AbbVie & GSK can buy your Data for almost nothing

Editorial Note: This prescient post written by Phil Booth was posted on under the title Your medical data – on sale for a pound on August 9th 2013. The original intention was to link it into the AbbVie debate about access to clinical trial data – as an ironic contrast.

That opportunity passed – but a stopped clock throws up the right time twice a day. In recent weeks in Britain (apparently the home from home for the NSA) there has been great concern about access to the data compiled on anyone visiting a doctor within the NHS. Our data it would appear is being loaded up on to Google servers and as noted by Ben Goldacre and others is being sold to insurers and others. Government ministers are apparently being economical with the truth when asked about this. (Trans note: Economical with the truth is often interpreted in England to mean lying).  

The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS.

The government’s announcement today that private companies are to be given access to patient data for the princely sum of £1, is just the latest attack on the principles of patient confidentiality in the interests of commerce.

David Cameron signaled the intent back in 2011 when he announced that we are all to be research patients by default. Behind the window-dressing of scientific progress, lies a determined new policy on ‘open data’ which is about using your data – including your medical records held by the NHS – in order “to drive economic growth”. Under the new regime, your sensitive health information will be taken directly from your GP’s record system and presumed available for a variety of “secondary uses” that go beyond research or your direct medical care.

To enable this, the NHS Constitution has been rewritten and fundamental assumptions such as medical confidentiality are being overturned. In private, officials admit the end state of all this is unclear, but the public language about what is happening to your confidential medical records is carefully chosen to obfuscate and pacify.


One of the more misleading half-truths you will hear is that your data will be ‘anonymised’. Quite aside from the fact that NHS England applied for and has now been granted exemptions by the Secretary of State to process and pass around patient data in identifiable form, the ‘anonymising’ of data to avoid the rules which would otherwise apply to personal data does not guarantee privacy.

Truly anonymous data cannot be linked or matched to particular individuals. It requires statistical techniques like removing small number counts, adding ‘noise’ or perturbing aggregate data – to minimise the chance that particular individuals can be identified.

The ‘anonymisation’ proposed for your medical information is nothing like this. What in fact will be done is pseudonymisation ­– substituting identifiers such as your NHS number with less identifiable numbers or removing obvious identifiers such as name or address.

This means – along with the cross-matching of data from different sources – that it will not be hard to apply clever statistical techniques for private companies to obtain data on identifiable individual patients. There has even been a suggestion that the NHS would provide this service for companies itself, for a token fee.

Even if this doesn’t happen, a lifelong aggregation of episodes, diagnoses and prescriptions, even if not in themselves rare or unusual, provides a wealth of reference points. Filtered by age, gender or geographical area it is surprising how few of these are necessary to pinpoint an individual. The task is made even easier when data is made linkable to other information gathered in other contexts in a patient’s life. And that is exactly what will happen: ultimately, each person’s social care records will join with their health records in one single, central repository.

As the marketing industry and researchers know, the value of your data lies in being able to make matches; truly anonymous data that cannot be linked is nowhere near as useful or exploitable.


Consent means giving your permission. In order to be valid, consent needs to be properly informed and freely given by a competent individual; patients need to know the intended use of their medical information and be able to choose to participate or not.

Most people would agree with the notion of ‘presumed consent’ in the context of their medical treatment. When going to a doctor or hospital, you expect that your information will be shared with other health professionals responsible for your direct care. But this “consent deal” – based in the trust people have in their doctors and the NHS – has been stretched to encompass a whole range of other uses, many of which are obscure or completely unknown to patients.

Dame Fiona Caldicott’s recent Information Governance Review refused to support the proposition that – because patients are presumed to trust their own doctor with their medical data – they should be presumed to trust commissioners, too.

Purposes such as medical research – for which most people are happy for their information to be used, so long as they are asked – are being conflated with uses such as patient-level tracking and monitoring, business planning and contract management. The drive to commodify medical records means the default is to make them accessible to more and more people less and less directly related to your medical care, constrained not by the professional duty of confidentiality that most patients presume but only by data protection compliance or contract terms and conditions.

The word ‘sharing’ has become a euphemism for the systematic extraction, processing and disclosure of vast amounts of deeply personal information. Taking something without consent is not sharing. Passing legislation to override doctors’ duty of confidence may make a practice lawful; however it does not legitimise it.

Explicit consent has been replaced by an assumed consent, with opt-outs about which minimal information is provided to patients. This is not informed consent. Worse still, despite promises that patients who have already opted out will have their wishes respected, new initiatives such as – a monthly upload of identifiable data from millions of patients’ GP-held records – mean that hundreds of thousands of people who have already acted to protect the confidentiality of their medical records will be forced to opt out all over again. Assuming, of course, they are even made aware of what is happening.

The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS, and it speaks to a deeper erosion of trust. If patients cannot trust that what they say to their doctor will be kept in confidence, some will withhold information – putting not only their own health but the public health at risk.

Like this piece? Please donate to OurNHS here to help keep us producing the NHS stories that matter. Thank you.

RxISK: Research and report prescription drug side effects on

Search. Report. Contribute.

You and your meds. Give the real story. Get the real story.


Pharmaceutical companies have hijacked healthcare in America, and the results are life-threatening.


Dr. David Healy documents a riveting and terrifying story that affects us all.


University of California Press (2012)


Available on



  1. It looks like a new business model for pharmaceuticals is being developed. No longer are RCTs going to be sufficient. And how can the pharmaceutical industry know which “personalised” treatments will yield the greatest returns?

    “The need for an alternative approach in medicine is increasingly manifest as personalized medications based upon genetic testing are in development [29, 30].”

    From p12 [conclusions] of a 2013 paper by Bar Yam “The Limits of Phenomenology: From Behaviorism to Drug Testing and Engineering Design”

  2. Maie Liiv says:
  3. Maybe I don’t mind my medical records being in a data bank with no privacy settings and access allowed to pharmaceutical companies for purposes.

    As no one attempted to read my medical records as a drug abuse scandal unfurled before their very eyes and they did not keep up with the epic story of how they all put me in this position, it does not worry me, daunt me or scare me that my data might become available for public scrutiny.

    I may be alone, in the way, I think, but the complete debunked ass over tit way I was treated may make me glad that it is all out in the open in an Open Bank who anyone can dip into and try and make sense of……….

    Want to take a dip into Data No. 3207502043^&&(((())%$, Andrew?

    My prescription history is open to all……..?

    It is Check Mate, mate…….

  4. John H Noble Jr says:

    Well . . . we are so far down the track of disappeared privacy, what with our medical records being sold without our consent to commercial enterprise, that we cannot trust accurate information about ourselves with anybody. Is the solution to lie and distort as much as possible about oneself and one’s relationships to all and sundry who may inquire? Unfortunately, this takes effort and old standards of acceptable behavior still hold sway over most of us. The old standard would require a truthful answer to the medical history update question, “Have you been exposed in your travels to TB recently?” Or, “Did your recent travels bring you in possible contact with mad-cow infected live stock?” The new standard of dissimulation would deny it even if true.
    It may take a generation to produce a perfectly sociopathic society but we seem well along in the process. The spying of NASA has tipped the balance in favor of government doing whatever it wishes without the consent of the people. It should come as no surprise that government has now unilaterally decided to sell our medical information to commercial enterprise. Haggling over a “fair” price for access to our medical information seems to be all that remains. Let’s hope the price is set high enough to reduce the taxes we pay for increasingly compromised and poor health care.

    • Btw, I wonder if that means I can buy Mr Cameron’s medical history. I’m officially a researcher in molecular biology so…something tells me that only if his personal info would get posted all over the internet would he think again about this whole idea.

  5. Well today everything must be for sale. If you can’t privatase the NHS then at least you make a buck out of it. Patients and their rights be damned. This story really left me speechless since there are not enough curse words in my swear word dictionary. When are the people going to go on the streets and refuse to go back until this bloody criminal government resigns?

Leave a Comment