The Department of Health has set out how its relaunched NHS data-sharing scheme will work, including plans for patients to be able to view online how their data has been used.
But the BMA said that the DH plans were of ‘serious concern’, because patients will not be able to opt out of having their data sent from their GP practice to NHS Digital.
The report, published today by the DH, also committed millions to improving NHS cyber-security following the recent malware attack affecting trusts and GP practices across the country.
It also reiterates plans for the CQC to start inspecting GP practices on their handling of patient data. This will begin from November 2017 with inspectors encouraged to assess how providers ‘manage their data and cyber security’.
Meanwhile, patients will be invited to set their new, simplified, preferences on NHS data sharing from March next year.
According to the report, this will ‘give people the choice to opt out of sharing their data beyond their direct care, which will be applied across the health and social care system’.
Under the plans, a system for anoymising and extracting data from GP practices should be in place by September 2019.
The new patient opt-out system does not extend to anonymised data but the DH said that by December next year ‘people will be able to access a digital service to help them understand who has accessed their summary care record’.
Further, by March 2020, ‘people will be able to use online services to see how their personal confidential data collected by NHS Digital has been used for purposes other than their direct care’, the report said.
It added: ‘Individuals will be able to make their choice known online as well as in person. People will be able to express their own preference on sharing their data and be able to change their preference.’
But BMA medical ethics committee chair Dr John Chisholm said that ‘doctors have serious concerns about the removal of patients’ right to opt out of having their details sent from their GP surgery to NHS Digital, without first putting in place the necessary protections and guarantees about how this information will be used’.
He said this comes as the Home Office is able to request confidential patient information for immigration purposes, which ‘is undermining patient trust in how their confidential information is used’.
Dr Chisholm said: ‘Patients deserve to know how and under what circumstances their personal data may be used. The BMA believes there needs to be a higher threshold for releasing information from NHS Digital to the Home Office, and independent oversight of disclosures before the removal of the opt-out.
‘If patients don’t have confidence in the system, not only does it damage the doctor-patient relationship, there is also a real risk that some will be put off visiting their GP, which could have serious public health implications.’
He added that the BMA is ‘currently in ongoing constructive discussions with the Government and hope we can reach an agreement that is in the best interests of patients’.
RCGP chair Professor Helen Stokes-Lampard said the college ‘welcomed’ the ‘phased approach to introducing a transparent national opt-out scheme for data and information sharing’.
She added: ‘What is essential is that the NHS is beyond reproach when it comes to the use of patient data for any purpose, that patients have trust in the way their data is being used, and that they are confident it will be kept secure.’
GP leaders went on to welcome the announcements of extra funding for NHS cyber-security, including upgrades to GP IT systems.
The report sets out that it is up to CCGs to ensure GP practice IT systems are up to date, after it was revealed many were left with operating systems from the early 2000s.
It further announced a new £21m investment to boost cyber-security at ‘major trauma sites’, saying this would be ‘an immediate priority’.
Echoes of care.data debacle
The relaunch of the data-sharing initiative follows NHS England’s attempt to launch care.data – a previous version of the system which would make data available for research by fee-paying third parties – in 2014.
That scheme was shelved at the eleventh hour amid confusion about how well informed patients were, who could access patient data, and GPs liabilities if a patient complained, and officially killed off last year.
The DH report confirmed more than a million opt-outs, registered by patients in the run-up to care.data’s launch to prevent data leaving their practice, will be respected until 2020 when the new system will be fully implemented.