The Health and Social Care Information Centre is reviewing access to the Hospital Episode Statistics and other national datasets.
Some organisations that rely on standard extracts of HSCIC data, including HES and the Secondary Uses Services, have told EHI this has left them temporarily unable to refresh the analytics tools they run for NHS customers.
However, the HSCIC has insisted that access has not been suspended; although a notice on its website says “the approvals process for renewals and new applications is likely to take longer than normal due to additional scrutiny.”
The review follows two difficult appearances by senior members of NHS England and the HSCIC before the Commons’ health select committee, which is holding an investigation into the care.data programme.
Care.data will link HES to other datasets and release it to researchers and others. But it has been overtaken by a huge row over which organisations should have access to its data and over patient consent.
During the committee hearings, it emerged that the HSCIC’s predecessor, the NHS Information Centre, had released HES data for uses that the defenders of care.data had said would not be permitted.
It also emerged that the NHS IC had no way of auditing whether organisations that were given HES data complied with any conditions imposed on its handling and use.
The HSCIC is now conducting a review of access to its data linkage and extract service. Its website says the objective is to “improve our policies, processes and governance for the sharing of data, to make sure that they are fully robust and transparent.”
However, the organisations that have spoken to EHI have said they received little or no warning of the review and that it has “caused a delay to the flow of data” that they hope may be overcome “shortly”.
One source said: “This month we received no data extracts. We found out when they did not turn up. The HSCIC has said this week that it is reviewing all data recipients – with the implication that some will no longer receive data.”
Another source said they understood the HSCIC’s action, but not the way it had been carried out. “They are in danger of killing the market. There are lots of credible people doing good things for the NHS with this data, but at the moment they cannot access it.”
Care.data was first mentioned in NHS England’s initial planning guidance for the health service in December 2012. However, concerns about it did not really surface until GPs were warned that extracts from their practices to the new service would start this spring.
In the face of an outcry from doctors’ organisations and patient groups, NHS England was forced to launch a national leaflet and publicity campaign. But this intensified the row, because it failed to mention care.data by name or to include an opt-out form.
The GP data extracts are now on hold until October. The HES has been drawn into the row because of promises made by national director of patients and information, Tim Kelsey, and others that care.data information would not be sold to insurers, or sent overseas.
It has subsequently emerged that the NHS IC released HES data to an insurers’ body and to PA Consulting, which used a Google-cloud service to analyse it.
Kelsey also had told Radio 4 that there had been no incidents that would have compromised patient privacy in the 25 years that the statistics have been collected.
But last week the privacy body MedConfidential also established there were data breaches relating to HES data in each of the years from 2009 to 2012.