Patients may be able to opt out of sharing their data with the FDP
- 10 September 2024
- NHS England has been informed by lawyers that key aspects of its Federated Data Platform (FDP) lack a legal basis, The Register reported
- This mean that unless NHSE can find a solution, citizens must be allowed to opt out of sharing their data
- FDP board documents reportedly show that NHSE received legal advice that its privacy-enhancing technology (PET) to be provided by IQVIA lacked a legal standing to proceed
NHS England has been informed by lawyers that key aspects of its federated data platform (FDP) lack a legal basis, meaning that unless it can find a solution, citizens must be allowed to opt out of sharing their data, according to a report in The Register.
In November 2023, US data analytics giant Palantir was awarded the contract to provide the FDP, which is planned to enable hospitals to bring together information from different clinical and HR systems in a single place.
The Register reported that documents shared with the FDP board in March 2024 show that NHSE has received legal advice showing that the privacy-enhancing technology (PET) to be provided by IQVIA, lacked a legal standing to proceed.
Board documents, reportedly seen by The Register, state that NHSE got the advice from Kingās Counsel, its team of barristers, that PET āwill require a separate lawful basis to process PCD (personal confidential data)ā.
The board paper adds: āThere is a risk that a Section 251 will be required, which could result in the National Data Opt Out being applicable to all flowsā.
Unless NHSE finds a solution, it will have to offer all patients the opportunity to opt out of sharing their data with the FDP under the current legislation for the control of patient information (Section 251 of the National Health Service Act 2006), The Register reports.
It adds that the FDP programme board was told NHSE would work with its lawyers and information governance personnel āto develop an approachā and that further advice was āexpected shortlyā as of March 2024.
According to an NHSE FAQ about the FDP: “There is no specific patient opt out from information being accessed via FDP”.
Rosa Curling, director of non-profit legal advocacy organisation Foxglove, told Digital Health News: āThe best policy here is honesty, the government should be transparent about whether the whole of the FDP is backed up by law, and if not, explain what it intends to change, then let patients decide if that action is sufficient to maintain their trust in the platform”.
In response, a spokesperson for NHSE told Digital Health News that the FDP has “the potential to transform healthcare by connecting the data we hold and harnessing it to deliver the best possible coordinated care for our patients”.
āThe FDP is governed by a rigorousĀ information governance framework and no data is processed without a lawful basis,ā they said.
Digital Health News contacted IQVIA, for comment, but had not received a response at the time of publication.
In 2023, Foxglove launched a campaign against the proposed FDP and Palantir, following a report it sent to parliament about the risks posed to the NHS.
Foxglove argued that there is no lawful basis to create the FDP, as described in procurement documents, within the current legal directions used to obtain and share data within the NHS.
The GuardianĀ reported in November 2023 that lawyers acting for Foxglove, the Doctorsā Association UK, National Pensionersā Convention, and the patient organisation Just Treatment, sent a pre-action letter to NHSE’s solicitor, DAC Beachcroft.
At the time, a spokesperson for NHSE said the four organisationsā concerns were ātotally incorrectā.
