back to article UK's Labour Party calls for delay to NHS Digital's GP data slurp until patients can be properly informed

The UK government's opposition Labour Party has backed calls for a delay to NHS Digital's controversial slurp of data held by family doctors as new guidance from the Information Commissioner's Office sheds light on the legality of the process. The extraction of GP data, under the auspices of the General Practice Data for …

  1. Mike 137 Silver badge

    Opt out?

    The interesting thing that nobody seems to be mentioning that the personal data in question fall squarely under Article 9 of the GDPR ("Processing of special categories of personal data") which is prohibited except for a narrow range of purposes and for which "explicit consent to the processing of those personal data for one or more specified purposes" is the first mentioned exception. Except of course there are the public interest and public health let-outs for governments and those they subcontract to (Art. 9.2(h), 9.3(i)) and 9.3). The general implied principle that Article 9 data processing should be limited to that which directly benefits the data subject seems to have been (shall we say?) overlooked.

    Remembering that data protection law was conceived to protect the public from the intrusiveness of governments after WW2, it's disturbing (if not actually surprising) that governments now have so much latitude to bypass its protections.

    1. Joe W Silver badge

      Re: Opt out?

      And look at the acronym for this thing! GPDPR, that is so close to GDPR, and I really do not think that it is an accident...

  2. Velv
    Mushroom

    There's two very strong components here:

    1) analysis of this data is highly likely to provide new insights into many diseases and conditions and could move health care forward by an order of magnitude; and

    2) I don't trust anyone who is not currently in the loop to have access to this data.

    For me, 2 overrules 1 at the moment

    At the very least there needs to be a pause and review of what is taking place and who will be given access. It certainly appears to have been progressed in a clandestine manner if not in actual secret to keep it from the public. Just another step to the privatisation of the NHS, something most of the public do not want.

    1. Peter X

      ^ This.

      I wouldn't be bothered if the NHS was doing entirely in-house R&D, but all this stuff seems to be spun off to private companies just looking to make money and not actually looking to solve problems*

      * Private companies will develop drugs/threatments to threat a problem... but there's less incentive to actually fix things. Whereas if the NHS were doing R&D, there would be incentive to fix things simply to lower their own costs.

      1. Anonymous Coward
        Anonymous Coward

        The data will also inevitably go to insurance and marketing companies as well as pharma R&D.

        1. macjules Silver badge

          It will be made available to anyone claiming to be "developing a health-related app". In other news Facebook probably just announced a new division, "Facebook Health"

          1. PeeKay

            You're not wrong.

            https://preventivehealth.facebook.com/#:~:text=Preventive%20Health%20is%20a%20new,recommendations%20from%20leading%20health%20organizations.&text=These%20checkups%20have%20the%20potential,cases,%20prevent%20it%20from%20developing.

      2. ManMountain1

        "if the NHS were doing R&D, there would be incentive to fix things simply to lower their own costs."

        I'm not convinced that the NHS has ever shown itself motivated to lower its' own costs.

    2. ManMountain1

      For me, 1 massively over-rules 2. It's incredible to me that this hasn't been done years ago. We should have been analysing the crap out of medical data for years and who knows how many people could have been saved. Privacy is a secondary issue to me, especially given who we already give our data to. This at least has a greater good.

  3. Anomalous Cowturd
    Megaphone

    They don't make it easy.

    You need to download, print, and fill out this form:

    https://medconfidential.org/wp-content/uploads/2018/05/2018-05-25-National-Data-Opt-out-trifold.pdf

    and get it to your GP before 23rd June.

    Then you need to fill out the online form here:

    https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/

    1. Anonymous Coward
      Anonymous Coward

      Re: They don't make it easy.

      My GP practice have been brilliant. First of all they emailed/texted me a link to an article on their website explaining it all in layman's terms for those unfamiliar with it including explaining that opting out will not effect your care in any way. Then they have created an online form to fill in so you can opt out really easily. Job done. I had the form downloaded ready to piss about filling it in and taking it round. On the form it also mentions the codes they are going to add to my record

      Dissent from Disclosure permanent confidential data of NHS Record (Read V2: 9Nu4 or CTV3: XaaVL)

      Dissent from Secondary use of GP patient identifiable Data (Read V2: 9Nu0 or CTV3:XaZ89)

    2. Anonymous Coward
      Anonymous Coward

      Re: They don't make it easy.

      Also, it appears some GP surgeries don't even understand the system either.

      I completed the Type 1 opt-out form and sent it through to my surgery. At first they replied that they couldn't help me and referred me to the National Opt-out link instead. It was only after reminding/informing them that it's the responsibility of the GP surgeries themselves to acknowledge Type 1 opt-out preferences that they got the message!

      To be honest, the NHS is such a shambles, in general, I really wouldn't be surprised if our private data is stored as plaintext on servers running Windows XP connected to the internet.

      1. Anonymous Coward
        Anonymous Coward

        Re: They don't make it easy.

        Your problem was a GP practice which is a private company, not the NHS.

        If you honestly think there are not highly qualified professionals working in data for the NHS then it wouldn’t surprise me if you tweet photos of your screen with your password on a post-it note stuck on the bottom. (Yes there are some useless people as well, just like any other large org)

        1. Anonymous Coward
          Anonymous Coward

          Re: They don't make it easy.

          Your problem was a GP practice which is a private company, not the NHS.

          GP practices are funded by the NHS, which is in turn funded from the public purse. That's a very strange definition of a private company!

          If you honestly think there are not highly qualified professionals working in data for the NHS then it wouldn’t surprise me if you tweet photos of your screen with your password on a post-it note stuck on the bottom. (Yes there are some useless people as well, just like any other large org)

          You only need to look at the cock-up made by the NHS in leaking people's vaccination status through their ropey website to understand how they handle private data. Let's not forget the world beating Track and Trace system as well! IT is certainly not their forte.

          1. Roland6 Silver badge

            Re: They don't make it easy.

            GP practices are funded by the NHS, which is in turn funded from the public purse. That's a very strange definition of a private company!

            Not at all, there are many private companies that are in similar positions.

            The arrangements covering GP (and dental) practices goes right back to the formation of the NHS.

          2. ManMountain1

            Re: They don't make it easy.

            GP's are private companies, sorry to break it to you.

          3. ManMountain1

            Re: They don't make it easy.

            "GP practices are funded by the NHS, which is in turn funded from the public purse. That's a very strange definition of a private company!"

            By your definition there has been no privatisation of the NHS then as any private companies providing services to the NHS are funded by the NHS and in turn from the public purse. I will add, there hasn't actually been that much, certainly not as much as Labour would have you believe ... but there has been some.

          4. Ben Tasker Silver badge

            Re: They don't make it easy.

            > GP practices are funded by the NHS, which is in turn funded from the public purse. That's a very strange definition of a private company!

            GP practices are private businesses funded via a public org - what's so hard to understand about that?

            > Let's not forget the world beating Track and Trace system as well! IT is certainly not their forte.

            You mean the one that was developed by... checks.... not the NHS, but a private consortium?

            > Let's not forget the world beating Track and Trace system as well! IT is certainly not their forte.

            You mean the website developed by..... drum roll... NHS Digital (a non-departmental executive body)

            The NHS is not without it's issues, but we need to be careful not to conflate the failings of private with those of the public body. A cynic might suggest that that conflation is exactly why the "NHS" brand is getting tacked onto so many of these doomed projects.

            1. Anonymous Coward
              Anonymous Coward

              Re: They don't make it easy.

              The NHS is not without it's issues, but we need to be careful not to conflate the failings of private with those of the public body. A cynic might suggest that that conflation is exactly why the "NHS" brand is getting tacked onto so many of these doomed projects.

              Well what exactly is the point of the NHS if, when things go wrong, they can hide behind the excuse of "it weren't me guv, it was the subcontractor!" ???

              It's fairly lame considering the NHS is the 6th largest employer in the world!

              https://en.wikipedia.org/wiki/List_of_largest_employers

              In the example given of the GP surgery, somebody within the NHS gave the green light to funnel public money in their direction and either failed to inform them of the correct procedures, or failed to make sure they were competent in the first place.

              Personally, I favour a pay for play system which you often end up resorting to anyway, considering the horrendous waiting times and woeful service. Forget about this free at the point of use bollocks - literally nowhere else in the world operates in this way, and we're far from top of the tree in terms of health outcomes or affordability. Refund my damn taxes and let me decide which healthcare professional gets my hard earned cash!

              Now downvote away - with 1.7 million employees and counting it's almost a certainty that a significant proportion of El Reg's readership are hooked up to the sacred NHS gravy train.

              1. Roland6 Silver badge

                Re: They don't make it easy.

                Downvoted as your diatribe doesn't make sense.

                >Well what exactly is the point of the NHS if, when things go wrong, they can hide behind the excuse of "it weren't me guv, it was the subcontractor!" ???

                Because for example in the case of Test and Trace, it wasn't the NHS that did the subcontracting, it was the government who simply decided to use its ownership of the NHS to tack 'NHS' on to "Test and Trace" - to fool people into thinking it is up to NHS standards.

                Likewise with "NHS Digital", not part of "The NHS" but tacked on to "The NHS" by the government.

                So the only person who is actually accountable is - the Health Minister, and as we know: a slap on the wrists and/or a demotion to the backbenches isn't real accountability...

                >"In the example given of the GP surgery, somebody within the NHS gave the green light to funnel public money in their direction and either failed to inform them of the correct procedures, or failed to make sure they were competent in the first place."

                Don't see how this is directly related to your previous point or even to the example given. However in the example given GP surgery's currently work under an existing data ownership and sharing arrangement, this data slurp is a Government initiated change to enable personal medical data currently residing within "The NHS" to be moved to NHS Digital, an organisation effectively outside of "The NHS" so that the data can be used for purposes other than those covered by the pre-existing GP surgery - Central NHS data sharing arrangements. Obviously, as part of the new arrangements the GP surgery's will effectively cease to directly share patient data with the NHS; as this function will be taken over by NHS Digital.

                So I don't see how the competence of GP surgery's has any bearing on the matter under discussion.

                >"Refund my damn taxes and let me decide which healthcare professional gets my hard earned cash!"

                You are free to not use the NHS and pay to go private... However, the list of treatments available from the private sector is significantly shorter than those the NHS will deal with - I don't remember seeing any private hospital setting up private CoViD wards...

                1. Anonymous Coward
                  Anonymous Coward

                  Re: They don't make it easy.

                  Because for example in the case of Test and Trace, it wasn't the NHS that did the subcontracting, it was the government who simply decided to use its ownership of the NHS to tack 'NHS' on to "Test and Trace" - to fool people into thinking it is up to NHS standards.

                  Dido Harding of TalkTalk security sanfu fame, responsible for the failed Test & Trace project, is now up for the NHS England top job. Somebody within the organisation is making these loony recruitment decisions and wasting public tax money in the process.

                  https://www.theregister.com/2021/06/07/dido_harding_nhs_ceo/

                  You are free to not use the NHS and pay to go private... However, the list of treatments available from the private sector is significantly shorter than those the NHS will deal with - I don't remember seeing any private hospital setting up private CoViD wards...

                  And there are also thousands of treatments that are unavailable on the NHS. What's your point?

                  However, you told me I'm "free" to not use the NHS, so I guess I can expect my £5,000 refund for this year in the post?

                  1. Roland6 Silver badge

                    Re: They don't make it easy.

                    >Somebody within the organisation is making these loony recruitment decisions

                    The top job is a political appointment and thus will be made by the Department of Health....

                    >so I guess I can expect my £5,000 refund for this year in the post?

                    Dream on!

                    Government voluntarily returning tax revenues when there is a long list of vanity projects and (Conservative) party backers to keep sweet...

          5. EnviableOne Silver badge

            Re: They don't make it easy.

            the problem is "the" NHS doesn't exist anymore, it's not one entity, it is 2300+ organisations all forced to compete to save the government the most money, also with private companies who make a profit too,

            The patient(now called service user) welfare doesn't come into it

            making people well is an afterthought

            the staff are the same, but each one of these organisations has a board of specially interested people funding their pet projects and the standards and systems between them barely interoperate, and are generally completely different.

            Test and Trace is not NHS, just like NHSx, they are DHSC programs that had the NHS badge gifted to them.

            NHS Digital is actually a trading name of the Health and Social Care Information Centre, which is a government ALB, but its central to data sharing and collation in the NHS.

      2. JohnMurray

        Re: They don't make it easy.

        Don't be silly....

        They use Windows 3.1

        1. Anonymous Coward
          Anonymous Coward

          Re: They don't make it easy.

          That should be secure as long as they stick to NetBEUI

  4. TimMaher Silver badge
    Happy

    Note to El Reg

    As there are now a lot of articles about this horrific abuse of national data many commentards have kindly posted the opt out links.

    Please will the responsible editors(s) post these links and basic instructions in each subsequent article on this disgusting topic.

    1. Anonymous Coward
      Anonymous Coward

      Re: Note to El Reg

      This flow chart is also handy in explaining the two different types of opt-out and why they're important.

      https://www.nhsdatasharing.info//NDOO/OptOuts.pdf

      1. Not previously required

        Re: Note to El Reg

        Even if you apply both opt-outs, "Your hospital, community, mental health, social care records" are sent to "NHS digital data linkage" and then "Dissemination of Anonymised & Pseudonymised linked information about you" occurs.

        I don't know what the NHS digital data linkage is. As a working hospital doctor I can tell you it doesn't help me when a patient is seen at all 3 or the local hospitals for much the same thing. I don't always have practical access to consultations in my own hospital, because things don't join up properly yet. Despite nearly every PC now sprouting two screens.

        Clearly there are huge potential benefits from running the complete NHS database through some AI. The NHS should expect to pay for the processing of the data, but the nation owns the data and should not let others profit from the outcomes without some returns to us.

        This project should have been trumpeted as a significant contribution to health. The fact that it is more or less hidden makes me think it is not going to be used for the public good. Given the award of PPE contracts at inflated prices for useless kit to friends of the Tories and the cavalier approach of Johnson to the law and parliament ....

    2. diodesign (Written by Reg staff) Silver badge

      Re: Note to El Reg

      Sure, OK, I'll see what I can do.

      C.

  5. SloppyJesse

    Opt out links

    To opt out completely you need a Type-1 opt out form which you have to present to your GP before 23 June. Explained here:

    https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice

    (direct link to form - https://nhs-prod.global.ssl.fastly.net/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docx)

    The same form is also available on _some_ GPs websites which is how I found it originally - because it wasn't obviously available on the NHS site - almost as if they didn't want people to use it.

    Type 1 opt-out prevents all sharing of your data from the GP into NHS Digital. The National Data Opt out is a secondary opt out which limits some of the sharing. I presume that if you have opted out at the GP level this is not strictly necessary as the NHS Digital system will not have your data in the first place. But better safe than sorry...

    1. Anonymous Coward
      Anonymous Coward

      Re: Opt out links

      Type 1 opt-out prevents all sharing of your data from the GP into NHS Digital. The National Data Opt out is a secondary opt out which limits some of the sharing. I presume that if you have opted out at the GP level this is not strictly necessary as the NHS Digital system will not have your data in the first place. But better safe than sorry...

      Both are important because hospital, community, mental health and social care records are held by NHS digital and without invoking the National opt-out, information that can be linked back to your identity gets disseminated.

      https://www.nhsdatasharing.info//NDOO/OptOuts.pdf

    2. Intractable Potsherd Silver badge

      Re: Opt out links

      There is also the fact that, as far as I have seen so far, anyone registering with an English GP after June 23rd will not have the chance to opt out.

  6. 45RPM Silver badge

    Once again, I find myself asking who benefits from this? I suspect that the answer might be Tory politicians and their bank accounts.

  7. JDPower666 Bronze badge

    Labour with their finger on the pulse again, calling for this days after everyone else

    1. anonymous boring coward Silver badge

      "Labour with their finger on the pulse again, calling for this days after everyone else"

      So what have the Tories done to stop this? Oh, they are doing it to us... What a surprise.

      1. JDPower666 Bronze badge
        Facepalm

        Where in my comment did I defend (or even mention) the tories

  8. Anonymous Coward
    Anonymous Coward

    NHS Digital has said that names and addresses would not be shared, except for postcode, protected in a "unique coded form." Well, that will work then,,, not !

    1. anonymous boring coward Silver badge

      NHS Digital has invented this amazing, unbreakable thing called a "substitution cipher". It's really quite clever, you know! Only the boss knows how to shift the translation.

  9. Anonymous Coward
    Anonymous Coward

    Of course I'm not paranoid but at what point does the insurance industry start to ask if you opted out of GDpDRPRD or whatever the hell its called? Tinfoil hat anyone? Anon because - they are watching.

  10. Anonymous Coward
    Anonymous Coward

    It's worrying that GP surgeries will be 'anonymising' this data themselves, especially considering my GP wiped me from their records because I'd not visited in 15 years, they just assumed someone who never went to the doctor at all was obviously dead. This made it awkward for me to book my covid jab, as I was clearly already dead...

    Anyway, considering my lack of medical data I don't have a dog in this fight, but I'm still worried for the rest of the country, as there is some deeply personal data held on GPs computers, and given the Govt's track record of fucking up IT projects, this is definitely nor going to end well...

  11. Anonymous Coward
    Anonymous Coward

    Hooray for the Labour Party!

    I mean, it's not like they ever proposed Identity Cards or anything like those evil Tories, is it?

    If you think that Keir Starmer and friends are acting out of any sort of concern for the general public, you are sadly mistaken. They will protest this until they get back in to power, then suddenly find that giving private companies access to all NHS data - especially overseas companies - will be a wonderful idea and will be pushed through as quickly as they can. They might dress it up in socialist colours rather than privateer blue but it is still the same money-grubbing sell-off of information they have no right to share.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022