The NHS Big Data Grab: Your GP Medical Records will be shared with Third Parties

In a few months, the UK Government will be collecting and compiling your NHS medical records into a central database that can be accessed by third parties. There are lots of potential dangers to this data sharing scheme that have been much less publicised than the benefits, such as a greater risk of data breaches.

We’ll break down what the UK Government plans to do with your NHS health data, why they want to do it and what the potential risks are if you don’t opt out by the 25th August deadline.

What is the UK Government’s NHS data grab?

The Government plans to collect the NHS electronic patient records of the over 55 million patients registered to a GP in England by 1st September 2021. The health records will be collected by NHS Digital, which runs the country’s healthcare IT systems.

This will be the biggest data grab in the history of the health service. A ‘data grab’ is the large-scale gathering of information about people often without their knowledge or consent.

There was an attempt to collect central GP health records in 2014 called the ‘care.data project’, but public outcry meant it was abandoned.

It seems like now, during a global pandemic, the same scheme that was abandoned in 2014 due to public backlash may be able to go forward.

What kind of data will be collected?

Information about your physical, mental and sexual health from GP surgeries will be collected. This data will include diagnoses, symptoms, allergies, immunisations and referrals as well as sensitive information about your sex, ethnicity and sexual orientation.

The medical data will be dated from the last 10 years and will be constantly updated. The data will not include names and addresses, except for a postcode which will be replaced by a unique code generated by de-identification software.

All collected data will be pseudonymised before it leaves the GP to stop patients being identified. However, this doesn't mean that all identifying information will be removed or that re-identification is impossible.

Who will have access to the data?

The pooled records in the database will be available to research bodies and organisations including: university researchers, hospital researchers, medical royal colleges and pharmaceutical companies researching new treatments.

Marketing and insurance companies won't be allowed access to this database but some private sector organisations will be able to see it, with permission.

What can I do?

If you’re a patient in the UK, the deadline to opt out of NHS data sharing is 23rd June 2021. You can use both options to opt out:

1. For medical records held at your GP practice, you need to complete this form.
2. For information held by the NHS Digital, you can opt out here.

You can still opt out after your data has been uploaded to the central database in September. The existing information will not be deleted but no new data will be collected. Due to the ‘public interest’ exemption of GDPR, your right to data erasure is lost whilst your right to opt out of data sharing can remain.

Why is the Government doing this?

They state that their aim is to help advance medical research and planning. But, if this were the sole aim, the data could be aggregated. Instead, the data is ‘pseudonymised’ which still allows for some form of re-identification. We’ll come onto this later.

Nevertheless, the UK Government maintains that the new data sharing system will reduce the burden on GP practices and be a valuable data source for pharmaceutical and public policy research. The idea is that this could help researchers develop new treatments and improve the monitoring of performance.

Since 1989, the NHS has been collecting data on patients and this collection has proved invaluable for certain health advancements. For example, this data played a key role in uncovering both the Bristol heart and Mid-Staffordshire scandals and provided some evidence needed to introduce targeted bowel cancer screening in 2006. The idea of the NHS Digital scheme is that this data would be extended to include what happens to patients when they are under the care of their GPs.

During the pandemic, patient data was used to assess how effective certain treatments were and to identify the groups that were most vulnerable to Covid-19. GP data has also been used to identify disparities in care for patients with learning disabilities and to improve services for diabetics.

How does the NHS 'data grab' affect patients?

Although NHS Digital has made some comforting promises about the security of this data sharing scheme, there are still four main concerns that may cause patients to want to opt out.

Firstly, the ‘website’s assurances of anonymity are worthless’. A study found that data can be very easily de-anonymised, by putting just a few data points together a single individual with that unique health record can be identified. The Government is not transparent about how easy it is to anonymise data on its website.

Secondly, a massive centralised database is difficult to secure against a serious cyber attack or an accidental breach. Given the huge value of health data, these NHS electronic patient records are likely to be a big target for hackers.

Thirdly, once the NHS data is shared and in control of a third party, there's no way to control how it’s used. There may be an ability to query the data under monitored conditions if it is shared but the holder remains in control.

Finally, there isn’t much transparency and public information available about the governance of access to the information and there’s no mention of any independent body responsible either to the public or to the medical professions. Similarly, there is a lack of public awareness and information about this scheme in general and so people may not opt out in time. The Government originally wanted the NHS opt out deadline to be the 1st July but the NHS called for a delay until August so that more patients could become aware.

What do doctors and other medical professionals think of the data grab?

There are lots of critics who urge patients to opt out of NHS data sharing. These critics include the British Medical Association and Royal College of GPs who issued a rare joint letter to express their ‘concerns about the lack of communication to the public’. They argue that any system should be ‘built around trust’.

Doctors also fear that the automatic transfer of medical records will undermine the trust patients have in them and many say the decision has been rushed . All 36 doctors’ surgeries in Tower Hamlets, East London, have agreed to withhold the data when collection begins. However, the refusal to share the data is technically a breach of the Health and Social Care Act 2012.

Other critics have pointed to the controversial involvement of US data broker Palantir in the analysis of other NHS data which began in March 2020. Palantir sorts through huge volumes of health data and analyses it for useful insights, patterns and connections. The company was founded with support from the US Central Intelligence Agency and has been linked to efforts to track undocumented migrant workers in America. Labour's shadow health minister Alex Norris also argued: ‘current plans to take data from GPs, assemble it in one place and sell it to unknown commercial interests for purposes unknown has no legitimacy.’

Is this legal?

In short, although the NHS Digital plan does not break any specific data protection laws, it doesn’t adhere to the principles that they were formed under.

In the case of the GDPR, 3 of its 7 key principles in particular seem to be challenged. These are:

1. Lawfulness, fairness and transparency: data must be processed lawfully, fairly and in a transparent way. But critics have raised concerns about the transparency of this scheme.
2. Purpose limitation: only use data for the purpose for which you collected it. It's not immediately clear why if you go to the GP to treat an illness this non-aggregated health data is shared with third parties.
3. Accountability: ‘the controller’ of data (a person, company, or other body that determines the purposes and means of the processing of personal data) is responsible for complying with the above principles. They must document how personal data is handled and the steps taken to ensure only people who need to access some information are able to.

It's important also to note the language that's being used. ‘Sharing’ and ‘selling’ data under the law are important differentiations. This scheme does not ‘sell’ data but ‘shares’ it with third parties for monetary gain. In a similar way to Big Tech companies such as Google and Facebook, by allowing companies access to a pool of data rather than directly selling each company an individual’s data record, the scheme avoids the illegalness of ‘selling’ sensitive health data.

Final thoughts

Ultimately, people want their sensitive health records to be with someone they trust. If you don’t fully trust that your health data will be safe, you can opt out of the data sharing today as we've outlined above.

Although there are many potential benefits to compiling and analysing masses of GP patient data, the fact that this data isn't aggregated before it’s shared with third parties seems to be motivated by profit. Additionally, the lack of transparency and public awareness about this scheme, as well as the condition to opt out before a deadline rather than opt in, appears to take away from patient control in unnecessary ways. We'll keep you updated!