A new information governance assessment of the massive care.data GP extract is being presented to an Independent Advisory Group meeting today.
A legal expert spoken to by EHI says the current lack of patient opt-out for the extract “flies in the face of European law”.
The NHS Commissioning Board published planning guidance in December saying a new GP dataset will be “requested” from GP practices as part of the care.data programme, designed to capture and link data from primary and secondary care
The data will be collected via the General Practice Extraction Service and stored and linked in the Health and Social Care Information Centre.
It will involve only prospective data. However, the NHS CB’s chief data officer Geraint Lewis has acknowledged that he would like to publish 20 years of retrospective primary care data.
The GPES IAG met to consider the care.data programme on 14 February and made a series of recommendations that have been accepted by the HSCIC.
It said a clearer explanation and justification should be provided for the data required and the dataset and list of excluded codes should be discussed with relevant clinical informatics expert groups.
Also, that patient’ objections and opt-outs must be aligned with the outcomes of the NHS Constitution consultation, the Information Governance Review and the HSCIC Code of Practice for Confidential Information.
HSCIC executive medical director Dr Mark Davies told EHI that a new IG assessment of care.data would be presented to the group today, based on new documents supplied by the NHS CB.
He added that the information centre would abide by advice set out in Dame Fiona Caldicott’s review of IG due out next month.
The meeting is not open to the public.
The centre’s current IG assessment says GPs must comply with the data request and patients cannot opt-out.
This is in contrast to the GPES information governance principles which state that practices must give explicit consent for identifiable data to be extracted.
These principles were written prior to the Health and Social Care Act 2012.
The IG assessment explains that the Act empowers the HSCIC, when acting on a direction from the NHS CB, to require general practices to provide it with data.
“Advice from Department of Health lawyers and the Information Commissioner’s Office is that general practices are required to comply,” the assessment explains.
“If a practice prefers to supply the required information to the information centre in another way, then the information centre must first agree to the form and manner in which the practice proposes to supply the required data.”
Professor of law at London Metropolitan University Douwe Korff said the lack of patient opt-out, “flies in the face of European law”, which stated that EU citizens had the right to restrict their personal health information to people involved directly in their care.
“This is an enormous amount of data made available to an enormous amount of people and the level of protection of confidentiality is minimal. Big data carries with it an enormous risk of re-identification,” he said.
“This is a scandal waiting to happen.”
A BMA spokesperson said it was involved in constructive, but confidential discussions with the NHS CB about the extraction.
“Our priority is to find a solution which balances patients’ rights to privacy and confidentiality, with the needs of the NHS to use data to improve the provision of care."
An NHS CB spokesman also said the board would comply with the recommendations made in Dame Fiona’s review.
The board’s chief data officer Geraint Lewis spoke this month at an NHS Innovation Expo debate on whether the NHS should be more ambitious about opening up data.
“In an ideal world I’d like to go fully open and publish almost everything we have. In the first instance we’re not going to do that, but in primary care for instance we have 20 years’ worth of data,” he said.
“We’re not yet planning on publishing data retrospectively, but I would like us to.”
The NHS CB has announced that its name is changing to NHS England from 1 April.