Around 20 million people in England are in the dark over plans to share their GP medical records with a NHS Digital database, according to a study by not-for-profit consumer watchdog Which?
In a survey of 1,700 adults in England, Which? found 45 per cent were unaware of proposals for their medical records held by their doctor to be sent to the non-departmental government body under the controversial plan dubbed the biggest data grab in the history of the NHS.
The proportion unaware of the plans – and therefore their rights to opt out – is equivalent to 20 million people in England and reveals how ineffective the health department has been in informing patients, as required under data protection law.
The government has now delayed the General Practice Data for Planning and Research (GPDPR) programme, quietly announced in May this year, for a second time. Last week, NHS Digital said the project, which has attracted a wave of criticism from privacy campaigners and healthcare professionals, would only restart after a "campaign of engagement and communication has increased public awareness of the programme, explaining how data is used and patient choices."
It also said the GPDPR would only go ahead in a trusted research environment, whereby third parties analysing the data did not extract it from NHS Digital systems. Meanwhile, patients could opt out at any stage, and have historic data deleted from NHS Digital systems after it had been uploaded, options previously denied. The government unit said it was moving away from a previously fixed date of 1 September, which replaced an earlier deadline of 1 July.
Rocio Concha, Which? director of policy and advocacy, said: "NHS Digital and the government are right to delay implementation of the GPDPR scheme and must now go to greater lengths to engage the public, raise awareness of the scheme, and increase people's understanding of it through better communication and transparency."
The Which? survey calls into question NHS Digital's earlier claims that it was informing the public about its plans to extract GP-held health data and former health secretary Matt Hancock's claim that "the vast majority of people are strongly onside" with the data grab.
- Snail mail would be a fool-proof way to inform patients about plans to slurp GP data, but UK govt won't commit
- England's controversial extraction of personal medical histories from GP systems is delayed for a second time
- Backbench Tory campaigner promises judicial review of data grab of English GP patients unless UK government changes tack
- BMA warns NHS Digital's own confidentiality guardian could halt English GP data grab unless communication with public improves
The survey found half of the respondents who had heard about GPDPR had done so via the news or social media, rather than NHS Digital or GP surgeries. "NHS Digital had not publicised it widely in the news or online," the consumer group said.
Four in 10 of those unaware of the plans said that on hearing about it, they would probably want to opt out while of those who had heard of the scheme, 71 per cent felt the NHS had not publicised it well.
Which? also found that the lack of transparency around the scheme could affect trust in the NHS. At the start of its survey, three-quarters of respondents said they trusted the NHS to handle their GP medical records safely and transparently. Four in 10 (42 per cent) said hearing about the scheme in the survey had made them trust the NHS less.
Meanwhile, communication of the controversial scheme also affects its legal standing. Data regulator the Information Commissioner's Office says that fairness and transparency are fundamental to the UK's interpretation of the General Data Protection Regulation (GDPR), implemented in the Data Protection Act 2018.
Doctors' union the British Medical Association (BMA) has said the level of communication might not meet the requirement for transparency under UK law. NHS Digital's own patient confidentiality guardian could stop the process unless communication with the public is improved, Dr Farah Jameel, BMA GP committee executive team IT lead, told The Register.
Critics of the GPDPR scheme have pointed out that the data extraction plan for 55 million people living in England involves sensitive patient medical histories, which although "pseudonymised" in the process, can be reidentified with individual patients when combined with other datasets within the sphere of the Department for Health and Social Care.
Campaigners medConfidential and Foxglove also point to a lack of transparency over how private-sector organisations accessing the data might gain. NHS Digital has said it would "not approve requests for data where the purpose is for marketing... including promoting or selling products or services, market research or advertising."
However, in May The Register showed that under current sharing agreements around hospital patient data, companies that offer market intelligence get access to it.
A more recent investigation by the Financial Times showed that at least 40 companies, including management consultancies and pharmaceutical groups, had received years of detailed medical records from English hospitals under current data sharing arrangements. The FT found that insights from the data were often shared or sold on to other commercial entities and providers that use it to price products being sold back to the NHS, or conversely restrict the NHS's access to analysis of its own data, creating conflicts of interest.
Responding to the Which? survey, NHS Digital said: "We know we need to take people with us on this mission which is why we have committed to putting even tougher protections and safeguards in place and stepping up communications through a public information campaign before the new programme begins.
"Data is only shared where there is a clear benefit to healthcare planning and research. This benefits all of us, but it is only as good as the data it is based upon which is why it is absolutely vital that people make an informed decision about whether to share their data."
The UK Government clearly did not learn from its mistakes with the care.data debacle. Transparecy? They've heard of it. ®