This site is intended for health professionals only


I was threatened with breach of contract during care.data – this is worse


patient data-extraction scheme


The Government is cynically launching its latest data scheme mid-pandemic, with scant information on the risks to patients and GPs, says Dr Gordon Gancz

I had hoped that, after the fiasco that was care.data in 2014, the Government would have learned its lesson about trying to hijack our patients’ confidential information without express consent. But it seems that was too much to expect.

With their stealthy announcement of General Practice Data for Planning and Research (GPDPR), ministers are trying the same trick again (evennif they are now delaying it). There is little information ahead of the grab, automatic opt-in instead of opt-out, and reliance on totally bogus pseudonymisation while asserting confidentiality is guaranteed.

At the time of care.data, I was threatened with the loss of my contract if I carried out my intention to opt out all my patients and then allow them to opt in if they wished. I received emails to this effect from a ‘responsible officer’, which he later denied sending in spite of printed evidence. I received hundreds of emails in support.

Hidden in the notorious Health and Social Care Act 2012, unnoticed by most, was a clause that actually made it illegal for GPs to opt out all their patients. However, it turned out the NHS only has the power to remove those parts of a contract that attract a fee, and since allowing the Government to extract confidential data did not attract a fee, it couldn’t carry out the threat.

Having first gained the support of a student journal, the Oxford Student, the story about me opting out all my patients was picked up by Pulse, and from there went national. Only then did the Government make a desultory attempt to inform the public by household leaflets, most of which went into the bin unread. 

Meanwhile, care.data was quietly dropped on 24 June 2016 – a good day to bury bad news, as this was also the date the result of Brexit vote was announced. 

The cost to the taxpayer for this fiasco was estimated at £8m.

The original plan was signed off by the BMA and the RCGP, and the health secretary was, of course, Jeremy Hunt, who currently chairs the health select committee and will no doubt have to comment on GPDPR eventually.

Even the GMC bent to accommodate care.data. Paragraph 36 of its Confidentiality guidance at the time initially covered communicable diseases and protecting society from serious harm or serious crime. This paragraph was altered to have tacked on the end ‘or to enable medical research, education or other secondary uses of information that will benefit society over time’. 

Serious crime? Serious harm? Medical research? These are strange bedfellows.

I must emphasise I am not against the collection of valuable data for research (I have worked in a research university all my professional life). 

Fully anonymised data would provide nearly the same information, but pseudonymisation has been proven not to work. Only three pieces of information (postcode, date of birth and sex) are needed to re-identify the patient.

Let patients opt in

Allowing the public to opt in would remove all these problems, providing the pros and cons were properly explained.

This new ‘plan’ will in fact be worse than care.data, in that NHS Digital won’t just be harvesting new data, but also past data held in GP computer systems. 

It has also made opting out much harder, with reams of documents to read through before you find the actual link for doing so. And hidden in there is the fact that if you later decide to opt out, you cannot rub out the information already taken.

Cynically, this whole process is being launched in the middle of the Covid-19 pandemic, which civil servants should be working flat-out to overcome, in the hope that everyone is looking the other way.

The Information Commissioner’s Office has advised that every practice must perform a data protection impact assessment because mass extraction ‘is likely to result in a high risk to individuals’. Have you got time? Are you happy to be held responsible if those who fail to opt out later take you to court?

You don’t have much time, despite the recent delay. So, I think GP practices should watch out! Big Brother is coming for you again.

Dr Gordon Gancz is a retired GP in Oxford, lecturer in catastrophe medicine and Ebola in London, and emeritus fellow and senior clinical lecturer at the University of Oxford

READERS' COMMENTS [3]

David jenkins 21 July, 2021 10:17 am

who do you trust more ?

Dr Gordon Gancz is a retired GP in Oxford, lecturer in catastrophe medicine and Ebola in London, and emeritus fellow and senior clinical lecturer at the University of Oxford

or……………..jeremy hunt and his cronies ??

i rest my case your honour !

terry sullivan 22 July, 2021 11:29 am

its all part of the reset agenda–been in pregress for years

Kosta MANIS 24 July, 2021 1:31 pm

Dear Dr Gancz,
Thank you for your well-researched article.
I wonder if you could throw some light on some aspects of GPDPR that have given rise to speculation.
What precise date will be extracted from GPs’ patient records (adults and children)?
Is data extracted truly anonymised or can data be linked to individual patients? NHS Digital has the key to unlock patient data so that each subsequent daily extraction of data from GP records is matched correctly.
Is NHS Digital allowed to share or sell the data with other organisations, such as commercial organisations, private providers, insurance companies, other government departments, drug companies, big data firms, police and security services?
When recently a select committee on the subject, chaired by Jeremy Hunt, was asked those very questions, the answers were far from clear.