Clever use of data can help the NHS make better decisions about planning services and reducing waste, as well as devising new treatments with a direct effect on patient care.

The real ‘scandal’ of data use, some would argue, is the chronic underuse of the wealth of patient data locked up in various systems in order to benefit the health system as a whole.

NHS England wants to create a new national database of identifiable patient data pulled from hospitals, GPs, social care, community care and other areas. This will be stored in the ‘safe haven’ of the Health and Social Care Information Centre, where it will be linked to create new Care Episode Statistics.

NHS England says this new data set will help to determine where the NHS needs to invest and to highlight where excellent care is being delivered and where there may be local problems.

However, the information held in will not just be available to the NHS. Identifiable data – what the programme calls ‘red’ data – will be released under “civil emergencies” legislation and Section 251 orders from the health secretary.

Some partially anonymised data – ‘amber’ data – will be released to any organisation that wants to use it for the benefit of patients, including universities and private companies. And some large datasets – ‘green’ data will be published.

It’s the amber data that has caused most controversy to date. Data will be pseudonymised – or have some of its identifiers replaced with placeholders called ‘pseudonyms’ – before release.

But there is a risk that it could be re-identified if combined with other datasets in a technique known as a ‘jigsaw attack’; although the proponents of the programme say this will not happen, because contracts with researchers will ban it.

NHS England chief data officer Geraint Lewis argues that the emphasis should be on what applicants want to use the data for, and not on making moral judgements about who these applicants happen to be.

However, others see a very clear distinction between the idea of patient data being used by the NHS and it being used by others, even if those operating “in the public interest” or working “for the benefit of patients.”

Others are simply nervous about the creation of a massive central database of identifiable patient information and the consequential risk of their data being lost, leaked or released to organisations which already hold significant amounts of data on England’s citizens.

A scandal erupts

An increasingly strident campaign against is now underway, partly because NHS England and other national bodies have done a poor job of making the case for the programme to clinicians, patients, privacy campaigners, and others.

The idea of seems to have first appeared in print in NHS England’s initial planning guidance for the health service in December 2012. However, the fact that a large new GP dataset was to be “requested” from practices came out of the blue for joint chairman of the BMA and RCGP’s joint IT committee, Dr Paul Cundy.

The committee quickly requested a meeting with NHS England’s national director of patients and information, Tim Kelsey.

This appears to be the first time the national commissioning board engaged with this key GP group about the proposals, even though GPs are the data controllers for the information they hold; and so are responsible for making sure patients are informed about the use that is being made of it.

Eventually, a publicity campaign and an opportunity for patients to opt-out was agreed. But the £1m leaflet drop that is now underway as part of the campaign has been severely criticised for failing to adequately explain what is planned (it does not even mention by name) and for not including an opt-out form.

This is particularly surprising considering the uproar that derailed the NHS Summary Care Record programme for many years.

The SCR was another ‘good idea’ that involved extracting a key clinical dataset from GP practices to be held on the national data Spine, from where it could be viewed by staff treating patients who otherwise had no medical records with them.

However, the SCR was seen as a top-down dictate, a part of the National Programme for IT in the NHS that wanted to create the first, national database of patient records, for limited clinical benefit. Consequently, it became engulfed in a row about whether patients should be able to opt in or opt out that it is only just starting to recover from.

Is it even useful?

A group of more than 40 UK medical research charities have launched a campaign to support the initiative, saying that sharing patient records is extremely valuable for research.

However, the GPs’ concerns have not only led to the publicity campaign, but a compromise whereby, initially, only data entered from April 2013 onwards will be extracted for the new service.

At the BCS Primary Health Care Specialist Group conference in Stratford last October, QResearch co-founder and Nottingham University Professor Julia Hippisley-Cox argued that the lack of historical data will render the dataset so incomplete that it will be essentially useless.

Lewis, a former public health doctor pioneered the use of data for risk stratification and who went on to work at the Nuffield Trust before joining NHS England, admitted that the scheme he is in charge of delivering has "shortcomings", especially in regard to the historical limitations of the data.

However, he told the PHCSG meeting that the commissioning board plans to expand the dataset to include information collected prior to this date and that it is better to start somewhere than nowhere.

Another question that is yet to get as much attention is whether hospitals will be able to collect the very large dataset that wants to get from them. Lewis himself has said that most hospitals are unlikely to have the IT systems to do it.

And some IT experts have argued that it would be better to focus on creating properly structured records from which better defined data items could be collected in any event.

Who gets to see what?

As far as GP data goes, extractions covering patient demographics, events, referrals and prescriptions will now take place between March and May of this year in a phased roll-out, using the GP Extraction Service commissioned from Atos.

To try and even further allay fears, the Independent Advisory Group working with the HSCIC on consent and confidentiality issues has said that these should not be subject to Section 251; although the data may still be released for civil emergencies.

Meanwhile, discussions about the release of data to groups outside of the NHS are in some ways premature as the IAG is yet to approve NHS England’s customer request to do so; having sent it back for more work last September.

So, for the time being, there are only safeguards in place but stringent restrictions on who will be able to access the information held in

Because it is yet to get going, its supporters are unable to say exactly what kind of projects it will be used for in the future, never mind point to specific examples of research for which its data has delivered.

But they are also unable to say that the safeguards will be maintained in the future, leading to mistrust and concern.

A recent poll by GP magazine pulse found that 40% of 400 GP respondents intended to opt themselves out of the scheme, while comment articles in publications such as The Guardian have attracted a large and hostile public response.

A potential solution

One way to solve the myriad problems that has run into would be to get explicit patient consent for uses of their identifiable data. The EU is trying to introduce new data protection rules that would require this – and, possibly, render in its current form inoperable.

However, government advisors have said they will fight the plans as “impractical.” Another, partial, solution would be to pseudonymise the data at source – which, in the case of the GP data, would be the GP practice.

This can be done relatively easily according to Professor Hippisley-Cox, who last year won the John Perry prize for her work developing the freely available Open Pseudonymiser tool, which uses a common key to generate a unique pseudonym for each individual that allows their data to be linked.

An NHS England privacy impact assessment says the HSCIC currently considers pseudonymisation-at-source to be impractical because such a diverse range of care settings will be providing data to the programme, and there is an even more diverse range of information systems in use in each setting.

However, a review of its potential use is underway and, as it is the preferred solution for many GPs, Lewis has promised he is taking the option seriously – even as leaflets continue to hit doormats across the country.