The health secretary has blocked plans for data from GP records to be shared both inside and outside the NHS without explicit patient consent, after the Caldicott review of information governance refused to support the move.
The review – published today – rejected NHS England’s proposal that by being treated in the NHS, patients were agreeing their data could be used without consent, and said that personal confidential data should only be disclosed ‘with consent or under statute’.
The BMA welcomed the rethink, saying that patient objections to sharing of confidential data must be respected, but it warned it had concerns over another Caldicott recommendations that ‘safe havens’ should be set up for access to potentially identifiable patient data.
Speaking at the launch of Dame Fiona Caldicott’s Information Governance Review, Jeremy Hunt announced that patients would have a ‘veto’ over having any information from their GP record extracted, but that he hoped most people will consent to sharing their information.
The comprehensive report made 26 recommendations on sharing confidential information within the NHS, data breaches and data governance issues for researchers, public health officials and commissioners.
Earlier this year the Government announced plans for patient identifiable data to be extracted from GP records through the GPES system to be sent to the Health and Social Care Information Centre, where it will be anonymised and sent to customers such as NHS England.
NHS England also planned to link primary and secondary care data in order to monitor a patient’s journey throughout the NHS, that could be identifiable.
In the original plans, patients were not able to opt out of having their data shared as it was proposed that patients using NHS services entered into a ‘consent deal’ for their data to be used for purposes beyond their care, leading the GPC to call for a publicity campaign to let patients know their data would be used in this way.
Weeks later the Government removed a statement from the NHS Constitution that promised patients their health records ‘will always be used to manage your treatment in your best interest’, saying it could sound too ‘paternalistic’.
But the Calicott review said that it ‘does not support such a proposition’. It added: ‘If identifiable data is to be used, a clear justification and a legal basis for doing so must be established and made known to patients.’
The report said that for commissioning and research purposes, when personal confidential data needs to be linked with other data sources, for such as from other organisations, it should only be linked in specialist, well governed, independently scrutinised accredited environments called ‘accredited safe havens.’
Patients objections to their data being shared should even be considered if legal pathways, such as section 251 exemption which normally allows the waiving of common confidentiality law, apply, the Caldicott report added.
This also applies to the linkage of data which has been de-identified, but which still carries a high risk that it could be re-identified with reasonable effort.
Mr Hunt said today in response to the review: ‘I have agreed that GPs will not share info about what’s on their record with the Health and Social Care Information Centre if people object. There will be some overriders such as in a public health emergency or in a case of child care abuse, but I think that’s expected. Essentially people will have a veto on info being shared in the wider system.
‘It’s important to do that to give people confidence they are in charge of their own medical record and who sees it. Most people if they are confident it will be handled responsibly will want it to be shared.’
Dr Tony Calland, chair of the BMA’s Medical Ethics Committee said he supported the decision: ‘We are very pleased that there is a commitment to respecting patients’ objections to confidential data being shared as this is something the BMA has worked hard to reach agreement on. Confidentiality is the cornerstone of the doctor/patient partnership and we must do all we can to safeguard it.
But he said that the BMA had some outstanding concerns about how ‘safe havens’ will be implemented, saying the use of any information that could identify individuals, such as the NHS number, could increase a risk to confidentiality, unless robust safeguards are in place.
He added: ‘While health data is vital to improve health services and medical research, it is essential that the strict controls described in the Review for safe havens are scrupulously adhered to and regularly audited by an independent body.’
The Caldicott report also recommended:
- Patients should be able to access all personal confidential data held by a health and social care organisation electronically, including their GP records, electronic hospital records and community records without charge within a decade. An audit trail that shows everyone who has accessed a patient’s records should be introduced
- Regulatory, professional and educational bodies should ensure that information governance is a core competency of undergraduate training and CPD. It should be a part of clinical practice, said the report.
- Patients confidential information should be shared among health and social care professionals as well as any health professionals who have a ‘legitimate relationships’ with the individual
- Where there is a breach of data, the data controller or organisation broadly responsible for the data must give a full explanation of the cause of the breach with the remedial action being undertaken and an apology to the person whose confidentiality has been breached.
- Breaches must be reported to the board of the organisation and be published as part of annual quality reports. Aboard-level executive should be responsible for information governance and breaches at all organisations. A standard ‘severity scale’ of breaches should be agreed across the health and social care services.
- The CQC and the Information Commissioners Office should develop a system to regulate information governance.
Download the full report here.