A request to take a massive new data extract from GP practices can proceed, but a clear explanation is first required of why the data is needed and how it will be used, an independent advisory group has said.

The NHS Commissioning Board published planning guidance in December saying a new GP dataset will be “requested” from GP practices as part of the care.data programme.

Care.data is designed to capture and link data from primary and secondary care to enable monitoring against the new outcomes frameworks put in place by the Department of Health.

The proposed monthly extract is based on four groups of data: patient demographics, events, referrals and prescriptions.

“The data will flow securely, via [the GP Extraction Service], to [the Health and Social Care Information Centre], the statutory safe haven, which will store the data and link it only where approved and necessary,” the guidance says.

The GPES Independent Advisory Group met to consider the care.data programme on 14 February and the HSCIC has published its recommendations today.

The group recommended to proceed with the request, subject to a number of changes. The first is that a more tightly defined purpose for the proposed extraction is given.

“A clearer explanation and justification should be provided for the data required, the frequency of extraction and the specific retention period, and that this clearer explanation is linked explicitly to the purpose for which the data will be used,” the HSCIC documents say.

The second requirement is that the dataset and list of excluded codes should be discussed with relevant clinical informatics expert groups, such as the Joint GP IT Committee of the Royal College of GPs and the British Medical Association.

Thirdly, the NHS CB must commit that its extraction will ensure that patients’ objections and opt-outs will be aligned with the outcomes of the NHS Constitution consultation, the Information Governance Review and the HSCIC Code of Practice for Confidential Information.

The HSCIC’s information governance analysis says there is no legal necessity to allow patients to opt out of the extraction and describes the risk of re-identification of patients as “small but not negligible”.

“Given that only anonymised information is to be released by the information centre, the NHS Commissioning Board has decided that records for every patient should be extracted,” it says.

The document gives the Health and Social Care Act 2012 as the legal basis for using identifying data.

“Although there is a statutory basis for the extraction, IAG support is sought, and practice authorisation will be required before the data are extracted,” it explains.

Accompanying documents say sufficient patient identifiers are needed to validate patient identity for linkage purposes. This process will take place in a “safe haven” environment established by the HSCIC.

“The process of anonymisation of data prior to disclosure will need to be undertaken carefully to protect patient confidentiality and to minimise the risk of inadvertent re-identification,” it adds.

“The aim is to extract only those data items needed to support valid business purposes, and is not excessive.”

The benefits analysis provided by the NHS CB says GPs commented that the new dataset would help them to manage disease, link to decision support and care pathways and manage morbidity, amongst other things.

“Other purposes (e.g. risk stratification) were raised but would require disclosure of identifiable data, which would not be supported in this first version and hence are not described here,” the document says.

It says the information is required for clinical commissioning groups to be able to track patient outcomes, monitor local practice performance, do population needs assessments and to “minimise harm and improve quality of care”.

Anonymised reports will be produced for customers by the HSCIC. Some customers will also be given authorisation to write queries and extract and download anonymised reports themselves.