NHS Digital has again delayed plans for what has been called the biggest data grab in NHS history, introducing new caveats to the extraction of personal medical information. No new implementation date as been set.
In the first significant policy shift since Matt Hancock left office as health secretary last month, primary care and health promotion minister Jo Churchill has written to all GPs setting out new proposals for siphoning off personal health histories of 55 million people in England into a central store, under the controversial General Practice Data for Planning and Research project.
She said the UK government was “moving away from a previously fixed date of 1 September.” That date had in fact already been moved from 1 July, but now there is no fixed date at all.
In an apparent concession to campaigner demands, the non-departmental government body said it would offer patients the option to opt out at any stage, with historic data being deleted even if it had been uploaded. One of the key complaints over the scheme was that, under the plans first announced in May, there was no option to have historic data deleted once it had been transferred from GP systems.
Secondly, the external researchers would only access the data through a Trusted Research Environment whereby they execute queries on the data in situ, rather than moving it for analysis. This idea had been the subject of Parliamentary debate involving Tory MP David Davis and Hancock in June.
Thirdly, the extraction would only go ahead after a “campaign of engagement and communication has increased public awareness of the programme, explaining how data is used and patient choices,” NHS Digital said.
The announcement is the second delay to the controversial programme. The first came in June, following pressure from professional body the Royal College of GPs and doctors’ union the British Medical Association (BMA).
Concerns over GPDPR are such that groups of GPs were set refuse to share data with the scheme in its previous form.
In an open letter to the government co-ordinated by GPs in East London’s Tower Hamlets earlier this month, family doctors said they would not comply with the extraction of personal medical data from their systems, saying patients had not been able to consent to the use of their data because of a lack of effective communication.
Backing the letter were Dr Jackie Applebee, chair of Tower Hamlets LMC, Dr Mark Sterry, secretary Solihull LMC, and Dr Paul Evans, chair Gateshead and South Tyneside LMC. Other signatories include Dr Zuhaib Keekeebhai, chief clinical information officer at North Central London Clinical Commissioning Group and Dr Osman Bhatti, performing the same role at North East London Clinical Commissioning Group, who is understood to have co-ordinated the letter.
We are ‘data controllers and doctors with a duty of confidence to their patients’
The local medical committees (LMCs) and commissioning groups said they would not share data with the scheme because there had been a lack of informed consent about the proposals. It said NHS Digital should write to every patient telling them how their data would be used under the scheme and offering clear instructions about how to opt out.
It pointed out that “as data controllers and doctors with a duty of confidence to their patients, GPs are obliged to ensure that patients are properly informed of significant new data processing and that their permission has been sought prior to us sharing their data – and that this data is and will be handled responsibly, securely, and transparently.”
It said GPDPR did not “meet these fundamental requirements” in its current state.
LMCs are groups of family doctors who contribute toward BMA policy and are represented by the powerful doctors’ union.
Critics of the GPDPR scheme have argued that NHS Digital’s approach to communicating its plans to patients amount to a notice on its website, a few tweets, and a downloadable poster for GP practices to print out.
In an interview with The Register, the BMA said it expected NHS Digital’s protector of patient confidentiality – the Caldecott guardian – to halt the project unless communication with patients is improved sufficiently to comply with data protection law, which requires fairness and transparency in data sharing.
However, Dr Farah Jameel, BMA GP committee executive team IT lead, said the union would wait to see how communication from NHS Digital improved before telling members whether or not to share patient data for which practices are legally responsible.
Meanwhile, data provision notice – the legal requirement for data sharing – has been withdrawn to “provide more time to speak with patients, doctors, health charities and others,” according to the NHS Digital website.
NHS Digital has argued that “data saves lives” and has huge potential to rapidly improve care and outcomes, pointing towards the use of data analytics in the COVID-19 pandemic as evidence.
Former health secretary Hancock was said to be a passionate supporter of data sharing in healthcare. He resigned in June after an affair that appeared to contravene COVID-19 restrictions was made public, and was replaced by Sajid Javid. The ICO is investigating that data leak. ®