The NHS “data grab” – should we celebrate or be fearful?
A new GP data sharing scheme – called General Practice Data for Planning and Research – was due to go live on 1st July to replace the current GP Extraction Service (GPES).
On June 8th, and following some significant negative feedback, NHS Digital has announced that the launch would be put back until 1st September to give more time to explain what the project entails. We welcome this announcement.
This new system provides data sets for research and analysis to support public health initiatives and to research new treatments/cures.
The GPES system involved direct contact with GPs to provide patient data for research purposes. According to NHS Digital, the GPES system lacks transparency, is out of date and no longer fit for purpose.
With this new system, patients are able to opt out of sharing their data but, in actual fact, an opt-out of sharing data has been available since 2013 so opting out, per se, is not really new news.
What does the new scheme do?
Under the new scheme NHS Digital will collect and centralise data on treatments, referrals, and appointments over the past 10 years, alongside other sensitive records for patients’ entire medical history.
This data is then available, on request, to suitably qualified research and analysis organisations who are able to demonstrate a justifiable legal basis for a specified legitimate purpose for processing that data.
The new service is designed to enable faster access to pseudonymised data on around 55 million patients for planners and researchers.
What has changed?
The previous scheme relied on requests for data for research and analysis being made directly to GP surgeries who were required to make a judgement about complex data requests.
By centralising this activity, the technical infrastructure, security arrangements and governance will be managed by NHS Digital.
What do we need to know?
- Data is pseudonymised at source by GPs, meaning no personal data is passed to NHS Digital. However the data will include indirect identifiers which could lead to identification if very strict controls are not employed.
- It is possible to opt-out of sharing this data both at GP level but also at NHS Digital level for any hospital related data. The deadline for the GP opt-out is 23rd June after which any data exported to the new system cannot be removed.
- A new platform has been developed to replace the elderly system that was used for the previous requests.
- Through a centralised system of managing data, a more consistent and robust governance framework has been put in place to support this project. In the past, GPs made their own judgement about what to share and provided little visibility of who had actually requested what data.
- Following the Partridge report in 2014 which was tasked to scrutinise the use of data for health and social care, the levels of transparency around providing information about data processing through NHS Digital has improved.
- As things stand, NHS Digital has a legal status which means they are an arms-length body that the government can’t directly control.
Why is this scheme considered important?
- This data has previously supported the vaccine rollout scheme by identifying specific target audiences.
- It provides the ability to carry out research to understand the causes and consequences of common and rare diseases.
- It supports planning and commissioning of health services nationally and regionally.
- It will provide local planning support for prioritising care delivery and investment.
Should we be worried?
- This is the most sensitive of sensitive health data with a complete history from your GP being shared – it’s hardly surprising that people are concerned about it.
- If sufficient controls are not put in place, there is a risk the identity of individuals could be revealed through querying this data using the indirect identifiers or from combining data sets.
- There is always a danger of a catastrophic data breach and scrutinising infosec arrangements are key.
- The NHS has a poor track record on projects such as this with the failure of the ‘care.data project’ in 2013. Some people have long memories.
- There is a fear amongst some special interest groups such as Med Confidential and GPs themselves that, maybe, this data is being sold to third parties for commercial gain – clearly this concern has a political dimension.
- It’s not clear whether the wider population understand what this project entails. It was due to go live in July and many worried it was being introduced with indecent haste. Interestingly the NHS Digital Board appears to have decided they don’t need to inform individuals about this new scheme and that individuals need only opt-out, not opt-in.
What are the data protection and privacy implications?
- Is it good enough that data is pseudonymised? Should it be anonymised? Or should researchers begin using synthetic data? I’d like to see how NHS Digital will be more transparent about how they will ensure that people will not be re-identified from their indirect identifiers.
- A full dataset has not been published so, at this stage, it’s hard to ascertain how easy it would be to identify individuals.
- Are there safeguards in place to ensure that such a rich dataset is not combined in other organisations for commercial gain?
- Has anyone completed a DPIA (Data Protection Impact Assessment)? We assume that the ICO is heavily involved but the process has not been particularly transparent.
- NHS Digital says they’ve introduced a robust governance regime and have involved a Caldicott Guardian (put simply the health data equivalent of a DPO) to ensure necessary processes are in place to protect this data.
- Has NHS Digital fully considered Data Protection by Design and Default? In all honesty, I’d not heard of this programme until recently. Although the health professionals have been collaborating, I’m not sure patients have really been involved to any great extent. With such sensitive data, it’s not really surprising people are worried.
- It appears there are safeguards in place to assess what data is required each time a request is made. A key data protection principle is data minimisation – i.e. make sure only data necessary for the job is shared. Having said that, data scientists may well argue they want everything to be able to identify unusual patterns or trends.
- Data Processing Agreements will be put in place between NHS digital and the research partner – although I’ve not seen them, the inference is there is a level of robustness around how data is handled and processed.
- Another data protection principle is ‘lawfulness, fairness and transparency’ – the documentation related to this service is hard to follow. There is a simple video on Youtube explaining to patients what’s in it for them and what to expect? It’s had 4,380 views! Whether you believe there’s a conspiracy or not the communication has been woeful!
Overall, there are plenty of very good reasons why this data set should be pooled – not least because this system is replacing an old one that’s about to fall over. Beyond that, there are obvious public health benefits which have not been fully realised in the past.
However, to announce this new scheme in a couple of blog posts in April does suggest to patients that the scheme is being rushed out without proper scrutiny. Piggy backing on the ground gained for using data for COVID purposes makes sense but explaining the benefits to patients is also absolutely necessary.
If you add an overlay of distrust in government actions you can see why there may be problems ahead. The tragedy is that a lot of this could have been avoided.
At the heart of data protection legislation is the notion of transparency and this is a perfect example of why it is so important. Investing more time and energy into explaining what will happen would have been repaid many times over. It feels very short sighted to not have made more effort.
Data protection team over-stretched or need some specialist support? Find out how we can help with no-nonsense practical privacy advice –Contact Us.