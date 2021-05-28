More and more security and data privacy experts warn: NHS Digital Plan Scraping medical data from 55 million patients in the United Kingdom into a new database poses an unacceptable level of security risk.

The plan is official Announced in early MayAnd, of particular note, is the fact that patients must opt ​​out of the scheme by June 23, 2021 by filling out a paper-based form and passing it to the GP. Otherwise, the data will be part of the data store and cannot be deleted, but you can stop adding data that has not yet been generated.

The· General practice data for planning and research (GPDPR) Database contains sensitive swaths Personally identifiable information (PII) is pseudonymous and contains data on diagnosis, symptoms, observations, test results, medications, allergies, immunity, referrals, recalls, appointments. It also includes information on physical, mental and sexual health, data on gender, ethnicity and sexual orientation, and data on the staff who treated the patient.

Data stores can be shared by multiple organizations, including academic and commercial organizations such as pharmaceutical companies, for research and future health planning to analyze health care delivery inequality and study the long-term impact of Covid. It has been proposed. Population-19.

David Sygula, Senior Cyber ​​Security Analyst Cybel AngelAdmits that the plan provides some “strong benefits” from the perspective of academic researchers, at face value, and initiatives such as GPDPR control the scale of the pandemic, as NHS Digital expects. I agreed on that it could be very valuable. Impact on the UK.

“But data collection at this scale creates a new set of risks for individuals, exposing their health information to third-party data breaches.

“The scope of insecure database issues is expanding. This is not just an NHS issue, it is not just an NHS issue, but NHS third parties, force parties, or even more deleted parties, all suppliers involved. Demonstrates how to handle data securely. These security policies and processes must be well planned in advance and the details shared with both third parties and individuals. “

Sygula recommended several mechanisms that could be effectively implemented, such as complete anonymization of data, rather than complete anonymization of data, because data leakage from the system is virtually unavoidable.

“Security researchers, attackers, and rogue states have all introduced processes to identify unsecured databases and will quickly find leaked information,” he said. “That’s the default assumption we should start with. It sets up the right monitoring tools to look for published data in the supply chain, but keeps patients private in the event of a breach. Is to do. “

Is the timeline too short? Beyond the risks of third-party breaches and cybercriminals seduced by valuable personal data IntSights In his view, Chief Compliance Officer Chris Strand said NHS Digital was unable to give people enough time to assess their personal risk positions and opt out if necessary. It was. “Opt-out planning can add complexity to some people who are not actively involved in how the data are used or who understand the impact of the way the data is used in the study.” He said. “To ensure that in less than a month, all included individuals have ample opportunity to be notified about their use of the data and that third parties have the opportunity to understand the implications of using the data. What should I do now. “I am concerned about the legality of proving that people have a fair opportunity to opt out of’data collection’. For those who want to use the database for research, challenges may be presented after the database is released. “After dealing with the process of ensuring that the use of data is disclosed to the data owner, it is difficult to prove that all individuals in the database had ample opportunity to opt out of that use. The potential may have legal consequences. The nature of the sensitive data contained in this database. “

Repeated history Keystone method Vanessa Barnett, a technology and data partner, was one of the people who pointed out the risks. She said previous data-sharing medical initiatives, such as the arrangement between the Royal Free Hospital NHS Trust and Google DeepMind, were dominated. Not compliant with UK data protection law (DPA) According to the Information Commissioner’s Office (ICO). “This is one of the lesser-known parts of the GDPR. [General Data Protection Regulation] It comes to mind that the processing of personal data should be designed to be useful to humankind, “she said. “The right to protect personal data is not an absolute right. It must be considered in relation to its function in society and balanced with other basic rights according to the principle of proportionality. “This processing of health data can be very correct and useful to humankind, but it all depends on what data is provided, who it is provided to, and how they treat it.” In the case of Royal Free-DeepMind, the ICO found a flaw in the way patients’ records were shared. In particular, patients did not reasonably expect to share data, so the trust needed to be more transparent to its intent. “For me, this new mass sharing proposed by the NHS has the potential to repeat history,” Barnett said. “Most people don’t expect their GP records to be shared this way, they don’t recognize it, and they don’t opt ​​out because they didn’t. “It is worth noting that the data is anonymized rather than anonymized, so it is possible to reverse engineer the patient’s ID in some situations. The data lake being created is really research, If it is for the analysis of medical inequality, the study of serious illnesses, why can’t this be done on a true anonymous basis? “ Barnett is not illegal to use personal data in this way, but it gives the data subject (the general public) a “realistic and appropriate” opportunity to understand and withdraw what is happening. Warned that he had neglected the necessary preparations. Consent may ultimately prove some breach of the more administrative aspects of DPA.