This site is intended for health professionals only

Pulse Today At the heart of general practice since 1960
Could GPs actually go private? Why are GPs rethinking LESs?

Could GPs actually go private? Why are GPs rethinking LESs?

Listen to our new podcast episode here

Login Register
Home News Technology GPs must be protected from liability claims arising from single patient record, MPs told

GPs must be protected from liability claims arising from single patient record, MPs told

GPs must be protected from liability claims arising from single patient record, MPs told
Getty Images
By Harry Hetherington
03 June 2026

GP leaders and MPs have warned practices must be protected from liability claims arising from the use of data shared within the new single patient record. 

Labour MP and practising GP Dr Simon Opher told the House of Commons that ‘no one will become a GP partner’ in future if they have to hold unlimited liability for any such ‘spillage’ of data. 

And RCGP president Professor Victoria Tzortziou Brown told the House of Common’s health and social care committee that there should be liability cover if GPs retain their role as data controllers.

It comes as the Health Bill, set to introduce provisions to create the single patient record, had its second reading in Parliament earlier this week.

Pulse understands that GPs will remain the data controllers for the patient data they input into their own local systems, but the Department of Health and Social Care is likely to also assume controllership when that data is shared with the single patient record.

Debating the bill, Dr Opher said: ‘The data is owned at the moment by GPs, and if there is a spillage of data, GP practices are unlimitedly liable.

‘We must change that; otherwise, no one will become a GP partner. We must also be careful, because excessive and over-the-top safeguarding could obstruct the single patient record, and that would harm patient care.’ 

DHSC has previously said the single patient record would aim to connect with ‘existing systems’ such as the Palantir-owned federated data platform (FDP), but it has said ‘no single supplier’ would dominate contracts for the single patient record.

But Dr Opher said in the debate: ‘I fear that a company such as Palantir owning our data is a derogation of our duty, and that we should use that data as a fantastic resource.’

Health secretary James Murray also confirmed in the debate that his department would become a data controller for GP patient data once it is part of the single patient record. 

Mr Murray said: ‘When the data is held by a GP surgery or an NHS hospital trust, for instance, the relevant bodies will remain the information controllers.  

‘Where that information is then shared through the single patient record, the Department of Health and the Secretary of State will take on a role as data controller as well.’ 

He added that the plan for the single patient record was for existing data systems to be ‘linked up’ rather than the data to be transferred to a wholly new system. 

‘Rather than data being transferred from where it exists at the moment to a new system, it will remain where it is – in GP surgeries, hospitals and so on – but it will be linked up so that one person, including the patient, can see all that data from the middle of the network of information’, he said. 

‘The data will still be governed by the same privacy policies on a GP system, in a hospital trust system and so on. When linked together through the single patient record, it will be governed by the highest levels of security: only authorised individuals will be able to access the data, there will be an audit trail of anyone who has accessed it, and the cyber-security protection will be the strongest available.’ 

Speaking to the parliamentary health and social care committee yesterday, Professor Tzortziou Brown said: ‘We don’t have a clear position as a college [on data controllership]. What we have a clear position on is that we do want the way our data records are managed to inspire trust for our patients, and also to have clarity of who is responsible for them, and when and where liability lies.

‘That we want liability cover goes without saying if we have responsibility, so if we are the data controllers, absolutely we need to be indemnified – but whether we should be the data controllers will depend on how things progress with a single patient record.’ 

The RCGP president added that in order to adopt a position, the college would ‘need to see the detail’ of how the single patient record will work.

As revealed by Pulse, NHS England had previously said that it would not be ‘appropriate’ for GPs to act as the data controller for the single patient record. 

Meanwhile, Liberal Democrat MP Martin Wrigley said he would attempt to amend the bill to ‘remove the relaxation of data privacy’ within it. 

GP leaders and patient data groups have voiced concerns about how confidentiality of patient data would be protected in the legislation

Mr Wrigley said a single patient record ‘is undeniably critical to see the data of patients all in one place’ but said ‘it must be built from a patient’s point of view, not from a centralised data-analysis point of view, and with privacy by design from day one’.  

He said: ‘We obviously need GPs to see hospital data and vice versa, and ambulances to see everything that they need to help, but we do not need the new regulation to do that. 

‘The single patient record already exists in a federated model; in Greater Manchester, Merseyside, Shropshire and more, trusts already run interoperable access for care services, GPs and hospitals. The Government admit that but claim it is partial and fragmented. They also claim that the data will remain in the systems where it currently exists. However, with the Bill, the Government are asking to remove all protection of patient data.’ 

Responding to this during the debate, health minister Karin Smyth said the single patient record would ‘protect personal data by default’.  

She said: ‘It will be considered critical national infrastructure, with the highest standards of cyber-security and information governance, so that only the right people can access the right information at the right time and for the right reasons.  

Ms Smyth said while the legislation ‘does allow data to be used for research, population analysis and service improvement’, she said this would only happen ‘where there is a separate legal basis for doing so’. 

The details of the health bill will next be scrutinised by the House of Commons Public Bill Committee on 16 June.

The Department of Health and Social Care previously told Pulse that GP practices who share data with the single patient record will not be responsible for liability associated with onwards sharing of the data from the record, for example with third parties for research purposes.  


			
			
					


          				        
			          

            
                        

              

                

                  

                    
Related Articles

                  

                  					
					                        

                          

                             Government formally establishes ‘online hospital trust’ GPs can refer to from next year
                            
01 June 2026

                          

                        

                    				
                    					
					                        

                          

                             DHSC set to become data controller for GP data provided to single patient record 
                            
01 June 2026

                          

                        

                    				
                    					
					                        

                          

                             Single patient record to have ‘no single dominating supplier’
                            
20 May 2026

                          

                        

                    				
                                        
                                    

              

            

          


          

            

              	 
  



  
            

          

			
        

        

          

                      

          

                      

        

      

    

    

      


		

		

	 		

			
			

				
			

			
		

		

			
			

				
			

			
		

				

		

		 	
				

				

		 		

			
			

				
			

			
		

				

		
	
		 		
		

  

    

      

        

          

                                                                                                			  
			              

                               
                          

            

                              Allergic rhinitis: A guide for General Practitioners. Promotional Content – UK HCPs.              
Read Now

              
                          
			  
			  
			 
                                              

        

      

    

  



	
	

				

		

			
		

			
			

				
			

			
		

			
					

		

						


	

		

			
Most 
				
				
			

		

		

			
			

                
												
								
							

		

	


    

	 
		
		

		  
		

			  
  


  

    

      
    

  






  

              								  
				  

					
				 

				  
			  	              







  

		

			

			    
				
FOLLOW US

					
			

			

			

			

			

        	
IMPORTANT LINKS

                    

			

	         
MORE FROM COGORA

                    
			

		
	  
  





  

    

      

        
© Cogora 2026
Cogora Limited. 1 Giltspur Street, London EC1A
          9DD Registered in the United Kingdom. Reg. No. 2147432

      

      

        Cogora