This site is intended for health professionals only

GPs unable to object to patient data being shared, warns GPC

Practices are ‘strongly advised’ not to opt out all their patients from NHS England’s data extraction programme as they will be in breach of the Health and Social Care Act, says the GPC.

As part of its September newsletter, the GPC said it had been contacted by practices and LMCs with concerns over the Government’s programme, in which patient identifiable data from GP records will be extracted and shared with commissioners, researchers and private companies in identifiable and de-identified forms.

Earlier this year, health secretary Jeremy Hunt announced patients would be given the right to opt out of having their data extracted.

But last week Pulse reported that Northumberland LMC was considering boycotting the scheme, to give patients more time to make an informed decision about the extracts, and their right to opt out.

The GPC also received enquiries from practices considering putting opt out codes for all their patients. But the GPC said they ‘strongly advised’ practices against doing this, as they would be  breaking the law.

The GPC newsletter said: ‘We have received concerns from practices and LMCs about the level of patient awareness, and whether an eight week period of activity undertaken by the practice will be sufficient in informing all patients of the extract. Some practices have suggested applying the objection code to all of their patients’ records and removing the code once patients have provided explicit consent.

‘We would strongly advise practices against doing this because the Health and Social Care Act creates a statutory obligation for GP practices to disclose the data to the Health and Social Care Information Centre. In addition, it is a patient’s right to object, not that of the practice. As the law creates a legal obligation to disclose data, consent is not required.

‘GP practices must meet their legal obligations under the Health and Social Care Act, as well as their obligations under the Data Protection Act (DPA) to undertake fair processing.’