"There are powerful arguments for people owning their own information and having rights to control it. There are massive weaknesses in the NHS’s bloated central database and there are benefits from using the private sector. But there are also enormous risks, so we are still a long step from being able to give personal data to any company, let alone Google."
No doubt Google's PR flacks will be running around today trying to contain the damage (update: here we go). But Mr Davis is right that extreme caution is required in the design of systems containing so much highly sensitive personal data; and that while many solutions are likely to be preferable to the NHS's ill-starred National Programme for IT, that doesn't mean we should rush into the arms of Google (or indeed Microsoft).
We DO want competition in the provision of health data services that meet strong privacy (and interoperability) requirements.
We don't want any more centralisation than is necessary, because of the security and availability risks, but also the temptation for future governments to grab hold of that data without patient consent — for national security, medical research, and whatever other purposes are politically convenient at the time. So a Google-type solution would probably look less like Google Search and more like Google Wave, with GP practices and hospitals running Wave apps on their own servers, federated to exchange data where necessary, with strict controls and an absolute requirement for patient consent.
The best solution is to fund GPs and hospitals to buy whichever electronic patient record software best meets their clinical needs, so long as it meets key interoperability and privacy standards — not to push patients into the arms of large database companies whose business models are based on exploiting medical records.