NHS Digital has seen off a challenge to the way its anonymises millions of patients’ data, with a verdict finding the practice is in keeping with national guidelines

The Information Commissioner’s Office has not upheld a complaint from privacy group MedConfidental, which challenged the way NHS Digital anonymised Hospital Episodic Statistics.

The group complained this data, which is provided to dozens of companies and non-NHS organisations, was only pseudonymised, and the identity of patients could be uncovered and their privacy breached.

This meant NHS Digital’s pseudonymising practices did not meet the ICO’s Anonymisation Code of Practice, MedConfidential argued.

An ICO spokesperson confirmed on Tuesday that an investigation had found NHS Digital’s “process for anonymising HES data” did comply with the code.

However, the decision was not an unequivocal endorsement of NHS Digital’s practices.

“We made it clear that our code is only a guide and it is for organisations to decide in any given case whether they are satisfied that data are anonymised.”

Martin Severs, NHS Digital’s clinical director and caldicott guardian, welcomed the decision and said the organisation “takes seriously its responsibility to respect each individual’s wishes”.

“We have remained confident that we meet both the letter and the spirit of the ICO’s Code of Practice on Anonymisation.”

In a statement MedConfidential said the decision was “contradictory” and allowed the government to break a commitment to allow patients to opt-out of sharing their data.

“We are obviously disappointed that [health secretary] Jeremy Hunt has chosen to go back on his word, and continue selling the nation’s private hospital history to anyone who fills in a form correctly, after he offered patients a choice to opt out of that.”

The decision is the latest twist in a long running dispute over how patient data is handled, shared and anonymised in the NHS.

Much of the controversy goes back to the care.data programme, a national data extraction and sharing programme that was plagued with accusations that identifiable patient data was being sold to companies without patients’ consent.

In the fallout, Hunt promised patients they could opt-out of this collection, but NHS Digital has been slow to put these opt-outs into practice.

Care.data was finally dumped in July this year but critics have claimed many of the its core aim to gather, link and share more national datasets remain, but with less oversight and scrutiny.

It also comes as all sides of the debate await the government’s response to Dame Fiona Caldicott’s third report into patient consent and opt-outs.

That report made recommendations for a new opt-out model for the use, but not distribution, of patient data. However, it also recommended preventing patients from opting out of the collection of “anonymised” data, such as HES.