Trusts miss pseudonymisation target

Fewer than half of NHS trusts have successfully “pseudonymised” their patient records, missing a government target aimed at making patient data more secure.

Figures from the Department of Health show that by 31 March, 186 out of 396 acute, mental health, ambulance and primary care trusts had reported successfully pseudonymising their patient records.

Under the DH’s Pseudonymisation Implementation Project, all NHS trusts are expected to encrypt patient identifiers in their data so it can be used safely, legally and securely for non-patient care, including commissioning, performance monitoring, analysing clinical trends and business requirements.

Pseudonymising data is regarded as safer than simply removing patient identifiers to make data anonymous as it allows individuals to be traced if analysis shows that they face a clinical risk.

But it needs to be carried out consistently in order to support information flows between NHS organisations and with central bodies such as the Secondary Uses Service.

In June last year, the DH rejected a national approach to pseudonymising data as “not feasible in practical or financial terms” and instead issued guidance for this to be carried out locally.

The PIP website says: “It is a legal requirement that when patient data is used for purposes not involving the direct care of the patient - [that is] secondary uses - the patient should not be identified unless other legal means hold, such as the patient's consent or Section 251 approval.

"This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' patient data prior to the non-direct care usage being made of the data.”

A DH spokesperson said: "Relevant, meaningful information is key to measuring, monitoring and improving the standard of NHS services.

“We are making good progress towards ensuring that where there is a legitimate need to use patient data, it is not identifiable to protect confidentiality. This is in line with proposals being considered as part of the Information Revolution [consultation on a new information strategy for the NHS].

"Our guidance is clear that the NHS should no longer use identifiable data for these purposes. All remaining trusts should have plans to meet the requirement as soon as is practicable."

Read about the latest concerns about confidentiality and data in research in Insight.