This site is intended for health professionals only


Private companies set for access to patient data for just £1

Private companies and researchers will be able to access data from GP records for £1, under plans revealed by NHS England to radically reduce the cost and boost the availability of information about patients available outside the NHS.

The body’s chief data officer has revealed he wants to reduce the costs for companies to access NHS datasets, from around £20,000 to £30,000 currently, to just £1.

NHS England said the data would be used to identify where improvements and efficiencies could be made in the NHS and that only approved companies would have access to the data.

But the GPC has raised concerns that private companies would have access to NHS patient data ‘on the cheap’.

Earlier this year NHS England announced plans to create Care Episode Statistics, where identifiable data extracted from GP records through the General Practice Extraction Service would be sent to the Health and Social Care Information Centre (HSCIC) to be linked with information from secondary care sources, and will be de-identified, unless the patient has given consent for identifiable data to be shared.

After concerns from the BMA and campaign groups, health secretary Jeremy Hunt announced that patients would have any reasonable objection to having identifiable data sent to the HSCIC noted, and a flag put in their records so this was clear. They could also object to their data leaving the HSCIC.

Currently universities such as Oxford, Cambridge, King’s College London as well as private companies BUPE, Dr Foster, Corin Ltd and Civil Eyes research have gone through the application process to receive the data, which involves proving adherence to information governance laws, and have been granted permission to receive data.

NHS England launched a consultation last month asking for views on what information should be extracted from hospitals in future, to provide an opportunity ‘for all interested parties to have their say in shaping the future of NHS hospital data and datasets.’

Mr Geraint Lewis, chief data officer at NHS England, said: ‘We want to ensure that patients, clinicians and staff who plan health services have access to the best possible information to help them improve health outcomes for patients.

‘This is why NHS England is developing the care.data service to make better use of health care information. As an early step in this programme, data from GP systems will be linked to Hospital Episode Statistics (HES), transforming it into the Care Episodes Service (CES).’

He added: ‘NHS England wishes to reduce the fees to 1 GBP in order to encourage a wider range of accredited organisations, including charitable organisations, to analyse the data. However, we are keeping the nominal fee in place in order to ensure that all such organisations are held accountable for how they use the data, by means of a legally enforceable contract.

‘Such requests will be approved on an individual basis and will still be subject to the highest standards of information governance and all applicable privacy legislation.’

Dr Paul Cundy, chair of the GPC’s ICT subcommittee said he had concerns over the plans. He said: ‘Bona fide research would seem to be OK, but I would have some concerns about private companies getting NHS patient’s data on the cheap.’

Dr Brian Fisher, NHS Alliance patient and public involvement lead and a GP in Lewisham echoed these concerns.

He said: ‘There needs to be a fair price for data that’s extremely valuable. When the data is extracted from GP records, its put together with other data sources in a way which means patients can be identified.

‘Private companies will be particularly adept at this and they will get a lot out of it. So there needs to be a fair price for this data.’

Pulse revealed earlier this week that GP practices must take ‘reasonable steps’ to inform patients that identifiable data will be extracted from their records from this autumn and used by the NHS and private companies, or face action under the Data Protection Act.