NHS data sharing: public needs more transparency on who their GP records are being shared with, experts warn

The scheme will collect information on NHS England patients’ treatments, referrals and appointments over the past 10 years

NHS Digital’s new data sharing project has been postponed for two months following privacy concerns.

The controversial scheme was due to begin on 1 July 2021, but has been delayed until 1 September to allow more time to speak with patients, doctors and health charities, following concerns over transparency.

Read More
Motor Neurone Disease: symptoms of MND explained, and is it genetic as new repor...
The scheme will collect information on NHS England patients’ treatments, referrals and appointments over the past 10 years (Graphic: Mark Hall)

Data sharing ‘being implemented too fast’

The scheme will collect information on NHS England patients’ treatments, referrals and appointments over the past 10 years, alongside other data from medical records held on GPs’ systems.

To help minimise risks of data breaches, the information collected will be coded by NHS Digital to protect patient identities.

However, the British Medical Association (BMA) and Royal College of General Practitioners (RCGP) have voiced concerns that the data sharing move was being implemented too fast, without sufficient time for patient consultation.

Under the previous deadline, patients had only until 23 June to opt out of the project before any data would be shared, with the NHS scheme then set to begin on 1 July.

The scheme has now been delayed until 1 September.

Organisations with a ‘legitimate need’ to use the data

The government has stated that the data will be made available to academic and commercial third parties.

A spokesperson for NHS Digital said: “The data will only be used for health and care planning and research purposes, by organisations which can show they have an appropriate legal basis and a legitimate need to use it.”

Details of the organisations who have accessed data will be able to be viewed on the NHS Digital website.

The data release register shows which organisations have accessed data at a particular time, and each time an organisation wants to request data for a new purpose, they have to go through the application process.

If an organisation had accessed data for one purpose and they wanted to use it for something else, then they would need to reapply for a specific purpose.

The spokesperson added: “We take our responsibility to safeguard patient data extremely seriously.

“Researchers wanting to access this data will need each request to be approved by the Independent Group Advising on the Release of Data (IGARD) and a GP Professional Advisory Group (PAG), with representatives from the British Medical Association and the Royal College of General Practitioners.”

‘Snuck out under the cover of darkness’

Despite reassurance from the NHS that patient data will be safe, critics have pointed out that very little information has been provided to the public on the data sharing project, leading to concerns about its transparency.

Labour's shadow health minister Alex Norris welcomed the delay to the project’s roll-out, but argued that the "current plans to take data from GPs, assemble it in one place and sell it to unknown commercial interests for purposes unknown has no legitimacy."

He also criticised the government for a lack of "public engagement" and said the plans had been "snuck out under the cover of darkness".

Transparency is something Stian Westlake, Chief Executive of the Royal Statistical Society said is needed for public confidence in data sharing.

Mr Westlake said that although patient data “is a valuable resource that can lead to real advances in our healthcare system,” there must be “full transparency so people can be confident that their data is being used ethically and for the public good.

“We need trustworthy systems that have public support. As called for in our Data Manifesto, privacy safeguards should be built into any sharing of personal data at the outset,” he added.

David Sygula, Senior Cybersecurity Analyst at CybelAngel, said the move “provides some strong benefits from an academic research standpoint,” but stressed that “data collection on this scale is creating a new set of risks for individuals, where their Personal Health Information (PHI) is exposed to third-party data breaches.”

Despite concerns over privacy, NHS Digital said that data will be “safeguarded” and procedures will be in place to ensure this is the case when the project comes into place.

‘Full public consultation’

An NHS Digital spokesperson said that patient data is already used every day “to plan and improve healthcare services, for research that results in better treatments, and to save lives.”

The delay will now allow time for patients, doctors and other health professionals to be spoken to about the project, and for a full public consultation.