Opting out of the latest NHS data grab

The next three weeks will see a leaflet drop on over 20 million households. NHS England plans to start uploading your GP records in March or April to a central system, from which they will be sold to a wide range of medical and other research organisations. European data-protection and human-rights laws demand that we be able to opt out of such things, so the Information Commissioner has told the NHS to inform you of your right to opt out.

Needless to say, their official leaflet is designed to cause as few people to opt out as possible. It should really have been drafted like this. (There’s a copy of the official leaflet at the MedConfidential.org website.) But even if it had been, the process still won’t meet the consent requirements of human-rights law as it won’t be sent to every patient. One of your housemates could throw it away as junk before you see it, and if you’ve opted out of junk mail you won’t get a leaflet at all.

Yet if you don’t opt out in the next few weeks your data will be uploaded to central systems and you will not be able to get it deleted, ever. If you don’t opt out your kids in the next few weeks the same will happen to their data, and they will not be able to get their data deleted even if they decide they prefer privacy once they come of age. If you opted out of the Summary Care Record in 2009, that doesn’t count; despite a ministerial assurance to the contrary, you now need to opt out all over again. For further information see the website of GP Neil Bhatia (who drafted our more truthful leaflet) and previous LBT posts on medical privacy.

18 thoughts on “Opting out of the latest NHS data grab

  1. Just to be clear, this refers to care.data. This is different to the summary care record which, had it not been watered down so much, would have provided a useful way for clinicians to share data so eg A&e doctors would have known what treatment you’d had in the past (currently, unless you have been to that specific hospital before, Generally they have no info on a patient at all). It is also different to systems such as the medical information gateway which is designed to provide information sharing between clinicians (no selling involved in either scr or mig)
    Be careful what you opt out of… Otherwise how will anyone know eg you’re allergic to penicillin!

  2. Squelch41 – The penicillin argument is very low risk. What are the odds that a person allergic to penicillin will be taken ill and that person would not be able to state so?

    Is it really worth giving up the privacy of everyone just so that a very tiny minority don’t have an allergic reaction?

    When the data is uploaded our privacy has gone. The data is at risk from hacking, from unscrupulous employees (similar to police records misconduct), and of course from big pharma and the insurance industry.

    So certainly, go ahead and allow your confidential records to be out there at risk if you wish. But don’t force this on the general public.

    Ask them politely to opt-in rather than surreptitiously grabbing the information from them.

  3. They will know that you are allergic to penicillin because they will ask you, or they will ask your relatives, or you will wear a medalert bracelet that tells them of specific conditions.

    This is just fear mongering … and A&E doctors almost invariably address the condition you have presented with — even if they had them to hand, they just aren’t going to wade through all your notes to establish your entire medical history. Your notes matter a little more when you’re on the ward (or told to go and see your GP) when understanding what has been tried before and what has or has not worked before may affect the treatment tried now … but this data transfer has almost nothing to do with the actual care of any particular patient and certainly nothing to do with what happens when you turn up in casualty.

  4. For how many conditions is penicillin the default, emergency treatment? This is an entirely specious argument. Even for basic data like blood type, an A&E dept is far more likely to rely on their own contemporaneous test than on some third-party record that might or might not refer to this patient, might or might not be accurate, and might or might not be current.

    The “break glass” scenario is always trotted out in these circumstances… “if a patient is wheeled in unconscious, how can you find out if they’re allergic to something?”. But think it through: if a patient is wheeled in unconscious, how on earth do you establish which health records are theirs?

    The centralisation policy is a disgrace in almost every respect:
    – it doesn’t address a genuine patient care requirement;
    – it increases the threat to patient confidentiality
    – it increases the risk of treatment based on commercial incentive, rather than clinical necessity
    – it makes a mockery of the notion of informed consent.

    What’s more, in purely practical terms, I’ve had abundant evidence of hospitals being unable to manage a patient’s care data even within their own processes, systems and premises. I have no confidence that putting the data somewhere else will improve that state of affairs.

  5. Up until a year ago, I lived in England. I now live in Scotland, and expect to do so for the foreseeable future. Does anyone know whether my relevant medical records are now entirely Scottish (and so not covered by this data grab), or are there still elements which will be English?

    In the event that some or all of the data up to the point I registered in Scotland is covered by the English system, how would I opt out since I no longer have an English GP?

  6. Further to Jeremy W’s question, what’s the position of those who have moved outside the UK or the EU all together?

    It seems that there are at least three classes of “expat” who might be affected by this:
    – those who move to another country in the UK
    – those who move to a non-UK EU/EEA country
    – those who move to a non-EU/EEA country.

  7. I think, though I’m not sure, that if your are no longer registered with a particular GP surgery then your records as held by them would not be uploaded to care.data. Problem is that patients leave a surgery for a variety of reasons, and are not always deregistered, or not for a long time.

  8. 1) GPs are not part of the NHS, they are independent businessmen;
    2) The HSCIC is not part of the NHS – from their own website: “The Health and Social Care Information Centre (HSCIC) was set up as an Executive Non Departmental Public Body (ENDPB) in April 2013”

    I have no problem with you worrying about the data, but leave the NHS out of it. The Tories are finding it easy enough to steal healthcare from the poor without this sort of misinformation helping them out.

  9. Apologies if this is off topic for an article on medical data in England but can anyone clarify what the situation is in Wales, where health is one of the devolved policy areas. Are there equivalent or similar proposals or has the administration in Cardiff seen a bit more sense?
    I can’t see any reference to Wales on the medconfidential.org site. And my initial searches of the Welsh government website have not turned up anything.
    If there are to be substantial differences in the systems in England and Wales (and presumably Scotland and Northern Ireland) then presumably there needs to be some ongoing vigilance to ensure that those who move temporarily into England or have treatment there don’t have their data absorbed into the new regime without even the cursory consultation that is going on at the moment.

  10. Glad to hear the Welsh NHS aren’t selling us down the river yet, but how about those, who have lived in England before? My GP in London has 11 years worth of my records. I have registered with Welsh GP over a year ago, but what happens to my data in England? Do I still need to opt out?

  11. Alan – HSCIC still under Department of Health, Secretary of State in reporting terms. The Department of Health Informatics and NHS England budgets fund at least part of it. Plus some parts from the TechFund, and more. The Head of HSCIC Board is a state appointment. http://publicappointmentscommissioner.independent.gov.uk/wp-content/uploads/2013/10/OCPA-Annual-Report-and-Accounts-12-13.pdf

    Jeremy W – if you ever had treatment at another health provider, it may be that your data was stored at HSCIC since then, through the other historical or current commissioning sets, but it would depend where you were and their technology I imagine. GP data is being backdated only to April 1, 2013 – the date the Health and Social Care Act changes came into effect. There is no documented method in public domain I have found in last 6 months which permits deletion of any data held by HSCIC.

    The GP2GP system is also managed by HSCIC, which facilitates the electronic records transfer. Also note: Printing paper notes will still be a requirement for cross border
    (Scotland, Wales, Northern Ireland), sites that are not switched on with GP2GP and for any for any failed GP2GP transfers).
    So assuming your England GP had electronic records, I would imagine the scenario that data is entered to say you are leaving, and if where you go to can claim you and also uses GP2GP then they get your e-history, with some caveats, for example: Pathology results more than one year old, that remain unfiled or unactioned, are not transmitted in the GP2GP record transfer. The clinical responsibility still remains with the previous practice.

    Any paper records transfer would still work I imagine, as it did. But you would be best asking your practice(s) since there can be a number of different scenarios, for your own particular situation.

    theotherrob: assuming this is for paper records “if you have permanently left the UK, your GP health records will be sent to your NHS England Local Area Team and your hospital records will either be stored at the hospital that you attended or sent to a local archive. Following treatment, hospital records are kept for a minimum of eight years and GP records for a minimum of 10 years.

    Under the Data Protection Act (1998), you have the right to apply for access to or copies of your UK health records, even if you have moved abroad. Apply in writing to the record holder(s).” http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Pages/what_to_do.aspx – I don’t see any similar statement for electronic records held by HSCIC.

    There is certainly a lack of rigour to inform the consent of all patients whose records may be from since April 1, 2013 but now live abroad. University students, working, retired and many more. But of course, there is no need to obtain it if assumed, so little incentive to have a proper communications process either. Which is a shame, as we should all be engaged in finding out how the newly structured NHS needs our data, what it will be used for and how it will help shape the future landscape of healthcare in England. We will be expected to take even more responsibility for our own health -self care and chronic care with the backdrop and budgets of a Merged Health and Social Care provision in local authorities, and we will need to try to understand the implications of predictive medicine and its use with data, for ourselves as well as for our future generation.

    What that landscape may look like by 2016 and where data fits in, is to some extent found here, through innovation which we should try and understand: “In 2013/14, our primary focus will be to embed Innovation, Health and Wealth across the new commissioning system, deliver NHS England’s contribution to the UK Genomics Strategy and lead the NHS’s contribution to the UK Plan for Growth.”


    Squelch41 – whilst you are right that the SCR is different – the care.data extraction is taking different and similar data as the Summary Care Record – dependent on what patients opted to do with SCR back then. This care.data extraction as Prof.Andersson says above, overrules SCR decision as far as I am aware too, according to SCR spokesperson to me last Nov. So if you wanted to opt out you still need to speak to your GP practice manager or reception and see what are the rights next steps for you. The items being extracted by care.data also include medications, allergies and adverse reactions. (ie:pharma data alone back then, now lifestyle and clinical diagnoses as well – see the GPES extraction file for which items and how it works after the upload, so that the original primary data extraction file is deleted) Some data classed as sensitive records are omitted, but may be in the historical data or uploaded from elsewhere, through other commissioning sets, such as hospital visits and some should be anonymised in this sensitive context – it is not clear to me if only HSCIC or others help define what falls within sensitive now or in future: http://www.datadictionary.nhs.uk/web_site_content/cds_supporting_information/security_issues_and_patient_confidentiality.asp?shownav=1

    Demographic types of data are held (PDS) is the national electronic database of NHS patient demographic details such as name, address, date of birth and NHS Number. : http://systems.hscic.gov.uk/demographics/pds/contents


    I am awaiting from the CDO at care.data project confirmation whether it is possible to opt out of any care.data at all leaving GP surgery, or only whether one can opt out of identifiable data leaving the HSCIC, per the patient care leaflet. (without using the extreme of Section 10 DPA) I have asked the question if the only option to opt out from GP is that records will be uploaded without confidential identifiers, as is done for other SUS, but I am awaiting clarification on this. (The patient flyer : http://www.nhs.uk/NHSEngland/thenhs/records/healthrecords/Documents/NHS_Door_drop_26-11-13.pdf)

    Further, if one chooses to request the former, if this can co-exist with choice to opt in for only a SCR or not. ie: to have a clinical care record only, but no secondary uses from any of our other data held. I have looked at this for months, with great effort, and I still can’t see for certain. Will hope that clarity will be given soon, so we can at least understand properly what our assumed consent opts us in to.

    What is being extracted is publicly available. Note: newer versions may exist than this March 2013. The codes need to be read carefully so you do not assume everything listed here is extracted, some sensitive conditions’ data is not to be transfered in this care.data extraction: http://www.hscic.gov.uk/media/11703/Care-Data-Customer-Requirement-Summary—27-March-2013-NIC-178106-MLSXW/pdf/Care_Data_Customer_Requirement_Summary_-_27_March_2013_%28NIC-178106-MLSXW%29.pdf

    Bear in mind the real need for this data is Business Intelligence, not clinical care – that will explain why not everything in the record, like free text and other notes, is included. And the availability for research makes some additional use and benefit for the greater good or some potential for wealth generation from earnings, if perhaps limited in the big picture of spend to date. http://www.hscic.gov.uk/dles

    The major business objectives are: to support Clinical Commissioning Groups (CCGs) in improving outcomes and to support improvements in outcomes for directly commissioned services including primary care and specialised services, including rare diseases. In order to achieve these needs, data are required for all patients (subject to discussion on where a patient’s objection is upheld). The selection criteria (described in section 4 below) have been adopted to ensure extraction only of those data items needed to support these commissioning purposes.

    “SUS/PbR (payment by results) is mission-critical for the NHS, supporting acute activity and reimbursement information, highlighted in the NHS Operating Framework as the basis for payment for NHS-funded care.”

    Seeking truth, understanding and patient engagement: https://twitter.com/TheABB

  12. @TheABB: Thanks for that extremely comprehensive answer. It seems that, in summary, the situation is at least as muddy as it seemed from the earlier planning documents! Whether that is by design or through incompetence is left as an exercise for others …

  13. Re penicillin allergy. My mother had life threatening penicillin allergy and had a medic-alert bangle that stated this, hospitals were informed on each admission and they still managed to give it to her on 2 occasions 3 months apart. I don’t think giving them information makes a lot of difference.

  14. The leaflet, ’Better information means better care’, that will be dropping onto our mats in the next few weeks says:

    Details that could identify you will be removed before your information is made available to others, such as those planning NHS services and approved researchers. We sometimes release confidential information to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.

    The HSCIC website says:

    The HSCIC handles three different types of patient level data:

    1. De-identified data for publication – data that can be publicly disclosed as it has been anonymised and there is a low risk of individuals being identified.

    2. De-identified data for limited disclosure or access – data that has been through a process of pseudonymisation, however there remains a risk of individuals being identified.

    3. Personal confidential data – data in which individuals are identified, or there is a high risk of individuals being identified.’

    The HSCIC are particularly keen on promoting type 2 and 3. Their blurb offers ‘The Data Linkage and Extract Service…range of products which enable customers to access type 2 and 3 data. We can provide extracts from a range of individual and linked data sets and can add significant value to individual sets of data by combining and matching them at individual record level in a secure environment.’

    Anyone reading the leaflet would assume that their information was anonymised, but in a small number of cases the HSCIC might allow a few researchers to have ‘confidential information’. What this means is not explained. Is it ‘confidential information’ that is anonymised, whatever that means? (I have an image of Les Dawson in drag mouthing the unspeakable women‘s problems) Or does the ’confidential’ mean identifiable? It is the latter, but there is not mention that it will be sold and at a higher prise the more readily it can be identified with the patient.

    If the producer of the ‘product’ (i.e. the NHS patient) wants to find out what ‘is allowed by law and meets the strict rules that are in place to protect your privacy‘, they are going to be out of luck because the HSCIC, according to their website, have not had time to product any ‘Policies or Procedures‘. They have however had time to upload a very detailed fully costed menu of all the types of information and links they can provide their lovely customers in a ‘secure environment‘.

    There are lies, damn lies and statistics, but then again there are just damn lies.

Leave a Reply to Ross Anderson Cancel reply

Your email address will not be published. Required fields are marked *