According to a recent Times front page story, a future Conservative administration will hand our health records over to Google or Microsoft. This thinking seems to be supported by speeches by David Cameron and shadow security minister Pauline Neville-Jones, as well as a recent paper from the Centre for Policy Studies (CPS) think-tank by Liam Maxwell, 'It's ours – Why we, not government, must own our data'.
And indeed Google, Microsoft, IBM and others have developed personal portable health records. Unlike organisation-centric electronic health records, which hold only those records relating to the individual's dealings with that particular organisation, these bring individuals' dealings many with different providers together under 'one roof', under the individual's control.
Liam Maxwell's CPS paper is rooted in new thinking about the concept of Vendor Relationship Management, led by Doc Searls' Harvard-based 'Project VRM'.* VRM recognises that the logical point for integrating data relating to a person's health – or, for that matter, any other aspect of their lives – is the person, not an organisation or the government.
So, for example, if you have dealings with a GP, hospital, private hospital, dentist, physiotherapist, medical insurer, drug company and medical equipment supplier, then each of these organisations needs to keep records of its dealings with you, but the best way to create a comprehensive picture of your health is to bring these separate together via your personal health record.
The alternative is to create a huge central database, which then shares information relating to you with other huge databases behind your back and in ways you cannot control. The intentions may be good, such as a desire to provide personalised services and protection for the individual.
But the result is like a doomed God quest. Such a database seeks to be all-knowing and ends up being unaffordably expensive, insensitive to the real variations in people's circumstances and needs, invariably out of date, and doomed to technical, managerial and social disappointment.
And there's worse. Earlier this year a Joseph Rowntree Reform Trust report, of which I was co-author, argued that the NHS Detailed Care Record (DCR) and the Secondary Uses Service were illegal under European law. We argued also that the NHS Summary Care Record (SCR) had serious problems, would be legal only with patient consent, and that in the absence of an effective opt-out it too would be illegal. The Department of Health press office responded with some lively messenger-shooting, but no specific denial about the illegality of DCR or SUS.
Technology, as well as the law, looks like it is on the side of individuals as the natural point of data integration. Increasingly we have smart mobile phones, computers and the internet which give us the tools to manage our personal data in a structured and scalable way.
Already we can search – and Google makes money from our search terms. Emerging personal data stores will have the ability to invoke third-party authentication, such as a prescription note, NHS number or referral letter, as well as tools for selective disclosure or "subscribe-to-me" capabilities, enabling individuals to share valuable personal data in ways they can control, often anonymously.
Using these technologies, we'll be able to get answers to real questions that match our real circumstances, model and plan future expenditures and share our feedback, complaints and preferences in a structured and scalable way.
Research by Ctrl-Shift suggests this "volunteered personal information" coming from suitably equipped individuals will by 2020 create annual value which is ten times that of Google today.
The emergence of person-centric health records, imperfect as they may yet be, suggests that healthcare may be the first sector to get this right. The NHS provides an interesting paper-based precedent for this: the red book of maternity and infant records which is held by parents. Anyone who has used them know how well they work and how carefully parents look after them.
Now imagine electronic tools many times more powerful – although no more powerful than your office software and browser – dedicated to providing that central co-ordinating role to every form you have to fill, every order you make, every financial and every health transaction.
Then ask: who is best placed to offer such powerful and essential personal information management services? Here, The Times misses the point.
This isn't a rerun of 1979. It's not about public sector versus private sector. It's whether such services should be provided by monopolies or devolved to individuals served by a new breed of companies dedicated to working on their behalf and structured in a manner to breed maximum trust.
The Times may have misunderstood the crucial point. Let us hope the Tories haven't.
William Heath is founder and chair of Ctrl-Shift Ltd
* Doc predicted the social networking phenomenon in his 1999 book Cluetrain Manifesto, just republished in a 10th anniversary edition
