updated 05:18 pm EST, Mon March 3, 2014
PA Consulting using data to generate interactive maps using patient info
Health Select Committee member Sarah Wollaston is looking into reports in Great Britain that the entire National Health Service patient database has been uploaded onto a series of Google servers. Aggravating the situation, the servers in question are located outside the UK. While the data is as secure as possible, the breach in procedure by PA Consulting raises questions of patient data security and confidentiality. The report comes in the wake of a NHS England revelation that it would delay its own data-mining service, among criticism of how it handles the data.
Sarah Wollaston, 52, is a British general practitioner and member of the ruling Conservative Party. A graduate of King's College London, Wollaston practised medicine for two decades before becoming the Member of Parliament for Totnes in 2010. Following her election to the House of Commons, Wollaston was elected to the Health Select Committee.
PA Consulting is a consultancy specializing in management, and technology implementation. It has clients in both the private and public sector, including local and national governments and the defense sector in both the US and UK. The company was the second largest beneficiary of UK government contracts to consulting firms, receiving £11 million ($18.3 million US) in 2010.
The supposedly-confidential NHS data was obtained and used by PA Consulting, who claimed that they had the "entire start-to-finish HES dataset across all three areas of collection -- inpatient, outpatient and A&E." The company used the data to "produce interactive maps directly from HES queries in seconds," which implies that location data has been supplied as well. The effort by PA Consulting isn't a Google project, but uses Google tools in the process of the data farming and analysis.
Critics of both the delayed UK government plan, and this upload by PA Consulting are expressing serious concerns about security and privacy. While the data is safe now, there are few controls on how this information will be used at present. The UK government is continuing the investigation on PA Consulting's effort, as well as how they got the data, which spans several DVDs and took a few weeks to upload in its entirety.