Data sharing in the NHS is always a fraught topic. Which may be why 50 people were prepared to give up a nice spring day and head along to a church conference hall in Soho to discuss the subject.

The main topic of the event, organised by a coalition of well-known privacy and confidentiality campaigners with many years of seeing off or amending health and social care projects between them was the GP Extraction Service.

This will extract information from GP practices to the Health and Social Care Information Centre. The HSCIC will put the data to many uses.

But initial rows about the service have focused on, the NHS England-driven programme to link primary and secondary care data for the first time, and the data set that it is demanding from GPs as part of its remit to answer for NHS outcomes.

For this, GPs will need to provide data on patient demographics, events, referrals, diagnosis, health status and exceptions, as well as NHS Numbers.

The medConfidential campaign has been launched to try and stop GPES in its tracks. So it was not surprising that most of those attending last week’s event were less than impressed by the idea.

Speaking to EHI, Terri Dowty, former director of Action on Rights for Children and co-founder of medConfidential, said it could hurt trust in the NHS, because it would pass personal, confidential information to people who had no relationship with the patient.

“Data being revealed about you dehumanises you, even if you got nothing to hide,” she argued. “For people to look at bits of your information is repugnant and disrespectful. We say things to our doctors that are private. If we lose that basis of confidence, people will stop talking to their GPs.”

Contrary to human rights?

Enthusiasm for the campaign, and its frustration with NHS England, lasted throughout the day, but reached its high note when Shami Chakrabarti, director of Liberty, took the floor.

“This new policy on GP data extraction is what I have real concerns about from a human rights perspective. The domestic courts have not been vigilant,” she told the audience as they nodded in agreement.

“I personally find it difficult, at first blush, to see how it can be necessary, proportionate and legal. This extraction mechanism seems to remove ownership from the patient, and to expose these sensitive records to the real risk of loss.”

She added: “I think there is a real opportunity to challenge this in the court of public opinion and the European Court of Human Rights under the Human Rights Act and the European Convention on Human Rights.”

The coded datasets extracted from GPs will not only be made available for quality assurance and NHS commissioning, but will be made available to researchers as well. The HSCIC has already published price lists for selling medical data to researchers and other organisations.

Although, in theory, the information that they get will not be identifiable, the IT experts backing medConfidential are skeptical about the degree to which data can be psuedonymised or anonymised; particularly when it is linked across different data sets.

NHS England has applied to the NHS Ethics and Confidentiality Committee for an exemption under Section 251 of the NHS Act 2006.

This allows the Secretary of State for Health to set aside the common law duty of confidentiality in specific circumstances, in which anonymised information is not sufficient and in which patient consent is not practicable.

The campaigners said they were terrified that this application would be granted. Ross Anderson, professor of security engineering at Cambridge University, said he believed the Department of Health was breaking the law.

“They committed themselves to making the NHS depending on systems that don’t comply with human rights law,” he said. He also lashed out at health secretary Jeremy Hunt, saying he was not in charge of the situation and that he was simply acting as a “marketing executive” for the sale of NHS data

Consent: to what?

Professor Anderson has been warning that the NHS has picked the wrong architectures for keeping its data safe and secure for decades.

But while he was interested in the technicalities of how GPES would – or would not – work in this regard, most of those attending the event were focused on the simpler issue of consent.

Last Friday, as a response to the Caldicott2 review of information governance, health secretary Jeremy Hunt promised that NHS England would honour opt-outs from GPES.

He also said it would continue to honour the opt-outs made by 500,000 people as part of the tortuously slow roll-out of the Summary Care Record across England.

However, the first extraction to is due to take place in June, and medConfidential points out that few, if any, members of the general public will have heard of it. It is also far from clear how, exactly, any opt-outs will be registered and acted upon.

One of the attendees, Dr Fleur Fisher, former head of ethics at the British Medical Association, said that when she asked her GP about her records being shared, he did not know what she was talking about.

How are people meant to consent when they have no idea what’s going on? My GP who’s a very intelligent man, had never heard of GPES, so how is the public meant to know about it?” she asked. “There’s nothing wrong with sharing records, but only if people consent to it.”

How out is an opt out?

Despite Hunt’s promise, Professor Anderson said he was anyway not convinced that any opt-out procedure would make it easy to stop personal records from being shared.

“The opt-out is like Facebook: the defaults are wrong, the privacy mechanisms are obscure, and they get changed whenever a lot of people learn about them,” he said.

Helen Wilkinson, who runs The Big Opt Out, a support service for patients who want to opt out of the Summary Care Record, was, not surprisingly, also very critical to the government’s promise to facilitate opt-outs.

Even though she has worked in the NHS for more than 20 years, Wilkinson said she had problems finding out what was happening to her data. As a result, she said she had opted out of every database she has been able to find out about.

She was met by a gasp from the audience when she explained that because she did not want an NHS Number, she was denied hospital care. “I wanted to opt out, but found it very difficult to do so. Now I effectively have no healthcare,” she said.

Sceptical patients

The senior responsible owner for GPES, Dave Roberts also made an appearance, but found himself a less than popular speaker. He said he did understand the concerns, but was adamant that the benefits of sharing data were too great not to do it.

“The thing about collecting data is getting the right balance between risk and benefits. Today has been about the risk, but there are many benefits. It’s up to the HSCIC to get the balance right,” he said.

One of the GPs attending the conference, Dr John Cormack, said he had sent a letter to all 2,700 of his patients informing them of what would happen to their records and said he would not presume consent unless they specifically said so.

Out of the 679 patients who responded, 597 said they did not want any part of their records released, and 51 said a summary would be ok, but a full record would not.

medConfidential has been put together by organisations that include Privacy International, Big Brother Watch, NO2ID, the Foundation for Information Policy Research, and TheBigOptOut.

Its founder organisations describe it as a “direct response to the imminent and serious threat posed by radical changes in the way the NHS Commissioning Board [NHS England] collects and passes on patient health information from NHS health record systems in England.”

It is fronted by Terri Dowty, former director of Action on Rights for Children, which campaigned against the ContactPoint children’s database, and Phil Booth, former NO2ID or national identity card campaigner. If you want to get involved, there is more information on the website