back to article BMA warns NHS Digital's own confidentiality guardian could halt English GP data grab unless communication with public improves

The UK’s influential doctors’ union reckons NHS Digital’s current communication of its controversial plan to extract patients’ medical histories from GP systems is going so well the government agency’s own enforcer of patient confidentiality could step in and halt the programme. Speaking to The Register, Dr Farah Jameel, BMA …

  1. Gordon 10

    I would love to know how NHS digital square off a permanent data grab with a right to be forgotten under GDPR. Now it is a qualified right - but "its too hard/we're too lazy" is not a sufficient excuse.

  2. Eclectic Man Silver badge


    I was an IT / Information security consultant for several decades (I retired a few years ago). Frankly I have real trouble summoning up the energy to read all the articles, and details of agreements, what cookies companies want to put on my computer and all the tracking details that I am asked to agree to or reject. The best websites are the ones where there is a "Reject All" option, which saves time. But honestly if I with my expertise and experience have trouble what do the 'general public' do?

    The information I've gleaned about 'the Great NHS Data Grab' does not explain to me what the data can or cannot be used for, who will have access, how effective any pseudonimisation may be, or what benefits the NHS will obtain from allowing access to commercial organisations or other country's health organisations.

    This is frankly too vague to agree to, but then I want the data used to provide better healthcare (I might need it sometime soon) without exposing individuals to unreasonable side effects. The worry is not that the NHS will sell data for money, but more that it will give it away for peanuts and then be charged vast amounts for treatments created by companies based on the data.

    Please send any clear explanations, on a postcard, addressed to 'Confused of Reading'.

    1. Graham Cobb Silver badge

      Re: Honestly

      I find Firefox Temporary Containers addon helps a lot (particularly when combined with Multi Account Containers). Not perfect, but it allows me to not bother with the cookie settings for sites I am using once to look something up or print some tickets or something. Reduces risk of having that visit correlated with something else.

    2. Cuddles

      Re: Honestly

      "The information I've gleaned about 'the Great NHS Data Grab' does not explain to me what the data can or cannot be used for"

      Anything at all.

      "who will have access"

      Anyone who pays for it. Shortly thereafter, anyone with access to the internet.

      "how effective any pseudonimisation may be"

      Not at all.

      "or what benefits the NHS will obtain from allowing access to commercial organisations or other country's health organisations."

      None whatsoever.

  3. Flocke Kroes Silver badge

    Flawed design

    There is no need to share any data with anyone. By all means put all the data onto a single air-gapped system and allow third parties to submit statistical queries for review. If the results are sufficiently course grained that no-one can be identified then the can have the statistics but they never get to see the data.

    1. Warm Braw

      Re: Flawed design

      There is no need to share any data with anyone

      No need for whom?

  4. Howard Sway Silver badge

    The health secretary has his hands full with more important things it seems

    Looks like our data is not the only thing he's keen to grab hold of.

  5. Anonymous Coward
    Anonymous Coward

    Tell your doctor the full details

    Be honest, tell the doctor every symptom and what you did, honestly and openly, so he can make the correct diagnosis for you health.

    "took some illicit drugs?" tell them so the police can prosecute you

    "suspected HIV from some sleezy sex?" tell him, so he can share it with the health insurance company.

    "dizzy spells", be sure you tell your doctor, so he can share it with your employer.

    Ahh you say, they would never use it like that, Hancock promised! See the City of London "Ring of Steel"? They promised it was to counter terrorism, now its used for parking enforcement, local driver taxation, taxi license enforcement, even littering.

    More than that, it will post-hoc be used for that. In other words, even if it isn't used today for that, the data you told your doctor NOW will in be handed over LATER and used for that purpose.

    Recognize the pattern NOW, and watch what you say to your doctor NOW. Can this be used against me at some future date in any employment, insurance, or other context? If the answer is yes, then STFU and don't tell your local snitch, erm local medical practitioner.

    This is a no win situation, BMA is weak as hell here, that data will be slurped and probably already is being slurped. It is not a "communications" issue. Recognize it, and protect your own data from your doctor.

  6. Anonymous Coward
    Anonymous Coward

    Slurp Central Here!

    My name is Peter Thiel. I've just made (another) $5Billion from this sort of slurping in the USA.

    I'm REALLY looking forward to making more billions from the NHS.

    Already plugged in to UK know....brown paper envelopes full of cash to the appropriate folk!

    Thanks....for paying no attention to what IS REALLY GOING ON in Westmister!!!



  7. Adelio

    Why two systems?

    Why two different processes to opt out? one on-line and one manual (fill in a paper form?)

    Is this the dark ages or are the NHS just trying to stop as many people as possible from opting out of the GP data grab (that probably holds more information)

    1. SImon Hobson

      At least the forms are online to download, not stored in a locked filing cabinet, in a disused lavatory ... oh you all know the rest.

      1. Falmari Silver badge

        In the dark

        @SImon Hobson "At least the forms are online to download, not stored in a locked filing cabinet, in a disused lavatory ... oh you all know the rest."

        May as well be stored in a locked filing cabinet, in a disused lavatory with beware of the leopard sign. Because they have not told anyone.

        If they wanted to tell people they would have mailed everyone the form and web page address. Also the mail would explain what they were going to do, who gets access, security safeguards to protect privacy etc.

        But letting the public know what is going on is the last thing they want, can't risk the plebs making an informed decision and saying no. Best to keep them in the dark.

        1. TRT Silver badge

          Re: In the dark

          One wonders if they've ever thought of going into advertising, and the answer is an unqualified affirmative.

  8. This post has been deleted by its author

  9. Zimmer

    Effective use of data...not

    --An NHS Digital spokesperson told The Register: "Data saves lives and has huge potential to rapidly improve care and outcomes, as the response to the COVID-19 pandemic has shown. The vaccine rollout could not have been delivered without effective use of data to ensure it reached the whole population.--

    Mrs Zimmer received a second letter from the NHS TODAY urging her to get her first vaccination and to ignore the letter if she already had it since the NHS would contact her when she needed a second jab.

    However, Mrs Zimmer had her 2nd jab in April, having been contacted via letter, email and SMS, both by the hospital trust and her GP, as she was on the 'vulnerable' list.

    We only opted out last week, so I can't blame that for this unnecessary letter.. how many more unnecessary letters are circulating?

    If this is the level of their data then what 's going to happen when we all apply online for our double jab Covid passports ?

    We have our hand-written cards ;but note that Mrs. Zimmer's is a single card with both doses and dates recorded whereas I was instructed to write my name at the top of the cards - two of them, one for each dose.. bearing a sticker with the batch no. , type and date . They look SO official and totally NOT suspect forgeries at all.../sarcasm...

    The thought that we could be refused/allowed entry to some event/holiday destination (Scotland? the adjoining counties?) in the future based on two bits of cardboard or a lack of effective data on a database is a genuine concern.. as is the NHS Digital's reliance on this data to 'save lives'.

    1. Doctor Syntax Silver badge

      Re: Effective use of data...not

      I'm going to an event this weekend that requires evidence of a -ve lateral-flow test which is my first experience of this - take the test, go to an NHS site and record the result.

      Nicely made up kits (we used to make up kits for scenes of crime officers so it's something I notice) with a nice clearly written protocol. But it relies entirely on honesty in recording the results and when it's to qualify for entry to some event I'm sure some will just dispose of the test strip unused and then report a negative result.

      Reporting it was interesting too. As is standard practice with sites it declared itself to be an alpha site - will they never decide something should be of release quality before it's released. And it really was alpha quality - it barfed on my post-code which couldn't be recognised due to a "technical issue" (is it yet another organisation running on a copy of PAF more than two decades old?) and ring 119. 119 was a D & D maze of "press 1" or "press 2" with the odd exhortation to use the web-site which had directed me there. Eventually I spoke to an agent on a dodgy line - one of her questions really rendered me momentarily speechless - after telling her initially why I was ringing I was asked how I heard about this service!

      Oh well, at least Dido In Disaster Out couldn't have influenced the design of the test kits.

      1. Ken Hagan Gold badge

        Re: Effective use of data...not

        "Dido In Disaster Out"


      2. TRT Silver badge

        Re: Effective use of data...not

        There's a real lack of quality in NHS digital. Take the home Rapid Flow Test system, for example. They want to collect data for analysis of effectiveness, right? So they create a website where you can report the result. It's clear that most test results are going to be negative, so do they make it easy to report a Flow Test result? Do they build a reporting tool into either of the two NHS apps that sit on my phone? The dedicated COVID app? No. The NHS app that's actually quite handy for accessing GP test results and booking appointments? No. They have a website - OK, so that's not terrible, is it? Well it is when they want you 10 digit NHS number but the input field for it truncates at 10 characters and rejects non-numeric characters... Where did I get my NHS number from? The aforementioned NHS app which presents the number as grouped digits separated by spaces. Can one copy and paste the NHS number? No. It includes spaces, and if you copy and paste that, it truncates and fails form validation. So if I'm REALLY determined to let them know that I have a negative test, I have to paste the number into something like a notes app, remove the spaces, and then recopy it back into their website. Or use a pencil and paper. And can I be bothered to do that? No. As I suspect many millions of people who have used the home testing kits also can't be bothered.

        Shoddy, shoddy, shoddy.

  10. Anonymous Coward
    Anonymous Coward

    Why can't I just go to a website, stick in my NHS number, click a button, and have that registed on an 'opt out' database? Then before the extract, filter every patient that's done this?

    Why the fuck do I have to download a paper form, print it out, fill it in, sign it, post it or hand deliver it to my GP who then has to open it, go to their computer, log in, find my patient record, and apply some opt out code?

    Because god knows GPs don't have enough work to be doing right now. The cumulative time spent collectively dealing with hundreds of thousands of pieces of paperwork is exactly what they want.

    1. Doctor Syntax Silver badge

      In reality its probably just one more bit of paper-work

    2. Anonymous Coward
      Anonymous Coward

      Why isn't it opt-in??

  11. nijam Silver badge

    Whilst "data saves lives" may be - in some generalised, abstract sense - true, in the context used by the spokesman quoted in the the article, merely a vauous political slogan.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like