Everyone expects doctor-patient confidentiality when visiting their GP. However, an upcoming NHS (UK National Health Service) project will share your medical history directly with third parties unless you opt out of NHS data sharing. From July 1 2021, NHS England will collate the medical records of around 55 million NHS patients. This confidential patient information will be available in a digital database for third parties who want to utilise it for academic and commercial purposes.
If this is the first you’re hearing about the project, then you’re not alone. The British Medical Association and Royal College of General Practitioners have already expressed concern that the UK public has not been given enough warning about the changes.
Why the NHS is Sharing Your Data
The new NHS project is known as “General Practice Data for Planning and Research.” GP surgeries across the country will transfer patient data to a central store. Data will be made available to third parties for a range of purposes, including planning and research. According to NHS Digital, some of the benefits will include:
- informing and developing health and social care policy
- planning and commissioning health and care services
- taking steps to protect public health (including managing and monitoring the coronavirus pandemic)
- in exceptional circumstances, providing patients with individual care
- enabling healthcare and scientific research
The NHS has insisted that any agency wishing to use the data will have to be approved. However, it’s still unclear exactly who will access this data and for what purpose; the term “third party” is very broad.
Information that the NHS will share
The scope of data is quite extensive. Data gathered from GP surgeries will include details about physical, mental, and sexual health. The full list includes:
- your sexual orientation, gender, and ethnicity
- reported symptoms, diagnoses, and observations
- medications prescribed
- immunisations and test results
- referrals and appointments
- information about the healthcare professionals who treated you
What’s more, while the NHS is not sharing your name and full address, they will share some identifiable data. This includes your NHS number, GP surgery identifier, postcode, and date of birth. They’ll encrypt this information; however, NHS Digital’s website explains how they will have the ability to:
“convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.” – NHS Digital
So, rather than the NHS not sharing your personal, identifiable data, it will be – in an encrypted format. Therefore, the data could still be open to abuse if the wrong kind of organisation gained access. It could also be susceptible to data breaches that could see patient data fall into the wrong hands.
Information that the NHS won’t share
The NHS will not be including all data in their project. Such data will not include:
- written notes from conversations with a healthcare professional
- any stored images, letters, and other documents
- certain sensitive information, including IVF treatment and gender reassignment
- older data, including medication, referral and appointment data more than 10 years old
Have there been NHS data breaches before?
There’s no telling whether the data in question could leak into the wrong hands in future. However, it would not be the first time that an NHS data breach has occurred. Below, you’ll find just a few of the most recent data breaches to affect the National Health Service:
- In November 2020, members of the public gained access to the details of nearly 300 patients.
- A 2018 data breach saw around 150,000 patient records leaked.
- One primary care trust in London has suffered nearly 200 data breaches.
How to Opt-Out of NHS Data Sharing
If you’d prefer not to share your data, don’t worry: you can opt out. You’ll need to tell your GP practice that you want to opt out of NHS data sharing. NHS England will not share any data where a patient has opted out of the program.
This kind of opt-out is known as a “Type 1 Opt-out” and can be done by downloading this form. You’ll need to return the completed form in person or via email, but remember to do so before the recommended date of June 23rd 2021. This is to allow for processing time before data collection begins on July 1st.