Exclusive A GP faces possible termination of his contract over his plan to opt all his patients out of NHS England’s flagship data-sharing scheme, Pulse can reveal.
Managers from Thames Valley area team have sent Oxford GP Dr Gordon Gancz a ‘notice of remediation’ to force him to remove any opt-out codes for care.data he had added without explicit patient consent, saying that he was in breach of his contract.
The notice – sent last week – also says that he must ‘remedy this breach’ by removing notices on his practice website about his plan to opt all his patients out of the scheme.
Managers said that his actions were in breach of NHS England’s requirement that ‘patients will automatically be included unless they indicate to their practice that they wish to opt out’.
Dr Gancz now faces either taking the action specified in the letter, or potentially having his contract terminated.
The move comes as privacy campaigners write to every practice in the country urging them to follow Dr Gancz’s lead and opt all their patients out of the care.data scheme. But the letter from managers to Dr Gancz shows that practices may face contractual action from NHS England if they do this, as warned by the GPC last year.
GPs have a duty to inform patients about the care.data scheme under the Data Protection Act, but also are required to share their data with the Health and Social Care Information Centre (HSCIC) under the Health and Social Care Act.
Pulse previously revealed that Dr Gancz was one of two GPs who intended to opt out all his patients from the care.data scheme, although his name was withheld from publication at that time.
The letter to Dr Gancz from the Thames Valley Area team says: ‘We wish to discuss the remediation needed because you have published on your practice website information about the care.data extraction indicating that you intend opting your patients out of the data extraction unless they contact you to opt in.
‘This is contrary to NHS England’s requirement that patients will automatically be included unless they indicate to their practice that they wish to opt out.’
The letter adds that: ‘In accordance with schedule 6 part 8, regulation 115 of the NHS (GMS contract) regulations 2004, NHS England requires you to remedy this breach by taking the following steps: 1) Remove the second and third paragraphs of latest news, in the noticeboard section of your website; and 2) Remove any opt out codes which you have applied to your patients’ medical records without their prior consent.’
But Dr Gancz told Pulse that the letter shows a ‘disregard for patient’s interests’, and that he would not be changing the information on his website.
He said: ‘It will be interesting to see what power they have, if any, to stop one simply stating what is the case. People are being bulldozed into giving consent by default – that is on my website and it’s nothing but the truth – how can they tell me to take it off?’
He added: ‘The logic of this email is that unless I give in to the bullying of NHS England and illegally – as defined by the Data Protection Act and the GMC – release my patients’ confidential information, I shall have my contract to work as a GP withdrawn.
‘How many of those students who have passed through Oxford University in the past would like details of their private lives made available to others? Exactly the same applies to every patient in the country.’
NHS England’s Thames Valley area team told Pulse that: ‘Under the Health and Social Care Act, practices have a statutory duty to share personal confidential information about their patients with the Health and Social Care Information Centre.
‘The Data Protection Act 1998 sets out a framework under which such data can be shared. This framework includes ensuring that people understand how their data are used and shared, and their rights to object. NHS England has provided guidance and support to GP practices to comply with these duties.’
Meanwhile, the patient advocacy group Patient Concern, has sent all GP practices in England a email criticising the awareness campaign about care.data run by NHS England urging practices to either opt out patients who previously opted out of the Summary Care Record, or apply an opt out to all their patients.
The email says: ‘There are many reasons why patients may not get around to opting-out. That does not mean that they have agreed to release of their most sensitive medical details.’
NHS England tightens up safeguards on sharing identifiable patient data
Managers have said that identifiable patient information will now not initially be able to be released under the exemption ‘Section 251’ clause unless there is an ‘overriding public interest’.
The admission comes in a risk assessment released last month, and after a Pulse investigation revealed the Section 251 exemption was used multiple times in recent months to enable the release of existing identifiable patient information.
Under Section 251 of the NHS Act 2006, the health secretary is able to set aside patient confidentiality for ‘defined medical purposes’, but must take advice from the independent Confidential Advisory Group.
NHS England said: ‘In order to establish trust in care.data from patients and healthcare professionals, personal confidential data collected for care.data will initially only be disclosed where there is an overriding public interest even though disclosures under Regulation 5 [section 251] or with patient consent would be legally permissible.’