Friday 23 July 2021 1:19 pm

Global pharma and data firms have had access to NHS patient data for years, analysis finds

More than 40 pharmaceutical, consultancy and data companies worldwide have access to UK hospital data and medical records, according to new analysis.

The detailed medical records – many from the NHS – date back years, the Financial Times first reported.

Some companies with access to the records are co-founded by the Sackler family, who have built a pharmaceutical dynasty which critics have claimed to have helped fuel the US opioid crisis.

The 43 different commercial organisations include McKinsey & Company, KPMG, Novavax, AstraZeneca, and marketing firm Experian, the analysis discovered.

At least 100 different NHS datasets have been shared with businesses – which include extensive hospital episode statistics, hospitalised patients databases, diagnoses, treatments and outpatient appointments.

There are also smaller datasets about emergency care, mental health, mortality, cancer waiting time, sexual health and childbirth services.

The NHS has been mulling the decision to pool some 55m GP-patient medical records into a single database to be shared with third-party companies for some time.

Concerns about potential conflicts of interest and lack of transparency about what happens with the data after it has been shared have been voiced sporadically over the last five years.

Most of the third-party data recipients are public bodies, such as Transport for London, which are used for planning and research purposes.

However, commercial organisations like KPMG make up some 13 per cent of all data recipients – with figures excluding companies like data analytics group Palantir which was granted emergency access last year for pandemic-related work.

While all data has identifying information like NHS numbers and names are removed, any organisation can apply for access to NHS patient data, following a rigorous safety check.

Patients are often unaware of the NHS’s data-sharing practices, critics argue, as it is difficult to prevent data from entering the outside world even if they do not consent.