National data guardian calls for dialogue on NHS Digital GP plans

Nicola Byrne, the UK’s national data guardian for health and social care, has called for more dialogue over the NHS Digital GP Data for Planning and Research (GPDPR) programme as concern spreads among the general public over the safety and security of their confidential medical data.

The programme will see all data held by GPs on their patients in England scraped into a “pseudonymised” database at the end of June 2021. The data store is intended to be used for healthcare planning and research purposes, and it may be shared with third parties such as research institutes and pharmaceutical companies where there is a legal basis to do so.

However, NHS Digital has drawn brickbats over the programme, with privacy experts criticising it for failing to adequately publicise the project, clearly explain people’s rights to opt out, and for placing a burden of additional paperwork on GP surgeries during a global health crisis. GPDPR is now also the subject of a legal challenge which may force it to be delayed.

In a statement, Byrne said: “I am continuing to listen to and talk with patient groups and the public to inform my discussions with system leaders. My focus is on encouraging the organisations involved to work together to make it sufficiently clear to the public how data will be used and kept secure, both now and in the future.

“As the recently established 8th Caldicott Principle makes clear, it is important that there are no surprises for the public about how confidential information about them is used.”

Byrne said the reasons for the GPDPR scheme were fundamentally sound because it was “vital” that data is used to improve healthcare standards through planning and research. Information contained in GP records had an important part to play in this, she added, for example by giving NHS planners the insight they need to target services and treatments for vulnerable people.

“Public attitudes research demonstrates that patients and service users are supportive of health and care data being used if certain expectations are met, including that it delivers a public benefit, that it is made clear to them what will and will not be done with the data, and what choices people have about its use,” said Byrne.

“My focus is on encouraging the organisations involved to work together to make it sufficiently clear to the public how data will be used and kept secure, both now and in the future. It is important that there are no surprises for the public about how confidential information about them is used”