NHS England will expand the collection of patient care data from hospitals to include general practices to improve data on disease and treatment patterns.
NHS England chief data officer Geraint Lewis said the intuitive is about upgrading information systems by adding information about the quality of care provided outside hospital.
The NHS is to distribute leaflets explaining the scheme and how to opt out to millions of households in the coming weeks, starting in north England.
The data is to be collated by the NHS Health and Social Care Information Centre (HSCIC) to improve analysis of trends that can help plan future health services.
In anticipation of concerns about data protection – particular in the light of data breaches by NHS trusts in recent years across the UK – HSCIC medical director Mark Davis said the centre is a "safe haven" for data.
Read more about the NHS and data protection
- Symantec helps NHS trust cut security costs by a quarter
- NHS set to challenge ICO fine
- ICO issues warning over NHS Data Protection Act breaches
- ICO hits NHS Trust with biggest penalty to date
- ICO finds NHS Liverpool Community Health breached Data Protection Act
- Royal Cornwall Hospitals NHS Trust breaches Data Protection Act
- ICO issues first monetary penalty to the NHS
- ICO issues £175k penalty against Devon NHS Trust
- NHS Trust to appeal £375k data loss penalty
- ICO issues £200,000 penalty for failed IT disposal
- ICO concerned about ongoing NHS data breaches
- Royal Wolverhampton NHS trust loses patient data
- NHS trusts breach Data Protection Act with patient records
- Third NHS trust caught in breach of Data Protection Act
- Lost NHS medical records: Laptops had unused encryption software
- ICO takes enforcement action against NHS trusts for data losses
Information is kept private and used in non-identifiable form to improve the quality of health and social care, Davis said.
While the collection of the data is legal, it does raise questions about the anonymisation techniques and data security to be used, said Stewart Room, partner at law firm Field Fisher Waterhouse.
It is very important to understand the nature of the process that is performed on the data to make it anonymous, he told Computer Weekly.
“If the data is not truly anonymous, then there is a continuing privacy or data protection legal risk,” said Room.
What Europe is concerned about on the question of anonymisation, he said, is whether the technique used to anonymise sensitive data is true and sound, and what guarantees it provides.
Data security is also a concern, said Room, because the initiative is really a big data project involving medical information, which is the most sensitive type of information imaginable.
“So the security framework that is going to attach to this activity has got to be incredibly robust. And the more activities and processing we do, the greater the risk that is built into the system,” he said.
Room said it is essential that the data is properly anonymised and secured, bearing in mind the NHS has had quite a lot of problems on the security front in recent years with the information commissioner.