A letter from a senior NHS England official [1] to EMIS, the UK’s dominant provider of software to GP practices across England [2], reveals plans to extract details of millions of patients’ GP appointments within the next few months [3].

The letter, which claims “backing from the most senior levels of Government including ministers”, seeks the assistance of GP IT providers “to obtain extracts of de-identified patient level data from systems that either record appointments or record consultations or in some cases both.”

Approaching the IT providers to extract patient-level data rather than GPs themselves is a serious breach of medical confidentiality – let alone data protection. GPs are the ‘data controller’ for the records they hold, not the companies they choose and pay to provide software, and it is GPs who have a professional and ethical duty of confidence to their patients.

A statement from NHS England makes the bizarre assertion that details including the date, time, “type of professional” and “Reason” for each appointment, linked to the sex, year of birth and postcode sector of each patient [4] aren’t “personal” – and potentially highly sensitive.

The “specification of requirements” also makes it clear the data extraction will not be a one-off; NHS England wants appointment data from the past two years and continually into the future, for purposes that could change with the political interests of the Prime Minister.

Phil Booth, coordinator of medConfidential, said:

“If NHS England thinks a complete list of when and how often you visit the doctor, and who it is that you see, isn’t personal information then maybe someone involved should have gone to medical school, rather than politics school.

“With this letter, NHS England has shown it’ll prioritise political motivations over patient trust. It quite evidently thinks it’s above the law when it comes to the protections around patient data. And it’s intentions are clear: route around doctors and patients, trample on every rule of confidentiality, and collect it all.”

—

Notes for Editors:

1) As reported in http://www.dailymail.co.uk/news/article-3168803/Privacy-storm-GP-visits-No10-demands-details-millions-confidential-appointments.html The official identifies herself as “Programme Director for Prime Minister’s Challenge Fund Digital Team” and “Head of Digital Primary Care Development”.

2) medConfidential presumes a version of the letter was sent to each of the other GP IT providers as well – TPP, INPS and Microtest. It would be extraordinarily anticompetitive were EMIS the only supplier to have been approached.

3) The letter states, “This extract needs to be in place by September 2015”.

4) A “specification of requirements” attached to the letter lists 38 items or fields of data to be extracted – including the date, time, duration, “type of appointment”, “type of professional” and “Reason” for each appointment, linked by means of a “Patient ID” to the sex, year of birth and postcode sector of each patient. This appears to conflict with NHS England’s statement:

“It is crucial not to misunderstand what is being proposed. We are not talking about individual personal information in this letter. What we are referring to is overall statistics for GP surgeries on issues such as total numbers of appointments. Practices have asked us if we could secure more help from the system suppliers in auditing their data so as to reduce their costs and workload. Such information is clearly needed to ensure the £125 million is wisely invested through the Prime Minister’s GP Access Fund. To repeat, there is no question whatsoever of patients’ personal information being shared.”

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Phil Booth, coordinator of medConfidential, on 07974 230 839 or phil@medconfidential.org