Around two thirds of respondents to EHI’s survey on care.data say they plan to opt themselves out of the data-sharing initiative.
EHI received 145 responses to its online survey over the past week, of which more than one third said they work in primary care.
More than 66% of respondents said they will be opting themselves out of the care.data programme, which involves linking a new GP data set with hospital data to create Care Episode Statistics. This is even higher than a recent poll by GP magazine Pulse, which found that more than 40% of GP respondents would opt out.
The online survey was self-selecting, but provided a snapshot of views of NHS IT professionals on the privacy issues surrounding care.data.
Patients have the right to decide not to have their data collected or shared by informing their GP, who will add a Read code to their record. However, the Information Commissioner’s Office last week expressed concern that information provided on care.data was not clear enough about this opt out.
NHS England’s director of patients and information Tim Kelsey has also admitted that information leaflets about care.data, sent to all households during January, had “perhaps” not been clear enough about opting out.
Around half of the survey respondents said they had not received the information leaflet. Numerous people have tweeted and commented to say that it was tucked inside junk mail and therefore very easy to miss throw away without seeing it.
Labour MP Roger Godsiff has asked the ICO to investigate whether enough information about the scope of care.data has been made available to allow patients to make an informed choice about opting out.
An NHS England spokesperson said it is surveying a sample of households to evaluate the effectiveness of the leaflet, which includes asking whether people recall receiving it and how much of it they read.
“This exercise will ensure that lessons are learnt to incorporate in future national mailings,” the spokesperson added.
NHS England and the HSCIC are also working on a new document to “dispel myths about the programme”.
Care.data involves taking a large monthly dataset of patient identifiable data from all GP practices in England. This will be linked with Hospital Episode Statistics within the ‘safe haven’ of the Health and Social Care Information Centre, which will provide it to NHS commissioners and researchers in anonymised and pseudonymised form.
When asked whether they have confidence in the HSCIC as a ‘safe haven’ for storing and linking patient identifiable data, only one third of respondents said yes. An HSCIC spokesperson said the organisation is: “committed and legally bound to the very highest standards of privacy, security and confidentiality to ensure that patient’s confidential information is protected at all times”.
“All confidential data is held on secure servers in protected data centres, which only a small number of authorised personnel can access and confidential data is encrypted whilst in transmission,” the spokesperson said.
The HSCIC did a corporate Cyber Security Review in October 2013. “Through continuous assessment and checks, including employing independent hacking experts to test the robustness of our security, and an organisation-wide approach to risk management, HSCIC is well placed to leverage its existing excellence in information security and governance to manage and prepare for technical, procedural or personnel cyber security threats,” the spokesperson added.
Hampshire GP Dr Neil Bhatia commented that people have an inherent distrust of government departments. “The last few years have shown that when large numbers of people are looking after gigantic amounts of information, breaches of all sorts will occur,” he said.
Dr Bhatia has been proactive in informing patients about care.data and 8% of his practice population has opted out. A Freedom of Information request he made to the HSCIC has also revealed that while patients can opt out of care.data after extractions begin in March, their data will not be retrospectively anonymised.
NHS England has asked the HSCIC to conduct of a review of the possibility of pseudonymising the data used in care.data at source, rather than within the HSCIC. Nearly half of all survey respondents said this would allay the concerns that they have about the programme.
However, a recent NHS England board paper says the HSCIC, “considers pseudonymisation-at-source to be impractical." EHI understands the review is not going to be made public unless requested under the Freedom of Information Act.