NHS Digital GPDPR medical database plans criticized by Royal College of GPs, privacy advocates (updated 8 June)

What our UK Readers may have missed on the long bank holiday weekend. And why this matters outside the UK.  NHS Digital is being roundly criticized by privacy advocates, the Royal College of GPs (RCGP), the Doctors’ Association UK (DAUK), and individual GP surgeries on plans for creation of the General Practice Data for Planning and Research (GPDPR).

The GPDPR will compile information on 55 million patients–every patient in England registered with a GP surgery–into a database available to academic and commercial third parties for research and planning purposes. NHS has been collecting patient data on patients in a database, the General Practice Extraction Service (GPES), for the past decade. The GPDPR will replace it. Data collection on patients in England starts 1 July. What will be collected is at the end of this article as background.

The objections center on the sensitivity of the data, the short window of notification to patients, the lack of a clearly notified opt-out with sufficient time, and how it will be used.

  • The data apparently can include mental and sexual health data, criminal records (!), and other sensitive information. 
  • The short time–six weeks–between the announcement in late April (a low key affair with Matt Hancock-signed blog posts on the NHS Digital website, YouTube videos, and flyers at GP surgeries), and the start of data collection from the surgeries
  • How many patients are actually aware that this is happening and of their options is debatable. (See next two bullets)
    • If a patient didn’t pick up on it in the six-week window ending on 23 June (and go to the page with the Type 1 Opt-Out), a patient can opt out for data going forward, but cannot withdraw any data collected into the database prior to that date.
    • If a patient is in the National Data Opt-out program, their medical data will be collected anyway, since it applies to only identifiable and confidential patient information.
  • Many GPs are concerned about further erosion of the physician-patient relationship and the lack of communication to patients on how the data will be used, the ethical questions around the organizations to which it will be sold, and how patient privacy will be preserved.

The blackest mark here on NHS Digital is that the groups ostensibly involved in the development of the database–the RCGP and the British Medical Association (BMA)–are the ones sounding the alarm, along with the aforementioned DAUK and privacy groups such as MedConfidential and Foxglove. There is also a rebellion starting among London GPs. Reportedly, 36 doctors’ surgeries in Tower Hamlets, east London, will withhold data. An email is circulating to about 100 surgeries in north London questioning the legitimacy of the NHS data collection. This is despite penalties if they don’t submit.

Why does this matter if you’re not in England? Medical data–collecting, manipulating it, connecting it, finding insights, and selling it–is the Gold Rush of the 2020s. Pharma and payers as markets are just the start. Nearly every Roundup or deal this Editor covers has companies with a chunk of this gold rush. Why are telehealth companies worth their IPO/SPAC/funding prices? Why is McKesson ‘big banging’ four separate businesses into one division? Why do we follow ‘data warehouses’ like Sensyne [TTA 26 May],  Mayo Clinic’s big bet on a multi-line Remote Diagnostics and Management Platform [TTA 23 Apr], and virtual pharmacies like Capsule?  Why are insurtechs like Oscar and Bright Health hot? Why is it the #1 target of hackers?

It’s not altruistic. Services can be duplicated. Companies can be a hair away from failure. But ah, their data…the data has huge market value, even if its potential is not fully understood yet. Ask any data analytics person. Ask China, probably the most aggressive nation in collecting the health and personal data of its citizens, with Chinese capital for years now leading investment in global health tech companies.

In an article back in October 2015, this Editor described the many ways that deidentified patient data, in this case genomic data, can be identified by researchers through cross-checking via research database “beacons”, a network of servers. Referring to the 23andme and Ancestry.com collection of innocently given genomic data from consumers, this Editor proposed a Genomic Bill of Rights in 2018 and again in 2020. If this Editor, no data geek, can deduce it (hat tip to Toni Bunting back in 2015), this information has to be well known to researchers and to privacy advocates.

The controversy is just starting to ramp up. And it should. It’s about time there was a reckoning. The Guardian 30 May, 1 June

More background. According to the NHS Digital page on the GPDPR, patients will be anonymized by a process where de-identification software will replace their NHS Number, date of birth, and full postcode with unique codes produced by de-identification software. The data collected from GPs in England starting 1 July will be on:

  • any living patient registered at a GP practice in England when the collection started – this includes children and adults
  • any patient who died after 1 July 2021, and was previously registered at a GP practice in England when the data collection started
  • data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health
  • data on sex, ethnicity and sexual orientation
  • data about staff who have treated patients

What will not be collected:

  • name and address (except for postcode, protected in a unique coded form)
  • written notes (free text), such as the details of conversations with doctors and nurses
  • images, letters and documents
  • coded data that is not needed due to its age – for example medication, referral and appointment data that is over 10 years old
  • coded data that GPs are not permitted to share by law – for example certain codes about IVF treatment, and certain information about gender re-assignment

However, “NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.” General language which gives digital privacy advocates fits. It surely seems that all a hacker needs do is to crack the conversion coding.

Hat tip to Roy Lilley’s NHSManagers.net newsletter of Monday 7 June for linking to this article. Subscription is free here. If you’re concerned with UK healthcare, you should subscribe.

Categories: Latest News, Opinion, and Soapbox.

Comments

  1. Judith Joy

    I do not trust the government to respect anything pertaining to personal privacy and human rights and whilst agreeing the importance of data sharing within a publicly owned and accountable NHS is essential for the best treatment, we no longer have this NHS. The Tory stated aim to destroy the NHS within 5 years has happened with the false god competition ending the vital cooperation which enabled our NHS to be the most economic and most successful health service in the world. Why on earth would they stop putting profit before patients as they see their privatisation plan come to fruition. I despair for my children and grandchildren.

  2. Bruce Elliott

    The public should be first encouraged to view and understand what of their own ‘data’ is being shared and how it could possibly benefit them. The communications around this issue have been woeful for many years and sadly show no signs of improvement. I’m a Type 1 Diabetic and should benefit from the use of my ‘data’ but because organisations like DiabetesUK don’t seem to be involved in the conversations, decision making and communications around this it irritates me intensely. This could be done so much better

Leave a Reply

Your email address will not be published. Required fields are marked *