NHS England reinstates open source Github page used to maintain central database of GP data

GP Connect page taken down, then reinstated, over 'inaccurate' patient record database claim

NHS England reinstates open source Github page used to maintain central database of GP data

NHS England has restored a webpage that hinted at its use for GP record collection - albeit, with all such references removed.

A Github web page used by NHS England that, it admitted, could also be used to maintain a centralised database of GP patient records has been restored after being taken down last week. However, references to its potential use as part of a "central database" of patient data have been removed.

The open-source web page is used by NHS Digital, part of NHS England, to store codes underpinning the GP Connect service. It had originally stated that it could be used to maintain a central database of GP data "for research purposes". Now, the web page merely states that it is "a proof of concept for using GP Connect as a means of migrating data between suppliers".

The site also says, "There are currently no unit tests as the aim is to grab the data and prove it is sufficient for our needs but these will come later."

NHS England told medical journal Pulse Today that the references had been removed because they were inaccurate.

GP Connect is a project run by NHS Digital to enable authorised health and social care workers access to patients' GP records. All GP practices are required to provide access to their patient records via GP Connect. The system's data sharing requirements and obligations are governed under a National Data Sharing Arrangement established in 2023.

However, privacy campaigners have long been concerned that NHS England is intent on loosening patient record confidentiality, allowing medical data to be used by NHS management and researchers in healthcare and pharmaceuticals.

Ultimately, campaigners fear that loosening privacy obligations in this way will lead to medical records being leaked, or standards being degraded to such an extent that more and more organisations will be able to mine the data for various purposes.

As a result, the indications that the team behind GP Connect are actively considering using it as a means of building a centralised database of patient records has reignited concerns over NHS data privacy – especially coming just two weeks before a federated data platform (FDP), run by US data analytics software firm Palantir Technologies, goes live.

Palantir won a £330 million contract to provide the FDP to the NHS in November 2023. The platform is intended to connect hospital data held by different trusts, enabling NHS England and other partners to analyse the information in a bid to improve treatments and waiting times. It is not intended to cover GP medical records.

The Palantir contract is supported by a number of big-name providers, including consultancies Accenture, PwC and boutique consulting and data specialist Carnal Farrar, as well as NEC Software Solutions.

"The FDP will improve patient care by bringing together the information needed to plan and deliver care, and reduce the administrative burden on staff," Palantir wrote in a November 2023 blog.

It continued: "Palantir is not, and never has been, in the business of collecting, mining or selling data. We are not a ‘data broker' or a data aggregator. Unlike many tech companies, our business model is not based on the monetisation of personal data.

"Palantir is a company that builds AI-enabled digital infrastructure for data-driven operations and decision-making. We license our software to organisations, who receive their own secure instances of our platforms in which to conduct their own work on the data they already hold."

However, the circumstances over the award of the contract have been shrouded in controversy, especially following the publication of the contract – on the last working day before Christmas last year, and in a heavily redacted form.