In the midst of the recent Labour leadership turbulence, on Wednesday May 13 Wes Streeting, who would resign from his position as the UK’s health minister a day later, published the Health bill. Among its provisions are the latest in a long line of attempts to centralize and exploit the data collected by the National Health Service. medConfidental provides a useful summary.
Two main aims have kept reappearing over the years. One is to make the health service more efficient and streamline patient interactions. Probably everyone supports this – until they read the details. Even before the bill was published, media reported the government plans to give each of us a single patient record. In the announcement, Streeting talks about the frustration of having to repeat your medical history to every new physician. True; on the other hand, rehashing the medical history is an opportunity to correct errors and misperceptions. This is where patients need choice and control.
The second recurring theme is using patient data to fuel research. Most people support that, too, as long as the data isn’t handed off to commercial companies to exploit for profit. Antecedents here include 2014’s care.data and a its revival in 2021. On his web page, the late Ross Anderson, who extensively researched the security of clinical information systems, documented examples going back to the mid-1990s.
The key complaint about single patient records is the rupture of the individual trust relationship between individuals and their doctors’ surgeries. Traditionally, the GP is the gatekeeper to the rest of the health service. GPs refer you to specialist consultants, provide continuity, and keep your notes. The single care record turns all this into a centralized database under the control of the health minister with many downsides that may not be immediately apparent, particularly to administrators focused on efficiency rather than patient care. Like Facebook, it can be impossible to wholly opt out even if you don’t use the service because others’ records may carve out your shadow.
In March, the worst happened to show the risks: Hannah Devlin and Tom Burgis reported at the Guardian that the data held by UK Biobank turned up for sale on the Chinese site Alibaba. Since its founding in 2003, Biobank has collected detailed longitudinal health records from more than 500,000 volunteers for the purpose of research. The issue seems to have been code and data researchers stored in repositories such as Github, sharing that is often now required by funders. The data was quickly removed, but uncertainty remains.
Even before that, medConfidential warned that pandemic hospital data the government gave to Biobank could be reidentified, and posed risks to health privacy generally. In addition, medConfidential warns that Biobank’s failure to protect its data is systemic and cultural. No one denies Biobank’s value; but the security failure is a betrayal of its volunteers.
The Biobank leaks, coupled with Anthropic’s announcment of Mythos, seem to have led directly to the NHS’s announcement at the beginning of May that it is closing its open source repositories on the grounds that they expose the service to the threat of AI hacking, as former civil servant Terence Meaden reports. In a second posting, Meaden deplores the decision and points to significant dissent from the Government Digital Service, which explains what the NHS should do instead.
A centralized database gives the health minister great power over our most sensitive data. Naturally, all concerned promise our health information will be protected. But as medConfidential likes to remind, any promise one government makes a later government can break.
“Beware what systems you put in place,” medConfidential coordinator Sam Smith says, “because you don’t know who will be operating them.”
Always simmering in the background is the nationwide opposition to privatizing the NHS. The American medical system’s bankruptcies are warning enough.
All of these issues are heightened by the involvement of Palantir. This began during the covid pandemic, when the company offered the NHS a free puppy to gain a foothold. As Robert Booth reports at the Guardian, the company’s services have since become both increasingly expensive and increasingly controversial as Palantir’s role in military conflict and anti-immigrant actions has become better known. In February, Booth reported that health officials were warning Streeting that the public’s perception of Palantir would impede rollout and that consequently the NHS would not get value for money from the contract. There is also the tetchy matter of US law, which allows the government to demand access to data held by the international subsidiaries of US companies. Last week, Lindsay Clark reported at The Register that Palantir staff have access to patient data belonging to NHS England.
*Then* add AI. It’s not clear anyone would welcome it into their relationship with their doctors. In warning of the downsides of centralization, medConfidential puts together centralized data and AI and a long-term trend toward disempowering GPs through centralization such as apps, centralized appointment booking, and…do you want your doctor replaced by a chatbot?
Computer systems take on the values of their owners. In April, Palantir co-founder Alex Karp posted on X a 22-point manifesto widely seen as expressing values incompatible with those of health care: “First, do no harm.”
Illustrations: The medical figures Galen, Avicenna, and Hippocrates, as pictured in a 16th century medical book (via Wikimedia).
Also this week: At the Plutopia podcast, we talk to departing EFF director Cindy Cohn about her book on her 30 years of defending privacy.
Wendy M. Grossman is an award-winning journalist. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. She is a contributing editor for the Plutopia News Network podcast. Follow on Mastodon or Bluesky.
