You may be aware that the press in the UK has begun to run articles about ‘opting out’ of various data sharing programmes run by the NHS. As an expat, you are likely to have private health insurance, but you may also be registered with your local GP practice if, for instance, you have a home in the UK as well as your host country. What are these data sharing programmes, and what do they mean for you if you are registered with the NHS? Is it true that your medical details can be sold on to a third party?
The reason for these new initiatives is the establishment of the NHS Digital database, a comprehensive compilation of UK medical data, which will be pseudonymised (in other words, your personal details will be replaced by a code) and shared with organisations such as universities and pharmaceutical and technology companies. The NHS says that it has run an extensive campaign to alert the public to this change. However, critics point out that this campaign has primarily been targeted in GPs’ surgeries – during a year in which most people have been in lockdown – and via the NHS app – to which people concerned about data sharing are unlikely to have signed up.
No-one is saying that data collection is not important. 2020 has shown us the value of having a wide, centralised information pool in order, for instance, to track the spread of infectious diseases. Epidemiological studies have gained significant traction from the large amounts of data collated from the UK population. However, NHS Digital is not being proposed for a specific medical purpose, such as combating Covid-19. This data has an enormous commercial value, and there have been concerns about the anonymity of the data, about who it will be shared with, and what it might be used for. We will take a look at some of these concerns and how you can opt out of this initiative if you decide to do so.
There are two different kinds of opt out, and they have recently changed, which can be confusing. We will take a look at each one in turn.
Type 1 opt out: sharing of your medical records
This kind of opt out is to prevent the sharing of your medical records and your confidential patient information held at your GP practice for purposes other than your individual care.
The General Practice Data for Planning and Research (GPDPR) data collection will start on 1st July 2021. If you do not want your data to be shared with NHS Digital from your GP practice, you will need to register your Type 1 opt-out with your GP practice by 30th September 2021. This is the only way you can opt out.
The form is not very easy to find. Go to the NHS Digital website and look for the words “returning this form”. You will need to download the form, complete it, and email/post it to your GP practice before 30th September. Doing this will not impact your medical professionals’ ability to see your records.
Type 2 opt out: national data opt out
The national data programme is a little different. Opting out of this covers your data being used for research and planning. National data opt-outs are not recorded by your GP practice and are more extensive. The programme relates to data collected across the health and care service (not just at your GP’s surgery) for purposes other than your individual care. This was previously known as a type 2 opt-out but has now been replaced by the national data opt-out.
Type 2 opt-outs recorded on or before 11th October 2018 have been automatically converted to national data opt-outs.
You can opt out via the NHS website at any time (there is no deadline) or by calling 03003035678. This will prevent your health data, also known as your confidential patient information, being used for planning and research. You will need to know your NHS number.
Can my data be sold if I don’t opt out? Who will it be sold to?
NHS Digital says that it never sells data and only shares it when it will help health and care and it is safe, ethical and legal to do so. They also say that only share the least amount of data required and do so in the ‘least identifiable way possible.’ They have told the UK press that the law prevents them from selling private medical data. However, they admit that private companies could profit from products developed using data that has been shared with them for free. So, data that is sold will allow private companies to profit, but none of this money will be channelled back into the cash-strapped national health.
There are also concerns about patient anonymity. Experts say that it is relatively easy to trace ‘anonymised’ data back to its source. They warn that information sold on by the Department of Health and Social Care can be traced back to individual medical records. Senior NHS officials told the Observer in 2020 that the Department of Health and Social Care has sold patients’ data to American drug companies, and that this data can be linked back to patients’ individual records in GP surgeries. The American government stated in 2020 that it wanted full access to British medical records as part of any post Brexit trade deal. Why? Because it’s one of the most comprehensive and centralised medical data systems in the world, and thus worth a great deal of money.
A big concern is that data will be eventually sold on to insurance companies – thus affecting your premium. The NHS denies that this will be the case, but it has got into trouble before over claims that insurance companies, such as BUPA, have had access to confidential hospital data.
The organisation medConfidential, which campaigns for the privacy of medical data, warns that the ‘unique combination’ of medical information that makes a patient’s history so valuable (like a fingerprint) is the very thing that causes its anonymity to be vulnerable. The Clinical Practice Research Datalink (CPRD), part of the Medicines and Healthcare Products Regulatory Agency (MHRA), who issue licences to buy medical data, changed their description of patients’ information from ‘anonymous’ to ‘anonymised’ after protests. However, NHS Digital has said that anonymity could be reversed under particular circumstances – although it has not given details of what those circumstances might be.
An Information Governance Lead has said that, due to massive data breaches in the past, it is ‘almost impossible’ for data to be truly anonymous. Moreover, the NHS has already suffered from a series of scandals in which computer equipment containing patient records has been sold on – without those records being wiped.
In recent years, there have been scandals in the US relating to medical insurance ‘postcode lotteries,’ with algorithms suggesting that particular districts are likely to contain populations (often non-white populations) with specific health problems, such as obesity. The concern is that your postcode could see you penalised, even if you don’t suffer from the health problem in question.
The NHS do have strict rules about how data can be handled, but be aware that, although these rules apply for now, there seems to be no guarantee that they might appertain in future. It is recommended that you take a careful look at the pros and cons of these data sharing exercises.