NHS England’s new system for collecting and analysing data, Care.data, will allow primary care data from GP practices to be shared with the new Health and Social Care Information Centre (HSCIC) and clinical care groups (CCGs). The aim is for the data to be matched with secondary care data, anonymised and shared with clinical researchers.
An NHS England spokesman told Computing that the data would provide an “evidence base to support commissioners to develop better treatment and ways of working, leading to improved outcomes and quality of care for patients”.
GPs were told that they have eight weeks to inform patients that their data is going to be harvested, and while NHS England says that this is a “flexible” time period, it also assumes that a patient has opted in to the scheme if it is not notified of an objection.
“Patients have to register their objection in order for their data not to be sent to the secure HSCIC environment,” the NHS England spokesman said.
Health Secretary Jeremy Hunt said that patients who object to data being shared will have a flag put onto their records.
But independent think tank 2020health has called for the programme to be postponed and replaced by a system in which patients can only opt in after they have been consulted on the scheme’s procedures and goals.
And many GPs fear that the current system for opting out could leave them vulnerable to lawsuits from patients who are unaware that they have been opted in to share their data.
But Richard Cumbley, partner at law firm Linklaters, said that HSCIC – not GPs – would be responsible if a patient did file a complaint, even though GPs have been tasked with raising awareness of the scheme. “The HSCIC has the power to request information from other people who provide healthcare, it can force people to hand information over, and GPs are not in a position to say that they might hand some of the data over,” he said.
“[GPs] don’t need to tell people that they’ve had to hand [patients’ data] over if they’ve had a mandatory request from someone else. They may face criticism, and a complaint or a claim is possible, but it is the HSCIC that will be in the firing line,” he added.
The Information Commissioner’s Office (ICO) is working with the HSCIC to ensure that it abides by the Data Protection Act (DPA), by taking appropriate technical and organisational measures. If it fails to do so, it will be fined up to £500,000 by the ICO.
Gayna Hart, managing director at software solutions provider Quicksilva, believes that researchers and systems developers should be charged for access to the anonymised data because of its “huge value”.
“The maintenance, management and volume of data is going to cost a lot of money, and the NHS needs to be getting some return on that,” she said.
Pharmaceutical companies, for example, could reap huge benefits when developing drugs.
“There is usually intellectual property in that drug which lasts for a number of years, and if they can speed up time to market for those drugs, then there would be value in that data – and value for patients as well,” Hart suggested.
But while third parties won’t get access to any personal information – just anonymised data – it could be used by insurance firms or marketing companies because it isn’t regulated by statute. Therefore, health insurance firms could charge residents of an area known to have a high rate of heart disease, more than those living in a town with a lower rate.
That may make patients generally more keen to opt out – if they ever find out they have that choice.
Essex GP Dr John Cormack told medical news site GPOnline that posters and leaflets in surgeries and FAQs on GP websites are not an adequate way of telling patients they can opt out of having data extracted from GP systems.
And NHS England has left GPs to raise awareness on their own. “If patients or members of the public have any concerns they can talk to their GP practice – we will be providing further information to support GP practices shortly,” a spokesman said.
Campaigners are urging GPs to send a letter to each household, with a choice for individuals to opt in or opt out. If HSCIC and GPs decide against this, they may well see a host of lawsuits in future from outraged patients who wanted to keep their data private.
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy