Fresh concerns about 'indefinite' UK government access to doctors' patient data

As England's controversial scheme to grab 55 million citizen's medical data is withdrawn, emergency powers are extended


Concerns are being raised over UK government proposals to extend emergency powers introduced during the pandemic, giving it access to patient data held by general practitioners (GPs).

The government has decided to put in place a plan "omitting the expiry date contained within" emergency COVID powers and "to make a consequential amendment to the review provision", with the aim of "establishing and operating information systems to collect and analyse data in connection with COVID-19."

The instructions were sent in February [PDF] to Simon Bolton, then interim chief executive of NHS Digital, by Simon Madden, director of data policy at NHSX, and signed by the Secretary of State.

They were followed by further directions to revoke powers [PDF] given to extract data from family doctor systems under the controversial General Practice Data for Planning and Research Directions (GPDPR) in 2021.

GPDPR outraged campaigners and GPs when it was proposed last year, many of whom complained it gave doctors little time to prepare for the data extraction of 55 million people's health record in England, and patients had little knowledge of or choice about the use of their data.

This data grab policy was made public just six weeks before it was due to commence in June last year, and people were opted in by default. It was subsequently delayed before implementation and in July NHS Digital delayed the plans for a second time, introducing new caveats and without setting a deadline.

The extension of the COVID emergency powers – at a time when the UK government is publicly emphasizing the return to something resembling normality – come under the General Practice Extraction Service (GPES), which is the way NHS Digital provides an overview of the dataset for analysts and other users. The plans themselves are dubbed GPES Pandemic Planning and Research (GDPPR).

However, to come into effect, the powers should rely on the Control of Patient Information (COPI) notices, which were posted in February and expires in June.

Phil Booth, coordinator of campaign group medConfidential, said: "The COPI notices, which have basically only been extended for three months until the end of June, means that you've got this odd position. They're basically saying we're going to keep doing something but the legal basis for it falls away even before they plan to review it."

While it might be sensible for the government to collect data about COVID from GP systems, critics argue the legal basis is unclear, as is the extent of the data to be collected.

At the same time, this summer NHS Digital is set to be rolled into NHS England, an executive non-departmental public body sponsored by the Department of Health and Social Care.

Booth said: "You've got this situation where it seems that NHS England has got so used to having these powers and to flowing this data that it seems to presume it can continue outside of the very particular legal bases of the pandemic. If we're going to be living with COVID, as we are, they have to find a proper lawful basis for this and it can't be one of these extraordinary emergency powers."

While it may seem sensible to continue collecting data about COVID, the concern is that these powers could be extended to other epidemics, without proper checks.

"That sets a precedent," Booth said. "The list of codes that they collect for monitoring COVID, they could extend to an obesity epidemic. It's a way that this thing over time could simply be expanded if it hasn't got specific, lawful basis. We need clarity on this." ®


Other stories you might like

Biting the hand that feeds IT © 1998–2022