GPDPR September implementation date is scrapped

The implementation date of the GP Data for Planning and Research (GPDPR) programme has been scrapped and instead data collection will now only begin once certain criteria have been met.

Originally planned to go live from 1 July 2021, concerns were raised about the programme and eventually led to the implementation date being moved to September.

However it looks like this date has now been scrapped as the minister for primary care and health promotion, Jo Churchill, sent a letter to all GP’s on 19 July which set out a new process for commencing data collection.

“While we are continuing to work on the infrastructure, and communication for the project, we are not setting a specific start date for the collection of data,” the letter states.

Instead, data will only begin to be uploaded when the following is in place:

• the ability to delete data if patients choose to opt-out of sharing their GP data with NHS Digital, even if this is after their data has been uploaded;
• the backlog of opt-outs has been fully cleared;
• a Trusted Research Environment has been developed and implemented;
• patients have been made more aware of the scheme through a campaign of engagement and communication.

Churchill’s letter also delves into the opt-out process, saying “we want to make the position around opt-out much simpler”.

“While 1st September has been seen by some as a cut-off date for opt-out, after which data extraction would begin, I want to reassure you that this will not be the case and data extraction will not commence until we have met the tests,” it adds.

As a result, three changes will be introduced to the opt-out system, they are:

• Patients do not need to register a Type 1 opt-out by 1st September to ensure their GP data will not be uploaded;
• NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt-out;
• The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the new arrangements up and running, and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian.

On the issue of data security and governance, Churchill’s letter confirms that the “government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study”.

“This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected,” the letter adds.

This TRE will be built in “line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service”, Churchill confirmed and data collection will only begin once this is in place.

“We will ensure that the BMA [British Medical Association], RCGP [Royal College of GPs] and the National Data Guardian have oversight of the proposed arrangements and are satisfied with them before data upload begins,” the letter states.

“I can also confirm that the previously published Data Provision Notice for this collection has been withdrawn.

“Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.”

NHS Digital has said it has “listened to feedback on proposals, and is determined to continue working with the sector on key elements to inform further safeguards, reduce the bureaucratic burden on GPs and step-up communications for GPs and the public”.

Simon Bolton, NHS Digital’s interim CEO, said: “Patient data is vital to healthcare planning and research. It is being used to develop treatments for cancer, diabetes, long Covid and heart disease, and to plan how NHS services recover from Covid-19.

“This research and planning is only as good as the data it is based upon. We know we need to take people with us on this mission and this decision demonstrates our absolute commitment to do just that.

“We will continue to work with patients, clinicians, researchers and charities to further improve the programme with patient choice, privacy, security and transparency at its heart.”