Electronic medical records are essential for treating rare conditions. I have a two-year-old daughter with a rare medical condition. She is seen by three doctors and is on a number of different medicines although, because the condition is so rare, very little is known about how to treat it most effectively. There are a few thousand other children in the country with this condition. And having access to their combined records would mean that researchers and clinicians could better find the combinations of medicines and treatments that are most effective for the benefit of all of these patients.

The benefits of having a national medical record database shouldn’t be underestimated, not just for academic research but for the health of all patients. A huge number of medical charities, funding bodies and journals, including the British Health foundation, Alzheimer’s Society and Cancer Research UK all attest to this.

A huge sample size from a national database would mean a higher power to detect side effects and interactions that are currently effectively outside of evidence-based medicine. This extends to drug companies, who surely have a duty of care to monitor the population exposed to their products for side effects and adverse reactions with other drugs. In 2004 a popular anti-inflamatory medicine called Vioxx was withdrawn from the market after it was found to have resulted in tens of thousands of serious heart attacks.

If at the time we had access to the medical records of all patients on Vioxx, the pattern of association between taking the medicine and serious harm would have been detected and the drug would have been withdrawn much earlier. Many thousands of lives would have been saved.

Flagship comes to a halt

Despite all of this and the huge public health benefits, plans to have a national medical record database – NHS England’s flagship care.data programme – have come to a temporary halt. There was also the revelation that the hospital records of every NHS patient in the country had been sold to actuaries.

Without a doubt, NHS England (which is managing the project) and the government have made a hash of the public relations campaign building up to the roll out of care.data. They omitted references to opting out in promotional literature and failed to properly discuss risks, however remote, to do with personal data sharing and security. They also made a distinctly underwhelming case for the advantages of a national primary care database. Most of these faults probably stem from a fundamental lack of understanding of the science and technology involved in such a project.

Already happening

For a sizeable proportion of the UK population, the sharing of their electronic medical records with academia and pharma is already a reality and has been for decades. About a third of UK patients already have their electronic medical records held on the main current UK primary care databases (ones called CPRD, THIN and QResearch for example), and many have their pseudoanonymised data accessible (for a fee) to both medical researchers like me and to private companies, including drug companies.

Such data is currently stored and accessed in almost exactly the same way that care.data will be. In fact, apart from the scale of the project, the only real differences with the new system are that the data will be kept on government-owned servers at the Health and Social Care Information centre rather than in the data centres of private or semi-private companies and that now patients can opt out whereas in other current systems, it is GPs who decide whether or not their practices as a whole will contribute data. In the majority of cases now, patients will not even be aware that their data are being collected, let alone be offered the opportunity to consent.

There are many understandable concerns around privacy. Many MPs, GPs and patient groups have argued that care.data should be an opt-in system where a patient’s medical records are only recorded if they give their express permission. Brian Jarman, an emeritus professor specialising in health data at Imperial College London, even thinks that half of people in the UK would sign up to such a scheme. Given the low rates of uptake for schemes such as donor cards this seems fancifully optimistic. As with donor cards, there is also likely to be a lower rate of uptake among patients in more deprived communities. This will lead to both bias in the data itself and systematic inequalities in the NHS, as the very people that are most in need of services will effectively fall off the radar when it comes to collecting evidence.

Hunt gave his strongest statement yet that sale of data to actuaries “cannot happen” under care.data. But it came only a day after this exact thing did happen with the sale of hospital data to a major insurance company – an act that seems almost designed to destroy public trust in electronic medical records once and for all. That the data shared was anonymised and that it would be used to give more accurate estimates of risk will make little difference to an already angry and disillusioned public.

Fears include big pharma companies illegally de-anonymising our medical records and use them to target their products better but the complexity of doing this makes it unlikely that it would be possible to identify more than a very small proportion of patients with an ultimately unknown error rate.

Lots of effort, little reward

The database would tell someone (willing to put a lot of work in) that, for example, there is a 90-year-old female with diabetes, dementia and on certain medication registered with and attending a certain practice. To identify this patient, external information would be needed and it is unclear where it would be obtained from. Would the company survey the area at random asking about patients who fit the profile?

This would only be feasible for uncommon combinations of characteristics (so very old patients, people with multiple health problems, rare conditions and so on). It seems highly unlikely that a company would break the law and grandiosely jeopardise its standing by embarking on such a complicated enterprise with practically zero returns.

Alternatively, the ludicrousness of the idea of “hackers” doing this for themselves to sell the data on to whoever will pay, is obvious: why would someone pay for the name of that 90-year-old female mentioned above (which cannot be identified solely through the database and considerable external effort is required) while your social media data, credit card information and iTunes, Paypal and Amazon passwords are all much easier to harvest, and doing so doesn’t necessarily require PhD-level knowledge of large medical databases and weeks or months to properly extract the information?

Would it make any difference to identity thieves what medication you are on? No. They would be after your name, age, sex, occupation – information that is either unavailable in the database (name, occupation) or is an absolute requisite for identifying your medical record in the database in the first place (age, sex).

It isn’t that a national database would come with zero risk of information leaks (as the initial PR campaign would have you believe), but the chances are very small; patient data has been shared in exactly this way for over 20 years now and there have been no significant losses of information.

Systems need to be put in place to effectively monitor users of this data and tougher penalties need to be introduced if the rules are breached. But patients are being harmed every day because of a lack of information sharing that could detect harmful side effects and drug reactions that would never be picked up by clinical trials. It is really this that we should all be working towards.

Evan Kontopantelis, Senior Research Fellow at the University of Manchester, also contributed to this article.