Patient-identifiable data will soon be extracted from GP systems and placed in a large database under government control.
The General Practice Extraction Service (GPES) was set up to be a nationally accredited way of extraction data from all of the GP clinical systems – a bit like MIQUEST, but only for national projects.
This paper from 2008 describes its original purpose & aims:
It is administered by the Health and Social Care Information Centre (H&SCIC )
One of its key functions is to be a recognised ‘safe haven’ where patient-identifiable data from different organisation can be combined.
GPs were told that they would be able to opt in to extractions and that patients would be able to opt out; data extractions would be for a specific defined purpose; and a large central database would not be built up to be used for further queries. However, the current reality is different.
The government announced in December 2012 that it intended to take a set of data(care.data) from all GP clinical systems.
They said that these data need to be patient-identifiable so that they can match patients against data from secondary care.
The document does not define a clear purpose for the use of these data, nor why the data couldn’t pseudonymised rather than patient-identifiable.
Until last year GPs would only be able to release patient-identifiable data to a third party without patient consent under Section 251 of the NHS Act 2006 (previously section 60 of the Health & Social Care Act 2001) where the Ethics & Confidentiality Committee (ECC) of the National Information Governance Board (NIGB) had decided that it would be unreasonable to seek individual patient consent (eg for the national cancer registries). Although Section 251 approval made it legal for GPs to divulge patient-identifiable data, it did not force GPs to do so.
The responsibility for authorising section 251 requests moves to the Confidentiality Advisory Group (CAG) of the Health Research Authority (HRA) on April 1st.
The 2012 Health & Social Care Act introduced the ability of the government, via the NHS Commissioning Board (NHS CB), to demand any patient-identifiable that it wants. The H&SCIC is obliged to demand these data from General Practices, who in turn are obliged to give it, without patient consent.
There is an Independent Advisory Group (IAG) to GPES. The H&SCIC is obliged to seek the opinion of the IAG but is not obliged to follow their advice.
The government has not expressed any clear rationale for its demand for the care.data set – it seems to be a question of rummaging through some data to see if it can find anything useful. Under the Data Protection Act (DPA), the government would be expected to justify its purpose and not take any unnecessary data. The H&SC Act means that it doesn’t have to follow any such niceties.
The IAG has approved the care.data set subject to the IC coming back with a clearer purpose for the data, an exclusion dataset for sensitive data and consideration of patient opt-outs.
It remains to be seen whether this will have any impact.
There are available techniques to allow the linkage of pseudonymised data, so the government’s argument that it needs patient identifiable data for linkage is false.
Openpseodomiser information presentation
For an in-depth review of data sharing & pseudonymisation see the Primary Healthcare Specialist Group paper
GPs are data controllers of their patients’ personal information. The H&SC Act forces us to release data in contravention of the DPA (The H&SC Act makes it legal for us to ignore this part of the DPA when releasing data to the H&SCIC for the NHS CB). We will have no control over who accesses the data after it’s left our practices. So far, the NHS CB says that reports on these data will be anonymised, but there are already application in for access to identifiable data.
Section 35(1) of the DPA states:
"Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court."
So the DPA is trumped by the H&SC Act.
Relevant sections of the H&SC Act:
254 (1) The Secretary of State or the Board may direct the Information Centre to establish and operate a system for the collection or analysis of information of a description specified in the direction.
254 (3) A direction may be given under subsection (1) by the Board only if the Board considers that the information which could be obtained by complying with the direction is information which it is necessary or expedient for the Board to have in relation to its exercise of functions in connection with the provision of NHS services.
254 (5) Before giving a direction under subsection (1) the Secretary of State or (as the case may be) the Board must consult the Information Centre.
259 (1) The Information Centre may—
(a) require any person mentioned in subsection (2) to provide it with any information which the Centre considers it necessary or expedient for the Centre to have for the purposes of any function it exercises by virtue of this Chapter, and
(b) request any other person to provide it with such information.
(2) Those persons are—
(a) a health or social care body;
(b) any person (other than a public body) who provides health services, or adult social care in England, pursuant to arrangements made with a public body exercising functions in connection with the provision of such services or care.
259 (5) A requirement under subsection (1)(a) must be complied with by providing the information to the Information Centre in such form and manner, and within such period, as the Centre may specify.
259 (10) The provision of information under this section—
(a) does not breach any obligation of confidence owed by the person providing it, but
(b) is subject to any express restriction on disclosure imposed by or under another Act (other than any restriction which allows disclosure if authorised by or under an Act).
I think that this latter section means that the data release should still abide by other principles of the DPA
2: Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
5: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
The interpretation and opinions in this article are personal and are not necessarily those of the EMIS National User Group.