While most patients are happy have their medical records used to support medical research, few are comfortable with how it is being handled, Healthwatch England has reported.

Research by the patient organisation has found that nearly two thirds of people surveyed were happy to share their health data, providing it was anonymised.

But in practice, the vast majority were concerned about how their health information was being used, and by whom.

More than half of the respondents to a survey of 2,044 patients, carried out online by YouGov in February this year were worried that they would alter regret providing their data to a third party.

And just one in five felt properly informed about what was being done with their health records. Six in ten people also believed patients should be able to opt out of data-sharing programmes at any time.

Jane Mordue, interim chair of Healthwatch England, said people understood that their health data could be used to save lives, much like “give blood or registering as an organ donor”.

However, she argued that more needed to be done to inform the public about how this information was used if the NHS wanted to build and maintain trust in how that information was handled.

“The NHS is still in the very early stages of realising the possibilities presented through mass data, but they need to build a strong foundation of trust with the public before any benefit can be truly realised,” she said.

Healthwatch England has issued ‘ten principles’ for data sharing that it argues will improve public confidence. These stress that people should be able to access their own records, and see who their data is being shared with, and for what reason.

They also say that data collection should not adversely impact patients, and that any opt-outs must be easy to enforce.

The report comes as the NHS and organisations that want to access its data prepare for the release of the latest Caldicott report, which will examine data security, consent and the public’s ability to opt in or out of information sharing initiatives.

Health secretary Jeremy Hunt asked Dame Fiona Caldicott, the National Data Guardian, to develop new data security models for the NHS and a new opt-out model in 2015, following the care.data row.

Care.data is the project to link Hospital Episode Statistics to other data sets, and to make the resulting information available to researchers and others. It was effectively halted by an outcry over a poorly conducted publicity campaign that failed to name it or include an opt-out form.

The publication of the review has been held up by the civil service ‘purdah’ rules ahead of the general election; as has a review of data security by the Care Quality Commission.

However, in a statement linked to the Healthwatch report, Dame Fiona said the survey highlighted the need for an “honest and ongoing conversation” about the use and control of people’s health data.

“If the public trust health and care services with their data, there can be huge benefits for everyone, from researchers making breakthroughs in life-saving medicine to regulators spotting quickly when things go wrong,” she argued.

Digital Health’s new cyber security hub examines data security and information governance issues. Ahead of the publication of the latest Caldicott report, Jennifer Trueland examines its remit; and what is already known about its likely conclusions.