This site is intended for health professionals only

At the heart of general practice since 1960

pul jul aug2020 cover 80x101px
Read the latest issue online

Independents' Day

Tim Kelsey: We are working to make safe for patients

Changes to the NHS data-sharing scheme now make it fit for purpose, writes NHS England’s information director Tim Kelsey

Last week the Care Bill received Royal Assent and became the Care Act and for the first time we have a clear, statutory basis for sharing information that will enable us to track patient outcomes across health and care services.

To me this feels like a real milestone for patients, clinicians and researchers. The new law means that a person’s data can only be shared and analysed when there is a benefit to healthcare, never for other purposes, and that all uses will be scrutinised with full transparency by an independent statutory body. In addition, there will now be a legal basis for people to stop their data being shared if they wish to.

These legal safeguards were introduced as a direct result of concerns about the safeguards around data sharing in the NHS raised in light of the initiative. is a programme to link data across all care services, starting with hospitals and general practice and make it available to the people who can use it to make services better – clinicians, commissioners, researchers, charities, patients and public – in safe ways that minimise the risk to a person’s privacy being compromised in an age of increasingly sophisticated digital threats. For many years, the NHS has analysed data on hospital outcomes and driven improvement in services as a result; health and care services now need to analyse similar data across the whole care pathway. 

In February, NHS England announced an extension to the start of data collections until the autumn to ensure concerns expressed by GPs and others were met. The Care Act amendments are an important part of demonstrating how seriously that commitment is taken. Nothing less than an overhaul of the legal basis for data sharing was necessary, but that on its own is not sufficient. Last month, we confirmed that there will be a phased roll out for the programme, starting with between 100 and 500 practices in the autumn. In this way we can refine and test, with complete transparency, the best ways of supporting GPs to ensure patients are informed of the purposes of this data sharing, its safeguards and how they can opt out.

There are no artificial deadlines for the national roll-out of the programme: the most important priority is that we get it right. And for that reason I am very pleased that the Independent Information Governance Oversight Panel (IIGOP), chaired by Dame Fiona Caldicott, has agreed to advise the programme board and senior responsible owner on the implementation of the programme, and in this context to evaluate the first phase pathfinder stage. 

Dame Fiona is known across the NHS for the institution of ‘Caldicott Guardians’, the individuals responsible in every NHS and local authority organisation for making decisions about sharing identifiable information.  This requires balancing the public interest of protecting confidential information with the public interest for sharing the information.

Ensuring that information is shared for best care and to promote excellent research is central to the vision encompassed by the programme, as is protecting confidential information and I am grateful that she has agreed to help us. 

New advisory panel

In addition, we have established a advisory group under the chairmanship of Ciaran Devane, chief executive of Macmillan Cancer Support and a non-executive director of NHS England, with membership drawn from across health and care, which includes the BMA, the RCGP and Healthwatch, as well as voluntary organisations and privacy experts.

I’d like to thank everyone for their help - and especially the GPs, practice managers, citizens and patients who have attended events and workshops across England to surface concerns, debate solutions and help shape the future of data sharing in health and care. There will be many more conversations over the coming weeks and months. 

Data-sharing between professionals, patients and public is the prerequisite for a modern, sustainable health and care service. Only last month, Macmillan Cancer Support published a report which revealed that one in four cancer cases is diagnosed in an accident and emergency department - and that those patients were  twice as likely to die within a year as those referred to a specialist by their GP. A central conclusion is that better data on the outcomes of these patients and understanding geographic variations in patterns of diagnosis is key to improving life expectancy.

Implemented properly has the power to transform health services - that’s why it is so important to get it right.

Tim Kelsey is NHS England’s national director for patients and information.

Readers' comments (16)

  • Rubbish!
    Patient data is no more safe than eBay data.

    A young person I know who works in a pharmacy recently told me that they had had a "sneaky look " at their new partner's information and discovered their GP and what they had been prescribed previously.

    I have explained that this is against the law and am convinced it will not happen again but will happen up and down the country especially where, as appears to be the case in the eBay leak, there is an insider who, for whatever reason, wants to leak this information.

    Another issues for GPs is the sharing of records in systems such as vision 360. Potentially every colleague, both medical and non medical in your patch could access your records.

    Unsuitable or offensive? Report this comment

  • Neil Bhatia

    Nothing has changed. The so called "changes" are simply smoke and mirrors.

    You will still have to opt-out to protect your personal confidential information
    Your information will still be uploaded in an identifiable dataset
    Your personal information will still be sold to 3rd parties within and outside of the NHS, for purposes other than genuine medical research
    Your personal information will still end up in the hands of pharmaceutical companies, insurance organisations, private medical providers and government departments. They'll just be more creative in how they apply for access, how they pay for the data and who they employ to apply on their behalf
    You will still have no control over your uploaded information, other than to opt-out entirely
    Aggregate, anonymised and pseudonymised data releases will still be classed as non-personal and so the Data Protection Act will still not apply to their processing - no protection, and the ICO will not be interested.
    You will still be unable to find out when aggregate, anonymised and pseudonymised data about you have been released or sold - because such data releases will be out with the DPA.
    And you will still be unable to delete your uploaded information - unable to change your mind

    Here's hoping that GPs will make their opinion clear at Friday's LMC Conference meeting.

    Our patients are looking to us to protect their data.


    Unsuitable or offensive? Report this comment

  • Agree with Neil ..this is all smoke and mirrors. Tim Kelsey and Jeremy Hunt are data flat-earthers, determinedly refusing to acknowledge
    the evidence that it is impossible to anonymise data in this era of multiple databases, and that pseudonymisation is effectively identifiable data.

    Patients do not want our GPs, trusted recipients of personal confidences and guardians of our total medical record, to be forced to metamorphose into government informers. Echoes of the STASI!!

    Unsuitable or offensive? Report this comment

  • Agree with Neil. And where is the result of the Pseudonymisation review?

    Unsuitable or offensive? Report this comment

  • All information shared with me, the patients’ GP, is unequivocally not for uploading. We understand that such data is confidential. If the patient gives me permission I will release that data. BUT;

    Any care data law cannot be retrospective and it cannot be an opt-out.

    Make your case to the public Tim Kelsey and let them opt-IN. If your case is so overwhelming then you should get a majority.

    Me Opt-In? No chance. Any IT project designed by the dead hand of government is destined to fail. Data breech or data misuse is guaranteed.

    Unsuitable or offensive? Report this comment

  • so that's all right then..we are expected to believe the hopeless incompetent that caused the first fiasco will get it right now?
    why has he not been given his p45?

    Unsuitable or offensive? Report this comment

  • I'm not convinced - answer one question to cut through the rhetoric. Will data sets continue to be sold to 3rd parties ? Tim Kelsey seems to espouse the benefits and seems blind to the risks with a project that has gone badly wrong on his watch.. Insurance companies have already demonstrated (indeed boasted) that rudimentary methods of triagulating data sets that they have bought for as little as 12k can identify with some certainty, the likelihood that a few patients in any high level postcode (especially in less densely populated areas) may have certain conditions. Safe from hackers is one thing, selling "psudonomised" data for profit is another. Why steal the data when someone gives it to you for a modest fee? I think we need a change of leadership on this project and I'm afraid that Tim Kelsey just isn't the reassurance that we need. He was quite disparaging at NHS Live when clinicians raised reasonable concerns. Time for Tim to move over and allow someone like Dame Fiona Caldicott or Professor Sir Bruce Keogh or Professor Lord Darzi to take charge - I suspect they have the intellect to carry this important programme forward in a way that Tim Kelsey can't. All change please and let's move on.

    Unsuitable or offensive? Report this comment

  • I have no doubt that there will be "robust measures" put in place to remind people that it will be naughty to disclose information and to attempt to discover the sources of disclosure but unfortunately by then the damage will have been done and the confidentiality will have be lost.

    The problem is that the data will be extracted from the GP systems and stored as raw information on the national database. It will then be pseudonymised, or almost anonymised, before being passed on for approved use. Approved use can of course be subject to change and in any case research covers a wide area including pharmaceutical research and economic benefits.

    So we have moved from the initial arrogant disregard of public and professional concerns to the same process of data extraction with some fudges applied.

    Unsuitable or offensive? Report this comment

  • Kelsey totally fails to address the default opt-in issue.
    He just doesn't get why this is a problem.

    Worrying as he's meant to be National Director for Patients and Information.

    Unsuitable or offensive? Report this comment

  • Tim should go nobody believes he can manage this........just by the way how does it work for welsh and scots people if they decide to move to england

    Unsuitable or offensive? Report this comment

View results 10 results per page20 results per page

Have your say