How the NHS records and uses information
Brief guide on what happens to information in GP surgeries, and how patients can benefit and also protect their personal data
- GP surgeries hold full medical records of all NHS patients on their lists. Visits to other NHS services (Accident & Emergency, physiotherapy, in-patient wards & out-patient clinics, etc.) hold records of visits & treatments.
- Records are held electronically. They are routinely updated to databases including thsose held by the Health and Social Care Information Centre (HSCIC)
Benefits of sharing data
- Individual health, so patients get the best possible care, taking into account their medical history. This includes on-going diseases such as diabetes, current prescription drugs, & allergies.
- Audit, so NHS makes best use of resources. For example, how does wait to see a physiotherapist after a fall effect the total number of GP and other visits.
- Research, so that best drug or other treatments can be found.
Since all three reasons provide benefits to individual patients and the community, transfer is automatic. However, patients have the right to prevent their data leaving the GP surgery, known as ‘opting out’
Sharing data for audit and research care.data
- The main data base for this is care.data. A google search leads to a very complex web site with multiple links for patients and doctors. It includes links to the official leaflet “Better Information Means Better Care” delivered to every doorstep in England at great expense. that document lacks key information and does not clearly describe the options available to patients, or their consequences. I recommend NOT using “Better Information Means Better Care” delivered, but the web site is: care.data.
- Meanwhile, the Health and Social Care Information Centre (HSCIC)produce a somewhat better glossy paper leaflet, ‘How information about you helps us to provide better care’, available in many GP surgeries. It is shorter and clearer. It still does not say where the data is stored. Nor does it clearly explain the options of sharing anonymously or not sharing at all. It is not easily available on the HSCIC web site, but a copy may be downloaded here: HSCICleaflet
- An appropriate form should be available in GP surgeries. Each surgery produces its own form, so it can keep records of patient decisions. The format should be clear and simple, e.g. HSCIS_OptOut_GPform
Reasons for staying OPTED IN to care.data
- Making sure your GP practice is being fairly monitored and audited. A GP practice with many patients opted out may be able to conceal poor performance. This applies to private, as well as NHS practices. this may be why some private medical companies are so keen to persuade pateints to opt out
- Making sure research includes ALL the relevant data. Many patients opting out will mean a longer time to find new drugs and a longer time to find bad side effects. This means that pharmaceutical companies will be able to make money from ineffective or dangerous drugs for longer, e.g. COX2 inhibitors.
Privacy and Security Issues
My personal data will be revealed legally, or sold?
- Not possible. All research projects, private or public, require Research Ethics Committee approval. This is only given if researchers have to get signed consent of patients for access to their medical records.
- Selling my data? No. There are processing charges for obtaining data if the request is complicated. However, these apply only if the extractions has been approved. This ensures that personal data cannot be accessed by insurance companies, drug companies, banks etc. Note data is not useful to insurance companies, as they can earn much more from not paying out on claims where people have not disclosed key information (e.g. travel insurance, not infrequent)
- Exceptions? The only exception is section 251 approval for data where it is impractical to obtain consent because tracing the patients is impossible or would be very costly. This might occur when researchers want to follow up a trial that finished many years ago, to find long term effects of a drug. In some cases, personal identification is needed only to contact people so that they can give consent to accessing more personal data than their name & address. In this situation, researchers must apply to Confidentiality Advisory Group (CAG). They will give permission only if the research has also been approved by a Research Ethics Committee, REC. The web site lists all approved projects. So far, there has not been a single objection by a patient or their family.
- What about the police and social services? They will need a warrant, just like searching your house or confiscating your computer. They can get it from GP records anyway.
- What about the media? E.g. media finds out political candidate has had mental health problems, or has only 1 year to live. Or in custody battle 1 partner is shown as previously alcoholic. Such data may never be revealed legally as requests for data on a single named individual without their consent are always rejected.
Data will be accessed illegally: hacking, bribing officials, etc.
- Data security in the NHS is reputed to be at least as good as Internet banking.
- The care.data system is an extension of the Hospital Episodes Database, which has been operating for decades without any security breaches [unlike banks, Google, Amazon]
- All NHS health staff are bound by a professional code of conduct. They may lose their job or be ’struck off’ if they reveal data without patient consent.
- Data in organisations or with individuals who receive data should also be high. They have to sign a contract to both keep data secure and not to divulge to 3rd parties. Furthermore, EVEN if opted in to releasing personal data, patient has to agree separately for each project. If worried about security of , e.g. pharmaceutical company, can refuse.
- Data is safer with in GP surgery? Not a lot. Remember data is available to locum GPs and nurses as well as your the individually caring GP, who may patient personally. These locums can also see any personal comments that GP adds to your record, not available anywhere else.
Who benefits from mass opt out to care.data?
- Poorly performing GP practices, private and NHS. Practices will be invisible to audit. If your GP(s) are recommending opting out, consider what they have to hide
- Drug companies with poorly performing drugs, or drugs with bad side effect, especially if the drugs are expensive
- Private sector organisations that want to undermine the Office of National Statistics and truly democratic national databases
Sharing individual data with NHS Health Professionals
- The main database for this is Summary Care Records, it is limited to:
- Personal data: NHS number, name, address & postcode, date of birth.
- Key medical data: prescription, current disease(s), drug & other allergies
- Summary Care Records data can be accessed ONLY by NHS professional. It is NEVER used for research and is not available to private companies at any price.
- Reason to stay opted in: Opting out may have serious or fatal health consequences, for example if you are given a drug to which you are allergic.
Other Data Sharing
- GP surgeries often share data with other local NHS outlets that share the same computer software. They may have been sharing ever since the software was installed. It is good for patient health and has more information than Summary Care Records. Opt out is allowed, but rarely mentioned. Patient should ask GP if worried.
Declaration of Interest
- I am a Research Professor and member of an NHS Research Ethics committee
- I am committed to trying to ensure that data of the highest quality made available to all
- I believe that misuse of data should be tackled by good laws, not opting out
- I personally, will be staying opted in to all uses of my personal & other data.
- The information on this site is my personal interpretation of the regulations. If you spot any errors, please contact me urgently