Your life, on the record

On two doctors - Tufan Kose and Mustafa Cinkilic - will go on trial in Turkey on a charge which even the hardened watchers at Amnesty International have not come across before. Turkey's inventive security services have accused the medics of running an "illegal medical centre". Their real crime was to treat 167 victims of torture and refuse to disclose patients' details to the state that tortured them.

Medical confidentiality may date back to Hippocrates's ruling on the duty of doctors to respect patients' privacy 2,500 years ago, but it is anything but a dead issue.

British doctors' leaders have given their support to their Turkish colleagues last week. But with no hint that the comparison with repression in Turkey may sound a touch far-fetched, they claim that they, too, are fighting to defend the Hippocratic oath from the British government.

It is not the possibility of arrest and torture which worries the British Medical Association but that the underemployed spies of MI5 and GCHQ will start looking at medical records; that American "data warehousing" companies will be able to exploit confidential information and that the trust relationship between doctors and patients, on which diagnosis and treatment depend, will soon break down.

The superficially dull proposal to create a National Health Service computer network lies behind this explosion of apparent paranoia. In theory the plan is innocuous. Linking all classified patient information in one network should bring enormous benefits.

The NHS internal market, whose obese administration costs embarrass even Conservative health ministers, has already become more efficient as a result. From 1 April a central "clearing house" has been recording all transactions that are recorded on computer. Nominal "purchasers" of health services will now be billed by nominal "suppliers".

But making the NHS operate more like a "market" is not the only reason for computerisation. Ray Rogers, executive director of the NHS information technology unit, told a seminar at the London School of Economics last week that the new network could save at least pounds 100m a year, "and that's a lot of hip operations". Patients' test results could be sent to their GPs by e-mail rather than Royal Mail. One day - perhaps soon - a doctor would be able to transmit a patient's medical history to a surgeon in "accident and emergency" at the other end of the country. Lives as well as money could be saved. Who but a Luddite could object?

But as with so many other brainchildren of this government's dotage, it is all too easy to find much to object to. The NHS network is being constructed with a characteristic disregard for public values and civil rights.

It is not, as one might expect, being run by civil servants, bound by confidentiality and the remnants of the public service ethos. The management of the clearing house has been contracted out to AT&T, the giant American telecommunications company. Ministers have repeatedly rejected suggestions that this entails any risk to confidentiality, or that medical data could, for example, leak to insurance companies or employers who would very much like to know how sick their customers and employees may become. They could find it useful, after all, to take action before the demands for sick leave and dividend payments arrive.

Dr Ross Anderson of Cambridge University, an authority on this new technology and currently advising the BMA on safeguarding confidential information, is so far unconvinced by government reassurances. He has seen no regulations penalising the leakage of confidential information and is wary of the culture change commercialism could bring. "America is a country where anyone with a dollar can buy medical information, and we're asking Americans to take over people's most confidential data."

His fears are well grounded. A trawl of the specialist American press revealed that a banker on a state health commission had downloaded a list of everyone in the state with cancer. He cross-referred it to a list of his customers and called in loans to patients whose health was suspect. Then there was the US drug company that bought a database of prescriptions. Its marketing department is using it to find depressed patients who will then be contacted and told that they will feel a lot jollier if they take Prozac.

There is nothing unusual in this behaviour: 40 per cent of US insurers have admitted that they have passed personal health data to employers and banks. The Republican majority in Congress, which enthusiastically favours all forms of deregulation, currently has a Bill before it promoted by credit reference agencies which would allow health records to be swapped without the consent of patients.

The American connection does not end with AT&T. The contract to analyse patients' computerised records has been given to a Warwickshire company, CHKS, which is a subsidiary of the US data processing conglomerate HCIA. The terms seem remarkably generous. CHKS will charge health trusts when they hand over their data and again when the analysed data is handed back.

It would be easy for the Government to allay fears that private information will be sold for financial gain by removing individual names before records are passed to the central clearing house. Analysts would still be able to find out, for example, how many people in Newcastle had hip operations, but not the names and addresses of the individual patients. But no attempt has yet been made to take names and NHS numbers off the records of operations which flash through the system.

The Government is also resisting other attempts to protect confidentiality. Doctors have asked that patients at least give consent to their health records being passed on. The Department of Health will agree only that patients should be informed that others can read their records. There will be no right of veto. Doctors could refuse to agree to the Whitehall demands and stick to their ethical code. But if they did, they would not be paid for treating patients who want their secrets kept. The records would not be in the billing system.

Civil servants have offered one compromise: that patient details could be "encrypted". When a doctor sends a referral note to a hospital, it could be in a code that only an authorised consultant could break.

But there are problems. GCHQ, the Government's electronic listening centre which has been short of work since the end of the Cold War, will develop the codes. Naturally enough, doctors assume that what GCHQ can encode it can also decode. MI5 and other state agencies would then be able to trawl medical records.

Spies, data selling, data matching and international information conglomerates are a long way from the traditional doctor-patient relationship.

Dr Fleur Fisher, the BMA's head of ethics, described last week how it used to work. Patients in the family planning clinic where she once practised, were guaranteed absolute confidentiality. Records were locked in filing cabinets and even patients' GPs could not see details of abortions and contraception if women wanted secrecy. However unreasonable, all requests for anonymity were respected. The dangers of patients being scared away from treatment were too great to risk.

Dr Fisher is involved in the protracted negotiations with the Department of Health about the new network. On Thursday there were signs that Whitehall was moving to allay the BMA's concerns. It may allow doctors to control their own coding and decoding and remove GCHQ from the system.

Yet all the concessions the BMA has wrung from civil servants have been made late in the day. It is not that the Department of Health is staffed by Orwellian tyrants determined to examine the most intimate areas of 55 million people's lives. Whitehall simply has no instinctive respect for rights. If it is cheaper to brush aside fears about patient confidentiality - it usually is - then brushing aside is what they will want to do.

It need not be so. When Germany computerised its medical records, there was no question that central government could find out the names of patients treated at local level because the German constitution guarantees that individuals own personal information.

Britain has no privacy rights. No one knows who "owns" the information: patients, GPs, hospital or Department of Health. Whitehall's legal advice is that patients have no ultimate right to control information about themselves.

So far the, often ferocious, debate about the NHS network has been conducted almost exclusively in the pages of computer and medical journals and behind closed doors in Whitehall. But sooner or later the public will start listening. If patient privacy cannot be guaranteed how will people react? Will they shrug their shoulders and say that you cannot expect to keep secrets in the modern world? Or will they worry that their most intimate medical histories will be available to hackers, banks, employers, insurance companies, police officers and state agencies, and refuse to give doctors information which could be vital to their treatment?