Guidance on the use of patient data for secondary purposes has been published by the British Computer Society’s Primary Healthcare Specialist Group, following concern that patient confidentiality and privacy is being threatened.

The PHCSG’s draft guidance says the extraction of identifiable patient data from GP practices for secondary purposes should only be done with informed consent by opt-in or with ‘section 251 approval’.

Section 251 of the NHS Act 2006 enables those wanting to use GP data to gain access without patient consent if it is in the interests of patient care; but only if it is not possible to access the same data by other means.

The PHCSG argues that the use of privacy enhancing technologies could avoid the use of patient identifiable data in many cases and it is not happy that section 251 is being used appropriately.

It also says that while privacy enhancing technologies and governance models are available that can fully satisfy privacy and confidentiality requirements,“either through ignorance and/or a lack of motivation” these are not always applied.

Nevertheless, the group strongly supports the use of patient data for secondary purposes as long as uses do not unacceptably compromise confidentiality and privacy.

And it predicts that the requirement to use patient data for secondary purposes will grow under the government’s plans to reorganise the NHS.

Therefore, the guidance says: “It will be increasingly important to ensure the highest ethical standards are applied if the confidence of patients and healthcare professionals in such uses is to be maintained.”

The PHSCSG says the “widespread view” that the removal of identifiers from patient records removes the privacy risks associated with their secondary use is “simply untrue.”

It warns that with a little systematic research and some modest observation it would still be possible to find records based on just approximate age and sex, GP practice and the dates of a couple of appointments.

The guidance says privacy enhancing technologies such as anonymisation, pseudo-anonymisation, aggregation and data blurring can be used to protect data and reduce privacy risks in the collection, linkage and processing of data.

It says the distinction between primary and secondary uses is “more easily blurred” when data in a system used for direct patient care is used “in situ" for secondary purposes.

The PHCSG says the same principles and controls should apply to data extracted to a secondary use system or data used in-situ. Its guidance on data sharing is continuing ‘work in progress.’