Less than a week after the NHS was forced to postpone its huge GP and hospital record-sharing plan, it has emerged that a major insurance body bought more than a decade's worth of hospital data covering 47 million patients which, it was claimed, is to be used to help insurers refine their premiums.
The Staple Inn Actuarial Society [SIAS] said that data covering all hospital in-patient stays between 1997 and 2010 was used to track patients' medical histories, identified by date of birth and postcode, according to the Daily Telegraph.
The details were then reportedly combined with information from credit ratings agencies and used to advise insurance companies, resulting in increased premiums for most customers below the age of 50.
The newly formed Health & Social Care Information Centre (HSCIC), which collects national health and social care data, said that the records referred to by the Staple Inn Actuarial Society had been provided by a predecessor body, the NHS Information Centre.
It insisted that the records were not used to analyse individual insurance premiums but to analyse general variances in critical illness.
"The newly formed HSCIC can now only provide HES [hospital episode statistics] data to organisations that are looking to improve the way they are run for the benefit of their patients," it said in a statement. "This data is completely protected and does not identify individuals."The Daily Mail meanwhile reports
Hospital records of every NHS patient have been sold to insurers, it has emerged.
A major UK insurance society claims it was able to access records of 47 million patients over 13 years to help it decide premiums for customers.
The Staple Inn Actuarial Society said in a report that it used NHS data covering all hospital in-patient stays between 1997 and 2010 to track the medical histories of patients, identified by date of birth and postcode. ... The group – which works on behalf of insurance companies and actuaries – used the information to recommend an increase in the price of policies for thousands of customers last year.
Concerns over use of patient data have been heightened in recent days after plans to roll out a new NHS data-sharing scheme were put on hold amid concerns over privacy and patients not being properly informed over the changes.
The central database would involve taking records from GP practices and linking them with hospital records.
Those promoting the scheme insist that it would be illegal for information held in GP records to be sold to insurers.
The Staple Inn Actuarial Society report said it was able to combine hospital patient data with credit ratings agencies to advise companies, which led to increased premiums for most customers over the age of 50.
The society said it was able to better calculate forecasts for certain diseases, such as lung cancer.In discussing care.data I've suggested that, privacy to one side, a key issue is the big data hubris that leads health administrators and ICT enthusiasts to disregard the need to adequately explain what is going on and thereby foster trust.
The UK Institute & Faculty of Actuaries has responded that the Daily Telegraph has got the story wrong. Trust however isn't encouraged by looking at the Institute's own site, where point slides for example enthuse -
Hospital Episodes Statistics data set
• Seriatim data of all finished consultant episodes in NHS hospitals – Inpatient and outpatient data
• Data years 1989/90 to 2009/10 received – 1997/98 to 2009/10 are coded with unique patient identifiers
• 18 million records for 2009/10 alone!and
What the HES data looks like
• Patient Identifier - Unique identifier by patient – 47m of these
• Basic Patient Information - Age, gender
• Basic Episode Information - Date started, date finished, admission method, current status etc
• Diagnosis Information - Up to 20 different diagnoses
• Procedure Information - Up to 20 different operations, with date of operation
• Geographical Information - Postal district, Lower Super Output Area, IMD Rank, Mosaic Type, ACORN Type, Health ACORN typeReidentification might not be that difficult, irrespective of whether there is a data breach prior ro pseudonymisation.
The Institute states that
“In a story published by the Daily Telegraph today research by the IFoA was represented as “NHS data sold to insurers”. This is not the case. The research referenced in this story considered critical illness in the UK and was presented to members of the Staple Inn Actuarial Society (SIAS) in December 2013 and was made publically available on our website.
“The IFoA is a not for profit professional body. The research paper – Extending the Critical Path – offered actuaries, working in critical illness pricing, information that would help them to ask the right questions of their own data. The aim of providing context in this way is to help improve the accuracy of pricing. Accurate pricing is considered fairer by many consumers and leads to better reserving by insurance companies.
“Nowhere in this paper does the IFoA recommend a change in insurance pricing.”
The research referenced in the Telegraph story was produced by the Institute and Faculty of Actuaries (IFoA), an independent, not for profit professional body. It was published in December 2013 and in the same month was presented to SIAS members.
SIAS is a non-commercial body with over 5,000 members around the world, representing and serving the interests of younger members of the actuarial profession, whilst also acting as the London region actuarial society.
The research “Extending the critical path”, was produced to provide a clearer picture of critical illness in the UK.
The research makes no pricing recommendations. It provides information for actuaries, enabling them to look at the broader experience of critical illness in the UK against their own data. It is a reference point rather than a tool used to set pricing. It is also available to any organisation or body interested in critical illness in the UK.
The research used anonymised data from the NHS that was available to organisations looking to further critical illness research. Individuals cannot be recognised from this data. The source data for this research was not made available by us to our membership or to other organisations, our analysis of this data is.