UK Hospital Records Stored in Google Cloud and Used By Marketing Firm


Related Links

Related Stories

  • State of Healthcare IT Security is 'Alarming'
    Healthcare IT is one of the more critical arenas when it comes to cybersecurity, due to the sensitive nature of the information stored. But alarmingly, new research has revealed that the networks and internet-connected devices of organizations in virtually every healthcare category – from hospitals to insurance carriers to pharmaceutical companies – have been and continue to be compromised by successful attacks.
  • Central Health Record Database to be Delayed for Six Months
    NHS England's collection and centralization of all patient health data into a single database, known as was due to commence next month but has now been delayed until the Autumn. The reason given is to allow the NHS time to better make the case for sharing the public's most personal and intimate information.
  • HealthCare.Gov: Experts Declare it Insecure
    There are two arguments over HealthCare.Gov. One is political (in general, Democrats support it, Republicans do not) while the other is apolitical and based on security (HealthCare.Gov claims to be secure, independent experts claim it is not).
  • Concerns Heightened About Opt-Out Central Database For UK Patients' Health Data
    Some time this month all households in the UK will receive a leaflet from the National Health Service titled 'Better information means better care.' It explains that patient data currently held by general practitioners will automatically be uploaded to a central database run by the Health and Social Care Information Centre (HSCIC) unless they specifically opt out of the process.
  • HealthCare.Gov Running Smoothly But Not Securely
    An upbeat announcement from the Department of Health and Human Services (DHHS) Sunday declared fixed on schedule. But the one word never mentioned in the announcement is 'security.'

Top 5 Stories


UK Hospital Records Stored in Google Cloud and Used By Marketing Firm

05 March 2014

New concerns over the possible use of patient health information in (an amalgamation of both hospital and GP records into a single database due to go live in the autumn) have been raised following revelations that existing hospital records have been stored in Google cloud, and bought and used by a marketing company.

The news is neither new nor secret, but seems to have slipped under public awareness. It was raised on Twitter by Julia Hippisley-Cox, herself a GP and also a professor at Nottingham university on Sunday. She called on Sarah Wollaston (a Tory member of the health select committee) and Charlotte Leslie (Tory MP) to "look into this use of HES. … folks are worried its another mistake." HES, Hospital Episode Statistics, are patient records from hospital visits.

The blog in question (Biomedical Research Insider) dates from June 2012. It includes, "The guys from PA described how they had obtained the entire start-to-finish HES dataset across all three areas of collection (inpatient, outpatient and A&E) and loaded this into BigQuery (this being the most arduous part of the process, the data arriving on 27 DVDs and taking a couple of weeks to upload) prior to demonstrating the speed with which it was able to provide answers and how the data could be linked to google maps and google docs' spreadsheet application to dynamically produce visual and graphical analyses."

This was confirmed in PA Consulting's own document, from November 2012, Placing the Patient at the Centre of Healthcare. "So we bought the data and installed it (with certain security restrictions) on our own hardware... [But querying the data took too long.] The alternative was to upload it to the cloud using tools such as Google Storage and use BigQuery to extract data from it... Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds."

"The revelations alarmed campaigners and privacy experts," reported the Guardian yesterday, "who queried how Google maps could have been used unless some location data had been provided in the patient information files."

The story goes further, however, in a statement released by medConfidential on Monday. It points to the marketing firm Beacon Dodsworth, who had announced, "you can establish trends and understand patterns allowing you to tailor you[r] social marketing or media awareness campaigns. Perhaps you want to identify areas or age groups that may be at risk of lung cancer in order to target smoking cessation aids at these groups?"

In other words, Beacon Dodsworth is championing the use of patient data to direct targeted campaigns via Twitter and Facebook. "47 million people don’t have a clue that their hospital history has been used to target ads on Twitter and Facebook. We have an Information Commissioner struggling with Microsoft Encarta in a Wikipedia world," commented Phil Booth, coordinator at medConfidential.

This article is featured in:
Cloud Computing  •  Compliance and Policy  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×