This is an open letter to all GP Practices working in the NHS to highlight data concerns that have been planned by NHS Digital. Patients should be aware of the how their data is used and GP practice staff should be aware of how best to inform their patients.
Dear GP practices,
We are writing to you as GP practices who are data controllers of the patient data that you hold for your patients.
You may (or may not) be aware that the current data extraction that takes place from your GP system (GPES) is going to be replaced with a new system called the General Practice Data for Planning and Research (GPDPR) under legal legislation (General Practice Data for Planning and Research (GPDPR) – NHS Digital). I’ve written a summary blog on it here if you want further information: GP Data Sharing – Dr Bhatti.com
Essentially what this means is that to enable this you will need to, as data controllers, satisfy yourselves that you (as data controllers) have informed your patients of this data extraction that will take almost all the coded data from your patients record and pseudonymise (not anonymise) the patient details to potentially link with other data sources for the purpose of research and planning.
NHS Digital have not publicised this in the way that I would have expected and the GP practice have the obligation to switch on this transfer and EMIS have circulated details of how to do this on clinical systems (EMIS Web – GP Data for Planning and Research (emisnow.com).
If you feel that you have not had enough time to inform your patients and that they have had a reasonable time to object, then this sharing agreement should not be enabled. The expectation is that this will be enabled by the 23rd June 2021 for extraction to commence from the 1st July 2021.
This would technically place the GP practice as the data controller in breach of the Health and Social Care Act 2012 but there are no sanctions or penalties within the Act that arise from failure to enable. What may happen however, is that NHS Digital will contact the practice to enquire as to why it has not been enabled.
This has been discussed with, and supported by Londonwide LMCs Further information for patients, including methods of opting out for patients is available by clicking here.
If you would like to discuss further or have any other points to raise, we are happy to be contacted.
If your practice is not going to enable the transfer until you feel (as data controllers) that your patients have been adequately informed, please click here to submit your practices support for this inaction.
Dr Osman Bhatti (GP / CCIO North East London CCG)
Dr Elliott Singer (GP / Londonwide LMC Medical Director)
Dr Jackie Applebee (GP / Chair Tower Hamlets LMC)