Government tells NHS Digital to collect sensitive GP records - patients have until 23 June to opt out

medConfidential accuses DHSC and NHS Digital of sneaking intrusive new measures in under the cover of Covid

The government has directed NHS Digital to collect sensitive health data in GP records, with citizens given until June 23rd to opt out.

The move, which updates existing practices, has alarmed medConfidential, a group that campaigns for the privacy and confidentiality of health data, which says the measure was not flagged up, and despite promises of anonymisation and encryption of the data the programme may make sensitive data saleable to commercial companies and other third parties, as is already possible with hospital data.

The General Practice Data for Planning and Research (GPDPR) Directive by the Secretary of State for Health and Social Care Matt Hancock requires NHS Digital to "establish and operate an information system for the collection and analysis of General Practice data for health and social care purposes," according to NHS Digital's website (page since taken down), adding health data should be collected for health and social care purposes that "include but are not limited to health and social care policy, planning and commissioning purposes; public health purposes, including Covid-19 purposes... and research". Its scope is limited to General Practices in England.

In a press release dated 12 May, NHS Digital, the body responsible for handling patient data, says GPDPR will replace the 10-year-old GPES system and will "enable faster access to pseudonymised patient data for planners and researchers."

In the press release, Sarah Wilkinson, NHS Digital CEO, says the value of health data has been proven during the vaccine rollout, and insists that systems will "incorporate pseudonymisation at source, encryption in transit and in situ, and rigorous controls around access to data to ensure appropriate use."

It says patients must opt out before 23 June to prevent their current records being collected.

However, medConfidential questioned the short time scales and lack of public notice.

"Documents about the programme were published on 12 May 2021 - the morning after the Queen's Speech in which none of this was mentioned," said coordinator Phil Booth, adding that details of the scheme are spread across a number of PDF documents and web pages. The opt-out process is similarly cumbersome, Booth said in an email to Computing.

"You need to use one opt-out - a ‘Type 1' - by 23 June 2021 to stop NHS Digital from taking your entire GP history, and also another supposedly ‘digital' opt out that may stop your GP data being shared with others once it's been taken. Or it may not. "Anyway, if you have a family, this ‘National Data Opt-out' still requires a combination of PDF forms."

NHS Digital says patents will be able to opt out at any time, but the Data Provision Notice, the document sent by NHS Digital to GPs to tell them they are legally required to supply the data, states: "If patient data has already flowed to NHS Digital before a Type 1 opt-out is registered, the data already held by NHS Digital will continue to be accessible," in other words it will remain on the system, potentially forever.

"The 'opt out at any time' stops them doing some things in future, such as seeing new GP records, but it doesn't stop anyone having the data they already have," said Booth.

He compared the new system to the failed NHS Care.data programme, which was also criticised for a lack of clarity and an awkward opt-out process, but at least every household received a leaflet when it was rolled out.

"That attempt received quite a bit of publicity, and the lesson DHSC/NHS bodies have learned this time appears to be not to do the publicity ," Booth said. "The first data collection will apparently happen from 1 July 2021, and DHSC/NHS bodies intend no direct patient communications - although NHS Digital might tweet a bit."

Data to be collected include information about gender, ethnicity and sexual orientation, mental and sexual health, alcohol consumption, operations and diagnoses. medConfidential has published an extensive but incomplete list on its website. "The list of data to be collected is enormous, and it contains a lot of sensitive data - including many pieces of information that even Care.data wasn't going to touch!," said Booth.

The data will be encrypted and pseudonymised, but as with all pseudonymised data there is a risk of reidentification, particularly as the number of datasets that may be used for cross-matching grows and encryption algorithms age. Commercial imperatives may be driving the decision, said Booth.

"Companies will be able to see and use this data - it'll be available on the same basis as hospital records from NHS Digital - pay them and they'll send you all the data. That includes the most sensitive of data and the dates that it happened, which makes the data re-identifiable from things like Twitter and Facebook posts, so if you know something about someone, you can find out everything else."

Update 13 May

In a written response to Computing, NHS Digital said that patient data is already collected and used for planning and research purposes, for example, in the University of Oxford RECOVERY trial of Covid-19 treatments. "This new system will improve and simplify the current processes and will replace multiple existing data collections into one collection updated seamlessly, reducing the burden on GPs and providing strict processes and consistency around data security, transparency, assurance, and strict adherence to GDPR and related governance."

Information collected excludes names and addresses, apart from the pseudonymised postcode information for geoanalysis and legally restricted data such as IVF treatment or gender reassignment will also be excluded, as will medicine, appointment, or referral data that is more than ten years old.

On the matter of selling the data, NHS Digital said: "We only seek to recover costs associated with providing data to meet approved data applications. We do not operate on a profit-making basis. Data will only be used for the benefit of health and care."

NHS Digital also insisted it has consulted widely about the changes over the last several years, including with patients' groups, professional clinical organisations and NHS bodies, the National Data Guardian and campaigning groups including medConfidential, and that it has created materials, press briefings and a new section on its website.

"Information has also been provided to GP practices so that they can also communicate with patients on the new collection, and we have given them the materials they need to both educate patients and answer their questions.

"It would be disproportionate to write to every patient individually about the collection given the national communications campaign when the data being collected is not new and there are no new actions for individuals to take," NHS Digital said.