GPs and hospitals to share patient data for single patient record
- 12 May 2026
- New government legislation will require all NHS providers to share patient data to create a single patient record
- Ministers say the system will offer patients more control and transparency, with rollout starting in some areas by 2027
- The British Medical Association has raised concerns about data security and lack of consultation
Hospitals, GP practices and other NHS providers will be required to share patient data under new legislation to create a single patient record (SPR), the government has announced.
The government wants a SPR to join up fragmented health information around the country and help patients receive faster and more accurate healthcare.
Clinicians will no longer have to work with missing patient information or have to check in multiple places to find the same data.
The SPR will be available to clinicians in parts of the NHS as early as next year. The legislation will be part of a health bill that will scrap NHS England by 2027.
Wes Streeting, health secretary, said: “As patients, there’s nothing more frustrating than having to repeat your medical history at every appointment.
“When paramedics arrive to heart attack and stroke patients, they can’t see the patients’ medical records, putting them in even greater danger.
“For the first time ever, the SPR will mean patients are given real control over their care through a single, secure and authoritative account of their data.
“It will be a gamechanger that means NHS staff can see patients’ medical records, allowing them to deliver better care faster and more conveniently, and even saving lives.
“This is our 10 year plan for health in action – bringing our analogue NHS into the digital age.”
The SPR will allow patients to have more control and transparency, with clear safeguards, audit trails, and choice over how their data is used.
Upcoming legislation will enable information related to patients’ health and care to be processed for the purposes of establishing and operating the SPR but will be robust to the threat of data breaches and the public and healthcare professionals will be consulted throughout its design.
It will be made available to clinicians as early as 2027 for some specialties, including maternity and frailty care.
Dr Alec Price-Forbes, national chief clinical information officer at NHS England, said: “The SPR will revolutionise patient care across the country – giving all health and care professionals a detailed history of a patient’s care in one place so anyone seeking care on the NHS won’t have to repeat themselves every time they seek help.
“For too long, patient information has been held in silos leading to duplication and gaps in understanding by clinicians, which understandably causes frustration for patients and their carers.
“This information will also be available to NHS staff in real time, meaning patients get safer, more joined-up and personalised care.
“The SPR will have robust protections built in, including different levels of access to reflect different needs and clear audit trails, to ensure the public can trust that their data is always secure.”
The British Medical Association (BMA) said it remains “concerned” about the legislation forcing providers to share patient data.
Dr Katie Bramall, the BMA GPs committee chair, said: “GPC England has not been part of the discussions on what form the SPR will take, who will be granted access, the purposes for which it will be used, or which company will be contracted to operate it.
“There are already existing mechanisms that allow those in secondary care to view the live GP record, and therefore, the Government needs to explain why an additional system is needed.
“Until the security of any data flows can be guaranteed, and full patient-facing audit trails are made available via the NHS App showing who has accessed confidential medical data and why, we remain concerned.
“We also remind patients that they can exercise their right to opt out of secondary uses of their confidential medical data by visiting the NHS website.”
Last month, the BMA called for doctors to remain in control of GP data in the single patient record, rather than the Department of Health and Social Care.
4 Comments
i find the current nhs system and smorgasbord of systems within systems but no one in control of any of it and therefore no one can be held accountable .. whilst spr may be good in some circumstances . there must be an absolute system for opting out , not this current one where overrides are in place ignoring patient wishes .. for me i want my gp to have local only access and only share my details to whom i choose to allow them to .. national opt out for some stuff and other local opt out yet still my details get shared with other private companies because of some new rubbish idea . usually from a government minister doing some ill thought out scheme .. right now the nhs is bleeding my personal and private information out no matter how much effort i put in to keeping it private .. because of this abuse i have been forced to remove my phone number and email from my records because the nhs cannot be trusted .. this abuse needs to stop
Of course medics must have timely access to the data they need to deliver safe and effective care. But that does not mean every model of centralisation is justified.
GDPR does not make individuals the ‘owners’ of their personal data, as such, but it does grant them important rights in relation to how their data is used and shared. In the NHS context, those rights have been reinforced by mechanisms that allow patients some degree of control over how their data is used.
The Single Patient Record, as proposed, looks to strip away those rights. Individuals have no choice about their information being transferred to into direct state control despite, as pointed out below, that information originally being entrusted to individual health and care providers on different terms and under separate governance arrangements. The Single Patient Record also removes the Type 1 Opt Out and seems set to disapply the National Data Opt Out, both of which give patients enforceable rights over how their data is used. Instead, it provides the Secretary of State with a blanket override to share patient data whenever and with whomever they want if they consider it ‘a proportionate means of achieving a legitimate aim’.
The Type 1 optout in particular has been a source of frustration to centralising governments who want to control, share and sell patient data. There is a long history of failed initiatives to bypass the optout and wrest control of records away from GPs, of which this Bill is only the latest and most brutal. The DHSC does not share GPs’ vested interest in maintaining the confidentiality of the physician-patient relationship, and sharing the data via Palantir – which is what is on the cards – can only further imperil that trust.
There are already models for providing access to patient information across health and care organisations, including the National Records Service and local health care records that are only just finding their feet and, supported by the National Records Locator, can federate access across the country. These systems may not be complete, and they may need improvement, but the Government’s choice not to enhance them is deliberate and it is hard to escape the conclusion that it is precisely because of the rights they preserve for patients.
No serious person opposes medics having better access to patient data. The issue is whether this particular model achieves that aim in a proportionate way, while preserving transparency, accountability, patient choice, data security and patient trust.
Data protection law takes precedence, “single” patent record does not mean centralised, mechanisms already exist to give patents control over who/what can take their data from where, and you need to calm down. Under the law you own your data (cf GDPR).
In other words, there are proven ways to create a SPR without moving data, changing its stewardship or its ownership.
I’d be really interested to know how you have come to these conclusions – expose this “manifest” evidence.
I would hate to see this kind of hysteria prevent good information at the point of care from saving lives, again. Thanks
We have to hope that this legislation will not be passed by Parliament. If it were passed, the Health Secretary would be requiring healthcare providers to betray their patients, because the SPR implies central control of patient data, that is, control by the DHSC/NHS England, both of which are demonstrably not to be trusted with patient data. The most recent evidence of this untrustworthiness includes the numerous deliberately misleading statements in the above propaganda put out by the Health Secretary. For example, the claim that the SPR puts patients in control and gives them choice is manifestly false. The SPR completely removes the patient’s right to choose what information to share with whom. Transferring patient data to the DHSC/NHS England is tantamount to stripping patients of all information rights, because, when the controller cannot be trusted to comply with data protection law, data protection law might as well not exist.
The evidence that NHS England cannot be trusted with patient data would fill several wheelbarrows. Most recently, they issued instructions allowing Palantir technicians, and others, unlimited access to fully identified patient data when working with patient data in the NDIT. In doing this NHS England put it on record in an internal communication that they were aware of the privacy risks inherent in this action. Yet NHS England has deliberately concealed this information from patients. doctors and the public, and when their action was exposed and reported in the Financial Times, they denied that there was any privacy risk, solemnly declaring that they totally controlled who was accessing the data for what purpose. This was very certainly false and they knew that. The lie is exposed in an article published by Lawyer Monthly, on 11 May 2026, which article you may find at
https://www.lawyer-monthly.com/2026/05/nhs-palantir-patient-data-contractor-accesslegal-
risk/ .
Healthcare providers to whom I have entrusted my confidential personal data might, by the proposed legislation, be given a legal obligation to transfer this confidential data to central control, for repurposing as an instrument of government, but, if they do this, their action will be unlawful because they have a conflicting legal obligation to me, not to do this. The Health Secretary is legislating to force healthcare providers to betray their patients and deny them the protection of the law to which they are entitled. For this reason, if for no other, the Health Secretary cannot be trusted with confidential patient data. He will never build an effective health service on betrayal of trust, coercive control and abuse of NHS patients. It is also a matter of precedent in English Law that data protection law cannot be repealed by implication. That is exactly what the Health Secretary is trying to do. He suffers from the delusion that he makes the law that governs the NHS and that his laws automatically override the law with which everyone else is required to comply. One of the most serious problems afflicting the NHS is that the NHS believes him. A really big mistake.
Comments are closed.