The next thing you need to know about at this stage is something called the General Practice Extraction Service or GPES. This is a tool for extracting patient data directly from the records held on GP surgery systems and transferring it to central HSCIC systems.
Sending data from a GP practice to an Information Centre is not new. Information about specific groups of patients – e.g. those with mental health problems – has been submitted in anonymised form for some time. The difference now is that, for the first time, information that identifies you will routinely be extracted from your GP-held records – even if that information was gathered elsewhere.
Details of diagnoses and treatments will be collected together with each patient’s NHS number, date of birth, postcode, gender, ethnicity and other information. It may be processed in regional Data Management Integration Centres (DMICs) or be sent directly to the HSCIC, still in identifiable form, to be processed, stored and disseminated to others.
The data will be made available to researchers in universities and hospitals, but also to private companies – in fact, to anyone who can make a case for access to the data. Although the precise arrangements for charging are not yet entirely clear, the existence of a pricing structure indicates that there will be a charge for this data.
NHS England repeatedly insists that the information will be ‘anonymised’ before release. In reality, the standard they are using requires that they ‘…ensure that, as far as it is reasonably practicable to do so, information published does not identify individuals.’ In other words, they will do their best to ensure that information cannot be re-identified as being about a specific patient, but there can be no guarantee.
It’s also clear that there are times when identifiable data (aka ‘Patient Confidential Data’ or PCD) will be made available – we will come back to that later. The next step here is to discuss what ‘anonymisation’ means and why it is such a misleading term.