A judicial review will inevitability challenge the UK government's plans to extract millions of sensitive medical records held on GP systems in England, according to a high-profile backbench Conservative MP.
Speaking in Parliament last night, David Davis said that if privacy campaigners' concerns over the government's plans for General Practice Data for Planning and Research (GPDPR) were not addressed, they would seek a formal process to stop it.
"If the government does not take corrective action to address our concerns, there will inevitably be a full judicial review," he told MPs.
Davis had backed a letter threatening such a review – also supported by technology law campaigners Foxglove, Just Treatment, Doctors' Association UK, the Citizens, openDemocracy, and the National Pensioners Convention – shortly before the data extraction was put back from 1 July to 1 September.
But in Parliament yesterday, Davis called an adjournment debate in the Commons to argue that the database risked patient confidentiality, government could share the information with private tech companies, and presented a tempting target for criminals.
"Patient trust is vital to our NHS so foreign tech companies like Palantir, with their history of supporting mass surveillance, assisting in drone strikes, immigration raids and predictive policing, must not be placed at the heart of our NHS," he told MPs.
"We should not be giving away our most sensitive medical information lightly under the guise of 'research' to huge companies whose focus is profits over people."
Davis lambasted plans to store pseudonymised patient data because it is impossible to fully anonymise medical records, a fact well understood by experts in the field.
"The government has failed to explain exactly how it will use the data, failed to say who will use the data, and failed to say how it will safeguard this treasure trove of information," he said.
Medical histories including psychiatric conditions, history of drug or alcohol abuse, sexually transmitted infections, and pregnancy terminations would be held on record.
"Revealing this may not be embarrassing for everyone. But it could be life-destroying for someone," Davis said.
- BMA warns NHS Digital's own confidentiality guardian could halt English GP data grab unless communication with public improves
- UK health secretary Matt Hancock follows delay to GP data grab with campaign called 'Data saves lives'
- British Medical Association calls for clarity on patient deadline for opting out of NHS Digital's GP data grab
- UK government bows to pressure, agrees to delay NHS Digital grabbing the data of England's GP patients
Meanwhile, holding a central store of medical histories would inevitably attract nefarious actors wanting to illegally break into the system. Davis pointed out that a 2017 ransomware attack brought parts of the NHS to its knees causing trusts to turn away patients and cancel 20,000 operations.
"These highlight significant problems the Government has yet to address," he said.
The backbench MP also said communication with the public over their rights to opt out of the scheme was severely lacking.
"Where are the texts, the emails, the letters to the patients?" he asked. "On the Today programme earlier this week, the Health Secretary indicated he was now willing to contact every patient. This is welcome and he should now be writing to every single patient involved in this proposed database and informing them properly."
The GPDPR is to store historic and ongoing GP records of 55 million people in England. When it was quietly announced in May, NHS Digital told citizens they'd need to opt about by 23 June before the 1 July implementation.
Davis advocated the OpenSafely approach to NHS patient data and analytics, created by Dr Ben Goldacre, science campaigner and director of the DataLab at Nuffield Department of Primary Care Health Sciences, and others.
The approach, sometimes dubbed Trusted Research Environments (TREs), avoids extracting sensitive patient records and instead runs analytics with the data in place within its original data store. Any analysis is carried out by a select group of data scientists and the only data leaving the group is summaries of specific queries.
Davis commended OpenSafely because it is "distributed across a range of databases – not centralised. Their software maintains health data within the secure systems it was already stored on – it is not transported outside the existing servers.
"This is important because the biggest risk with any new data system is losing control of the data dissemination – once it is out there, like Pandora's Box, you can't close the lid."
Replying in Parliament, Health Secretary Matt Hancock also appeared to advocate the OpenSafely/TRE model, but with one crucial difference. NHS Digital, effectively a branch of the government, would extract GP patient data into a central data store, and then apply the TRE model, rather than applying it to data where it already resides in GP systems.
"I have heard the concerns people have about using dissemination of pseudonymised data, we will not use this approach in the new GPDPR: the new system will instead use trusted research environments," Hancock told MPs. "All data in the system will only ever be accessible through a TRE. And this means that the data will always be protected in the secure environment, individual data will never be visible to the researcher and we'll know and will publish who has run what query or use which bit of data."
Critics might point out that trust in this approach would depend on trust in NHS Digital, which will run and control the central data store of patient information after it has been extracted from GP systems.
Hancock did not repeat his promise to write to patients to inform them of their rights to opt out of the data grab. ®