eBay

"does data protection not count?"

Apparently not.

From that link (Highlighting is mine):

What's happening?

Under changes to legislation, your  GP can now be required to upload personal and identifiable information from the medical record of every patient in England to central servers at the Health and Social Care Information Centre. Once this information leaves your GP practice, your doctor will no longer be in control of what data is passed on or to whom.

This information will include diagnoses, investigations, treatments and referrals as well as other things you may have shared with your doctor including your weight, alcohol consumption, smoking and family history.

Each piece of information will be identifiable as it will be uploaded with your NHS number, date of birth, post code, gender and ethnicity.

NHS England – the body now in charge of commissioning primary care services across England – will manage and use the information extracted by the Health and Social Care Information Centre for a range of purposes, none of which are to do with your direct medical care. Though the official leaflets talk a great deal about research, these ‘secondary uses’ for which your data may be used include patient-level tracking and monitoring, audit, business planning and contract management.

In September 2013, NHS England applied to pass on your information in a form it admits “could be considered identifiable if published” to a whole range of organisations that include – but are not limited to – research bodies, universities, think tanks, “information intermediaries”, charities and private companies.

Though you may be told that any data passed on will be ‘anonymised’, no guarantees can be given as to future re-identification – indeed information is to be treated so that it can be linked to other data at patient level – and NHS England has already been given legal exemptions to pass identifiable data across a range of regional processing centres, local area teams and commissioning bodies that came into force on April 1st 2013. The Health and Social Care Information Centre already provides access to patient data, some in identifiable form, to a range of ‘customers’ outside the NHS, including private companies.

source please.

I'm afraid that the information is not going to be anonymised - that has been admitted and it will be available for sale, including to insurance companies.

It is not scaremongering, Chips.  There is no protection for anyone in how there personal data is used.

http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy?CMP=fb_gu

http://care-data.info/

“Information that we publish will never identify a particular person.” BUT “Your date of birth, full postcode, NHS Number and gender rather than your name will be used to link your records in a secure system, managed by the HSCIC.”

People do need to opt out and as soon as possible and make sure that they check with their surgertes that this is the case.

What hasn't been mentioned is what happens if you have to visit a surgery away from home eg on holiday.

And to add to the 'chill' factor, this will also be available to ATOS

http://www.hscic.gov.uk/article/2226/GPES-overview

There is no control in place - there are no official regular audits to ensure that the data has not been abused or misused.

Let me give you just one tiny example of how these private companies are unregulated and out of control.

I very briefly worked for a private provider of addtional services to the NHS.  I was a temp. I had access to a database that was part of the NHS and could look up anyone's medical notes.

I was required to enter complex (and usually unreadable) medical notes, prescriptions etc for patients who were receiving paliative care at home because the foreign temp doctors could not be bothered to do it.

Patient notes on the databases were muddled resulting in some near miss accidents.

Controlled medicines went missing from the safe.

And as for data protection - forget about it - someone made a phone call to a member of staff's private mobile phone but hung up soon after she answered.

She didn't recognise the number or the caller, so what did she do - just went to the database and looked it up - got all their personal information.

Was this ever picked up or dealt with - no.

The Govt are not - not - not - allowing this information to be passed on for the benefit of humanity - they are selling it on just as they sell on the information from the Census, from the Electoral Roll and wherever they can that makes them money.

Once your personal data is uploaded, that is it.  It cannot be controlled or recalled.

Let me give you another scenario which is very much on the cards.

At the moment, the law changed a couple of years ago to make it unlawful for potential employers to insist on knowing anyone's personal medical history.

So, if you had been, for example, out of work off sick for serious illness, or had suffered and been treated for mental health problems, whilst the employer could possibly find this out from previous employers, if you had not mentioned the health issues before, no-one would know.

Now - all the employers have to do is to use an appropriate insurance company to get those details about you.  You would never know why you did not get that job.

It isn't just a scenario - this is what is known can all to easily happen.  Where people can get around a law one way to their benefit, they'll do it.

I don't think there is much time either - this is due to start uploading in the next couple of months, not the summer.

However, you still need to keep an eye on this because:

"practises which have an unusually high number of withdrawals will be investigated in case of “misunderstandings”"

So far, I've not had my leaflet through the post where others have had theirs over 2 weeks ago - so you may even find that this is not being rolled out to everyone either.

OK, so because this is my field of expertise, my profession and I have worked on the guidance for this I have obviously got it all wrong and know nothing!  I respond from experience and a positon of knowledge and not what I have copied and pasted from the internet.

Please reread my post. I was encouraging people to opt out.  However people should not be scaremongering but it usually happens when people are poorly informed.

GP practices will not be 'uploading the data' it will be extracted from their systems, a subtle but important distinction, it is being taken rather than being given. Most GPs don't want this anymore than patients do, but have no control over it.  They cannot simply 'opt out' all of their patients - legal advice has been sought on this and it is not allowed, another area where the originators of this show little true understanding of the situation.

Try reading up on employment law too, it may give you an understanding of the discrimination act within employment law and how it works and can be applied - even if the company did not employ you, or talk to a good employment law barrister - I do, frequently.

First, some of that information comes from the NHS website and information itself.

If you really have worked on the guidance for this, you will know who is going to have immediate access and the wider implications.

It is hardly scaremongering when people who's area of expertise is in data protection, privacy laws etc have gone into this with a fine toothcomb and have found flaws and serious questions which have publicly gone unanswered or given misleading responses to,

The fact that the information is technically extracted at will only makes it worse.  Can you even reassure people that if they opt out, and the surgery is then investigated for too many opt-outs, if the information will still be removed without either the patient or the surgery's permission?

As for reading about employment law, I ended up advising the local County Court about their breach of the employment law jn their application forms when I went for an interview - needless to say I didn't get the job.

I come from a position of living and having to work in the real world, where I have witnessed years of seeing people get away with breaking the law, discrimination etc - having a law is one thing, if you read my post, knowing that someone has abused the law to your detriment, let alone getting the proof is another.   The vast majority of people have no access to an employment law barrister, even assuming they could afford one.

As I said, an individual has no protection no matter what the 'blurb' says because once that information is out there, it can go anywhere. 

Our rights are constantly being eroded and our ability to get recourse, especially in the area of having information removed from any site where it should not be is near impossible.

Also chips - you say this:

GP practices will not be 'uploading the data' it will be extracted from their systems, a subtle but important distinction, it is being taken rather than being given

when before you said this:

If you opt out your data will be uploaded in a form where there is NO way you can be identified

but also you say this: if you choose not to opt out you are agreeing to have you full identifiable data uploaded.  

which contradicts the offical FAQs on what is uploaded or extracted.