Data & DeceptionThe Government’s Grab of GP Records Violates Our Trust
Phil Booth explains why we should be worried about the Government’s attempt to quietly share our GP data
Since Byline Times broke the story of the Government’s latest health data grab, thousands of people have opted-out of having their GP data shared. But the way the situation is being handled by NHS England and NHS Digital remains deeply worrying.
GP data is the most valuable healthcare data around; far richer and more complete than other forms of healthcare information. People have a unique relationship with their GPs, who hold information about individuals that is long-lived and detailed – requiring and creating a trusted relationship.
NHS Digital – which describes itself as “the national information and technology partner to the health and social care system using digital technology to transform the NHS and social care” – needs to understand that, if people are not told what is intended to be done with their data, are told only part of the truth, or not made aware of commercial exploitation, then there is a risk of losing the trust that is essential in healthcare.
The last time the Government tried a mass grab of data from patients’ GP records in England in 2014, there was an outcry among patients and medical professionals, with millions of people opting-out. That programme – ‘care.data’ – was covered extensively in by the mainstream media and repeatedly scrutinised by Parliament. There was even an inquiry into how patients’ data was being sold.
Yet, in 2021, a scheme to take even more personal, sensitive data – with less time for people to opt out (twice) – is being quietly introduced during a pandemic. The Government is even placing the effort of informing patients onto GPs while doctors themselves are busy delivering vaccinations, as well as all the other care they provide to people daily.
Perhaps the lesson the Government learned from care.data was that it is best to say nothing when you do not want people to exercise their rights.
Perception of Deception
Research on understanding patient data has shown that the two conditions which most significantly affect people’s feelings about the use of their data are: whether their permission has been sought; and if commercial interests are involved.
Companies understand the value of such data, and it seems as if the Government does not want patients to understand their choices.
NHS patients’ GP data is arguably one of the single most valuable personal data assets in the world, providing generational data of every meaningful medical event recorded about tens of millions of patients, from cradle to grave. Of course, some of this value can be realised through legitimate, ethical research. And no one disputes that statistics derived from the data can help in planning and improving health and social care systems.
But, in order to achieve these goals, the Government and the NHS must maintain the trust that is absolutely fundamental to a functioning healthcare system – which requires both doctor-patient confidentiality and public confidence.
If the Government fails to communicate what is about to happen to people’s most sensitive personal data, and fails to clearly explain their choices and provide them with the means to exercise these choices, the entire process risks being mired in a perception of deception.
As with care.data – and subsequent health data scandals – it is trust that is the biggest issue and the biggest risk. If patients cannot trust that their private information – expressed to their doctor in confidence – will be kept private, some may decide not to say anything at all, thereby putting their own health and possibly even the wider public health at risk.
On its friendly ‘advice for the public’ page, NHS Digital states: “We have designed the collection with many safeguards in place to protect the privacy of patients, including removing all personal information that would directly identify patients before data is shared with NHS Digital.”
The data that NHS Digital says it doesn’t collect – names and addresses – is data that NHS Digital already holds, so it doesn’t need another copy. Indeed, this information allows GP data to be linked to other data about patients that NHS Digital or its customers have gathered elsewhere.
Quite aside from the erosion of trust, it would take just one large-scale breach of this data and criminals would have as long as they like to re-identify as many people as they can in the data set – in the process obtaining intimate, sensitive or potentially embarrassing details about millions of people.
medConfidential has produced a point-by-point rebuttal of the ‘FAQs’ published for the 2021 GP data grab.
You, the patient, have a legal right to opt-out of the extraction and commercial exploitation of your GP data by 23 June 2021.