[robertlagrant]

> Instead, we should be pushing the health record out to individuals, and away from the centre

One of my observations was that trusts think the opposite. I was in a call with one, and I said at one point, "Of course, the patient is the Data Owner" and I was corrected by a trust staff member who said, "No, the trust is the Data Owner".

Because - as I learned and saw later - trusts will sell data for studies. So they want the data.

[linker3000]

Yes, however in the UK and EU the patient is the Data Subject and has legal rights on what processing is done with the data about them.

[robertlagrant]

They have legal rights until the data is detached and deidentified.

[dent9876543]

It rather assumes you could enforce them. Those rights will be great against a responsible outfit. But if the data is exposed in a breach, or if the outfit goes rogue (or if a future government decides to change the law and sell your data, as, by the way, the previous Conservatives tried to do), then you're lost.

[robertlagrant]

What's the selling data you're talking about different to what I just described?

[dent9876543]

Heh. Perhaps not really that different at all.

I thought you may mean that the legal rights provide protection, so one need not worry until deidentification or detachment. Maybe your emphasis was same.

But for clarity, I think we need to worry long before deidentification and detachment — basically the Trusts are not to be trusted, and our legal rights will vanish in a heartbeat.

[mistrial9]

see "even true right now, but that can change on a dime" above ...