The Government Wants to Sell Your GP Medical Records.
It's about the plan by NHS Digital to collect patient data from 1 July 2021.
The article seems to be a combination of good background and what-if-ery. It describes the debacle that was the care.data project with which this NHS Digital scheme seems to have a lot in common. I know I was one of the 1 million who opted out, in large part because there seemed significant potential for data to be sold for commercial purposes.
The NHS Digital project seems to have caught people by surprise, so much so that they have this on their Mythbusting page,
Three years is a long time ago and those posters and leaflets are in medical environments where those not receiving medical care were unlikely to have seen them. It also means that anyone not living in the UK at that time has no idea of the proposals. So I understand why many are concerned.Why have I not heard about the national data opt-out before?
When the national data opt-out was launched in May 2018 there was a full public campaign. This included national media activity and posters and leaflets in a range of health settings including GP practices, dentists, hospitals and pharmacies. These posters and leaflets are still available in these settings. There is also a section on the public-facing NHS website here: nhs.uk/your-NHS-data-matters
The concerns are that patient data will end up being sold and that the data will not be kept safe. From the article,
While the concerns are valid there doesn't really seem to be much to go on and it feels like it's verging on scaremongering. NHS Digital do charge admin fees to access the data but it looks like access is largely restricted to non-commercial uses. Commercial requests must "clearly demonstrate how this benefits the health and social care system" but who knows how significant those benefits have to be before access is granted.Like the Office for National Statistics and Genomics England, NHS Digital does now have what is known as a ‘safe setting’ – a secure data processing facility with layers of rules, approvals, protections and monitoring. But the Government has not made it mandatory for patients’ GP data to only be accessed via this highly secure, heavily audited environment. And so, in all likelihood, NHS Digital’s customers will continue to buy copies.
NHS Digital does audit some (but not all) of its customers which receive copies of data. Several of these audits have revealed that, not only do organisations break the ‘protections’ in place, but that these do not stop them from getting data once they have been broken. Some of these protections are legal obligations, but audits have shown that one public body did not even conduct a legally-required data protection impact assessment.
So my questions are:
1) Is this scaremongering?
2) How can NHS Digital gain access to our GP-held patient records without getting our consent? I thought GDPR prevented this sort of thing?
3) Should we opt out?