1. Click here to sign the "Publish the NICE ME/CFS Guideline Now" petition.
    Dismiss Notice
  2. Guest, the 'News in Brief' for the week beginning 13th September 2021 is here.
    Dismiss Notice
  3. Welcome! To read the Core Purpose and Values of our forum, click here.
    Dismiss Notice

UK: NHS data sharing – deadline imminent

Discussion in 'Health News and Research unrelated to ME/CFS' started by Kitty, May 30, 2021.

  1. Kitty

    Kitty Senior Member (Voting Rights)

    Messages:
    2,134
    I'm not sure how widely known this initiative is, but NHS Digital is planning to scrape enormous quantities of data from UK patient records to share with third parties (it's not clear who these are, but they could well be insurance providers and other commercial interests). The data will be anonymised, but apparently codes will be used that can link it with individual records if there is a valid legal reason.

    Here is the FT's story about it:

    https://www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748

    And The Guardian's:

    https://www.theguardian.com/society...lans-share-patient-data-third-parties-england

    It is possible to opt out by sending a Type 1 opt-out form to your GP, but it has to be done by June 23. I think I've uploaded the form correctly, but if it doesn't work, there is a link in the FT article.
     

    Attached Files:

  2. Peter Trewhitt

    Peter Trewhitt Senior Member (Voting Rights)

    Messages:
    2,042
    Although in principle I support the use of pooled data nationally to improve services, it is also a matter of trust.

    I do not trust the current UK government to not make use of this data against my interests or not to sell it to private companies that will.
     
  3. Wonko

    Wonko Senior Member (Voting Rights)

    Messages:
    5,194
    Location:
    UK
    I have not been informed of this by my GP surgery, who you'd think would ask, given I have said no to every previous one of this type of thing.

    Therefore it is 'difficult' to trust them.

    I would have thought, given all the fuss they make about the confidentiality of patient records, that they would be less inclined to give anyone who thinks they can make, or save, money from having such access access.

    But no - it seems my records while being completely confidential should be given to anyone who wants them unless I say no, even when they don't bother mentioning they intend to give them away.

    and if I do say no then after a while they will start the whole thing again, just taking extra measures to make sure this pesky patient doesn't find out so can't object.

    Coz the thing is, they only need to 'win' once, and then my data is out there, but I have to stop them every time, until the next time, and the next, and the next........
     
  4. Kitty

    Kitty Senior Member (Voting Rights)

    Messages:
    2,134
    Our surgery campaigned quite hard against the last initiative a few years ago, and encouraged patients to opt out because the doctors felt the information would not be used in our interests. They even provided forms.

    I think they're too overwhelmed this time, though. And it appears that as long as they mention it on a website (one that most people will never have heard of, let alone visit on the off-chance that it might be interesting), that's the government's obligations met in terms of public consultation!
     
  5. Arnie Pye

    Arnie Pye Senior Member (Voting Rights)

    Messages:
    4,220
    Location:
    UK
    Absolutely 100% agree. I wouldn't trust the government (no matter who was in power, now or in the future) with my medical records. I think they'd sell it the instant they got their hands on it. Even if the data was anonymised I still wouldn't trust them. I remember the joke method of anonymising data they planned to use for care.data and they kept on saying how the data would be anonymised, but it was nonsense. I think the only thing they were going to remove was name.

    For info on data breaches see this link :

    https://medconfidential.org/for-patients/major-health-data-breaches-and-scandals/

    Oh, I forgot to include this link - the one about the current data sharing plans with all you need to know about how to keep your data private :

    https://medconfidential.org/2021/let-us-tell-you-about/
     
  6. Sarah

    Sarah Senior Member (Voting Rights)

    Messages:
    1,284
    Moved post

    General Practice Data for Planning and Research (GPDPR)
    https://digital.nhs.uk/data-and-inf...neral-practice-data-for-planning-and-research

    General Practice Data for Planning and Research: NHS Digital Transparency Notice
    https://digital.nhs.uk/data-and-inf...-digital-collecting-your-data-type-1-opt-out-

    Does anyone have any thoughts on the wording of the Type 1 Opt-out and information about it in relation to this GPDPR data collection on the NHS Digital Transparency Notice?

    The Opt-out relates to sharing of 'identifiable patient data' by the GP practice. However, the NHS Digital Transparency Notice says any data that could directly identify is pseudonymised before sharing with NHS Digital. According to NHS Digital:

    So it seems unclear whether the Type 1 Opt-out covers sharing of pseudonymised data.

    Informaton that could be used to identify (e.g., postcode, date of birth, NHS no.) is replaced with 'unique codes' before sharing with NHS Digital. So I would have thought this could validly be described as sharing of depersonalised data rather than of personally identifiable data / identifiable patient data, depending on the specific circumstances of the sharing.

    The Type 1 Opt-out says:
    The Type 1 Opt-out makes no reference to pseudonymised (or anonymised) data sharing.

    By my reading The FT article appears to be saying if you register a Type 1 Opt-out before 23 June (first data will be collected on 1 July), your records will not be scraped. However, I think these NHS Digital webpages and the Type 1 Opt-out are more ambiguous than this suggests. Does anyone have a perspective on whether registration of the Type 1 Opt-out is adequate to prevent the proposed data collection by NHS Digital?

    Not to suggest that registering a Type 1 Opt-out is not a sensible idea.
     
    Last edited by a moderator: May 31, 2021
  7. DokaGirl

    DokaGirl Senior Member (Voting Rights)

    Messages:
    2,463
    There seems to be move afoot everywhere to gather patient data, by other means as well; patient surveys for one.

    IMO, medical records are not confidential, even if that's what it says on the tin.
     
  8. Sid

    Sid Senior Member (Voting Rights)

    Messages:
    474
    How hard they fought to prevent the release of fully anonymised scores on various PACE questionnaires, making outlandish claims about the potential for being identified from your SF-36 score (lol) but this massive invasion of privacy and privatisation of healthcare data? No problemo.
     
  9. DokaGirl

    DokaGirl Senior Member (Voting Rights)

    Messages:
    2,463
    Good point! Once the shoe is on the other foot, as you say, "No problemo."
     
  10. Amw66

    Amw66 Senior Member (Voting Rights)

    Messages:
    4,708
    My understanding is that this is England and perhaps England and Wales.

    Health is devolved at the moment so this would not pertain in Scotland.
     
  11. Frankie

    Frankie Established Member (Voting Rights)

    Messages:
    55
    Location:
    Hampshire
    Since so few people are aware of this, those who do opt out are going to be noticeable. I intend to opt out but am concerned that my GP will think that it means that I am anti-science, in line with the way PwME have been portrayed. I barely know him but his attitude is difficult enough to take as it is and at any future appointment time would be too short for explanation. By the time I get in to see him, my brain wouldn’t function well anyway. Feels like I can’t win.
     
    MEMarge, EzzieD, lunarainbows and 4 others like this.
  12. Invisible Woman

    Invisible Woman Senior Member (Voting Rights)

    Messages:
    10,127
    Thanks for mentioning this @Kitty :thumbup:

    I had heard anything about it. I opted out previously and my health authority also have a data sharing scheme within the region and I opted out of that as well previously.

    The link for opting out online (it's in the 2nd article linked in the first post in thread) is

    https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/

    Note it asks for your 10 digit NHS number.

    I've just gone through the form and my previous choice of not permitting my data to be shared was acknowledged.

    I think I'll also print out the form and send it to my GP practice. Just in case.
     
    EzzieD, Wonko, Kitty and 1 other person like this.
  13. Kitty

    Kitty Senior Member (Voting Rights)

    Messages:
    2,134
    I did the same. And Type 1 opt-outs, which is the only one to use for this, are due to be phased out before too long – so there may be another hoop to jump through. :rolleyes:
     
  14. Andy

    Andy Committee Member (& Outreach when energy allows)

    Messages:
    14,054
    Location:
    Hampshire, UK
    Thanks for highlighting this, my wife and I have now sent off our opt-out forms.
     
  15. Kitty

    Kitty Senior Member (Voting Rights)

    Messages:
    2,134
    I saw this too, and checked whether signing the Type 2 form (a sort of global opt-out) gave better security. Apparently it doesn't, and Type 1 is the best for this particular exercise.

    I crossed out the word 'identifiable' on my form, as well as signing it. My GP is one of those who's campaigned against this type of sharing – or as she puts it, sale to the highest bidder. Since she knows a lot more about it than I do, I put in a note asking her to ask Shami (receptionist) to let me know if she thought editing the form might make it invalid, so I can drop off another one.

    I honestly don't think it will make any difference, or that anyone will even notice it. But yes, it did jump out to me as a slippery bit of wording.
     
    EzzieD, Wonko, Peter Trewhitt and 3 others like this.
  16. Sarah

    Sarah Senior Member (Voting Rights)

    Messages:
    1,284
    The Type 2 Opt-out was superceded by the National Data Opt-out in May 2018. I believe the National Data Opt-out refers to sharing of confidential patient information by NHS Digital for research and planning. The Type 1 Opt-out refers to sharing of 'identifiable patient data' by GP surgeries for purposes other than own care.

    For the impending GPDPR data collection, the Type 1 Opt-out is the Opt-out that it is proposed be submitted before 23 June to GP surgery - that is assuming it does have effect. Though doing both may not be a bad idea for those who wish to minimise the degree to which their data is shared.

    The General Practice Data for Planning and Research Directions 2021 states (my bolding):
    https://digital.nhs.uk/about-nhs-di...ata-for-planning-and-research-directions-2021

    I suspect irrespective of alterations or addenda to Type 1 Forms, surgeries will only have the option of registering the Type 1 dissent as is, or not registering it. A signed and dated addendum and cover letter explaining reasoning may still be a way to go if only to flag the ambiguity.

    There has been a bit more coverage in the Guardian:

    https://www.theguardian.com/society...e-to-hand-over-patient-details-to-nhs-digital

    https://www.theguardian.com/commentisfree/2021/jun/03/gp-nhs-digital-data-patients-records-england
     
    Invisible Woman, Kitty and Wonko like this.
  17. Sarah

    Sarah Senior Member (Voting Rights)

    Messages:
    1,284
    A pre-action letter has been sent on behalf of a coalition of five organisations (including Just Treatment, openDemocracy and the Doctors Association UK), and David Davis MP (Conservative). If the Opt-out deadline isn't extended, an injunction will apparently be sought.

    https://www.ft.com/content/a13225c8-b618-4ee4-ae16-a0e26829bc7b
     
  18. Arnie Pye

    Arnie Pye Senior Member (Voting Rights)

    Messages:
    4,220
    Location:
    UK
    Andy, Peter Trewhitt, Kitty and 3 others like this.
  19. Sarah

    Sarah Senior Member (Voting Rights)

    Messages:
    1,284
    @Arnie Pye Thank you for posting the other links. I don't hit a paywall for some reason.

    Some excerpts from the FT article
    https://www.ft.com/content/a13225c8-b618-4ee4-ae16-a0e26829bc7b
    NHS hit by legal threat over GP data ‘grab’

     
    MEMarge, Andy, EzzieD and 5 others like this.
  20. Sarah

    Sarah Senior Member (Voting Rights)

    Messages:
    1,284
    Annex A Specification Requirements to the GPDPR Direction 2021
    https://digital.nhs.uk/about-nhs-di...ata-for-planning-and-research-directions-2021
    Annex A has the following:
    So it at least appears DHSC draws a distinction between pseudonymised data and 'identifiable data' as it would otherwise presumably not be possible in their view to 'uphold the Type 1 Opt-out' whilst simultaneously sharing pseudonymised data.

    Pseudonymised data constitutes personal data falling within scope of UK data protection legislation. Whether it legally constitutes 'identifiable data' seems to be unclear, as individuals could be identified from pseudonymised data with the additional information an organisation holds to re-identify it, but could not be identified from pseudonymised data in isolation.

    As the blog below describes and as I understand it, the basis of the opt-out is ministerial direction rather than objection to processing under Article 21 of the UK GDPR.

    Looking at Snomed CT I found no codes for a broader dissent than the one that will be applied for Type 1 Opt-outs, i.e., Dissent from secondary use of general practitioner patient identifiable data.

    A reminder that if data is collected by NHS Digital before a Type 1 is registered, as Annex A puts it, 'the data collected before this will continue to be accessed and utilised as before. However, no further data will be collected from this record.' Opt-outs should be submitted to GP practices by 23 June to ensure registering before data collection commences on 1 July.

    This blog goes into the apparent legal basis of the collecting and the implications for the opt-out. (Right to erasure is Art 17 not 16.)

    Missing data protection safeguards with respect to NHS Digital’s national database of medical records
    https://amberhawk.typepad.com/amber...als-national-database-of-medical-records.html


    ETA: ICO Draft guidance 'Introduction to Anonymisation' [PDF]
    https://ico.org.uk/media/about-the-...862/anonymisation-intro-and-first-chapter.pdf

    Edited
     
    Last edited: Jun 8, 2021

Share This Page