Government poised to allow GP patient data access beyond ‘pandemic only’ scope

Exclusive: The Government is preparing to imminently expand rules allowing research access to patient data – in a move which would not require GPs to inform them of the change, Pulse has been told.

A letter making the claim was sent to NHS England chief executive Sir Jim Mackey yesterday (16 October) from medConfidential, a campaign group for confidentiality and consent in health and social care. 

Pulse understands that the BMA has also been involved in raising concerns about the recent development.

According to the letter, seen by Pulse, health secretary Wes Streeting will reportedly issue NHS England a Direction – a legal instrument – which will reverse the ‘pandemic only’ requirement covering the GP Data for Pandemic Planning and Research (GDPPR) dataset.

NHS England would then issue a no-action Data Provision Notice (DPN) to GP practices meaning GPs – as data controllers – would not need to inform patients of the change. 

The letter said: ‘medConfidential understands NHS England has received but has not yet published a Direction from the Secretary of State to break the “pandemic only” promise covering uses of the GP Data for Pandemic Planning and Research data collection, with data controllers being told they will not / do not need to inform patients that anything has even changed – let alone that the “pandemic only” promise is being torn up.  

‘As a consequence, GP practices, etc. will still be telling their patients the collected data is for “pandemic only” uses, which will not be true’.

The letter alleges the Direction was signed off ‘without the informed consent of the profession to whom any consequent notice will apply.’ 

Howver, health dataset project UK Biobank, which is set to benefit from the change, stressed to Pulse that the expansion would still only apply to patients who had consented to sharing their data

It currently holds data from more than 500,000 volunteers in the UK who consented to share their GP record anonymously for research.  

Researchers can access the data but are prohibited from sharing it with anyone who is not a collaborator on their research project. 

Despite this, Med Confidential said it was concerned about the wider implications of the Direction.

Sam Smith, co-signatory of the letter and policy lead at medConfidential, told Pulse: ‘Patients and the profession were promised the “pandemic only” dataset was only for the pandemic, and so that’s what GPs told their patients.  

‘Now there’s a quiet bait and switch, meaning DHSC expects GPs to tell patients something it knows not to be true.’ 

He also warned that while it may begin with UK Biobank accessing data, this risked being the first step in a wider expansion.

Last year, Mr Streeting had alluded to the idea of the expansion in at the RCGP annual conference. In the speech, he said ‘world-leading studies like the UK Biobank, Genomics England and Our Future Health are building up incredibly detailed profiles of our nation’s health’ but ‘far too often’ data was ‘not shared according to patients’ wishes’.

GP practices are data controllers for patient data under UK GDPR and also remain the controller for ‘pseudonymised’ records.

A spokesperson for NHS England declined to comment on the letter.

Dr Katie Bramall, chair of the BMA’s GP committee in England, told Pulse the union advised NHS England to clearly communicate the data access changes to GP practices and to distinguish it clearly from the pandemic-era rules.

Dr Bramall said: ‘NHSE heard our concerns earlier this week after we learnt that DHSC had a Direction planned. 

‘We need to see this taken forward formally in JGPITC meetings. We need to see exactly what this Direction says in writing, when it was signed, what NHSE will expect from practices, and that it doesn’t conflict with past statements that are not being withdrawn.

‘We cannot countenance any attempt to hide a new purpose behind an existing collection for expediency – whether legal or not – as this paves the way for future uses which are less restrictive (eg HDR sidestepping OpenSAFELY). These attempts need to be stopped now in the interests of patient and professional trust and confidence in the government’s wider agendas.

‘Separately, practices have additional options to support the safe use of sharing data, such as OpenSAFELY which has gone through the necessary processes to gain the support of the JGPITC and GPC England.’

In June, NHS England paused the ‘ground-breaking’ HDR Foresight project which used GP data to train an artificial intelligence (AI) model, following concerns raised by GP leaders.

A BMA spokesperson told Pulse separately: ‘The BMA, through the JGPITC, has been working with NHS England in recent months to offer advice on behalf of the profession on a forthcoming data direction and data provision notice that will require the coded GP data of those who have given explicit consent to flow to certain research organisations. 

‘As this is essentially a new flow of data, for a new purpose, general practices, as data controllers of the underlying data, need to be made aware and to provide their assent as they would for any new flow mandated under the Health and Social Care Act.  

‘The BMA feels this approach, now the pandemic has ended, is the best way of maintaining patient trust.  

‘History has shown that misinformation can drive patient opt outs and we wish to avoid any actions that might cause long term harm. If we lose the trust of our patients we will not be able to do our jobs effectively.’ 

A DHSC spokesperson told Pulse: ‘Protecting patient data is a priority. We announced plans last year to improve the sharing of primary care health data only for individuals who have explicitly agreed to share their information for scientific research and where the highest standards of data security are in place.  
 
‘Patients across the country could reap the benefits from this research whether it’s faster diagnosis and treatment times, new medications or enhanced screening programmes. 

‘We are working with GPs representatives and relevant stakeholders to deliver that commitment. We are determined to make the NHS a vanguard of health innovation and bring in the shift from analogue to digital.’

In 2023, the BMA refused to back UK Biobank’s campaign asking all GP practices to release volunteer patient data via their IT systems. 

Last year, a major Government-commissioned review found that establishing a central system allowing access to GP data for research was England’s ‘highest data priority’.