Consumer watchdog Which? has called for more transparency and public outreach from NHS Digital over the scope and scale of the proposed General Practice Data for Planning and Research (GPDPR) programme, which is currently on hold pending adjustments, after having been previously postponed following pressure from privacy campaigners and members of the public.
Which? polled nearly 1,700 adults in England and found that general awareness of the data sharing plan remained low, with 45% of people unaware of the plans, and four in 10 of them saying they would probably choose to opt out after learning about them.
Of those who were aware of GPDPR, the vast majority saying the NHS had failed to publicise it – those who had heard of GPDPR said they had got their information about it from news or social media, and not from NHS Digital or their GPs, raising concerns about the accuracy of the information they received.
Which? warned that NHS Digital’s failure to communicate the value of the programme – the data will be used for advanced medical research and planning, and will ultimately influence local NHS care planning, and save lives – risked damaging trust in the NHS. At the start of the survey, 75% said they trusted the NHS to handle their GP records safely and transparently, but this dropped to 42% after learning about the scheme.
The organisation said its findings proved that the government was right to delay the programme. Rocio Concha, Which? director of policy and advocacy, called for more open communication from NHS Digital and the government moving forward.
“The coronavirus crisis has thrown into sharp relief the opportunity for health data to be used in ways that benefit patients and society in general – however, it’s really important to engage the public effectively on how their data is going to be used and the governance of data sharing with third parties,” said Concha.
“NHS Digital and the government…must now go to greater lengths to engage the public, raise awareness of the scheme, and increase people’s understanding of it through better communication and transparency.”
A spokesperson for NHS Digital said: “Data is already being collected from GPs and has previously been used to better understand and develop cures for all types of serious illnesses and plan the most effective services for the NHS. During the pandemic, it has been used to support the vaccine roll-out and develop lifesaving treatments for coronavirus.
“We know we need to take people with us on this mission, which is why we have committed to putting even tougher protections and safeguards in place and stepping up communications through a public information campaign before the new programme begins.
“Data is only shared where there is a clear benefit to healthcare planning and research. This benefits all of us, but it is only as good as the data it is based upon, which is why it is absolutely vital that people make an informed decision about whether to share their data.”
NHS Digital noted that Which? had not made respondents to its study aware of the ways in which the health service already collects and uses data, nor of the safeguards proposed for GPDPR, including deidentification of data before it leaves the GP survey, the establishment of a so-called Trusted Research Environment, and independent oversight.
Under the current proposals, the records of every patient in England will be uploaded to NHS Digital’s platform unless they have opted out. These records will include data on physical, mental and sexual health, GP appointments, test results and prescribed medications, and further data on gender, ethnicity and sexual orientation.
It will not, NHS Digital says, include names, written medical notes, and data that GP’s may not share under existing laws, which includes data on in-vitro fertilisation (IVF) treatment, and data on trans men and women who have undergone gender reassignment surgery.
The data that is shared will supposedly be pseudonymised, meaning details that could directly identify people including postcodes or dates of birth will be replaced with unique codes prior to upload, although the NHS reserves the right to decode this data in some circumstances. No names or addresses will be scraped.
