Blog

UK medical records for sale

Last year, many UK residents were shocked to find out the government had given NHS medical records to Amazon, and sold a variety of them to pharmaceutical companies around the world as well.

Not only were they surprised this was legal, but also that this was possible without seeking consent or at least notifying patients that this was happening. With Brexit on the horizon, many are left wondering if this is a taste of things to come when GDPR, an EU regulation, continues to protect EU citizens but not UK ones.

The level of autonomy given to us in terms of the data we hand over to third parties has become a bigger discussion due partly to GDPR, and although there are many out there who will gladly click “Accept all cookies” to get to their requested content quickly, others meticulously research these. That discussion has largely been around our browsing habits and history; when the conversation moves to medical records, it becomes a lot less of a gray area in people’s minds.

Even with the explanation that personally identifiable information will be removed from these before handing them over – an explanation that still opens up a number of potential vulnerabilities – many are left wondering why these corporations are making a profit on the back of the data that, again, no one asked if they could have.

In our recent article on digitalising the voting process, we discussed i-voting in Estonia, and funnily enough we can return there on this topic, as they have introduced the use of blockchain to hand the control of medical documents over to the people. Tying together the eight key building blocks of e-Estonia, they’re able to utilise blockchain and electronic identity along with a range of other technical innovations to give patients access to their own records and determine who else has that access.

Not only does it save time, as patients can now explore their own information without the need for a doctor or hospital administrator (a significant time saving considering the 1.8 million queries every month), it creates a layer of security which wasn’t present before. Doctors can still access time-sensitive information, and the ministry of health can still access overall statistics to spot trends, but security is kept at a world-class level.

Work of this kind is referred to as “trust services”, and as such, trust is a key aspect that needs to be at the top of our minds. While many in the UK found themselves distrusting the government on the back of the aforementioned sale of medical records, a recent survey reported that 82% of Estonians questioned said they trusted the digital service the government provided. This is almost double the global average, which is 45% according to a survey by the OECD.

“In a nutshell, 82% of respondents said that they trusted the digital services provided by the Estonian government. This was complemented by 76% of survey participants who said that they felt proud of the fact that Estonia is known as one of the most digital societies in the world.”

Florian Marcus

This is especially fascinating seeing as the adoption of technology by the government is not always met with such a positive outlook. Between conspiracy theories, worries about surveillance and tyranny as well as general concern for personal privacy, trust has historically not been the immediate response to such innovation.

Many of the ideas associated with the innovations being utilised within Estonia, digital prescriptions as an example, are already a growing trend in other European countries, but more so than convenience, this will be an essential part of data governance and security for personal protection. It will be exciting to see how countries around the world approach these topics and whether steps will be taken to standardise this as part of the overarching digital transformation journey that global healthcare is going through right now. A similar trend is happening in a number of different industries, and Scrive is at the forefront of helping businesses modernise their workflows by automating processes and integrating services like electronic signature and identity verification. Have a read through some of our other blogs and case studies if you’d like to learn more, and reach out if you have any questions.