Legal straits forced NHS delay on

1874 Paris Morgue Crowded Viewing Window Death Coroner.pngA legal pinch forced NHS England to delay its “” system, Computer Weekly can reveal.

The NHS body portrayed the delay as a sensible – even generous – response to concerns raised by GP doctor groups, who said patients should be better informed about before it was switched on. There was nothing about any legal obligation. This was merely the decent thing to do.’s delay even had none of the usual software gremlins. It wasn’t another IT bodge. The scheme is esteemed by what appears to be the entire medical establishment, including those GP groups that raised the alarm.

So there was nothing but courtesy that stopped NHS England cranking up as scheduled in April.

Nothing but privacy law, that is.

Or what remained of relevant privacy law after the government cut it back in 2012 to set up. There wasn’t much left. But it was enough to ensure would breach the law if NHS England cranked it up in April, when it was due to start collecting patient records from 34,000 GP practices and combining them with hospital records into a medical research database at the Health and Social Care Information Centre.

The bit of the law the coalition government revoked would have given people power to stop it extracting their GP records. It effectively claimed power to requisition the data – a sort of data tax. The remaining bit of data protection said GPs would have to tell you before they handed your records over – a sort of courtesy. If they didn’t tell you, you could take them to court.

That meant GPs would fall foul of the law if they started sending medical records to the HSCIC before anyone knew what it was all about. With April fast approaching, few people do. GPs would have been liable if went ahead as planned.

Thumbnail image for Dawn Monagan - ICO - cropped.pngWarning

The Information Commissioner warned NHS England about this on 12 February when Dawn Monaghan, its public sector liaison, met with data chiefs at NHS England and the HSCIC.

“We raised criticisms early this month,” said a spokesman at the ICO.

“NHS England said they would look at those concerns and come back with a solution. The solution seems to be that they’ve introduced a six month delay,” he said.

BMA GP committee chair Chaand Nagpaul.jpgThe Royal College of General Practitioners and British Medical Association were meanwhile calling foul on NHS England. BMA GP committee chair Chaand Nagpaul and RCGP Honorary Secretary Professor Nigel Mathers said the government needed to do more to inform patients about

What they didn’t say was, patients didn’t know because GPs had neglected to tell them.

Both GP bodies thought it their responsibility last year. Both lobbied their GP members to tell patients about But by October the ICO had stepped in and NHS England had agreed take responsibility to persuade patients to sanction Its campaign was lacklustre. And now GPs say it’s not their responsibility.

That’s what an RCGP spokeswoman insisted. It wasn’t GPs’ responsibility, “Because it’s an NHS England initiative”.
“GPs need to be able to inform patients about it, and obviously they have a role as data collectors. But it’s an NHS England initiative,” she said.

Destroyed Jacob Epstein Sculptures at the old BMA building in London - cropped.pngNothing to do with us

A BMA spokesman said GPs did their bit last year by putting up posters they’d been sent. This was as far as their responsibility went.

“They’ve been given materials by NHS England. It’s NHS England who are responsible for the communication campaign. Not GPs. And not the BMA.”

“It’s not GPs’ responsibility to write to all their patients,” he said.

And why not?

“Because they’ve not been asked to do that.”

Do they need to be asked to do it?

“Writing to all of your patients costs money. And it’s obviously a time consuming thing to do. So we would need to look into the details of how that’s done. But the fact is it’s up to NHS England to make sure it’s properly resourced.”

It always comes down to money with GPs?

“GPs have been under huge workload pressures. They’ve had reductions in their funding over many years…”

They don’t get paid enough already, do they?

“… So if they are going to do extra things, they need extra funding for it. It’s a government initiative”.

The spokesman insisted GPs had not taken an ‘us and them’ position against the NHS. That though is how it seemed.

‘Us and them

The government’s 2012 Health and Social Care Act legally bound GPs to feed patient records into This has helped critics of the programme portray it as an imposition on GPs.

Yet both GP bodies back the initiative. The BMA supports even though it still opposes the 2012 Act. It said it has no issues but NHS England’s lack of communication. The BMA said the same.

Professor Nigel Mathers - Royal College of General Practitioners Honorary Secretary.jpgProfessor Mathers’ dramatic letter made six “demands” not about problems he saw in the scheme, but problems patients thought they saw in the scheme and had not been addressed in NHS England communications.

GPs also stand to gain from as much as patients, “the NHS”, and anyone else who cares about health, which is just about everyone except for psychopaths (that’s prejudice), the most tragically indifferent (that’s experience) and national socialists.

GPs may moreover be best placed to communicate with patients. A GP letter has more credence than a leaflet from NHS England. GPs are legally bound to submit the data. They are legally bound to tell patients about it.

Yet they complain to NHS England their patients don’t know enough about it, nearly a year after they were charged with telling them.

Computer Weekly put it to NHS England data chief Tim Kelsey that NHS England had failed to sell the idea not to patients but GPs.

Tim Kelsey - NHS England data chief - flipped.png“The BMA and RCGP sent materials out to GPs six months ago,” he said. “I think there are GPs who feel they haven’t had adequate information, even though we sent out information. This is just one of those things where there’s no-one to blame. To be be honest, there’s no reason that outweighs the importance of their being a proper, informed public debate. That’s what we prioritised and that’s the decision.”


Yet many GPs are themselves so confused about the programme that they don’t even have the answers to awkward questions being raised by their patients.

A survey by Pulse magazine found last month 41 per cent of 400 GPs were planning to withhold their patient records from

They were worried about the same things patients were worried about: that was giving patient data to third parties and private companies. They had like most people not had time to digest the implications of a society where people’s most sensitive biological markers and parameters where hoisted up on a database like a cadaver put before a lecture hall in a Victorian medical college.

GPs were in fact being responsible data owners in going one step further than telling their patients just to hand it over. They were not responsible enough though, as they gawped at the approaching April launch, to have found the answers to their questions. GPs were in fact about as fearful in their ignorance of as their patients. A BBC survey found last week that about the same proportion of patients were ignorant of as their GPs – 45 per cent. This is the decentralised NHS the coalition government’s reforms sought to create.

Yet is actually devilishly hard to learn the answers to the sorts of questions GPs and patients would have about this scheme. That is the details: who specifically will get your medical records and what will they do with them under what conditions.

ICO infographic on ICO said its warning to NHS England this month concerned a leaflet the NHS body sent to patients. The leaflet was promotional, placatory: look how great our scheme is. It had a link to a website for details. But the details were too vague to satisfy the ICO, too vague satisfy what remains of the law.

Who, what, wher.. heh?

The ICO produced its own cartoon leaflet with more information about the contentious areas. But it also raised more questions than it answered.

Everyone’s medical records would be made public after being scrubbed of identifying attributes, it said.

But some other medical data that might identify you would be shared with unnamed organisations for purposes that were not specified. Other medical data most definitely about you would be given to other unnamed organisations with some unelaborated legal basis to get it. It linked to a website itself that also neglected to give such details.

NHS England has meanwhile agreed with GPs to step up its general awareness campaign. More people will consequently understand vaguely that their medical intimates have been requisitioned for the greater cause of medical science. It is a worrying precedent only partially placated by NHS England’s late offer of an opt-out for patients who would rather their donate their medical intimates at all.

The 2012 Act gave government power to simply take what it wanted. It appointed the Health Secretary as some sort of data Sheriff of Nottingham. The data protection law it revoked was a right to refuse. The NHS subsequently re-introduced it as a mere courtesy with provisos – what it now calls an opt-out.

Kelsey, deputy data sheriff, is attempting to tell people about this courtesy in his publicity campaign. But without legal protection, with so much uncertainty about the details, with DNA science rekindling interest in eugenics, with powerful drugs and insurance companies slavering over patient data, with organisations like the US National Security Agency and Britain’s own security agencies hoovering up as much human intelligence as they can, with predictive and pre-emptive crime science on the horizon, with the world-wide economy in trouble, civil war fermenting in Europe and nationalism on the rise, it may be a faint courtesy. Medical science needs no more data than people are willing to give. Data science is a statistical science. It doesn’t need total surveillance. But if it does get it – if the do-good banner of medical science is used to justify the state’s requisition of all medical records – the rest of our data protections will fall like dominoes.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The whole process of following through on this system was ill thought out and poorly implemented by the NHS, Government and the patients GP's. Had the system been explained and the life-saving benefits been explained to the patients and an opt-out made very clear there would not have been a delay.

As a patient, and a patient advocate, I would want to be sure that if I were to be taken to an A&E department with a medical emergency the doctors treating me would have access to my full medical records. At present they have to rely on information given to them by a presenting patient who could be so confused or injured the information could be wrong or important previous symptoms or diagnoses could be missed. I would much rather see a doctor look at facts on a computer or tablet and then treat me for the cause of the visit to A&E with the full and up-to-date information from my medical records.

Who in their right mind would not want the doctors and nurses treating them to have a full medical history of them? Yes, the wrong people might get hold of the information and security could be compromised, but the lives saved would be a major benefit to the NHS, with less litigation cases for hospitals who mistreat patients because they had "not been told" of previous medical injuries, treatments, diagnoses or medications.

The UK needs this system and we need it as soon as possible to save as many lives and complications from patients being mistreated due to a lack of correct information.

As an active patient voice, which was set up by our local CCG, we challenged our CCG about Care.Data when it was first announced in 2013 (originally called the GP Extraction Service = GPES) (search this word document for 'extraction'. The reasons we were given why this wasn't their problem were manifold. 1) The CCG is made up of the local GPs who are running the NHS locally, but they have no authority to tell GPs what to do. 2) Yes they can promote best practice and seek to raise standards, but GPs are small independent businesses not answerable to the CCG. 3) GPs only respond (sic) to requests for extra work that include additional funding - a financial sweetener to get them to do the extra work that is needed, and the CCG doesn't have a budget to pay GPs to provide patient information about GPES. 4) The CCG is a consumer of the data, they pay HSCIC to provide them with local demographic data, so they want it to go ahead with as many records as possible. 5) The data is extracted from the GP computer systems anonymised, so what is the problem? The discussions that followed are a matter of public record (check out SPIG minutes under 'Get Involved'.

I have personally never received a leaflet about Care.Data, and neither has anybody I know. I asked in my surgery this week. My practice say they still don't know anything about it, but the CCG are apparently writing a letter (as I write this) which the surgery will forward to patients explaining things.

Of course the data is not extracted from GP systems anonymised, anyone who says that has not read the project specification. The specification says the data is pumped into HSCIC in raw, unaltered form, into a big database that is owned and operated by a private company on contract to the NHS. It is then released in 2 forms. Un-anonymised for checking things like GP prescribing budgets and additional payments (like every time a GP prescribes statins). Then the data is released everywhere else in anonymised form, removing the name of the patient. However as everyone realises: the date of birth, NHS number, postcode would be enough to identify anyone if it is simply recombined with other publicly available data sets such as the national census and voters register.

Like, everyone understands what Big Data means right? Hadoop, NoSQL databases, data mining in the Cloud. All the data sets in the world combined into one big search engine. Of course nobody is 'supposed' to do that with Care.Data. If that happened, well, we don't know what would happen. Some people somewhere would undoubtedly be very cross.

But what are we going to actually do to stop it? Ask your surgery not to include your data now? How do they do that, they say they don't even know it is happening, what the opt out options are. I read that if we don't opt out before the system goes live we forever lose the right to opt out later. But local GPs say they haven't been told this.

To be fair, the CCG was very new when we were having these discussions with them as a patient reference group. They do listen. Lots of things have worked very well, and improved as a result of genuine patient consultation. So the CCG are not entirely to blame. Nobody knew all these changes would be happening at once. It was perhaps just a case of unfortunate timing that the government introduced Care.Data while the CCGs were only in Shadow Form and hadn't taken over their role yet.


I'm glad you were able to address particular issues there like whether or not there is a need for GPs to inform their patients of what's going on. They shouldn't have to be told to do this. Yes, it is time-consuming, but then again, and with regards to the question you raised up there, "does it always have to be about money?" If they really care about the health of the people, they should stick to a system where no one's privacy and profession will be compromised.