NHS hit by legal threat demanding pause to GP data ‘grab’

The UK government is being threatened with legal action if it does not pause plans to collate the full medical histories of 55m patients in England into a single database from July 1.

In a pre-action letter sent on Friday on behalf of five organisations and Conservative MP David Davis, the campaigners warned that “rushing this major change through with no transparency or debate violates patient trust, and that doing so without patient consent is unlawful”.

Last week, NHS Digital, which runs the health service’s IT systems, confirmed the plan to pool medical records from every patient in England who is registered with a GP clinic into a single database that will be available to academic and commercial third parties for research and planning purposes.

Patients have until June 23 to opt out by filling in a form and taking it to their GP for themselves, and their children, before their historical records become a permanent and irreversible part of the new data set. Patients who opt out after the deadline can stop future data from being funnelled into the new system.

If NHS Digital does not extend the opt-out deadline of June 23, the coalition, which includes the National Pensioners Convention and the Doctors’ Association UK, plans to sue the Department of Health and Social Care as soon as next week, to freeze the data-sharing scheme immediately.

The group, which is supported by tech justice non-profit organisation Foxglove, said that the speed of the process “gives patients no meaningful chance to opt out and excludes older people and others who may not be online”.

It also says that any given consent will have meaning only if the government is clear on which third parties will have access to the data, and for what purposes.

“GPs were barely informed of this major change — how are patients expected to know about it? [We] support safe, consensual uses of patient data, including for health research. But we want to see it done in a way that . . . won’t erode the relationship between clinician and doctor,” said Dr Rosie Shire, a GP at Doctors’ Association UK.

“Patients need to give informed consent to their data being used. We can’t see why the government won’t do this in a less rushed and more transparent way.”

Davis, the MP who has historically campaigned against the Care.data programme, a failed attempt in 2013 to extract GP records into a central database, said: “My constituents don’t expect when they sit down with their family GP that their sensitive health data is going to be able to be accessed by all and sundry. I support a future-fit NHS but it’s got to be done in a way everyone can trust.”

The GP records, which include sensitive information regarding mental health, abuse and criminal records, will be assigned pseudonyms before being shared, which means details that directly identify patients, such as their names, will be replaced with unique codes in the new data set. However, the NHS will hold the keys to unlock the codes “in certain circumstances, and where there is a valid legal reason”, according to its website.

NHS Digital said: “We expect GPs to be ready to implement this new system from July 1, which will provide benefits to patients across England, and are ensuring support is in place to enable them to do this.”

It added: “Understanding patient data saves lives. Sharing GP data has been integral in identifying medical evidence and treatment, including . . . confirming the safety of vaccines, and investigating links between medications and cancer risk.”

The coalition also includes medical campaign group Just Treatment, advocacy group the Citizens, and media organisation openDemocracy.