Domestic abuse charities surface fresh worries over NHS data sharing

Some of the UK’s most prominent charities working to prevent violence against girls and women have warned that the automatic opening up of NHS GP records for patients to view online or via the NHS app – which comes into effect on 31 October – will put the personal safety of victims of domestic abuse and stalking at risk.

More than 20 organisations, including End Violence Against Woman (EVAW), Refuge and Women’s Aid have put their names to an open letter – which was also signed by the British Medical Association (BMA) – in which they highlighted how the GP data sharing plan, which was supposed to have started in a previous form in 2021 before being postponed after a public outcry over privacy issues, may compromise people’s safety by making it easier for their abusers to gain access to their victim’s medical data via coercive means and weaponise it for abusive purposes.

It is estimated that about a quarter of women experience domestic abuse in their lifetime, and fifth are likely to experience stalking. As such, the group is “deeply concerned” about the implications of record sharing.

“It is really disappointing and saddening that the government and NHS England have not fully addressed the real risk to survivors that these changes will create,” said Refuge interim CEO Ellen Miller.

“These changes will allow perpetrators to gain access to survivors’ personal health records, including details on medications, sexual, reproductive, and mental health records, and disclosures of domestic abuse.

“The lack of publicity around these changes means that some survivors records may already be available in the NHS app, and they do not even know it. It is essential that these changes are publicised widely, so that survivors know to take the necessary precautions to improve their safety and privacy.”

Additionally, according to Refuge, while the changes legally only apply to prospective medical records created from 31 October onwards, due to various decisions within local NHS bodies, quirks, and the fact that people opt-in and -out of various services when changing their GPs, some who have already gained access to their data have found only new or recent information, while others have found data going back nearly 50 years. All of this data is in various states of completeness – some have sensitive data redacted, others do not, for example.

The group said that although some survivors may find they have already been made exempt or that their GPs may have redacted information on their patients’ behalf, this would not always be the case, so it is now calling on abuse survivors to get in touch with their GPs and request access to their information be rescinded.

It added that if safe to do so, survivors may also want to consider deleting the NHS app from their devices until the health service can address the issues, and review other medical apps, such as menstrual cycle trackers, that they may be using, which may also lack sufficient safeguards.

Miller said: “Our message to survivors is simple. Call your GP surgery and ask that access to your records be switched off, so that they cannot be viewed in the app. If you are concerned, and it is safe for you to do so, please also consider deleting the NHS app from your device.

“While we know that some have already done so, we urge all GP surgeries to check their patient lists and exempt any patients that are considered vulnerable or that you have safeguarding concerns about.

“Refuge is determined to protect survivors and we are deeply concerned that the safety of survivors have been largely ignored while these changes have been implemented. We will continue working with partners and healthcare representative organisations to ensure NHS England build in safeguarding and protect vulnerable women and children,” she said.

Katie Bramall-Stainer, chair of the BMA GP Committee for England, said that some doctors were also worried about the forced implementation of data sharing, even though for a great many patients having access to their GP records on their smartphones would be a positive and welcome thing.

“For almost two years we have been engaged with the Department of Health and NHS England in highlighting GP’s anxieties,” said Bramall-Stainer.

“I worry for patients we frequently see, a parent whose abusive spouse may use sensitive clinical information to undermine legal cases of custody of dependents in the family courts, patients requesting covert contraception forbidden in their home or relationship, or those disclosing abuse from others who may have access to their smartphone.

“These are but a few examples causing GPs as data controllers to raise concerns about this flawed implementation.”

Bramall-Stainer echoed Refuge’s call for patients to let their GP practice teams know if they want to opt-out, or to cease using the NHS app until better protections are in place.

“GP practices should be sensitive to the risks created by these changes and take a proactive approach to protecting patients, particularly where there are safeguarding concerns. They also need to be aware that women may be concerned and respond speedily to requests to turn off access,” she added. “It is essential that survivors are protected as records are made accessible and that perpetrators cannot use medical information for abuse.”