NHS SHARES OUR DETAILS EVERY DAY
Fears over privacy and cyber crime as patients’ personal details passed on 20million times
SCOTTISH health chiefs have handed out patients’ personal details almost 20million times i n ten years in ‘an open invitation to fraudsters’.
The NHS Central Register contains i nformation on almost every person living in Scotland including their date of birth, address and mother’s maiden name.
New figures show an average of 6,000 records are shared every day, mostly with local councils but also with medical researchers, charities and police. The SNP now wants to allow more than 100 public bodies – including the taxman, airports and solicitors – the right to access the data.
But critics claim the figures show Scots are being left open to identity fraud and state snooping.
Edinburgh-based data privacy expert Dr John Welford said: ‘Centralising so much personal information in this manner opens the door to large-scale identity theft.
‘Simply creating this structure draws the attention of cyber- criminals and distributing bulk batches of data to other parts of the public sector only increases the risk. Once data is stolen,
it remains stolen; there’s no way of getting it back. If the NHSCR were hacked, it could have a disastrous effect on millions of people.’
Geraint Bevan of campaign group NO2ID Scotland said: ‘It is alarming 20million records have been shared with civil servants, in a country of only five million people.’
The NHSCR was set up in the 1950s to help keep track of patients. It has been taken over by National Records Scotland. Everyone born in Scotland or registered with a GP here is on the database and given a Unique Citizen’s Reference Number (UCRN).
In December 2014, SNP ministers proposed an expansion of the NHSCR, unveiling plans to use the UCRN right across public sector databases, in effect linking them up into a single structure which could allow officials to gather secret dossiers on individuals.
A public consultation saw the plan criticised by the Information Commissioner, the Chartered Institute of Taxation and the Law Society of Scotland, which all warned it may be illegal.
There are fears the SNP is waiting until after this May’s election before trying to revive the proposals.
The latest figures – obtained under Freedom of Information laws – show that, since 2006, 19.85million records have been shared across the public sector.
Scottish Labour justice spokesman Graeme Pearson said: ‘In normal circumstances personal data should only be shared when a number of issues are resolved beforehand.
‘The citizen agrees to the sharing of data. The sharing will provide the citizen with a better service. And, finally, the public authorities can be trusted to secure the data from unauthorised access.
‘Public systems have yet to achieve the level of security and compliance necessary to give people confidence fraudsters and others cannot access their data. There is a huge responsibility on the authorities to bridge that gap in confidence.’
Scottish Lib Dem leader Willie Rennie said: ‘These figures reveal data- sharing on an industrial scale. People will be shocked that the NHS central register has been accessed nearly 20million times behind closed doors.
‘At this stage, we have no idea how privacy would be protected and what safeguards would be in place. It is time the SNP scrapped these dangerous plans.’
Pol Clementsmith of the Open Rights Group said: ‘Few of us could have imagined such a vast quantity of personal data would be circulated in this manner. We have genuine concerns that we could find ourselves sleepwalking into a surveillance state.’
A Scottish Government spokesman said: ‘We expect privacy and data security to be key priorities for all public bodies in Scotland. All NHSCR requests are dealt with under strictly controlled arrangements to ensure privacy and the security of the data.’