GPDPR – An Open Letter to GP Practices

This is an open letter to all GP Practices working in the NHS to highlight data concerns that have been planned by NHS Digital. Patients should be aware of the how their data is used and GP practice staff should be aware of how best to inform their patients.

Dear GP practices, 

We are writing to you as GP practices who are data controllers of the patient data that you hold for your patients.

You may (or may not) be aware that the current data extraction that takes place from your GP system (GPES) is going to be replaced with a new system called the General Practice Data for Planning and Research (GPDPR) under legal legislation (General Practice Data for Planning and Research (GPDPR) – NHS Digital). I’ve written a summary blog on it here if you want further information: GP Data Sharing – Dr

Essentially what this means is that to enable this you will need to, as data controllers, satisfy  yourselves that you (as data controllers) have informed your patients of this data extraction that will take almost all the coded data from your patients record and pseudonymise (not anonymise) the patient details to potentially link with other data sources for the purpose of research and planning.

We have previously asked local practices within NELCCG to link their practice websites to the central privacy policy on the East London Health and Care Partnership website (Sharing Information | North East London Health & Care Partnership ( that explains the current sharing that we do as a local system and all practices are encouraged to update this on their own websites. Given that we need to do some work informing our patients of existing sharing, as GP practices (and data controllers) you will also need to make the judgement as to whether your patients have a) been adequately informed of this new (GPDPR) legal direction, b) have access to the privacy policies and c) have had considered time to object to data sharing by lodging what is known as a type 1 objection. 

NHS Digital have not publicised this in the way that I would have expected and the GP practice have the obligation to switch on this transfer and EMIS have circulated details of how to do this on clinical systems (EMIS Web – GP Data for Planning and Research (

If you feel that you have not had enough time to inform your patients and that they have had a reasonable time to object, then this sharing agreement should not be enabled. The expectation is that this will be enabled by the 23rd June 2021 for extraction to commence from the 1st July 2021.  UPDATE – THIS HAS NOW BEEN PUT BACK TO 1ST SEPTEMBER 2021
This would technically place the GP practice as the data controller in breach of the Health and Social Care Act 2012 but there are no sanctions or penalties within the Act that arise from failure to enable. What may happen however, is that NHS Digital will contact the practice to enquire as to why it has not been enabled.

This has been discussed with, and supported by Londonwide LMCs Further information for patients, including methods of opting out for patients is available by clicking here.

If you would like to discuss further or have any other points to raise, we are happy to be contacted.

If your practice is not going to enable the transfer until you feel (as data controllers) that your patients have been adequately informed, please click here to submit your practices support for this inaction.

Yours faithfully,

Dr Osman Bhatti (GP / CCIO North East London CCG)
Dr Elliott Singer (GP / Londonwide LMC Medical Director)
Dr Jackie Applebee (GP / Chair Tower Hamlets LMC)

27 thoughts to “GPDPR – An Open Letter to GP Practices”

  1. Absolutely agree! The record of data loss by Government, both National and Local, is appalling and there is little anyone can do once it is out in the public domain.
    The privatisation of the NHS under Thatcher, Blair et al, is relentless unless we take a stand….NOW is the time.

  2. Totally agree. The incursion on personal security, freedom and rights, is relentless under this Tory cabal. NHS Digital is just another example of this as the big corporations have the government red- light to control and manipulate; hence the prolonged attacks on the BBC and an independent judiciary and the denudation of local council power.
    You have my full support.

  3. I would like to know the difference between ‘anonymise’ (which you say is not part of this) and ‘pseudonimise’ (which you say is). I presume the latter is replacing a real name and address with a dummy name and address. This is what it means in data science. Is that the case?

    1. IDENTIFIABLE patient records include information allowing a patient to be identified. Access to identifiable patient data currently requires patient consent, except in exceptional circumstances, where approval is instead requested from the Secretary of State for Health.

      PSEUDONYMISED or key-coded records have had all identifying data removed and can only be traced back to individuals using a ‘key’ which can be securely stored separately from the patient data.

      Patient data can be ANONYMISED to remove any identifying information. As it cannot be linked back to an individual, accessing anonymised data for ethically approved projects does not currently require patient consent.

  4. Thank you for writing and sharing this letter. My date of birth I will share: it was 1944 and I have never known a government so poor and cynical as the present shower.

  5. I’m sorry that what I assume is a great deal of extra work has been imposed on practices which are trying to keep the NHS functioning. I hope the government will put in place adequate measures to ensure that all of us will be actively kept informed of breaches of confidentiality or other harmful outcomes, and appropriately compensated without having to establish actual loss.

  6. Have opted out online and sent a opt out form downloaded from internet and sent it to my GP surgery. I only became aware of the option because of Big Brother Watch who helped to inform me of the forms. If you go to the site you should find the info there.

  7. I have already replied on another website, sharing my concern about clinical information being shared. I am not worried about this; as far as I am concerned, as much pressure as possible that is put on the government is this matter, the better.
    I am a retired GP, and importantly, an NHS patient, as I expect are most GP colleagues. I do not want non-clinicians rooting about my records, nor those of my ex-patients. I am open about my health. I have had myeloma for 13 years, but I am still alive and fairly healthy. It is for me, and me only, to chose to whom I reveal this information. I may or may not have had other conditions in the past that I do not wish to reveal. I am totally unconvinced that data can be fully anonymised. That underestimates the skill of the electronic technocrats.

  8. This has been troubling me (as a retired hospital consultant and citizen) so thankyou for highlighting.

    1. Properly managed, I think there are great potential health gains to be made through the collection of data for service planning and for research, and this is one of the potential benefits of cradle to grave integrated EPRs
    2. I have no objection to my personal data being collected as long as it is BY THE NHS AND FOR THE NHS or for genuine clinical research purposes.
    3. I have very strong objections to this data being exploited for commercial benefit which I suspect is the underlying motive of this poorly described initiative.
    4. Like others, I have absolutely no confidence in the current government and deep concerns about its motives.

    So, like donating one’s body to science, I am happy to donate my data, but only within the envelope of our own public health & care systems and only if it is for societal good and not for commercial exploitation. Without the necessary transparency, governance and controls, I will decline to allow my data to be used.

  9. And we wonder why patients don’t trust drs or government? This sort of deception cannot help vaccine hesitancy.

  10. I’m just so disgusted. What won’t these people sell for profit? Gangsters running the show and taking liberty with our lives.

  11. This Government is the worst I have ever known.
    The people of this country are being white washed with lies day after day.
    The public Should be notified before something as important as our data being sold on to god knows who. After all this is our data and we should be able to say who can see it

  12. As a retired mental health Worker, I am alarmed that the Government is considering sharing confidential medical records with other non health agencies and doubly so if they intend to make a profit from the selling of medical records to private companies. Surely such a policy contravenes a person’s human rights as legislated under the UK Human Rights Act 1998, Article 8, Section 1: “Everyone has the right to respect for his private and family life, his home and his correspondence”. This includes letters, telephone calls. emails and medical records which are an individual’s personal property.

  13. This would be an appalling breach of trust & confidentiality as it would be selling information about patients to enable private profit.
    The gathering of such data by the NHS to help the NHS plan to cater for health needs would be reasonable & in fact sensible, but not flogged off to private companies to maximise their profits.

  14. I am extremely grateful for this letter from dedicated
    doctors supporting the ethical stance of the GMC as made explicit in Annual Appraisals set up at great expense and time to ‘Protect the Public’ but the citizens
    ethically for research purposes need to be fully informed
    and give a valid signed consent- in other words they
    need to know where this going and the facts.
    My experience is that this not the case and I am reminded of cattle as commodities for transport and sale. There is an arrogance,degradation and commoditisation of humanity revealed in this current approach
    Again I am extremely grateful to the authors for this work and their moral courage and concern both for peers and patients

  15. Unfortunately, I don’t have any confidence that the present government will not make highly confidential medical information (my own and others) available to multi-national giant ‘for profit’ corporations. therefore I will be opt ing out.

  16. Could any part or all of this letter be used to create an article for a press release in our local area or is it cinfidential and for GPs only?

    Every member of the public has a right to know about this so we are working hard to get this out into the public domain by various means both on line and off?

    Christine Lightbody
    Isle Of Wight Save Our NHS

  17. Hello
    Thanks for this brilliant initiative. I would like to adapt it (June/July) to become part of a summer campaign for 999 Call for the NHS. I’ve adapted it to be for patients & patients groups to write to their GP/PPG.

    If there is an address to send our adaptation to please let me know. A link to this original letter and information would be made clearly available

Leave a Reply

Your email address will not be published. Required fields are marked *