This site is intended for health professionals only


Plans for mass patient data sharing last year were ‘a mistake’, says review lead

by Caitlin Tilley
16 May 2022

Share this article

Trying to re-launch plans for mass patient data sharing last year was ‘a mistake’, before a ‘trusted research environment’ had been guaranteed, the lead of a Government-commissioned review has said.

He also admitted that he himself has opted out of the NHS sharing his own patient records.

Professor of evidence-based medicine at the University of Oxford Professor Ben Goldacre made the comments to the House of Commons Science and Technology Committee during an evidence session on the right to privacy with digital data.

In May last year, NHS Digital announced it would be rolling out a ‘new and improved’ GP data collection system called General Practice Data for Planning and Research (GPDPR), with campaigners warning that it would potentially make sensitive patient data available to private firms

But this was delayed to give people more time to opt out, and then further delayed to allow for GPs to focus on the Covid pandemic response.

Professor Goldacre was asked to lead the official review into data sharing, following which he suggested that ‘one national organisation’ could ‘act as data controller for a copy of all NHS patients’ records’ in ‘a trusted research environment (TRE)’.

Asked whether he thought patients, many of whom opted out of their data being shared, had been right to do so, Professor Goldacre told MPs told MPs: ‘I think it is a mistake to launch an enormous programme like that without first of all making it clear to patients exactly what the mitigations will be. I think the national GP dataset is so granular and so comprehensive in its coverage that it wouldn’t be appropriate to share it outside of the TRE.

‘So overall, yes, I would say it was wrong to try to launch a programme like that before we had made a commitment that all data access would only be through a trusted research environment.’

However, he added that he understands that setting up a TRE is now Government policy.

He said: ‘But that, as I understand it, is now policy, so we have a very positive future ahead of us, in part because trusted research environments don’t just mitigate privacy risks; they also make for a much more productive environment for working with data.’

Professor Goldacre also admitted for the first time that he did withdraw his consent for his data to be used, because ‘I know so much about how this data is used and how people can be de-anonymised’.

He said he has ‘friends who have had their data illegally accessed through national datasets’, though not health datasets.

He added: ‘Because I work in this field, the risks are very salient to me.’

Data shared via GPDPR is intended to include patients’ full history, not just any future changes to their records. This means it goes even further than the previous controversial scheme, care.data – which was completely ditched in 2016 after becoming too toxic due to accusations of the NHS selling off the data to private companies.

Professor Goldacre told MPs the GP dataset is ‘probably the single most valuable NHS data asset’, due to the level of detail about individual patients, and the fact that it is ‘very complete in its population coverage’.

This brings ‘huge opportunities’ for analysis for improvement of health services, but it also presents ‘very substantial privacy risks to patients’.

Professor Goldacre said: ‘Like many NHS datasets, it contains information which many, albeit not all, patients would prefer not to be widely accessible to people outside of trusted clinicians or family members.’

He added: ‘Once it’s leaked, it can’t be unleaked, and you have to work very carefully with it to do good with it, whilst minimising harm.’

When asked how such a ‘blunder’ by the Government was made, Professor Goldacre said: ‘What I saw up close, being candid, was a kind of groupthink that tended to overstate the privacy benefits of pseudonymisation.’

This was partly driven by a ‘longstanding lack of technical expertise among people in senior roles working on issues like data architecture and data analysis’.

He said that penalties for individuals who misuse data sets need to be ‘absolutely enormous’ to ‘communicate very clearly that this is not acceptable’.

In June 2021, then health secretary Matt Hancock asked former RCGP chair Professor Helen Stokes-Lampard to advise the Government on the successful rollout of the GP data project.

No new date has been announced for its launch, but GPs have most recently been asked to comply with the national data opt-out policy by 31 July 2022.

It comes after the RCGP urged the health secretary to delay the rollout of the accelerated citizen access to GP data  programme by at least eight-weeks to ensure guidance could be published for practices before it began.

This story was initially published on our sister title Pulse.