemed.
In June 2010, Anderson noted that the coalition government went back on pre-election promises to abandon the "summary care record" component of the NPfIT in the NHS.
And while all copies of the register behind the identity card scheme were destroyed, campaigner Phil Booth of No2ID noted, "Powers retained from the original Identity Cards Act still allow the Home Secretary to potentially enact the same enforced data-sharing across government that No2ID has campaigned against from the beginning."
In 2009, in a report for the Joseph Rowntree Foundation called 'Database State', Anderson claimed that all 46 database systems the government uses to keep information had "problems", while at least 11 of them breached human rights laws.