NHS collects patient care data from GPs

NHS England expands patient data collection from hospitals to include general practice, raising data protection questions

NHS England will expand the collection of patient care data from hospitals to include general practices to improve data on disease and treatment patterns.

According to the NHS, data will be anonymised – making it impossible to track data back to individuals – but patients will be given the choice to opt out of the scheme, reports the BBC.

NHS England chief data officer Geraint Lewis said the intuitive is about upgrading information systems by adding information about the quality of care provided outside hospital.

The NHS is to distribute leaflets explaining the scheme and how to opt out to millions of households in the coming weeks, starting in north England.

The data is to be collated by the NHS Health and Social Care Information Centre (HSCIC) to improve analysis of trends that can help plan future health services.

In anticipation of concerns about data protection – particular in the light of data breaches by NHS trusts in recent years across the UK – HSCIC medical director Mark Davis said the centre is a "safe haven" for data.

Information is kept private and used in non-identifiable form to improve the quality of health and social care, Davis said.

Anonymisation techniques

While the collection of the data is legal, it does raise questions about the anonymisation techniques and data security to be used, said Stewart Room, partner at law firm Field Fisher Waterhouse.

It is very important to understand the nature of the process that is performed on the data to make it anonymous, he told Computer Weekly.

“If the data is not truly anonymous, then there is a continuing privacy or data protection legal risk,” said Room.

What Europe is concerned about on the question of anonymisation, he said, is whether the technique used to anonymise sensitive data is true and sound, and what guarantees it provides.

Data security

Data security is also a concern, said Room, because the initiative is really a big data project involving medical information, which is the most sensitive type of information imaginable.

“So the security framework that is going to attach to this activity has got to be incredibly robust. And the more activities and processing we do, the greater the risk that is built into the system,” he said.

Room said it is essential that the data is properly anonymised and secured, bearing in mind the NHS has had quite a lot of problems on the security front in recent years with the information commissioner.

Read more on Privacy and data protection