14 minute read
Data Watch: The NHS Digital Database
from BSA Today Issue 11
by bsatoday
Article | Stuart Walsh, Chief Information Security Officer at Blue Stream Academy
A new scheme which will see NHS Digital collate patient data from GP practices into a centralised database that was originally scheduled to be introduced in July 2021, and was subsequently delayed until September 2021 amongst significant controversy, has now been postponed indefinitely.
Advertisement
This announcement was made just as this issue of BSA Today was all set to be signed-off. As this Data Watch article focused on the NHS Digital database and the controversy surrounding it, we have chosen to publish it in full below, followed by the letter from Parliamentary under Secretary of State for Primary Care and Health Promotion, Jo Churchill, announcing the postponement.
What is it?
The General Practice Data for Planning and Research (GPDPR) System, as it is formally known, will involve the transfer of GP medical records from the last 10 years into a centralised database.
Why is this Data Being Shared?
The data gathered on a national level can provide crucial information to support healthcare planning and research leading to better treatments and improved patient outcomes.
This data is already collected centrally for hospital patients; however, given the scale, frequency and number of conditions treated, researchers believe this additional information could provide exponential benefits.
Simon Bolton, CEO NHS Digital
Given the experience of the COVID-19 pandemic, this could prove to be vital in ensuring that the NHS can identify and protect the most vulnerable members of society, whilst reducing the long-term impact on the country as a whole.
What Data Will be Collected?
Data may be shared from the GP medical records about:
• Any living patient registered at a GP practice in England when the collection started; this includes children and adults.
• Any patient who died after 1 September 2021 and was previously registered at a GP practice in England when the data collection started.
• NHS Digital will not collect patients’ names or addresses. Any other data that could directly identify patients (such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.*
NHS Digital will collect:
• Data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.
• Data on sex, ethnicity and sexual orientation.
• Data about staff who have treated patients.
NHS Digital does not collect:
• Name and address (except for postcode, protected in a unique coded form).
• Written notes (free text), such as the details of conversations with doctors and nurses.
• Images, letters and documents.
• Coded data that is not needed due to its age; for example medication, referral and appointment data that is over 10 years old.
• Coded data that GPs are not permitted to share by law; for example certain codes about IVF treatment, and certain information about gender reassignment.
*This process is called pseudonymisation and means that patients will not be identified directly in the data. NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.
Why Has the Scheme Been so Controversial?
Back in 2016 a similar scheme called Care.data was abandoned when reviews by Dame Fiona Caldicott and the Care Quality Commission (CQC) raised concerns that the public information campaign explaining its use was not clear enough and did not reach everyone.
Critics have voiced the same concerns with the new scheme, with organisations such as the British Medical Association (BMA) and the Royal College of General Practitioners (RCGP) arguing that the public had not been provided with enough information, were not aware they could opt-out, or what the process was to do so.
In a joint letter, the BMA and RCGP said: “Individual practices have had no choice in this collection and cannot be responsible for ensuring patients are appropriately informed. We would ask that NHSD reconsider your stance on this and take immediate action to run a public information campaign.”
Additionally, whilst NHS Digital has stated that the data will never be used for advertising, insurance, marketing or promotional purposes, there are important questions being asked regarding the third-party organisations that may have access to this data, how they will use it, and how it will be safeguarded.
These concerns aren’t unwarranted. Back in November 2015, the health records of NHS patients held by the Royal Free London Trust were transferred, without explicit consent from patients, and in a way that was found not to fully comply with the UK’s Data Protection Act, to Google DeepMind. Around the same time, personal data from NHS patients were shared with the Home Office to trace individuals tagged as “potential immigration offenders.”
And, in 2019, it was revealed that international pharmaceutical companies had obtained access to NHS patient data. More recently, the involvement of big data company Palantir in the NHS COVID-19 datastore has generated significant controversy.
How Can Patients Opt-out?
Type 1 Opt-out - Opting out of NHS Digital collecting your data.
Patients who do not want their data to be shared outside of their GP practice for purposes other than direct care must opt out by completing a Type 1 Optout Form and returning it to their practice prior to 1 September 2021.
Whilst it is possible to opt-out after this date, data from the past 10 years may have already been transferred.
Type 2 Opt-out (also known as National Data Opt-out) - Opting out of NHS Digital sharing your data.
This applies to identifiable confidential patient data concerning health (including GP, hospital and other data) and the process was implemented on 25 May 2018.
Patients who do not want this data to be shared by NHS Digital for purposes other than direct care should register a National Data Opt-out.
If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do
so, such as helping to manage contagious diseases like coronavirus. From 1 October 2021, the National Data Opt-out will also apply to any confidential patient information shared by your GP practice with other organisations for purposes except your individual care.
It won’t apply to this data being shared by GP practices with NHS Digital, as it is a legal requirement for GP practices to share this data with NHS Digital and the National Data Opt-out does not apply where there is a legal requirement to share data.
What do we Need to do as a GP Practice?
Under the UK General Data Protection Regulation (GDPR), GP practices have a legal obligation to provide patients with information about the data they are sharing with others.
FYI: NHS Digital has produced the following statement which GP practices can add to their current privacy notices:
Practices are also advised to provide communications to their patients about the new system via, for example, newsletters, posters, social media, and waiting room screens.
Data will only be provided to NHS Digital by your GP system suppliers after the practice has confirmed with the system supplier that they have complied with the Data Provision Notice.
The practice will need to register Type 1 Opt-outs (or a withdrawal of the Type 1 Opt-out) in their system. The codes you need to use to register or withdraw the Type 1 Opt-out are:
Stuart Walsh
Chief Information Security Officer at Blue Stream Academy
As the Chief Information Security Officer (CISO) for Blue Stream Academy, Stuart provides an article for each issue of BSA Today to highlight how we strongly believe that promoting better information security practices improves the threat landscape for all organisations that work alongside us.
Letter from Parliamentary Under Secretary of State for Health and Social Care to General Practices in England - 19 July 2021
“The following statement recently issued to all General Practices in England, and the indefinite delay in the implementation of the GPDPR system, will be welcomed by many and not just the highly vocal critics; even some of the biggest proponents of the sharing of patient data acknowledge that the scheme requires further consultation and must be better communicated to patients.” - Stuart Walsh, CISO.
Dear GP colleague,
General Practice Data for Planning and Research
Patient data from general practice has significantly contributed to the improvement of health and care services and treatments for many years. Patients rightly trust their GP to safeguard their data, a role that we know that all general practitioners take very seriously. This is why I am writing to share more information with you about how we are working to improve how this data is collected.
NHS Digital is making improvements to how data is collected from general practice, with a new framework for data extraction called the General Practice Data for Planning and Research (GPDPR) collection.
You will have seen the announcement to pause the collection of this data, to provide more time to engage with GPs, patients, health charities and others, and to strengthen the plan.
We are working in collaboration with a range of partners including the Royal College of General Practitioners (RCGP) and the British Medical Association (BMA). I want to reassure you that we have heard your concerns loud and clear and will continue to listen.
I am writing now to provide an update on the four key areas of work to strengthen the plan. We hope this will foster your trust in the system and provide a strong basis for you and your patients to participate in the scheme with confidence.
Most importantly, I can confirm today that, while we are continuing to work on the infrastructure, and communication for the project, we are not setting a specific start date for the collection of data. Instead, we commit to start uploading data only when we have the following in place:
● the ability to delete data if patients choose to opt-out of sharing their GP data with NHS Digital, even if this is after their data has been uploaded;
● the backlog of opt-outs has been fully cleared;
● a Trusted Research Environment has been developed and implemented in NHS Digital;
● patients have been made more aware of the scheme through a campaign of engagement and communication.
In this letter each of these adjustments are set out, all of which are critical to the success and impact of the programme, including through better understanding of the huge benefits the programme will have to the NHS and to our ability to provide the best and safest possible care for patients.
Opt-outs
We want to make the position around opt-out much simpler. While 1st September has been seen by some as a cut-off date for opt-out, after which data extraction would begin, I want to reassure you that this will not be the case and data extraction will not commence until we have met the tests.
We are introducing three changes to the opt-out system which mean that patients will be able to change their opt-out status at any time:
- Patients do not need to register a Type 1 opt-out by 1st September to ensure their GP data will not be uploaded;
- NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt-out;
- The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the new arrangements up and running, and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian.
Together, these changes mean that patients can have confidence that they will have the ability to opt-in or opt-out of the system, and that the dataset will always reflect their current preference. And we will ensure it is easy for them to exercise the choice to optout.
Administrative workload
We have heard from many GPs and practices that there is concern about the administrative burden that Type 1 opt-outs have placed on you and your teams. We are in the process of working with colleagues across general practice to develop a way of simplifying and centralising the opt-out process in order to remove this burden on practices. This is still in development, but we will share further information with you in the coming weeks.
In the meantime, given the changes we have agreed to the opt-outs there is now no urgency to process Type 1 opt-outs specifically for GPDPR in order to get people opted out before September. We will keep you updated on timelines for when we expect the programme to go live.
We will also ensure that the NHS Digital Data Protection Impact Assessment (DPIA) reflecting these changes to the programme is published well before data collection commences. A template DPIA for practice use will also be made available in good time to allow practices to complete it.
Data Security and Governance
The Government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study. This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected.
The TRE will be built in line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service.
We are also committed to adopting a transparent approach, including publishing who has run what query and used which bit of data. We are developing a TRE which will meet our specific needs and act as “best in class”.
We commit to only begin the data collection once the TRE is in place. Further, we will ensure that the BMA, RCGP and the National Data Guardian have oversight of the proposed arrangements and are satisfied with them before data upload begins.
I can also confirm that the previously published Data Provision Notice for this collection has been withdrawn.
Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.
Transparency, communications and engagement
There has been a great deal of concern regarding the lack of awareness amongst the healthcare system and patients. We recognise that we need to strengthen engagement, including opportunities for non-digital engagement and communication.
Since the programme has been paused, we have been developing an engagement and communications campaign, with the goal of ensuring that the healthcare system and patients are aware and understand what is planned, and can make informed choices. The public rightly look to and trust general practice - through a centrally driven communication campaign, with clear messages, we will seek to ensure that the introduction of this collection does not impose an additional burden on practices.
We are developing a communications strategy delivered through four phases.
● Listening - where we listen to stakeholders and gather views on how best to communicate with the profession, patients and the public and give them the opportunity to inform the development of the programme in areas such as opt-outs, trusted research environments and other significant areas;
● Consultation - a series of events where we can explain the programme, listen and capture feedback and co-design the information campaign;
● Demonstration - show how feedback is being used to develop the programme and shape communications to the healthcare system and the public;
● Delivery - of an information campaign to inform the healthcare system and the public about changes to how their GP data is used, that utilises the first three phases to ensure the campaign is accessible, has wide reach and is effective.
Data saves lives. The vaccine rollout for COVID-19 could not have been achieved without patient data. The discovery that the steroid Dexamethasone could save the lives of one third of the most vulnerable patients with COVID-19 – those on ventilators - could not have been made without patient data from GP practices in England. That insight has gone on to save a million lives around the globe. That is why this programme is so important.
The programme and I will be providing further information as the programme progresses. In the meantime, if you have any questions, you can contact the programme at enquiries@nhsdigital.nhs.uk.
The NHS Digital web pages also provide further information at https://digital.nhs.uk/dataand-information/data-collections-and-data-sets/data-collections/general-practice-data-forplanning-and-research#additional-information-for-gp-practices.
Thank you for your continued support.
JO CHURCHILL
Parliamentary under Secretary of State for Primary Care and Health Promotion
