skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


On March 4, the Scottish parliament narrowly approved plans that will give public sector bodies access to non-medical NHS data on virtually all Scottish citizens. This access will ease the implementation of devolved income tax and could help to improve services. However, it establishes a national identity register in all but name, raising serious concerns about privacy.

Data-sharing forces a trade-off with privacy

Giving public sector organizations access to NHS Scotland’s central database should help them to deliver better services. It will also support the devolution of income tax powers, scheduled for 2016, by helping HMRC to track Scottish taxpayers. But by exposing it to bodies other than the health service, this new legislation turns the NHS database into a national identity register in all but name.

Improved data-sharing and the cooperation it brings allows government departments to cut waste, save time, and coordinate in order to better meet the needs of citizens. However, as is so often the case with the benefits of modern ICT, it forces a trade-off with privacy.

As the Information Commissioner’s Office has pointed out, the “creeping use” of unique identifiers, such as the Community Health Index numbers that identify NHS patients in Scotland, runs the risk of creating national ID numbers “by default.” Putting these numbers to uses for which they were not originally intended means they become de facto standard identifiers. This can happen even if it contradicts official policy on identity registers, because data-sharing is ostensibly about streamlining back-office bureaucracy, not authenticating citizens.

In Scotland and many other countries, especially those of the Anglosphere, national identity registers are unpopular because they expand the scope for data breaches and give government greater power to monitor citizens. These countries have worked hard to find alternatives, and they should not undo the progress made by ushering in through the back door an approach that has already been openly rejected.


Further reading

Best-Practice Electronic Patient Record Deployment at Salford Royal NHS Foundation Trust, IT0011-000341 (February 2015)

“Making analytics a first-class healthcare citizen: lessons from Oracle customers,”IT0011-000335(November 2014)

“Patient privacy and consent management: progress is required,”IT0011-000327(September 2014)

ID Management for Public Services: Opportunities and Pitfalls, IT0007-000767 (September 2014)

“Federal agencies should welcome the release of the OMB data index,” IT0007-000802 (February 2014)


Nick Wallace, Analyst, Public Sector

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now