31 July 2014 04:18


News
G-Cloud  | GP  | HSCIC  | Kelsey  | NHS CB
Twitter RSS Newsletter Send to a friend
18

'Grave concerns' over new GP dataset

16 January 2013   Rebecca Todd

Open up that data...

GPs and privacy experts have “grave concerns” about an extensive new dataset to be extracted from GP practices.

The NHS Commissioning Board published its first planning guidance for the NHS - ‘Everyone Counts: Planning for patients 2013-2014’ – last month.

It says a new GP dataset will be “requested” from GP practices for submission to the Health and Social Care Information Centre, described as a “statutory safe haven.”

“The patient identifiable components will not be released outside the safe haven except as permitted by the Data Protection Act,” it adds.

Practices will be requested to provide data on patient demographics, events, referrals, diagnosis, health status and exceptions.

This includes information on patients’ alcohol consumption and whether a GP has given exercise or dietary advice or completed a mental health review.

GP practices are expected to provide the data using the General Practice Extraction Service.

“The data will flow securely, via GPES, to the HSCIC, the statutory safe haven, which will store the data and link it only where approved and necessary, ensuring that patient confidentiality is protected,” the guidance explains.

Potential uses for this data are not detailed, however the NHS CB’s national director of patients and information, Tim Kelsey told a conference in December that a “standardised routine set of data” would be required from all GPs to help assess their quality.

Dr Paul Cundy, joint chairman of the BMA and RCGP's joint IT committee, said the committee had no prior warning of the new data set before it was published in December.

The committee has met with Kelsey to discuss the proposals and invited him to its next meeting for “further discussions.”

“It’s an interesting proposal, but as with many simple ideas it has got some complex issues behind it,” Dr Cundy said.

“If you compare this data set with the Summary Care Record data set and the time it took to agree the SCR it’s obvious that we will need to be having quite prolonged discussions.”

“I know that there will be a significant number of patients who will not want their identifiable data to leave the practice.”

“The issue for me is what should a GP do if a patient explicitly dissents from this sort of data set going on to the IC?”

Dr Cundy added that the principles of GPES – that GPs can decide whether to allow each individual extraction - apply to whatever data is being extracted.

“So as far as I’m concerned if the practice doesn’t want to partake in this they shouldn’t have to,” he explained.

Ross Anderson, Professor of Security Engineering at Cambridge University, told EHI that privacy in the NHS has “effectively been destroyed” over the past year. 

He dated its destruction from Prime Minister David Cameron’s announcement regarding the greater use of NHS data by commercial organisations such as drug companies.

“What the BMA and GMC should do is stop pretending that medical confidentiality exists – it’s over,” he said.

“They should say, ‘I’m sorry but anything you tell us goes into a computer and off to the government and is sold to whoever wants to pay for it’.”

He questioned how patients could opt out of this data service and believed the thousands of people who have opted out of the Summary Care Record scheme are going to have their explicit prohibitions disregarded.

“The implication of this is that all sorts of personal information, which patients assumed would remain within the surgery, is now going to be available to large numbers of people.”

Anderson said this would be contrary to the European Convention on Human Rights.

Methods used historically by the HSCIC to de-identify patient information had not been sufficient and he believed it was, “only a matter of time before something really unpleasant happens, then public confidence will take a catastrophic nosedive.”

Hampshire GP Neil Bhatia said he has “grave concerns” about the dataset.

“Confidentiality within the medical services is dying, with patients completely disengaged from the process of their data being vacuumed up by the IC and hence unaware and unable to object,” he said.

“The concept that GP practices will effectively make all their patients aware of this, and of their rights, is frankly ludicrous.”


Related Articles:

18 News: New GP data set to assess quality | 7 December 2012
11 News: Cabinet Office seals Open Data plans | 29 June 2012
1 News: GPs say yay or nay to GPES | 17 September 2012
Last updated: 22 January 2013 10:40

© 2013 EHealth Media.


Follow

Can still apply for identifiable data

helliewm 79 weeks ago

People/organisations can still apply for identifiable data under bespoke arrangments. Section 251 of the NHS Act applies to this SUS medical records database. Section 251 does allow for patients to opt out BUT Bucks PCT and the DH have told me I cannot have hospital care unless I agree to my records being sent to the SUS database. This is even though the DH agreed Section 10 of the DPA applied to me across the NHS. I was even removed from Centreal Register so no longer have an NHS number.

It is morally repungant that our medical records are being sold without consent and patients are being denied their legal right to opt out.


Reply
1 Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

Section 251

Infoman 79 weeks ago

Indeed section 251 of the (former) NHS Act permits the Secretary of State for Health to set aside the data protection act patient confidentiality provisions (under certain circumstances). The law thus permits patient data to be used without express consent e.g. the direct provision of healthcare, managing health care services, clinical audit etc. However, such use is controlled either through local NHS information governance controls or for national data source such as SUS, through national controls e.g. The Ethics and Confidentiality Committtee. You can review all of the applications to use national patient data by going to the NIGB web site: http://www.nigb.nhs.uk/s251/registerapp

There are lots of laws I don't like, but the law is the law and unless the above provisions are revoked, it is legal for identifiable patient data to collected, used and shared without patient consent subject to the ECC granting permission.


Reply
1 Reply
Flag
 +2
Like

This comment is:

Email address:

Submit

Follow

Post

 

Infoman
Expertise:
Other professional
Sector:
Public sector
Approved posts:
92
Likes:
0
My EHI score:
92
Reward badges:

Well aware of Sec 251

helliewm 79 weeks ago

You may not be though that Section 251 still allows patients to opt out if they do not consent to their data been used. The issue is DH have denied patients there right opt out of the SUS database under Section 251. Yes I have the letter from Bevan Brittain Soliciors for Bucks PCT informing me I cannot have hospital unless I consent to my records being sent to SUS database! Of course now as can seen from the ic.nhs.uk web site the records are being sold off from profit. This is morally repungant to deny patients their legal rights and then sell the medical records off .


Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

Hospitals medical records alreadysold by the NHS IC

helliewm 79 weeks ago

I have discovered hospital medical records (SUS data) are already sold by the NHS Information Centre in an identifiable form down to postcode and date of birth. You do not have to be Sherlock Holmes to identify someone. It does not take much imagination to envisage GP records going the same way very, very soon.

The link to how much the NHS Information Centre charges and the actual datasets is here: http://www.ic.nhs.uk/article/2075/Monthly-Managed-Extract-Service


Reply
1 Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

The IC dataset does NOT identify individuals

Colin P Styles 79 weeks ago

The available dataset is a pseduonymised dataset - eg only first four chars of postcode are provided in the file.


Reply
1 Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

New Poster
Colin P Styles
Expertise:
IT professional
Sector:
Public sector
Approved posts:
3
Likes:
0
My EHI score:
3
Reward badges:

Care Dataset

helliewm 79 weeks ago

Is extracted in fully identifiable form that is the issue


Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

Justifiable paranoia

Geepsi 79 weeks ago

Sometimes I start to feel that I am paranoid about protecting patient confidentiality. After all, others point out that sharing information is often in the patient's best interest. We also have consent to view and a number of protections to ensure that the the date is only used in defined circumstances and with patient consent.

Then something like this comes along which strips away most of my confidence. We will be requested ( which normally means forced) to provide detailed and personal information, which is patient-identifiable, into a database for unspecified use. No consent following upload means that the patient has no say how it is used.

The only stated purpose (to monitor GP performance) does not require this approach. The QOF approach of extracting and aggregating data prior to transmission has been doing this for several years and can be adapted to extract almost any data required.

Perhaps I should just give in, as Ross Anderson suggests, and assume that the era of doctor-patient confidentiality is over. I might consider a notice above the consulting room door:

"You are not obliged to say anything, but anything you say will be taken down and used for any purpose that the current government wishes"


Reply
Flag
 +1
Like

This comment is:

Email address:

Submit

Follow

Post

 

Geepsi
Expertise:
Clinician
Sector:
Public sector
Approved posts:
161
Likes:
3
My EHI score:
164
Reward badges:

Seriously

in arduis fidelis 79 weeks ago

someone i don't want may be able to gain access to my data on request. Let me just pay 192.com 25 pounds so i can get their address, phone number, number of occupants in their home, what they paid for their property, their details and then send them a text and letter expressing my concerns. And whilst i'm at it I must have a word with those Trusts that are sending my paperwork to India for processing and typing up and ask them to ensure that the companies in India are effectively vetting and policing their administrative staff. I know change is difficult and never easy but it is happening every day, the only way to avoid it is to join the Amish, oh wait even they are starting to accept intrusions from the outside world, maybe the Arctic then.


Reply
1 Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

in arduis fidelis
Expertise:
Other professional
Sector:
Public sector
Approved posts:
161
Likes:
0
My EHI score:
161
Reward badges:

India

Mary E Hoult 79 weeks ago

India is a real problem, I get weekly calls from there for one thing or another !!!! I don't know how secure any data with these company's is?I don't have a problem with shared data and feel it might save lives and will make it easier to get proper health care when you need it.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Mary E Hoult
Expertise:
Other professional
Sector:
Other
Approved posts:
43
Likes:
0
My EHI score:
43
Reward badges:

Patient has been left without to access to a GP

helliewm 80 weeks ago

http://www.ingentaconnect.com/content/rcgp/bjgp/2013/00000063/00000606/art00022 due to objecting about QMAS/QOF/GPES etc


Reply
1 Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

Official patients are to be left without a GP

helliewm 80 weeks ago

The patient has just sent the response from Bucks PCT to the above article. Yes it is official, in black and white, patients are to be denied GP services unless they agree to QMAS/QOF/GPES etc.


Reply
Flag
 +1
Like

This comment is:

Email address:

Submit

Follow

Post

 

helliewm
Expertise:
Health manager
Sector:
NGO
Approved posts:
93
Likes:
0
My EHI score:
93
Reward badges:

If there are opt outs it's not worth doing

mrtablet 80 weeks ago

Are there data held elsewhere where the organisation which manages that data is not allowed to use them in aggregated reports?

I request you send me the latest Justin Bieber album but I demand you do not pass this transaction to your stock control system.

I am paying my income tax but I demand you don't add the sum to the total tax take figures.

I cannot pay my mortgage but I request you don't add the sum to your mortgage default total.

The caveat is that the anonymisation should be sufficiently strong - I know the devil is in the detail there.

However as I've suggested before on this site how even a low proportion of opt outs will destroy most of the epidemiological and much of the business value of such data.


Reply
Flag
 +2
Like

This comment is:

Email address:

Submit

Follow

Post

 

mrtablet
Expertise:
IT professional
Sector:
Industry
Approved posts:
380
Likes:
0
My EHI score:
380
Reward badges:

NHS Logo

Mary E Hoult 80 weeks ago

The NHS information for health & social care is to lose it's NHS logo in

march 2013 which make it even more essential that we know who the leaders are to be !!!Structure fist,Appointments next,planned changes that give confidence to the users and public alike key to Success.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Mary E Hoult
Expertise:
Other professional
Sector:
Other
Approved posts:
43
Likes:
0
My EHI score:
43
Reward badges:

Leadership & Grave Concerns

Mary E Hoult 80 weeks ago

You state in your article that the Health & Social Care information centre Statutory will be the Statutory Safe Haven but how do we know ?only last week I was informed that they have yet to appoint a Chair or in fact a CEO so until these appointments are made how can we tell what the outcome will be.


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Mary E Hoult
Expertise:
Other professional
Sector:
Other
Approved posts:
43
Likes:
0
My EHI score:
43
Reward badges:

Its a moral dilemma

Infoman 80 weeks ago

Testing 123


Reply
1 Reply
Flag
 +1
Like

This comment is:

Email address:

Submit

Follow

Post

 

Infoman
Expertise:
Other professional
Sector:
Public sector
Approved posts:
92
Likes:
0
My EHI score:
92
Reward badges:

very odd EHI

Infoman 80 weeks ago

The above submission has my name on it but was not submitted by me. Has something gone awry with the thread? Infoman 12:45


Reply
Flag
 
Like

This comment is:

Email address:

Submit

Follow

Post

 

Infoman
Expertise:
Other professional
Sector:
Public sector
Approved posts:
92
Likes:
0
My EHI score:
92
Reward badges:

Summary Care Record consent

CertaCitrus 80 weeks ago

Would it not be fair to say the SCR would be interpreted by many people as 'Do I consent for my GP to share/distribute my medical records electronically with other organisations?'

i.e. they have already requested exclusion from the GP Extract.


Reply
Flag
 +2
Like

This comment is:

Email address:

Submit

Follow

Post

 

Top 10
CertaCitrus
Expertise:
IT professional
Sector:
Industry
Approved posts:
423
Likes:
0
My EHI score:
423
Reward badges:
 
[1] 2

EHealth Media Limited
EHealth Insider is managed and maintained by EHealth Media © 2014
Registered Office: 11 Campana Road, London SW6 4AS
Registered No. 4214439 | Vat No. 774 4008 29
About us | Advertise | Terms and conditions | Privacy policy | Cookie policy | Contact us