NHS England is the body tasked by the Government with improving healthcare for people in England. It takes key decisions on policy and funding for healthcare services. To improve its performance, NHS England has commissioned a project called the Care.Data scheme to collate individual patient data from all GP practices across England. Individual data will be extracted from GP records into a central database that will be maintained by Health and Social Care Information Centre (HSCIC).

There is, however, increasing pressure to delay the Care.Data scheme while public awareness is raised. The debate has increased in recent weeks and the BMA, the organisation that represents doctors, has now joined calls to put back the data extraction, which is currently due to start next month (March 2014).

The premise of the £50-million Government-backed project is that there is a vast amount of information that GPs hold on their patients. An analysis of this data would help with resources planning and enable research to improve healthcare, including that provided by private companies. At the moment the amount of patient data available is not sufficient to enable any meaningful analysis. A central database would therefore form a valuable repository of health data dating back many years.

Over recent and coming weeks an information leaflet is being delivered to 26 million households to explain the Care.Data scheme but there is widespread criticism that the publicity is inadequate and lacks clarity on how the data will be extracted and how patients can opt out of the scheme.

Patient confidentiality is a particular concern. While a patient's name and address will be removed from the data before extraction, the information will nevertheless be at an individual level and will include details such as the patient's full postcode, their date of birth, NHS number and gender. There are therefore many who are concerned that this information could be combined with other publicly available records to identify individual patients. So, if the data were accidentally disclosed or hacked, there could be serious implications for individual patients, for example, if the information was revealed to health insurers or life assurance providers. Of course, there are criminal sanctions for those who fail in their duty to safeguard confidential data or who engage in hacking but the current raft of cases against unscrupulous journalists demonstrates very clearly that, once information has been made public, there is no going back.

Andrew Clayton, of Penningtons Manches' clinical negligence team, explains: "The objectives of this project are well founded. There is undoubtedly a wealth of information that could assist in planning delivery of health and social services according to local need and facilitate significant potential developments in clinical research. There are, however, legitimate concerns that, regardless of the good intentions of the Care.Data scheme, the information is highly sensitive. Any scope for data to be abused and mapped back to identifiable individuals undermines the fundamental need to maintain absolute patient confidentiality. If patients begin to fear disclosing information to their doctor then there are obvious repercussions. If data are at any risk whatsoever of misuse or of disclosure to third parties, then the scheme must be delayed until there are guarantees that individual patients cannot be identified from the data that will be extracted."