04/03/2014 12:11 GMT | Updated 04/05/2014 06:59 BST

Dealing With Our Data

I think many of us have been shocked at the recent disclosures about NHS data - our health data - being sold to insurance companies for a couple of thousand pounds, and as we now know, thanks to the work done by GP / MP Sarah Wollaston, being uploaded on to Google servers by PA Consulting. It is of course, true that our health records form a vast resource of useful information, not only to caregivers, but to pharmaceutical and insurance companies, who are very interested in the epidemiology of who gets sick, with what conditions, where and when.

As somebody who spent over twenty years working for pharmaceutical and biotechnology companies, it is clear to me that there are genuine research reasons why pharma companies want and need this data. Good disease prevalence data would indicate which "unmet needs" as they call them, should be targets for the development of new medicines. Good outcome data would show what kind of drug works best in what kind of patient. The wish to use this data is not inherently evil.

However the issue is problematic. Here's a parallel example. There have been times in my pharma career when it would have been useful to have access to human tissue samples, for example, when testing a new cancer medicine to see if it could preferentially target tumour cells. But there was no way we could access existing tumour banks; the samples had been collected under informed consent, and patients had only agreed to certain specific uses of those tissues. To go on to use them for a different purpose would violate the principle of informed consent. It was out of the question, and it got even more so after the Alder Hey scandal and the subsequent Human Tissue Act of 2004. Now, our health data is also a valuable resource, but it appears that it can be trawled at will by anyone prepared to pay a couple of thousand pounds. There's no informed consent needed, despite the sensitivity of some of this data, and the lack of clarity as to how identifiable each patient might be. The fact that we need to opt out of the Care Data database, rather than opt in, is a complete reversal of the usual principle.

Which leads nicely on to the issue of patient confidentiality. We tell our GP or consultant something, however innocuous, and we expect it to go no further. Even if it is something as innocent as a tonsillectomy, it's nobody else's business what has been wrong with us or what treatment we've had. If news of our sexually transmitted diseases, hereditary illnesses, abortions, cancer treatment or erectile dysfunction got out into the world, at best it might embarrass us, at worst it might affect our job applications, our insurance premiums, or our family relationships. We are assuming that the data that has already been released is anonymised, but Care Data certainly uses whole postcodes and dates of birth to create its records. I'm not quite sure about the "granularity" of this data to database users; if what comes out again is just the year of birth plus part of the postcode e.g. "RG24" or "DL2" that would be one thing; if it were the whole postcode, well that narrows it down to a few houses, and that plus full date of birth would make us wholly identifiable.

I have more serious concerns about the release of health data to insurance companies. The whole principle of insurance is that we all pay, in order to spread the risk, so that no individual has to pay the full cost of any adverse situation. The NHS was formed in order to ensure that people are treated according to their clinical need, not their ability to pay; it would be deeply ironic if the data provided to insurers was used to identify specific patients with specific conditions, and therefore ensure the opposite.

But there is a way that we can ensure data security, protect the core founding principles of the NHS and use this amazing resource for everybody's good. If the NHS were to establish an internal department which held this data securely, and could interrogate it, strictly within ethical principles and to an agreed level of granularity, it could carry out bespoke statistical analyses on behalf of those commercial clients with good reasons to want them done. NHS statisticians and pharma company statisticians could plan the analysis together, in advance and draw up a formal contract detailing the scope and price. The raw data would never leave the NHS, and never be transported around the country on laptops or uploaded on twenty-seven DVDs to Google's servers. And what is more important, companies would pay for this data. When you know that enough drug to conduct a clinical trial can cost a million pounds, handing this data over for a couple of thousand starts to sound ludicrous. Prices in the tens of thousands for each separate analysis might be attractive to a pharma company deciding where to focus its resources. That money can go back into the NHS.

There also needs to be some direct advantage to patients to the amassing of all this data. One obvious advantage would be the ability for health care workers to access our records remotely. For example if we were rushed to A&E, it would be useful for doctors to know what conditions we had and what medication we were taking. This seems at the moment to beyond the wit of the NHS; a situation which makes the visibility of data for wholly unhelpful purposes all the more galling.

Until this situation is resolved, our health information is not safe in the NHS's hands. It doesn't seem to have the first idea how to use it, how to protect it, or how much it is worth. A GP I know has recently opted themselves and their family out of the Care Data scheme. I've just done the same, by handing a form in at my GP's surgery. I recommend that until the NHS gets its ponderous and dissembling act together, so should you.