The government has announced that from July 1, they plan to share GP records with organisations outside the NHS:
Patient data from GP medical records kept by GP practices in England is used every day to improve health, care and services through planning and research, helping to find better treatments and improve patient care. The NHS is introducing an improved way to share this information – called the General Practice Data for Planning and Research data collection.
NHS Digital will collect, analyse, publish and share this patient data…”
There are reasons to support this sharing of data, but there are also reasons to be concerned about it, so individuals should make up their own minds about what they want to happen to their data.
There Are Good Reasons For Sharing the Data
As NHS Digital explains,
“This patient data [can be used] to improve health and care services for everyone. This includes:
- informing and developing health and social care policy
- planning and commissioning health and care services
- taking steps to protect public health (including managing and monitoring the coronavirus pandemic)
- in exceptional circumstances, providing you with individual care
- enabling healthcare and scientific research.”
All of these are laudable and important objectives.
There Are Reasons for Being Concerned About Sharing the Data
First of all, it is worth thinking carefully about what the information contains. It does not contain details such as name and address (or NHS number, General Practice Local Patient Number, full postcode or date of birth – all of which are replaced by unique codes) which would make individuals immediately identifiable. The information is said to be “depersonalised.”
But the information does contain details such as your:
- physical health and treatment history – including who has treated you and where;
- mental health and treatment history – again including who has treated you;
- your sexual orientation;
- your sexual health history;
- et cetera.
Who gets to see this? According to the government:
“There are a number of organisations who are likely to need access to different elements of patient data from the General Practice Data for Planning and Research collection. These include but may not be limited to:
- the Department of Health and Social Care and its executive agencies, including Public Health England and other government departments
- NHS England and NHS Improvement
- primary care networks (PCNs), clinical commissioning groups (CCGs) and integrated care organisations (ICOs)
- local authorities
- research organisations, including universities, charities, clinical research organisations that run clinical trials and pharmaceutical companies.”
It turns out that the phrase “not limited to” is critically important here because important exceptions to the list above include commercial organisations such as Google, whose artificial intelligence arm, Deep Mind, received patient records for 1.6 million NHS patients.
“has access to healthcare information collected by the NHS and displayed on its website, as well as the power to benefit from it commercially. … Matt Hancock said Alexa would cut pressure on GPs and pharmacists and answer basic health-related questions from home.
For Amazon’s part, the company will be able to use diagnosis information to create new products (for Alexa or other devices) and will be able to share the information with third parties.
A spokesperson for the NHS said it has put ‘appropriate safeguards’ in place to ensure that information is used correctly. What those safeguards are is unclear.”
Other examples of commercial companies receiving the data include Monitor, Ernst & Young, KPMG, Oliver Wyman, McKinsey & Co and Capita.
For companies with sophisticated data analytics capabilities and a large database of UK consumers, matching these “depersonalised” records with the names and addresses of individuals – not with certainty, but with a high probability of a match – is well within their capabilities.
Why might this matter to you? Simply because it is not clear that there are sufficient protections in law against discrimination on health grounds. Many older people have physical health issues, and around 10% of young people have mental health issues. All of these could face discrimination.
Suppose that you wanted to take out an insurance policy and the insurer had bought information from one of these companies which would give them, with a high degree of probability, a picture of your health. The premiums they would demand would be far higher if you – or, in the case of genetically transmissible conditions, a member of your family – had serious underlying health conditions. It is not clear that this kind of price discrimination would be illegal.
What if you wanted to take out a mortgage? The typical term of a mortgage is 25 years. Your mortgage lender would have serious interest in knowing whether you are likely to be healthy and able to work for the next 25 years.
And imagine that you were applying for a job. To prevent discrimination, it is currently illegal for your prospective employer to ask you about your health or disability prior to making an offer, except in specific circumstances. It is not clear that it would be illegal for them to consult such a database.
It is an Individual Decision
The good news is that you do have a choice. If you opt out by 23 June, your data will not be made available to these organisations. Unfortunately it is a slightly cumbersome process: you need first to alert your GP and then to let NHS Digital know how you want your non-GP data handled. The process is set out here.
If you are concerned about the whole initiative, Foxglove are organising a petition to prevent or at least delay the whole process which you can sign.
Whatever you decide, please do sign-up and join the 99% Organisation.