- Fotolia – dead or alive?

As NHS Digital picks up the pieces of the disastrous programme, what does the future hold for data sharing in the NHS?

Another NHS IT project, another catastrophe – but for once, the project wasn’t riddled with supplier, technology or process issues. The problem, this time, was mainly a lack of focus on patient privacy. has been shrouded in controversy since its inception several years ago, with concerns around sharing the sensitive medical data of citizens with commercial companies without gaining the explicit consent of patients.

The project aimed to extract data from GP surgeries to a central database, but after numerous delays, the departure of project leader Tim Kelsey, and continuous opposition from privacy campaigners and doctors, the programme was finally scrapped in July 2016 following recommendations by the national data guardian for health and care, Fiona Caldicott.

Sam Smith, coordinator at privacy campaigner MedConfidential, believes that the NHS thinks of as no more than a communications failure, and that by scrapping it is merely getting rid of a “toxic brand”.

Let’s pretend…

He said: “One of the things they’d like to do is pretend that everything under Tim Kelsey’s reign didn’t happen, that the opt-out never existed. And what they want to do is continue to expand these programmes as they wanted to in 2012 without the public knowledge around opt-outs, branding and the politics around all of it.

“[The NHS is thinking] it didn’t work: people didn’t like it when we told them, so how about we don’t tell them?”

Neil Bhatia, a GP at NHS North East Hampshire and Farnham Clinical Commissioning Group (CCG), fears that even if the toxic brand is dead, sharing medical records on an industrial scale is still very much on the agenda.

Indeed, NHS England has suggested to Computer Weekly that the work carried out during the programme was invaluable, and will support new programmes that the National Information Board (NIB) will take forward.

But the organisation’s apparent acknowledgement that was a communications failure doesn’t necessarily mean that it is working on 2.0 behind closed doors. In fact, there is an open consultation after Caldicott’s recent review on what the NHS should do about data sharing.

No consent, no opt-out

However, MedConfidential’s Smith suggested that the questions being asked by the consultation aren’t focused on the right areas. “Two of the Caldicott review’s other findings are that existing GP opt-outs should go away, and that a new opt-out model should not cover already mandated data collections such as hospital episode statistics data, and both of those are controversial,” he said.

Indeed, Bhatia believes that if Caldicott’s proposals remain as they stand, it will instantly take the programme back to February 2013, when details of first leaked out and there was no opt-out.

“These proposals would take us back to mass extraction and uploading, without consent or a fair way of processing information, and without an opt-out,” he warned.

This, he believes, will mean the public will again lack trust in the NHS from a data governance perspective, and that will in turn  be detrimental to those aspects of data sharing designed for genuine direct care such as medical research.

What about the opt-outs?

The main cause of concern for privacy campaigners over was the absence of any opt-out.

But the Caldicott report didn’t recommend a new opt-out or consent model; instead, it introduced several alternatives. The first of these is a full opt-out from the NHS Spine; the second has two sections – an ‘NHS data opt-out’ and a ‘non-NHS data opt-out’.

The first section – the NHS opt-out – covers data used by NHS bodies for running the health service, but also to companies that supply those NHS bodies. This, said Smith, raises concerns around commercial use of data. But there is also a second level, in which those companies that supply NHS suppliers also gain access to NHS data.

Dodgy business

“This is where you get into the very dodgy commercial use, and you don’t get any transparency in what they’re doing because they’re not actually supplying the NHS, they’re supplying suppliers to the NHS and the only reason they’d [use data] is to maximise sales,” said Smith.

These suppliers of NHS suppliers may argue that patients would get the benefit of their products if they have access to certain data, but Smith isn’t convinced.

“While they may provide services to the NHS and have some NHS customers, most of the time they are supplying other people with custom data. For example, if a company is thinking of entering the health market, [these firms will tell them] where they should target their salesforce. That is not supplying the NHS, that is talking to people who will potentially be supplying the NHS and may [end up] never supplying the NHS,” Smith explained.

“These proposals would take us back to mass extraction and uploading, without consent or a fair way of processing information, and without an opt-out”
Neil Bhatia, GP

Most of the data uses in these instances aren’t public because the companies claim that their list of customers are commercially sensitive, he added. “They want the data, but they want it to remain a secret.”

What makes this opt-out model even more complicated is that academic research – an area in which many patients are happy to consent to their data being used – is included in the ‘non-NHS’ opt-out.

While it is just one consent model put forward, the fact that it is an option at all should raise concerns.

What should happen next?

Despite’s pitfalls, data sharing within the NHS is incredibly important in improving the lives of patients, and it is universally accepted that a project needs to be in place to enable this.

Jessica Figueras, chief analyst at Kable, believes the fundamental idea behind doesn’t need rethinking, but that the package around consent does.

“NHS England will have to be more transparent when it comes to setting up acceptable uses of data. It wasn’t really spelled out with where such data should be shared with third parties, and this created suspicion,” she said.

Bhatia said that the type 1 opt-out (whereby the only information leaving the patients’ GP practice would be for direct care purposes) or the type 2 opt-out (where no identifiable information held by NHS Digital would be passed to a third party) could still work as long as they were implemented properly.

For that to happen, he thinks NHS England should respect all existing type 1 opt-outs, preventing all but aggregated data being uploaded to the Health and Social Care Information Centre (now NHS Digital) if that’s what a patient wants.

Extraction ban

Any record-level data, whether anonymised, pseudonymised or identifiable, should not be extracted. Bhatia also emphasised that type 1 opt-outs should apply to all organisations requesting data extracted from GP records for secondary purposes, and that if an organisation wants to extract data for dual purposes, then a patient should be able to determine which, if any, apply to their personal information.

Meanwhile, he said that type 2 opt-outs should ensure that all but aggregated data is blocked from being released from NHS Digital.

“It is not good enough to say that pseudonymised or ‘effectively anonymised’ data can still be released in the presence of that objection,” he added.

He also believes that type 2 opt-outs should be made directly to NHS Digital electronically rather than through GP surgeries, particularly because GP surgeries are not data controllers for information held by NHS Digital.

Finally, he believes that NHS Digital must develop a granular consent system to allow people to decide whether their data may be used by different types of organisations and for varying purposes. If the second consent model suggested by Caldicott’s report is implemented, then this is unlikely to be the case.

Digital Economy Bill

One factor that may change how’s successor programme or projects will use data is the Digital Economy Bill.

“For the first time now we’re starting to see a legislative framework for public sector data sharing which never existed before. Until now, public sector data sharing has been tacked onto the end of particular bills for particular purposes,” said Figueras.

She said that the bill will give public sector bodies more legislative backing to share data, and that this could create some uncertainty.

She also believes that NHS Digital could get privacy campaigners involved from the start of a new project.

“What they want from [a successor] is a project which patient associations can come out and be advocates of, so they should be involving these groups right from the start,” she said.

This would be a canny move, and would lead to clarification of the consent model and perhaps provide a clear strategy of raising the awareness of patients about what data sharing within and outside of the NHS means.

Time-limited opt-out

Meanwhile, parliament has said that the 1.5 million people who had already expressed a type 1 objection would have that objection respected.

But Bhatia believes that this will be a “time-limited offer”, and that after a certain date, citizens will no longer be able to opt out.

Either way, he believes that the technological solution “will not happen” to ensure that all opt-outs, whatever they may be, could be applied across the NHS.

“It’s another IT disaster waiting to happen,” he said. “Hospital trusts can’t even get their records migrated to electronic versions, so what hope is there for this?”

A timeline

Read more on Healthcare and NHS IT