QR code/tracing/NHS

castle96

When I surrender a QR code/NHS tracing, where does this info go to? Does it go to the NHS (only)?... Govt? (same thing?)

[Deleted User]

What are you referring to in particular?

1. QR code on a test kit?
2. Scanning a QR code at a venue for tracing?
3. Presenting your Covid Passport QR code for a venue to scan?
4. Something else?

castle96

all of the above. Who recieves this info?

[Deleted User]

castle96 said:

all of the above. Who recieves this info?

So the "go to" information for this kind of thing, and indeed any company that captures, stores, processes or transfers personal data is the "Privacy Notice" which is a legal requirement under GDPR.

Covid Testing
https://www.gov.uk/government/publications/coronavirus-covid-19-testing-privacy-information/testing-for-coronavirus-privacy-information-quick-read--2

Covid app check in
https://www.gov.uk/government/publications/nhs-covid-19-app-privacy-information/nhs-covid-19-app-privacy-notice

Covid passport (currently in NHS app)
https://www.nhs.uk/nhs-app/nhs-app-legal-and-cookies/nhs-app-privacy-policy/privacy-policy/

castle96

thanks. Wonder what they (NHS) do with this info. Do they sell it like with your medical records?

[Deleted User]

castle96 said:

thanks. Wonder what they (NHS) do with this info. Do they sell it like with your medical records?

Probably.

Within the above privacy notices, there is a line that says:



And when you explore NHS Digital Privacy notices and data sharing:

https://digital.nhs.uk/services/data-access-request-service-dars/data-uses-register

You can find a list of 3,000 public and private organisations that NHS digital shares data with.

Personally I see no problem with this, and neither do I with sharing medical records data.

The NHS are in a unique position to hold a huge amount of information health related data. That data is valuable and medical suppliers can make use of it to create and improve their products or research health conditions to find cures. It is also useful for local authorities planning health and social care services.

If the NHS want to make a profit from sharing that data then I have no problems with that.

If you'd rather not allow universities, public authorities and medical companies using your medical data to find cures for diseases or plan health care services in your local area, then of course you can opt out of the sharing:

https://digital.nhs.uk/services/national-data-opt-out

From the way you worded your question though, it gives me the impression that you think all 500 pages of your medical history are simply shared to other parties and that is not the case, it really isn't useful data.

What is shared is anonymised and aggregated data sets for a large number of people which are far more useful. It could pinpoint that a particular disease is prevalent in certain age groups with specific medical factors in their background. Nobody wants to flick through your documented visits to your GP about that embarrassing wart on your appendage though.

castle96

"Nobody wants to flick through your documented visits to your GP about that embarrassing wart on your appendage though."

See what I mean! How did you find that out?

Have opted out with GP re medical records

What worries me is Govt and big pharma having info

Chino

Deleted_User said:

Personally I see no problem with this, and neither do I with sharing medical records data.

Nobody was asking for your thoughts on whether you are happy for your data to be sold to all and sundry

Heedtheadvice

Chino said:

[Deleted User] said:

Personally I see no problem with this, and neither do I with sharing medical records data.

Nobody was asking for your thoughts on whether you are happy for your data to be sold to all and sundry

Maybe not but that post of @[Deleted User] helps to put it all into perspective.

I am very security conscious and also a tad paranoid (if one can be!) regarding privacy. I do not want my personal infirmation shared with all and sundry be it my history, bank details, when I might not be home and my medical records. The more sharing is done the more the risk of something untoward increasing.

However the NHS has very good policy and processes and rule setting via the Caldicot Guardian. I have been involved and can confirm that data sharing about an individual's medical records is very well controlled inside as well as to outside of the NHS. Persons accessing records need to have a valid reason to do so be they consultants or other employees. Data sent outside is aggregated and anonimised so that individuals cannot be identified. That information is often for the general good, such as research, or to demonstrate NHS performance meeting targets (or otherwise!) or answering lawfully asked questions such as FOIs.

It has long been an issue that GP held data was not always accessible by hospitals potentially to the detriment of care. If we are to refuse data sharing that therefore creates further risk too. Two way sharing (on a limited and controlled basis) is desirable and remember GP practices can be private concerns too as well as others providing essential services. Individuals are not all competent to decide if the data sharing is essential and it is not practical to allow choice in each and every instance!

jamesd

Deleted_User said:

And when you explore NHS Digital Privacy notices and data sharing:

https://digital.nhs.uk/services/data-access-request-service-dars/data-uses-register

You can find a list of 3,000 public and private organisations that NHS digital shares data with.

Personally I see no problem with this, and neither do I with sharing medical records data.
...
If you'd rather not allow universities, public authorities and medical companies using your medical data to find cures for diseases or plan health care services in your local area, then of course you can opt out of the sharing:

https://digital.nhs.uk/services/national-data-opt-out

Regrettably, I looked at which organisations get the data in some of the monthly disclosures and found that there were quite a few market research firms involved. So I opted out of national data sharing.

I also gave feedback that it was sad that I couldn't opt out generally but allow NHS organisations to use the data, since the opt out also bars local health authorities including NHS organisations from having access to data and they were some of the most common users. It's a case of one potential bad actor blocking all of the good ones.

On the research side I don't trust Google because Google has mishandled medical data from the NHS in the past and remains one of the potential research disclosures. So this will also cause me to want to block the research sharing unless I can be more granular about which organisations are allowed to directly or indirectly get it.

Sad because there's a lot of epidemiological potential, but that's the current state of the lack of sufficient privacy of shared NHS medical data.

In a somewhat related note, the potential of research using DNA databases has been thoroughly poisoned by law enforcement use of them, including uses that don't get or seek the consent of the person whose DNA is being investigated - potentially a distant sibling of the person who provided the DNA who has no idea that their own DNA is being provided by a relative. Genealogy sites used by US law enforcement are a particularly bad example of this poisoning. On the more purely UK side, police retention of records far after they were authorised, including retaining records of tests used to exclude people who were never involved in an offence, give me approximately no confidence that the UK will be notably better.

To change this it'd probably take prison sentences for the individuals involved in the chain of compromised custody and any police or other non-epidemiological use. And a lot of time to verify that prosecutions and convictions really happen.

jamesd

castle96 said:

all of the above. Who recieves this info?

For the Covid contact tracing app:

The second version of the app appears to have been designed to technically circumvent the good and privacy-protecting core tools provided by Apple and Google. This is after a large fuss about the privacy issues with the first version prompted abandoning it as unsuccessful. With both first and second not having adequate privacy protection and the second version appearing to have deliberate circumventions my view is that the app is not trustworthy and is likely to have been designed to deliberately compromise privacy.

The technical circumventions allow user identification via traffic analysis* techniques such as associating tracking details with web site visits and other known uses of the same device, including potential uses such as tying the Google or other advertising ID to individuals using well established commercial techniques. Whether these circumventions are being used is something I don't know, but given that Covid has been described as a national security threat I'm not content to have circumventions in place that GCHQ and related organisations are amply capable of exploiting. Hence, because of apparently designed in vulnerabilities, I don't and won't use the app. At this point it'd probably take a thoroughly independent and trusted NGO operating the system, with truly secure encrypted and TA-resisting communication with the operating NGO before I'd trust it.

For the Covid passport:

Potentially Google and Apple, depending on your choices of how to store the passport, disclosure to either if you choose to store it on the device except in PDF form.

Depending on version, the passport will not disclose just your passport vaccination status but can also disclose your name and date of birth to the venue or other user of the passport. This is most obviously present in the PDF version that has your DOB plainly visible without obfuscation by the coded version.

I'm not aware of current restrictions on how the users may use this information. In the non-digital signing in system, while the provision of information was required, venues were prohibited from using the information for any purpose other than supplying it for contact tracing and required to securely dispose of it after a while. I encountered one venue that used a public list on paper that anyone could read while they were signing in, breaching the privacy requirement for the data. Even let me go so far as to photograph it... and hence have photographic record of the details of others who signed in until I promptly edited it to obfuscate their details.

Since the system is no longer mandatory I'm not sure that the legal bar on using the data for any other purpose is in place and venues may be able to user your information for any purpose they want. I won't supply such information, or, if a venue insists and I don't want to walk away after complaining I'll provide bogus information. When the legal requirements were in place = and hence I was required to provide genuine information - I on a small number of occasions provided genuine but useless information instead - it would really eventually reach me, but not in a timescale useful for contact tracing. This notably for places that insisted on a phone number when they were required to accept an address as an alternative, so they got a number that's mine but checked less often than every six months. A more secure alternative would be a way to generate a linking ID that could be disclosed without any personal information being revealed to the venue.

All of this is most unfortunate since reliable contact tracing can be useful in reducing the spread of an epidemic but as a trust-based system it has to actually be designed and implemented in trustworthy ways.

* Traffic analysis is broadly looking at where communications are coming from and going to and using that information to determine information about sender and/or receiver. A visit to a web site can be a TA tool because the DNS lookup and visit to the web site provide data that can allow identification of a device and linking from there to other databases that have both the device ID and identifying information like name, address and phone number. This can be enhanced by the requirement placed on UK ISPs to keep records of every site you visit for a year and disclose the information to authorities when requested.