One-third of GPs will risk flouting the law in order to opt patients out of the NHS's controversial data-sharing scheme, care.data.
That is according to a survey of more than 400 GPs by GP magazine Pulse, which revealed that 31 per cent of GP practices would opt their patients out if NHS England did not reform the scheme to be run on an opt-in-only basis, even though this could be unlawful.
Of those who responded, only 32 per cent said that they would not be opting patients out.
In response to questions in the survey, many GPs said they were concerned that patients were not fully aware of the scheme despite NHS England spending £1m on a national leaflet campaign, while there were some who believed that patients may confuse care.data for the Summary Care Record or other NHS patient data schemes.
GPs also placed question marks over the safety of care.data, and the clarity of how and to whom the data would be shared with.
And while some may see GPs opting their patients out as illegal, the key element of any decision is in the information that is given to the patients.
Dr Neil Bhatia, a GP at NHS North East Hampshire and Farnham CCG, told Computing that, at the moment, it would not be unlawful to opt patients out as long as the GP informed patients that they were doing so, and that they had the right to object to the automatic opt-out. The Information Commissioner's Office (ICO) has previously said that the Summary Care Record has similar stipulations.
But GPs could be found liable if patients complained that they were not informed, according to the ICO.
However, there could be another way around this, said Bhatia.
"While refusing to allow the extraction of care.data, full stop, might be questionable, such practices would say that they're happy for extraction to take place. But, because of the 'read code', the GPES software [that care.data uses] would not extract any data - such are the rules that it follows," he suggested.
Read codes were developed for individual patients who want to opt-out of their data being extracted by GPES, or if they want to opt back in. Therefore, if the read code has been set to opt-out, the data would not be able to be extracted.
"One overriding principle of GPES is that practices actually have the right to refuse any given extraction. This isn't currently being respected," Bhatia stated.
"Ultimately, if many practices refuse extraction it will be very difficult for NHS England to go after all of them without drawing huge attention to the care.data programme and all of its faults," he added.
And, according to Elizabeth Robertson, partner at law firm Jones Day, GPs may have the law on their side: GPs could claim they were receiving conflicting advice about their responsibilities.
"On the one hand, GPs have the BMA [British Medical Association] and ICO reminding them of their duties to patient data confidentiality. They are told to inform patients of how their data is being used and that they should look to discharge their responsibilities as data controllers," Robertson said.
"But on the other hand, they have the NHS telling them that the data must be turned over unless the patient has specifically objected.
"Given that the patient information that goes into care.data cannot be retrieved, a GP may say that the safer course of action was to hold the data back," she suggested.
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy