Patients' Data Should Not be Outsourced to Any Party at All, Let's Redo the Storage Scheme

posted by Roy Schestowitz on Nov 12, 2025,
updated Nov 12, 2025

Don't succumb to cargo cults like "blockchains", either

Speaking for myself, based on experiences in England's NHS (both as insider and outsider), many patients are reluctant to give information ("data") or correct information (false answers or misinformation are provided for fear that the 'embarrassing' information would inevitably 'leak out' one day).

England's NHS (or "NHS England") uses a lot of Windows (and other Microsoft stuff with back doors), so data breaches are shockingly common and under-reported, sometimes not even detected. So who can blame those patients?

As I said before, specifically in relation to my experiences at Sirius Open Source, I saw NHS data being misused or accidentally leaked (they didn't report this; they tried to cover up those incidents instead).

The above report, "Save public health data to save American lives", speaks of the value of data. It's true that a lot of accurate information can do a lot of good; it can also do a lot of harm (extortion and blackmail, to name one example) if leaked routinely and leaked to many hostile parties.

"They could save the data by following the methods demonstrated by FOSS distros," an associate has suggested. "That is to say, public key infrastructure (PKI) signed units distributed in a decentralized manner via the Bittorrent protocol."

The key thing to understand about PKI, e.g. in Debian^* and its hundreds of derivatives, is that it works well for GNU/Linux and BSD distros in cases of disruption without compromising security/integrity/consistency; Bittorrents are, in general, reliant on the protocol and many disparate nodes, not just a single authority (the issue we find in UEFI's 'Microsoft boot' and conglomerate of CAs). It promotes collective trust and has the advantages we used to cover here years ago in articles and videos (traits which de-centralisation schemes have against censorship and sudden budget cuts).

There are other options, such as patients physically carrying their own data, passing it to physicians, then the data being passed back to patients and permanently deleted from the terminals of physicians (or various specialists). It's not ideal, but it is worth experimenting with.

Far better than giving all our data to Microsoft and Palantir^** (US). To them, your personal data isn't yours but some "oil" or "gold" for them to monetise and hold hostage to renew some truly ridiculous NHS contracts, signed with secrecy clauses to limit/prohibit scrutiny. █

______

^* OpenPGP is the standard used for PKI there.

^** 2023: Privatisation Catastrophe, Starting with NHS England: Microsoft and Partners Attack British People's Health and Steal Their Medical Records (While British Taxpayers Unwillingly Pay for This)