At the BMA’s Local Medical Committee’s conference in York today, 23 May, each part of the following (composite) motion was carried overwhelmingly:

That conference believes the introduction of care.data has been nothing short of a disaster and:

(i) approves the decision of NHS England to put its roll out on hold until the autumn

(ii) believes that GPs have been placed in a difficult position in respect of the demands of the Health and Social Care Act and the Data Protection Act

(iii) asserts that data should be pseudonymised or anonymised before it leaves the practice

(iv) asserts that extraction should only take place with the explicit and informed consent of patients opting-in

(v) insists that it should only be used for its stated purpose of improving health care delivery, and not sold for profit.

So much for Tim Kelsey’s bald assertion that “Changes to the NHS data-sharing scheme now make it fit for purpose” in GP magazine, Pulse, yesterday. Given the opportunity to democratically express their opinion, the vast majority of GP representatives at LMC conference simply weren’t buying it.

Crucially, the LMC vote puts consent front and centre. In a move which again starts to look like serious political miscalculation, the Secretary of State’s promise to put patient opt-out onto a statutory footing is to be executed in tertiary legislation*. So GPs – who are after all the ‘gatekeepers’ to the patient data held on their IT systems, the ones who’ll be held liable in the unresolved conflict between the Health and Social Care Act and their duty of confidence, professional ethics and duties as data controllers, and the ones who best understand the risks if trust between them and their patients is broken – have put opt-in on the table.

In reality, the amendments to the Care Bill – now the Care Act 2014 – fail to address very real concerns that NHS patients’ medical information will continue to be sold and exploited. By rejecting definitions that would have limited data use to (improving) the delivery of care and legitimate research and by instead adding a “promotion of health” loophole that would allow fast food chains or tobacco manufacturers to make a justifiable case for access, the Government has seriously underestimated the strength of public and professional opinion.

What’s more, those driving forward the care.data scheme have clearly failed to make the case for masses of identifiable patient data to be extracted from GP records. And they continue to make sweeping, emotive appeals based on speculative research outcomes without addressing far more controversial uses such as commissioning, for which the Caldicott2 report said consent could not be presumed.

As chuffed as Mr Kelsey clearly is, now he believes he’s cracked it, getting Dame Fiona Caldicott’s panel to “advise” or “evaluate” care.data is not the sort of robust oversight required to inspire public confidence. The problem is already much bigger than one programme in any case. Overarching, independent information governance oversight for the entire health and care system, fully independent, properly resourced and with real teeth – statutory and enforced – might convince the public that the government and its arms-length bodies can be trusted. There’s only so much moral authority you can ‘borrow’.

It remains to be seen if the BMA’s General Practioners Committee and Annual Representatives Meeting will follow the lead of the LMC:

“extraction should only take place with the explicit and informed consent of patients opting-in”

If Mr Kelsey and Mr Hunt believed their fiddlings round the edges had put care.data back on the rails, this afternoon’s vote shows them the scale of the task – and the battle – that is to come.

—

*The intended statutory basis for patient opt out would be in Directions to HSCIC under the Health and Social Care Act – the very same sort of legal instrument that, as currently issued, would have authorised the extraction of the clinical data of patients who had opted out.