Details of patients’ medical records could potentially appear on the ID card database if an amendment to the ID Cards Bill is passed, according to an international law firm specialising in IT.
Pinsent Masons says on its website that the government has tabled an amendment which could be used to allow the ID card database to contain “sensitive personal data”, a term which is defined to include details of criminal and medical records.
The content of the ID card database is specified in the Bill and includes around 50 data classes which could be stored in a central register. These ‘registrable facts’ fall within nine categories. The technical amendment tabled by the home secretary states that facts falling within one of these categories "do not include any sensitive personal data (within the meaning of the Data Protection Act 1998) or anything the disclosure of which would tend to reveal such data."
Pinsent Masons says that the inference of this is that all the other eight categories can be linked to sensitive personal data.
It adds: “This subtle change has to be considered in conjunction with powers in the Bill which permit the Secretary of State to modify the information in the ID card database. This power, if exercised, combined with the implication that the database can now legitimately include items of sensitive personal data completes the reversal in policy that OUTLAW has identified – i.e. the legal infrastructure is in place to permit details of criminal and medical records to be held in the database in future.”
Dr Paul Thornton, a Warwickshire GP with a special interest in privacy issues, has alerted colleagues around the UK to the amendment. He told EHI Primary Care: “Although I’m not entirely clear on the ID proposals, the potential for creating a link is unequivocally there.”
Chris Pounder, a lawyer specialising in data protection with Pinsent Masons, told EHI Primary Care, that the amendment would give future governments the potential to include medical information on the ID card database.
He added: "I cannot square the fact that the government’s made the statement that there will be no sensitive personal data on the database and it then creates a framework that would allow it."
Last week Dr Thornton also sent a further letter to the Information Commissioner as part of his on-going campaign over patients’ rights to opt out of having information recorded on the NHS Care Records Service.
He posed a series of questions asking why the obligation on the NHS to record information about the care and treatment cannot be met by recording the information on a computer wholly controlled by the clinician as data holder.
Links
Dr Thornton’s letter to the Information Commissioner
Information Commissioner will look at opt-out rights