The market in patient data

Jane Darling, our FHCLP Policy officer writes….
Important News about NHS DIGITAL’s new GP patient data extraction scheme, scheduled to begin on July1st.
You have until 23 June to take action on this, should you wish to do so.
NHS Digital has announced it is setting up a new primary care data collection service with the aim of giving planners and researchers faster access to pseudonymised patient information.
For the last ten years NHS Digital has been collecting data from GPs via the General Practice Extraction Service but it is now to be replaced with their new General Practice Data for Planning and Research (GPDPR) service.
On May 12, the organisation issued a Data Provision Notice to GPs to enable the new data collection process to begin from 1 July, 2021.
There are a number of serious concerns being raised by a number of organisations and by members of the public. A number of those concerns are listed below, followed by information about the scheme from NHS Digital.
Who Knew?
“Matt Hancock has quietly told your GP to hand over your health data.” – Phil Booth from medConfidential. He continues, “You’d be forgiven for not knowing any of this, because the government is making little effort to tell you. NHS Digital- the central NHS body that health secretary, Matt Hancock last month ordered to extract all of this health data- appears not to have sent out a press release, announcing the programme.”
British Medical Journal,2021;
“A new way to extract patients’ data from general practices in England has been criticised by privacy rights campaigning groups, which are concerned about the scheme’s lack of clarity and the level of detailed information being gathered.
However, medical profession representatives seem to broadly support the approach, although they agree that more needs to be done to clarify its purposes so it can secure public support.”
What will the Data be used for?
The answer seems to be, a wide range of things, from research to marketing. On NHS Digital you can read about the anticipated use, but one of the chief concerns expressed is that data will be sold to companies who will use it to sell their products and that the NHS will profit from the sale of the data.
The wording in the section of the Information below from the Primary Care Service on “We are not going to sell your data” is highly significant. iI is stated, “We do not allow data to be used solely for commercial purposes”. It is hard to believe that the use of the word ‘solely’ does not have huge implications.
Good Value for Money?
“The UK government is at risk of wasting vast sums of taxpayers’ money by repeating the mistakes of previous NHS IT failures, MPs have warned.
The Commons Public Accounts Committee’s review into digital transformation in the NHS concluded that current proposals to transform digital services lacked effective governance, realistic and detailed plans, sufficient investment nationally and locally, and clear accountability.”
The MPs warned that lessons may not have been learnt from the failed national programme for IT from 2002 to 2011, which cost the government £10bn (€11.1bn; $13.1bn).”
The Publication Computer Weekly.com has published its concerns over NHS data collection and usage plans. Security and data privacy experts warn NHS Digital that its data collection plans could increase security risk and cause a public backlash. Alex Scroxton, Security Editor stated “A growing number of security and data privacy experts are warning that proposed NHS Digital plans to scrape medical data on 55 million patients in England into a new database creates unacceptable levels of security risk.”
From the Guardian Newspaper, Monday 31 May, 2021: “Doctors have warned that plans to pool medical records on to a database and share them with third parties could erode the relationship between them and their patients. This warning came as the Royal College of General practitioners wrote to NHS Digital urging it to better communicate with the public about the plans and their options for opting out”.
“The Doctors’ Association, UK (DAUK),… said it was concerned this would ‘erode the doctor-patient relationship, leaving patients reluctant to share their problems due to fears of where their data could be shared’.
David Sygula, a senior cyber security analyst at CyberAngel said,“The extent of the unsecured database problem is growing. It is not simply an NHS issue, but the NHS’s third, fourth or further removed parties too, and how they will ensure the data is securely handled by all suppliers involved. These security policies and processes absolutely need to be planned well in advance and details shared with both third parties and individuals.”
“It is noteworthy to see that the data will be pseudonymised rather than anonymised – so it is possible to reverse-engineer the identity of the patients in some circumstances. If the data lake being created is genuinely for research, analysing healthcare inequalities and research for serious illness, what is the reason this cannot be done on a true anonymised basis?”
Timelines too short?
Why now, why the rush? Don’t GPs and health professionals have enough to cope with seeing 50-60 patients a day without having the burden of checking that their patients are aware of this new plan?
“I would be concerned about the legality of proving that people had a fair opportunity to opt out of the ‘data collection’.IntSights chief compliance officer, Chris Strand said that in his view, NHS Digital had failed to give people long enough to assess their personal risk position and opt out if desired”
How do I opt out?
You can obtain an Opt Out form from NHS Digital online or you can inform your GP.
Quite how is unclear. Do they have a stock of the forms or do you have to write in, who knows?