Members of Parliament belonging to all parties have criticised the government's plans for a centralised patient record database that will be used to sell medical data to researchers and other organisations.
The debate over the care.data initiative being run by the Health and Social Care Information Centre (HSCIC), a quango under NHS England, was brought by Labour's George Mudie MP, but was supported by MPs of all colours.
"Under controversial legislation passed in 2012, family doctors will be required to pass to a new national database created by NHS England all the medical records of the patients in that practice," warned Mudie.
While Mudie admitted that the initiative would almost certainly benefit researchers, "inside and outside the National Health Service", he was concerned about the security implications of bringing together so much sensitive data in one place, and the threat to people's privacy it implied.
A security breach of some kind was inevitable, he added. "The human cost to the patient whose identity and medical history are made public is potentially disastrous. Careers could be ended, jobs lost, insurance refused and relationships destroyed if sensitive medical facts are made public or used by private firms, other people or, indeed, the media," said Mudie.
Conservative MP David Davis, who resigned his seat to fight a by-election over identity cards, pointed out that even if data was "anonymised" by the removal of names and dates-of-birth people could still be easily identified.
"The problem about the medical database is that someone's medical data are almost as strong as a fingerprint," said Davis.
"If people were looking for me, for example, I have five broken noses on my medical record, which probably reduces the numbers that they are looking at from 60 million to about 100; they could also probably work out my age, if that is removed, from when I had my diphtheria jab and various other early jabs," he said, pointing out that it even anonymised data can be de-anonymised.
Mudie also covered the opt-out arrangements for the system, which he criticised as inadequate.
First, he said, it is unclear exactly how far and wide the patient data will be distributed. Non-NHS organisations will also be able to access the patient records in care.data and some organisations will be able to access personally identifiable information without the patient's prior consent.
The Confidentiality Advisory Group approves requests where it is not possible to use information that does not identify you and it is not possible to ask you, "so it is okay if researchers pinch a lot of patient information and identify the patients, but such patients would have no come-back because that is [considered] reasonable in the eyes of the NHS", said Mudie.
He also criticised the standards of anonymisation that NHS England was promising as "hardly reassuring" - bearing in mind that the data in the database won't be anonymised, only the data that is sold for use by third-party organisations.
But it is the lack of permission being sought by the government from patients that gave most cause for concern, said Mudie. Initially, NHS England planned to extract all the data without seeking any permission - either from GPs or patients - at all. After the intervention of the Information Commissioner, HSCIC postponed the data extraction process pending a nationwide leafleting campaign.
Mudie believes that the government has been cynical - noting that only one per cent of patients opted out of the summary care record scheme - and deliberately chose opt-out, not opt-in, in order to benefit from people's inertia.
"I suggest that NHS England is not serious about involving and empowering the general public," he said, before requesting that the Minister for Health postpone the scheme until a proper consultation has been conducted. "If the medical records of members of the public are going to be given out, they should have knowledge of that and should have had the opportunity to opt out," he concluded.
Mudie's debate came before the Information Commissioner, Christopher Graham, appeared before the House of Commons Home Affairs Committee. In a wide-ranging grilling, he suggested that reports indicated that the Police National Computer is "widely misused" and also faced questions from Liberal Democrat MP Julian Huppert about care.data.
Remarkably, despite an intervention in the autumn that led to a postponement of the project, Graham said that he couldn't formally "act until the data reaches the HSCIC as a data controller".
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed