The Government recently tried to rush through a massive upload of our sensitive healthcare data. On the 12th of May, they announced that the medical records of 61 million NHS England service users were set to be centralised into a new database as part of a scheme called the General Practice Data for Planning and Research (GPDPR) on the 23rd of June.
Thankfully, after a strong backlash, the NHS Data Grab has been pushed back until the 30th of August, giving patients until then to opt out and giving us a little more time to raise awareness around the issue.
What’s the problem?
According to NHS Digital, this data will be used to: inform and develop health and social care policy, plan and commission health and care services, take steps to protect public health such as managing the Covid-19 pandemic, enable research, and provide individual care in exceptional cases.
We should be clear that patient data can be incredibly useful and beneficial when used for these purposes with informed consent, but we should be equally clear that the use of such data should only ever be happening with informed consent. The NHS Data Grab is not that.
Quite apart from the reckless speed of the whole process, I have a number of concerns about the overall proposal, which hinges on three main issues. Firstly, the fact that the data will be pseudonymised but not anonymised, meaning someone could find out the name of the person the record belongs to. Secondly, the fact the Government refuses to clarify exactly how this sensitive data will be use and has failed to rule out indirectly selling it on to private companies. And thirdly, that the lack of transparency around the whole process risks undermining doctor-patient trust.
If a person’s data is not anonymised, there is a very strong risk they may not be willing to open up to their GP about issues they are experiencing and may undermine trust more generally.
Given that so far, information about this has only been shared online, there is a very real risk that many people with digital access issues – the elderly, the disabled, households without home internet access and those who do not have English as their first language in particular – cannot possibly have been given a chance to opt out.
I am also concerned to see that Palantir is being considered for a large role in data management.
Patient data should only ever be used in the public interest with informed consent, not exploited for corporate profit with minimal transparency. I’ll keep pushing to try and ensure they come up with a new proposal that reflects this and will call on the Government to stop the sell-off of our health data, ensure trust in GPs, protect patient confidentiality for the long term, and embark on a data protection impact assessment.
If you have any further questions about the NHS data grab, feel free to get in touch with my office: firstname.lastname@example.org