NHS data opt out program - Your data, your choice... what are you going to do?

NHS data opt out program, your data – your choice, what are you going to do?

This is a tough one. On one hand, we at QP are passionate about data, research and quality improvement. Some of us work in research, and we have all had post grad training in ethics, risk and patient rights. Health care research is important and it requires the access to and analysis of patient data to function properly. There is also a significant potential for growth and advancement from increasing this data pool. There is however, a significant issue related to handling patient data – from data breaches and misuse, to more dystopian futures of super powerful corporations harvesting all of our data for their own gains – it is no secret that Amazon, Google and Facebook have all made steps to maximise the amount of personal data they have access to in order to sell personalised advertising.

On the 6th of April, NHS digital announced on their website their intention to collect all GP practice personal identifiable data about patients and their children for research purposes, as well as health and social care and public health reasons. They are about to get their hands on an extraordinary amount of patient sensitive and personally identifiable data from GP practices and it is their responsibility to ensure that the people who own that data are aware of this move, know what will be shared and can opt out if they do not wish to partake.

The plan is to gather the personal medical records of approximately 55 million people in England from GP surgeries into a large centralised database. The news about this initially wasn’t making many headlines but there has been some traction since – particularly as more people are discovering that there is a deadline for when to opt out. This isn’t entirely correct, as there is no deadline for sending in a national opt out form online – but there is a deadline to tell your surgery you’d like to opt out – 23rd of June. This will be addressed a bit later.

NHS digital are responsible for ‘standardising, collecting and publishing’ patient data and other information from all across the health and care social system. This has traditionally been used for research and development, statistics and insights – producing indicators and, as they argue, to help partners in health and care monitor and improve the patients they see.


So what does this involve exactly?

NHS digital will collect data on for instance your sex, ethnicity and sexual orientation, clinical codes and data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals and recalls, and appointments, including information about your physical, mental and sexual health, in addition to data about staff who have treated you. They claim the data will be ‘pseudoanonymized’ – or ‘depersonalised’ using software to make it more difficult to identify you. It is worth noting privacy experts are saying this may not be sufficient as pseudoanonymisation is easy to reveal, and critics are worried the data could be misused by 3rd parties.

NHS Digital will in any case still be able to use the same software to convert the unique codes back to data that could directly identify you. Some data, such as fertility treatment and gender re-assignment records, will at the moment not be shared as GP’s are prohibited to do so by law.

NHS digital list the following as examples of where you’re information may be recoded to identify you:

  • where the data was needed by a health professional for your own care and treatment
  • where you have expressly consented to this, for example to participate in a clinical trial
  • where there is a legal obligation, for example where the COPI Notices apply
  • where approval has been provided by the Health Research Authority or the Secretary of State with support from the Confidentiality Advisory Group (CAG) under Regulation 5 of the Health Service Regulations 2002 (COPI) - this is sometimes known as a ‘section 251 approval’.

The data will be shared with a number of organisations, and the following are listen on NHS digitals website as examples: the Department of Health and Social Care and its executive agencies, including Public Health England and other government departments, NHS England and NHS Improvement, primary care networks (PCNs), clinical commissioning groups (CCGs) and integrated care organisations (ICOs), local authorities, research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies. Out of all of them the latter is perhaps what gives most people a sense of concern.

Data collection begins on the 1st of July – this allows 6 weeks since the original announcements. Many GP practices in London are refusing to share data with NHS digital in a hope to buy more time to educate their patients about the move being made. It is worth spending some time familiarizing yourself with this process. As one Tower Hamlet GP pointed out:

There’s an immense amount of good that can come from responsible and secure use of public data, public health records,”(…) however, our issue here with this particular proposal is that it’s been rushed through. There has been no public information campaign to inform the public about the plans, and in order to allow them to decide for themselves whether they are happy about it. Essentially what’s being asked for here is people’s entire health record, so everything that we’ve coded in people’s records from the time of their birth to the time of their death, including their physical, mental and sexual health, including their health-related concerns with family and work and including their drug and alcohol history.

Other political parties are joining the argument, with Labour asking NHS and health secretary Matt Hancock to pause plans for the roll out as this move could erode the trust between patient and GP.

It may be worth noting even if you did opt out NHS Digital will still share confidential patient information about you with other organisations when they have an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus.

You may be wondering how long each company NHS digital shares your data with will hang on to that data for. Other organisations with whom they share your personal data will keep it for as long as is necessary and as set out in the Data Sharing Agreement with that organisation. However, in order to find that information you will need to read each privacy notice on each company’s website.

Long story short – the future will require new applications of patient data, in order to fight disease, pandemics, and produce new and innovative treatments in the fight against current and emerging diseases. This giant collection of data is being presented as a solution - by gathering the personal and sensitive data of over 55 million adults and children into one central data base and sharing that information with public and private companies. It is worth being sceptical about moves like this, as companies are not as good at respecting decisions to not sell data. One website has been created to monitor that exact phenomena month by month, ‘theysolditanyway’ – the significant lists for the month of April showed that over 92% of opt out releases were ignored.

If you are happy with this move you don’t need to do anything, as it stands, surgeries will share this data without your explicit consent.  This decision should not be made lightly either way, sharing data is essential to promote research and innovation in health care, but privacy is important and all your personal medical history data will be accessible by a wide range of public and private companies. If you do not wish to proceed you have until the 23rd of June to register your decision for surgeries not to share your data. There are two ways of opting out:

Type 1 – you need to download this form online and email or post it to your GP surgery. This will tell your GP that you do not want your identifiable patient data (personally identifiable data) to be shared outside of your GP practice for purposes except for your own care. You may want to know this is the only option to use if you do not wish your own or your children’s data to be shared.

Type 2 - if you don’t want your confidential patient information to be shared by NHS Digital for purposes except your own care - either GP data, or other data they hold, such as hospital data - you can register a national opt out under the banner ‘make your choice’. You’ll need your name, dob and post code or NHS number.

This has been a brief overview, we have made every attempt to ensure the information is accurate but there are a lot of stories coming out on this every day. The decision is yours. 



Edit: events can change quickly, and in response to backlash from patients, GP’s and other interest groups the government and NHS digital have pushed forward the roll out until September to allow more time for dialogue. GP surgeries are still expected to be ready to roll out the plan by the 1st of July.