Since the inception of the NHS, GPs have been the trusted guardians of their patients’ most private medical information. But in just a few weeks, all that will change.
Next month, the NHS will begin extracting and storing huge amounts of patient data from GP records for the first time under the care.data programme, and then linking it to data from secondary care.
The move marks a seismic shift in the way the NHS in England uses patients’ data. The database will become a huge mine of information for commissioners and, in time, for researchers too. But care.data has caused consternation among GPs, many of whom are alarmed at the threat to confidentiality and all of whom still have a statutory obligation as data controllers to ensure patients know about the scheme, which will operate on an opt-out basis.
A Pulse survey reveals that despite an ongoing publicity campaign, many patients, practice staff and even GPs still don’t understand how care.data works, while as many as 40% of GPs plan to opt out themselves.
In the meantime, debate is raging, with researchers arguing care.data will help bring significant clinical advances but critics highlighting that large chunks of data could be sold for a nominal fee of as little as £1. Do patients have anything to fear from care.data – and how can GPs avoid being caught in the crossfire?
The information due to be extracted from GP systems in England for care.data includes family history, vaccinations, diagnoses, referrals, NHS prescriptions and biological values such as blood pressure and BMI. Identifiable information – NHS number, gender, postcode and date of birth – is also included, to enable the Health and Social Care Information Centre (HSCIC), which will initially hold the data, to match GP records to those from hospitals and elsewhere. Free text will not be included.
Once processed by the HSCIC, the data may be shared both within the NHS and beyond. Most shared data will be anonymised or ‘pseudonymised’, which means identifiers are stripped out. However, patients could still potentially be identifiable from pseudonymised data, for instance if a patient in one area has a rare disease or other rare characteristics or if the data is combined with other datasets – a so-called ‘jigsaw attack’ (this would be illegal).
Initially, pseudonymised data will be available only for commissioning use, although NHS England intends to extend access to researchers and private companies in due course. Data can also be released in fully identifiable form to researchers and potentially private companies if that is judged by a scrutiny panel of independent experts – the NHS Confidential Advisory Group (CAG) – to be in the public interest or for the purpose of improving patient care.
However, NHS England has pledged that ‘in order to establish trust in care.data’, it will ‘initially’ only disclose identifiable information if there is an overriding public interest. It also insists any future releases of identifiable data will be ‘exceptional’. But a Pulse investigation has found the CAG is currently approving similar requests for other identifiable NHS data – not care.data – at a rate of almost one a week.
If and when data is shared more widely, it will effectively be given away – researchers and private companies will only have to pay the costs of handling datasets, with NHS England planning to charge only nominal fees of as little as £1.
GP practices are legally required by the Health and Social Care Act to participate in the care.data scheme. But patients are able to opt out of their confidential data being extracted at two stages – either when data is shared by the HSCIC, or when it is first uploaded from practices to the HSCIC.
NHS England, which last month sent leaflets outlining the new scheme to every household in England, insists its approach strikes a fair balance.
‘Sharing information about the care you have received helps us understand the health needs of everyone and the quality of the treatment and care being provided, and our work to improve data collection and usage is supported by both the RCGP and the BMA,’ a spokesperson says.
But privacy campaigners have criticised the publicity drive as ‘confusing’ and even GPs in favour of more data sharing have expressed concern. Dr John Lockley, clinical lead for informatics at NHS Bedfordshire CCG, says it is ‘extraordinarily remiss’ to extract private information without obtaining explicit consent.
Dr Lockley says: ‘I do like the idea of using data like this, for research and for organising the NHS, but I strongly believe it needs to be done ethically. It could be done and should be done in a different way.’
Many GPs on the ground share Dr Lockley’s concerns. A Pulse survey last month asked 424 GPs to estimate what proportion of GPs, practice staff and patients understood the scheme. The responses indicated that only half (51%) of GPs and practice staff have got to grips with how care.data works, while GPs believe only 15% of patients understand it.
The survey also showed that 40% of GPs intend to opt themselves out, with a further 17% undecided.
Dr Ian Williams, a GP in Tunbridge Wells, says: ‘I wish to opt out as I am concerned about identifiable data being moved around and passed to third parties.’
But Dr Francesca Lasman, a GP in Alconbury, Cambridgeshire, is among the 43% of GP respondents who said they were happy for their records to be uploaded. She says: ‘Real data from people with multiple conditions and on many medications gives at least a chance of some meaningful analysis and a start for the best approach to tackling prevention and treatments.’
GPs’ duties unclear
It remains unclear exactly what GPs must do to satisfy their obligations under the Data Protection Act.
NHS England and the HSCIC have developed posters, leaflets and other materials to distribute to patients, but these have been criticised for not including an opt-out form. Patients are told to contact their GP practice if they wish to opt out.
The Information Commissioner’s Office (ICO) says it is still monitoring the impact of the publicity campaign, but has warned GPs will bear ultimate responsibility if patients complain (see box, page 6).
The ICO has a number of potential sanctions for breaches of fair processing requirements, including fines of up to £500,000, but told Pulse any complaints against GPs would be considered on a case-by-case basis.
How does care.data work? Click here to view the graphic
Professor Julia Hippisley-Cox, a GP in Nottingham and a member of the CAG, which will be required to approve any future release of identifiable data, says: ‘This is possibly the biggest-ever cultural change in general practice, as the trust between GPs and our patients is sacrosanct and necessary for delivery of safe patient care.
‘The ICO seems to be saying that it remains the responsibility of the practice to ensure all patients are aware, so practices need to be imaginative. Ideas include: update websites with information and a simple opt-out form; have leaflets and posters; put messages on repeat prescriptions; use SMS for texting; and include a note on as many communications with patients as possible.’
Pulse’s survey shows most practices (75%) have put posters in their waiting rooms and 60% have put a notice on the practice website. But only 16% have sent a letter to patients and 6% an email.
Despite assurances from NHS England over how the data will be used, questions remain. For instance, NHS England has always insisted identifiable data will only be shared in ‘exceptional’ cases. Last month it went further and pledged that a little-known ‘Section 251’ exemption clause, which allows the release of identifiable data if safeguards are met, would not be used ‘initially’ in order to ‘establish trust in care.data [among] patients and healthcare professionals’.
Read the case-study:
Dr Amir Hannan: ‘This goes to the very heart of the doctor-patient relationship’
Confidentiality set aside
But a Pulse investigation reveals Section 251 has been used multiple times in recent months to enable the release of existing identifiable patient information.
Under Section 251 of the NHS Act 2006, the health secretary is able to set aside patient confidentiality for ‘defined medical purposes’, but must take advice from the independent CAG.
A Pulse analysis of applications to the CAG reveals there have been 31 releases of confidential patient information approved since April 2013, including 12 to bodies outside the NHS. At least 30 further requests were ‘conditionally’ or ‘provisionally’ approved, as long as the applicant sought further approvals.
The applications were mainly for commissioning or life-science research, with information such as names, dates of birth, postcodes and NHS numbers requested alongside other medical data.
Releases of identifiable data from care.data – if they are given the go-ahead in due course – will still remain the exception rather than the rule. But Dr Grant Ingrams, former chair of the GPC’s ICT subcommittee and a GP in Coventry, says: ‘I do not see why any researcher should have access to information without consent. I do not believe it’s the right model to upload people’s data without properly informing them it’s being done this way.’
Caught in the middle
Either way, GPs find themselves caught in the middle of a potential maelstrom. And some are taking direct action.
Pulse has spoken to four GPs who are opting all their patients out of care.data – undeterred by a warning that doing so is unlawful.
One GP from Oxford, who wishes to remain anonymous, says: ‘I understand entirely the requirements for good, solid data, from living in this town and having been involved in research.
‘But the difficulty with the Government’s plan is two-fold: one, it thinks there is a way of anonymising data and no one will be able to put it back together and that just isn’t true; two, once you give the Government information, it’s liable to be misused somewhere or other.’
Over the next few weeks, GPs will have to decide whether or not they agree.
What does the ICO say GPs must do?
As data controllers, GPs have an obligation under the Data Protection Act (DPA) to process data lawfully and fairly. In terms of care.data this means actively providing information to patients so they are well informed about the process and their right to opt out.
Once the data has been transferred to the Health and Social Care Information Centre (HSCIC), it then becomes the data controller. So if patients complain they were not informed about the process, it’s the GPs responsibility; if the data is unfairly or unlawfully handled, it is the responsibility of the HSCIC.
Our understanding is the NHS England leaflet campaign is part of a broad communications drive to inform patients about care.data. We will review the campaign at the end of the process to ensure the data is being processed in line with the DPA.
GPs should continue actively to inform patients about the care.data campaign. At the end of the campaign we will review this to see if it satisfies the controller’s responsibilities under the DPA.
Assuming both NHS England and GPs communicate these changes in the way that has been set out to us, we would consider it likely that the fair processing requirement would be met.
Source: Pulse enquiry to the Information Commissioner’s Office