05.08.15
Kelsey attempts to dispel GP data privacy fears
NHS England’s national director for patients and information says there was “never any proposal to collect confidential data” as part of the Prime Minister’s Challenge Fund (PCMF).
In a letter to Dr Sarah Wollaston MP, chair of the Health Select Committee, Tim Kelsey attempted to dispel some of the fears sparked by a Daily Mail article last month, which claimed the NHS “demanded confidential details of millions of GP appointments”.
The Mail article said that a letter from Tracey Grainger, programme director for the PCMF, which has invested £175m across 57 schemes to help improve access to general practice, asked EMIS – the market-leader for GP software – to provide data including the date, time and duration of appointments, most of the patient’s postcode and their date of birth.
She added: “We are seeking your assistance to obtain extracts of de-identified patient level data from systems that either record appointments or record consultations or in some cases both. This extract needs to be in place by September 2015.”
But Kelsey defended the actions by saying that currently GP staff are analysing patient data locally and providing aggregate returns for evaluation which are anonymous – a slow and costly process that gives rise to variation in data quality
“As a result, NHS England was asked by some of those GPs participating in the PMCF schemes, if we could develop a simpler method – an automated extraction of data and subsequent aggregation through the Health and Social Care Information Centre (HSCIC) on their behalf,” he said.
“In light of this request, NHS England approached the HSCIC to consider options and a letter was sent on 19 June 2015 to the four contractors who manage GP software systems inviting them to discuss the feasibility of such a data extraction.”
Kelsey said the request, and an accompanying draft specification, was for de-identified data – including, for example, the first three letters of the postcode (in order to risk adjust for deprivation) and the year of birth. There was never any proposal to collect confidential data.
He added that in all cases the GP – as data controller – would have had to authorise the extraction of data from the practice system.
Additionally, prior to the Daily Mail’s publication, a decision was taken on 10 July not to proceed with the proposal.
He said there was “a risk” it could be perceived as at odds with NHS England’s public commitment that there will be no national extraction of patient data from general practice – even de-identified, as in this case – until after Dame Fiona Caldicott has reviewed the care.data pathfinders and the new standard of fair processing for secondary uses of this data has been clarified.
In addition, the software suppliers said they “did not have the technical capability to undertake the PMCF extraction”.
It was also noted that the National Information Board has made improvement of access to data assets in health and care – including for GPs – one of its key priorities and will be announcing a comprehensive implementation strategy later this year.
When the Mail article ran, Phil Booth, coordinator of medConfidential, said: “If NHS England thinks a complete list of when and how often you visit the doctor, and who it is that you see, isn’t personal information then maybe someone involved should have gone to medical school, rather than politics school.”
In the July/August edition of NHE, we speak to Andy Williams, chief executive of the HSCIC, about its new five-year strategy and why data security sits at its heart.