Concerns: Private UK Patient Data Uploaded to Google Servers
by: Bryon Turcotte / March 5, 2014
An English firm working with the National Health Service (NHS) as a "_third-party consultant_" has caused severe "_privacy and security_" concerns by uploading "_sensitive patient data_" to Google servers, according to a recent article published by The Web Hosting Industry Review. The report confirmed that PA Consulting uploaded "_patient information from its HES (hospital episode statistics) data, including addresses and hospital records_" to BigQuery – Google's analytics tool. This action raises severe concerns since this tool "_resides on servers outside of the EU and could be a severe breach_, "according to the report.
According to the article, the NHS was "_aware that the data was being uploaded to Google BigQuery_" but states further that "_Google employees were restricted from accessing the information._" The article states that PA Consulting confirmed that the analytics tool "_was able to produce interactive maps directly from HES queries_" within a two-week time frame. Generating these "_queries_" would not have been possible without accessing "_patient location information_, "but the firm confirmed that the "_entire start-to-finish HES dataset across three areas of collection_" including "_inpatient, outpatient, and A&E_" was "_secured_", according to the article.
The article confirms that according to NHS, "_the type of information shared, and how it is shared, is controlled by law and strict confidentiality rules._" A statement on the HSCIC website was quoted in the article to say, "_HES information is stored as a large collection of separate records – one for each period of care – in a secure data warehouse. We apply a strict statistical disclosure control in accordance with the HES protocol to all published HES data._"