NHS Digital has said it will delay the launch of the controversial General Practice Data for Planning and Research (GPDPR) service for England until 1 September.
The organisation said it is taking the step to provide more time to speak with patients, doctors, health charities and others to strengthen the plan – and to give patients more time to make a decision about opting out of the service.
Initially the GPDPR, designed to facilitate the extraction of GP patient data for research and planning, was scheduled for launch on 1 July, but it has prompted concerns about privacy and that patients were not being given enough time to become aware of an opt out option, which had a deadline of 23 June.
Announcing the change in date, Simon Bolton, CEO of NHS Digital, said: “We are absolutely determined to take people with us on this mission. We take our responsibility to safeguard the data we hold incredibly seriously.
“We intend to use the next two months to speak with patients, doctors, health charities and others to strengthen the plan even further.”
The GDPDR is being set up to replace the General Practice Extraction Service and includes a new technical system that pseudonymises the data at source and encrypts it in transit.
Support for research
National Data Guardian for Dr Nicola Byrne has published a statement emphasising the importance of data, including from GP records, in improving health and care through research and planning.
“The new system for collecting general practice data provides an opportunity to strengthen the safeguards that protect GP data and provide strong oversight of its use for planning and research of benefit to health and care,” she said.
Byrne said that public attitudes are in favour of using the data for research “if certain expectations are met”, including that it delivers a public benefit, it is clear how the data will be used and that robust cyber security is in place.
“I am continuing to listen to and talk with patient groups and the public to inform my discussions with system leaders,” she added. “My focus is on encouraging the organisations involved to work together to make it sufficiently clear to the public how data will be used and kept secure, both now and in the future.”
Royal College concerns
But the concerns over the timescale prompted the Royal College of General Practitioners to write to Health Secretary Matt Hancock calling for a delay to allow time for a proper public information campaign.
“The college supports the principle of improved and more secure sharing of data for legitimate healthcare planning and research purposes, but it is critical that appropriate safeguards are in place to guard against any inappropriate uses of this data,” it said. “Most importantly, any sharing of data must be transparent and maintain public trust in how general practice and the NHS more widely uses their information.
“We have also reiterated to the health secretary that at this time of extreme workload pressures, as well as the focus on the Covid-19 vaccination programme, it must not be left to GPs to communicate with patients on this issue. It must be done by NHS Digital and thoroughly.”
The plan has also led to familiar claims from privacy groups about a centralised database, data being sold to commercial organisations and the possibilities of anonymised data being de-anonymised.
NHS Digital said that the system will not involve the collection of entire GP records, that data can only be accessed by organisations which will legitimately use the data for healthcare planning and research purposes, and they will only get the specific data that is required.
All requests are subject to independent oversight and scrutiny, and audits are conducted to ensure it is being used for the purpose it was requested for.
Information Commissioner Elizabeth Denham welcomed the delay, saying there has been confusion among healthcare practitioners and the public regarding its scope and nature.
“The success of any project will rely on people trusting and having confidence in how their personal data will be used,” she said.
“Data protection law enables organisations to share data safely and, when it comes to using health information there are particular safeguards that must be put in place to protect people’s privacy and ensure effective transparency. This ensures people’s data isn’t used or shared in ways they wouldn’t expect.
“We look forward to continuing to engage with NHS Digital regarding this important project.”
Image from iStock, ipopba