NHS Digital is due to make some big changes to the way our GP medical notes are collected and stored from the 1st September 2021. The proposed scheme is called the General Practice Data for Planning and Research (‘GPDPR’) data collection. Under the scheme, for the first time ever, data that general practitioners (‘GPs’) store on patients will be uploaded and stored on a central database that NHS Digital control.
There are concerns about the plan as it puts the medical records of more than 55 million patients into a database available to third parties. However, given this data is some of the most sensitive information about a person, why have most people not heard of the new scheme?
What are they collecting?
NHS Digital will collect all records created up to 10 years ago. This will include data on sex, ethnicity, sexual orientation, diagnoses, medications and information about a patient’s physical, mental and sexual health. It will not include clearly identifiable information such as names or addresses.
Most of the records collected will be ‘pseudonymised’ which means personal data, which could be used to identify patients (such as NHS numbers, date of birth or postcodes)
will be replaced or removed. This process doesn’t completely anonymise the data and privacy experts are concerned it will be possible for patients to be re-identified by reverse engineering the data.
How are they collecting it?
Most of the general public are unaware this data collection is going ahead. It was recently moved back by two months to provide more time to inform patients about their choices. A full public consultation is important because NHS Digital are relying on patient’s ‘presumed consent’ to collect their GP records. Patients need to be told about the data collection so they have an opportunity to opt-out if they would like.
The two different options for opting out are:
1. Type 1 opt-out: this prevents confidential information being shared outside your GP practice for purposes other than your individual care. This stops GP practices from sharing data to NHS Digital and prevents them from collecting it in the first place.
2. National data opt-out: this enables patients to opt out from having their confidential patient information shared for reasons beyond their individual care. This allows NHS Digital to take the data but blocks them from sharing it externally.
Importantly, it is not possible to opt-out of pseudonymised data being shared and once it is collected the process can’t be reversed.
Many GP practices have already refused to share their patients’ data. Some GPs feel the presumed consent that NHS Digital are relying on is not “valid consent”. For consent to be valid it must be informed so the patient understands what they are agreeing to. This is why doctors explain about blood tests, surgeries and examinations before they happen. GPs have raised concerns that they don’t fully understand the risks and benefits of the GPDPR and therefore can’t explain it to their patients. A similar scheme called Care.Data was abandoned in 2016 following very similar criticisms.
Why does NHS Digital want GP records?
NHS digital have said they will use the patient data to support “research and analysis to help run and improve health and care services”. Anonymous patient data is very useful to do things like develop new drugs, treat conditions and spot trends. There are concerns that the parties involved in research and development could include third parties. This has happened previously, in a partnership between the Royal Free NHS Trust and Google DeepMind. They developed an app called Streams which used patient information to diagnose acute kidney injury. The ICO found the app was not compliant with the Data Protection Act 1998 primarily because patients would not have reasonably expected their information to be used in the way it was.
It is clear the data is very valuable for both public health and commercial purposes. Although we like to think it will only be used in ways that benefit the NHS, the concern is that it might not be. Once it is collected and anonymised we lose control of how it is used and it could be used in ways that don’t directly benefit us.