UK Hospital Records Stored in Google Cloud and Used By Marketing Firm

UK Hospital Records Stored in Google Cloud and Used By Marketing Firm
UK Hospital Records Stored in Google Cloud and Used By Marketing Firm

The news is neither new nor secret, but seems to have slipped under public awareness. It was raised on Twitter by Julia Hippisley-Cox, herself a GP and also a professor at Nottingham university on Sunday. She called on Sarah Wollaston (a Tory member of the health select committee) and Charlotte Leslie (Tory MP) to "look into this use of HES. … folks are worried its another mistake." HES, Hospital Episode Statistics, are patient records from hospital visits.

The blog in question (Biomedical Research Insider) dates from June 2012. It includes, "The guys from PA described how they had obtained the entire start-to-finish HES dataset across all three areas of collection (inpatient, outpatient and A&E) and loaded this into BigQuery (this being the most arduous part of the process, the data arriving on 27 DVDs and taking a couple of weeks to upload) prior to demonstrating the speed with which it was able to provide answers and how the data could be linked to google maps and google docs' spreadsheet application to dynamically produce visual and graphical analyses."

This was confirmed in PA Consulting's own document, from November 2012, Placing the Patient at the Centre of Healthcare. "So we bought the data and installed it (with certain security restrictions) on our own hardware... [But querying the data took too long.] The alternative was to upload it to the cloud using tools such as Google Storage and use BigQuery to extract data from it... Within two weeks of starting to use the Google tools we were able to produce interactive maps directly from HES queries in seconds."

"The revelations alarmed campaigners and privacy experts," reported the Guardian yesterday, "who queried how Google maps could have been used unless some location data had been provided in the patient information files."

The story goes further, however, in a statement released by medConfidential on Monday. It points to the marketing firm Beacon Dodsworth, who had announced, "you can establish trends and understand patterns allowing you to tailor you[r] social marketing or media awareness campaigns. Perhaps you want to identify areas or age groups that may be at risk of lung cancer in order to target smoking cessation aids at these groups?"

In other words, Beacon Dodsworth is championing the use of patient data to direct targeted campaigns via Twitter and Facebook. "47 million people don’t have a clue that their hospital history has been used to target ads on Twitter and Facebook. We have an Information Commissioner struggling with Microsoft Encarta in a Wikipedia world," commented Phil Booth, coordinator at medConfidential.

What’s hot on Infosecurity Magazine?