Home GDPR #Privacy: Telecoms group given access to NHS medical records without patient consent
GDPR - January 27, 2020

#Privacy: Telecoms group given access to NHS medical records without patient consent

Birmingham and Solihull Mental Health NHS Foundation Trust have been handing over medical data to Telefonica without obtaining the consent of patients. 

According to documents published last month under freedom of information laws, Telefonica, the Spanish group that trades as O2 in the UK, was given free access to a vast amount of medical records from Birmingham and Solihull Mental Health NHS Foundation Trust. 

The data included five years of anonymised records belonging to both former and current patients. Patients’ names and addresses were removed from the database. The document reports that 25,000 people in Birmingham and Solihull experience a mental health crisis every year, thus it can be assumed that the data shared could have been on tens of thousands of patients.

The Times reported that the telecom giant had been given access to the trove of records with the aim of developing an algorithm aimed at predicting when mental health crises might occur. 

This project is currently at its early stages, however an early pilot of the algorithm “saw clinicians provided with a list of 25 patients every two weeks who were predicted to go into crisis over the next 28 days,” explained The Times. 

The next stage will involve plans to incorporate phone data, most from likely an app, to further improve the algorithm, to which the NHS trust explained that patients will have the ability to opt-out. 

In a statement, the Birmingham and Solihull Mental Health NHS Foundation trust said that it was “proud to be at the forefront of promising research”, and that it hopes the algorithm will help those at risk. 

However, concerns have been raised about why consent was not obtained during the first stages of the project. 

Eva Blum-Dumontet from Privacy International said: “yet another example of a private company getting its hands on people’s data using the pretext of doing research to improve a public service.”

“People suffering from mental health are often in vulnerable situations and the very least they should be expecting from the NHS is to be protected and have their fundamental rights respected, not having to pay the price of healthcare with their privacy.”

Sam Smith from MedConfidential commented: “They are proposing to creep on patients for profit, flagging up ‘problems’ to already overstretched mental health services. Telefonica only cares about creating an algorithm it can sell. The NHS cares about the mental health of its patients. There is a discrepancy between those things.”

Telefonica has stated that the healthcare data does not leave the NHS servers and is not used for any other purposes other than the pilot. 

Dr Hilary Grant, executive medical director at Birmingham and Solihull Mental Health NHS Foundation Trust, said: “There is no reason for our patients to be concerned in any way about how their information is being used. Our number one priority remains to protect our current patients and their privacy.”

The post #Privacy: Telecoms group given access to NHS medical records without patient consent appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Fake DarkSide Ransomware Gang Targets Energy, Food Sectors

Attacker Sends Emails with False Claims of Compromise, Trend Micro SaysA fake cyber crime …