GPs and privacy experts have “grave concerns” about an extensive new dataset to be extracted from GP practices.
The NHS Commissioning Board published its first planning guidance for the NHS - ‘Everyone Counts: Planning for patients 2013-2014’ – last month.
It says a new GP dataset will be “requested” from GP practices for submission to the Health and Social Care Information Centre, described as a “statutory safe haven.”
“The patient identifiable components will not be released outside the safe haven except as permitted by the Data Protection Act,” it adds.
Practices will be requested to provide data on patient demographics, events, referrals, diagnosis, health status and exceptions.
This includes information on patients’ alcohol consumption and whether a GP has given exercise or dietary advice or completed a mental health review.
GP practices are expected to provide the data using the General Practice Extraction Service.
“The data will flow securely, via GPES, to the HSCIC, the statutory safe haven, which will store the data and link it only where approved and necessary, ensuring that patient confidentiality is protected,” the guidance explains.
Potential uses for this data are not detailed, however the NHS CB’s national director of patients and information, Tim Kelsey told a conference in December that a “standardised routine set of data” would be required from all GPs to help assess their quality.
Dr Paul Cundy, joint chairman of the BMA and RCGP's joint IT committee, said the committee had no prior warning of the new data set before it was published in December.
The committee has met with Kelsey to discuss the proposals and invited him to its next meeting for “further discussions.”
“It’s an interesting proposal, but as with many simple ideas it has got some complex issues behind it,” Dr Cundy said.
“If you compare this data set with the Summary Care Record data set and the time it took to agree the SCR it’s obvious that we will need to be having quite prolonged discussions.”
“I know that there will be a significant number of patients who will not want their identifiable data to leave the practice.”
“The issue for me is what should a GP do if a patient explicitly dissents from this sort of data set going on to the IC?”
Dr Cundy added that the principles of GPES – that GPs can decide whether to allow each individual extraction - apply to whatever data is being extracted.
“So as far as I’m concerned if the practice doesn’t want to partake in this they shouldn’t have to,” he explained.
Ross Anderson, Professor of Security Engineering at Cambridge University, told EHI that privacy in the NHS has “effectively been destroyed” over the past year.
He dated its destruction from Prime Minister David Cameron’s announcement regarding the greater use of NHS data by commercial organisations such as drug companies.
“What the BMA and GMC should do is stop pretending that medical confidentiality exists – it’s over,” he said.
“They should say, ‘I’m sorry but anything you tell us goes into a computer and off to the government and is sold to whoever wants to pay for it’.”
He questioned how patients could opt out of this data service and believed the thousands of people who have opted out of the Summary Care Record scheme are going to have their explicit prohibitions disregarded.
“The implication of this is that all sorts of personal information, which patients assumed would remain within the surgery, is now going to be available to large numbers of people.”
Anderson said this would be contrary to the European Convention on Human Rights.
Methods used historically by the HSCIC to de-identify patient information had not been sufficient and he believed it was, “only a matter of time before something really unpleasant happens, then public confidence will take a catastrophic nosedive.”
Hampshire GP Neil Bhatia said he has “grave concerns” about the dataset.
“Confidentiality within the medical services is dying, with patients completely disengaged from the process of their data being vacuumed up by the IC and hence unaware and unable to object,” he said.
“The concept that GP practices will effectively make all their patients aware of this, and of their rights, is frankly ludicrous.”
© 2013 EHealth Media.
Can still apply for identifiable datahelliewm 110 weeks ago
People/organisations can still apply for identifiable data under bespoke arrangments. Section 251 of the NHS Act applies to this SUS medical records database. Section 251 does allow for patients to opt out BUT Bucks PCT and the DH have told me I cannot have hospital care unless I agree to my records being sent to the SUS database. This is even though the DH agreed Section 10 of the DPA applied to me across the NHS. I was even removed from Centreal Register so no longer have an NHS number.
It is morally repungant that our medical records are being sold without consent and patients are being denied their legal right to opt out.
Section 251Infoman 110 weeks ago
Indeed section 251 of the (former) NHS Act permits the Secretary of State for Health to set aside the data protection act patient confidentiality provisions (under certain circumstances). The law thus permits patient data to be used without express consent e.g. the direct provision of healthcare, managing health care services, clinical audit etc. However, such use is controlled either through local NHS information governance controls or for national data source such as SUS, through national controls e.g. The Ethics and Confidentiality Committtee. You can review all of the applications to use national patient data by going to the NIGB web site: http://www.nigb.nhs.uk/s251/registerapp
Thereare lots of laws I don't like, but the law is the law and unless the above provisions are revoked, it is legal for identifiable patient data to collected, used and shared without patient consent subject to the ECC granting permission.
Well aware of Sec 251helliewm 110 weeks ago
You may not be though that Section 251 still allows patients to opt out if they do not consent to their data been used. The issue is DH have denied patients there right opt out of the SUS database under Section 251. Yes I have the letter from Bevan Brittain Soliciors for Bucks PCT informing me I cannot have hospital unless I consent to my records being sent to SUS database! Of course now as can seen from the ic.nhs.uk web site the records are being sold off from profit. This is morally repungant to deny patients their legal rights and then sell the medical records off .
Hospitals medical records alreadysold by the NHS IChelliewm 110 weeks ago
I have discovered hospital medical records (SUS data) are already sold by the NHS Information Centre in an identifiable form down to postcode and date of birth. You do not have to be Sherlock Holmes to identify someone. It does not take much imagination to envisage GP records going the same way very, very soon.
The link to how much the NHS Information Centre charges and the actual datasets is here: http://www.ic.nhs.uk/article/2075/Monthly-Managed-Extract-Service
Justifiable paranoiaGeepsi 110 weeks ago
Sometimes I start to feel that I am paranoid about protecting patient confidentiality. After all, others point out that sharing information is often in the patient's best interest. We also have consent to view and a number of protections to ensure that the the date is only used in defined circumstances and with patient consent.
Then something like this comes along which strips away most of my confidence. We will be requested ( which normally means forced) to provide detailed and personal information, which is patient-identifiable, into a database for unspecified use. No consent following upload means that the patient has no say how it is used.
The only stated purpose (to monitor GP performance) does not require this approach. The QOF approach of extracting and aggregating data prior to transmission has been doing this for several years and can be adapted to extract almost any data required.
Perhaps I should just give in, as Ross Anderson suggests, and assume that the era of doctor-patient confidentiality is over. I might consider a notice above the consulting room door:
"You are not obliged to say anything, but anything you say will be taken down and used for any purpose that the current government wishes"
Seriouslyin arduis fidelis 110 weeks ago
someone i don't want may be able to gain access to my data on request. Let me just pay 192.com 25 pounds so i can get their address, phone number, number of occupants in their home, what they paid for their property, their details and then send them a text and letter expressing my concerns. And whilst i'm at it I must have a word with those Trusts that are sending my paperwork to India for processing and typing up and ask them to ensure that the companies in India are effectively vetting and policing their administrative staff. I know change is difficult and never easy but it is happening every day, the only way to avoid it is to join the Amish, oh wait even they are starting to accept intrusions from the outside world, maybe the Arctic then.
IndiaMary E Hoult 110 weeks ago
India is a real problem, I get weekly calls from there for one thing or another !!!! I don't know how secure any data with these company's is?I don't have a problem with shared data and feel it might save lives and will make it easier to get proper health care when you need it.
Official patients are to be left without a GPhelliewm 111 weeks ago
The patient has just sent the response from Bucks PCT to the above article. Yes it is official, in black and white, patients are to be denied GP services unless they agree to QMAS/QOF/GPES etc.
If there are opt outs it's not worth doingmrtablet 111 weeks ago
Are there data held elsewhere where the organisation which manages that data is not allowed to use them in aggregated reports?
I request you send me the latest Justin Bieber album but I demand you do not pass this transaction to your stock control system.
I am paying my income tax but I demand you don't add the sum to the total tax take figures.
I cannot pay my mortgage but I request you don't add the sum to your mortgage default total.
The caveat is that the anonymisation should be sufficiently strong - I know the devil is in the detail there.
However as I've suggested before on this site how even a low proportion of opt outs will destroy most of the epidemiological and much of the business value of such data.
NHS LogoMary E Hoult 111 weeks ago
The NHS information for health & social care is to lose it's NHS logo in
march 2013 which make it even more essential that we know who the leaders are to be !!!Structure fist,Appointments next,planned changes that give confidence to the users and public alike key to Success.
Leadership & Grave ConcernsMary E Hoult 111 weeks ago
You state in your article that the Health & Social Care information centre Statutory will be the Statutory Safe Haven but how do we know ?only last week I was informed that they have yet to appoint a Chair or in fact a CEO so until these appointments are made how can we tell what the outcome will be.
Summary Care Record consentCertaCitrus 111 weeks ago
Would it not be fair to say the SCR would be interpreted by many people as 'Do I consent for my GP to share/distribute my medical records electronically with other organisations?'
i.e. they have already requested exclusion from the GP Extract.