In March 2026 it emerged that DH/NHSE intends DH to become the data controller of the Single Patient Record (item 6.1), which will include the entire GP record.
Wes has said he will make viewing the Single Palantir Record mandatory and under his personal control (6.1). As Secretary of State takes data controllership of everyone’s DNA records (e.g. sequencing at birth), alongside GPs losing data controllership of their patient records, the Secretary of State will gain powers to use both however he chooses. Whilst this feels far into the future (as of March 2026), departments are swapping staff between NHS data projects, the Home Office and DWP, and then culture will follow.
Current issues today:
1) GP Contract changes in April 2026
From April 2026 there are two changes to be aware of.
a) The posters circulated by NHS England about “Jess’s Rule” are now out of date – while the clinician professionally decides if a patient needs a referral, whether a referral is accepted is now subject to waiting list management at the receiving organisation. NHS England’s tail is wagging again!
b) Simultaneously, Government has torn up the promise made to patients and GPs that the “GP data for Pandemic Planning and Research” dataset that would only be used for pandemic-related analyses will now be reused for whatever purposes the Secretary of State deems appropriate. His first action was to send a copy to Biobank who have been selling GP data since the mid-2010s and refuse to disclose what they did with it.
To opt-out of practice medical data being used in this way, medConfidential has suggested text to send to your patients and to update your website and practice posters
2) GP Data Opt Out is meaningful, while NDOO is hidden from patients
As online patient requests are now mandatory for all practices in England, patients can request opt outs online as an admin request. Practices should have guidance on their websites for each of the GP Data Opt Out (commonly called a type-1 opt-out), Summary Care Records opt-out, and any local Shared Care Records opt out. A link can also be provided to the National Data Opt Out for national and hospital data.
3) GPs should check whether a section 251 was obtained for their local shared record (or SDE) programmes (and what additional stipulations it came with)
The GP Data Opt Out (“type-1 opt-out ”) prevents your GP practice records from being used for purposes beyond your direct care. For example, your GP record will not be used for research, or planning studies. Your records, however, will continue to be used for all your care needs, such as when you are referred to hospital
Suggested Practice text for websites (where it reflects local processes)
For the National Data Opt Out Individuals aged over-13 must use the National data opt out online form to opt out for themselves. Parents of children under 13 are required to fill in a paper form and must post it back to the NHS England call centre – unfortunately, there is no online process for this age group.
This wording can be included in an online patient admin request: “I would like to request a GP Data Opt Out for myself [and my children – Name/DOB/NHSno]”.
Alternatively, the practice website can have the following text added “a patient can download a Type 1 Opt-out form and return it to reception. Only the GP surgery can process the opt-out form.”
Many ICBs (and predecessors) have notified practices that they have obtained a section 251 approval under the HSCA2012 for practices to flow data to the ICB for secondary uses; this section 251 provides practices with a lawful mechanism to set aside the common law duty of confidence. However, section 251 smallprint often requires the Type-1 Opt-out (registered by patients at their GP practice) to be respected i.e. for these patients their GP record data will not be used for secondary uses (such as research) But we see many ICBs have reused that data for direct care when they should by definition not have been able to even obtain this data in the first place. Any section 251 which permits this requires the ICB to notify GPs of an alternative mechanism for patients not included in the data shared. In many cases they do not notify the practice and so are in breach of their s251 and hence the data agreements are invalid.
Practice Action:
Across an ICB, a practice may wish to ask the ICB to confirm:
- Does the data flow respect NDOO / Type-1 Opt Out?
- Does the data flow have a section 251 approval?
- Does the section 251 require the Type-1 Opt-out to be respected?
- Is inclusion in the data flow later used as criteria for providing direct care?
Practices should take note of the risk of inequality of access to care if they are part of an ICB which conducts direct care activities but must also respect the type-1 opt-out, and if that ICB has not followed through on their obligations to ensure such patients with an Opt-out can still receive appropriate direct care through another mechanism as required by the permission under which data was requested.
4) GP Connect is being abused
NHS England is data controller and responsible for recording accesses of GP records from outside the GP practice, and have long been aware of abuses of GP Connect, of Shared Care Records, and of Summary Care records. Creepy single doctors use their access to systems to look up the records of women they go on dates with, stalkers use NHS systems to read their victims medical notes, and at least one paedophile has used systems to find vulnerable victims.
NHS England refuses to share when GPConnect/Shared Care Records or Summary Care Recods was used to read a GP record. The only way for NHS England to release formal information on who has accessed a record is via police involvement. The hospital responsible can (usually) see which records have been accessed by which staff members. A GP practice can (sometimes) see when an access has been made from outside the practice, usually where it was from, but not necessarily by whom. Practices should assist patients who have a credible fear their record has been accessed inappropriately – there is no way for a patient to know whether their concern is credible without that assistance.
NHS England has tested using GP Connect to “grab the data” of patients from the GP record to population a central database. Any such attempts to request many patients in a short timeframe should be clearly visible in the GP Connect audit log visible to the practice. Such an approach is in breach of the GP Connect agreement, although NHS England determines whether that is a breach, and is only then blocked at the patient level by an S flag. It is unclear how S-flags can work in a Single Palantir Record.
5) Enforced Subject Access Requests from insurers, mortgage providers, etc.
Press reports in 2014 revealed a significant increase in an insidious practice in the insurance and mortgage industries: requiring applicants for insurance or loans to submit to a Subject Access Request (SAR) of their whole GP record (to be given in full to the insurance/loan company) rather than applying for a General Practitioner Report (GPR).
The situation appears to have spiralled after the breakdown between the BMA and ABI on GPR fees but while duress in such circumstances may be arguable, demanding a copy of someone’s entire GP record (with a small number of redactions) rather than a GPR declaring just those details that may be relevant is self-evidently excessive and therefore in breach of the Third Principle of the Data Protection Act.
As data controllers, GPs should also question what is done with the unlawfully-gathered information from their patients’ GP records after the insurance/loan application process has been completed – especially given insurers’ notoriety for finding reasons not to pay out on claims.
If you feel your patients are not fully aware that their entire GP record is typically printed and shared (with a small number of redactions) and is likely to contain information that is reasonably unnecessary (or even should not be used) to determine insurance premiums or payouts, or loan approvals, – then fair processing is in question, and the First Principle may have been breached as well.
To comply with an enforced Subject Access Request – i.e. a “consent” form from a patient to release a copy of their medical record to an insurance or mortgage company – is not safe or proportionate; it’s not safe for your patient, nor is it safe for a GP practice to hand over excessive amounts of sensitive personal information to commercial third parties. Legal liability in case of breach would rest with the data controller.
You may already be taking steps to deal with this, but if you do receive an enforced Subject Access Request then medConfidential strongly recommends you protect yourself, your patient and your practice by requiring the company to apply for a GPR in a lawful fashion.
With thanks to a GP who wishes to remain anonymous, via Pulse, we provide a template letter that you may wish to use or adapt:
Letter declining an enforced Subject Access Request – editable MS Word (.doc) format
I am a retired GP and therefore am not directly affected by the current changes as a doctor. I am however also a patient. My medical history is relevant to me,my family and my doctors.No one else.
When in practice I often received highly confidential information which potentially could destroy a family.This information was received on the strict understanding that was necessary to be part of a patients diagnosis /treatment but would never be otherwise be communicated to another person.
These changes to the regulations retrospectively breaks my promise to patients as it is not being used for diagnosis or treatment and is being given to non medical personal.
For consent to be valid it is necessary for every patient that I have treated for more than thirty years to be individually contacted to give valid informed consent to release their medical records.
It should be that a patient must opt in and not opt out.
The information is also being sold,surely this in itself is not ethical.No patient has agreed to this.
I will be opting out, as will my family.
I am a working GP and I entirely agree with Dr Brumby. However, I have no choice but to allow uploads to happen unless instructed by a patient not to. It is totally back to front compared to the professional rules and ethics I signed up to.
I fear trying to get this across to my patients will breach some legal position I don’t know or understand.
“GP surgeries have an obligation to ensure that information about the use of their data is actively communicated to patients, by any and all reasonable means”
Andrew as the Data Controller it is within your power and should be a moral duty to write to every patient household and inform them directly of care.data and the extraction of their medical record, to HSCIC, without their consent. Patients must be informed & given the choice whether or not to Opt Out of Care.Data. If you do nothing, what will you say to your patient who has not been to your surgery for over 6 months, does not visit your website or collect a prescription (therefore knows nothing about care.data) when they realise that their identifiable medical information has been uploaded to a database, to be shared by all & sundry and you knew this was going to happen but you didn’t inform them beforehand? Put yourself in their shoes.
Another knife in the back for GPs and the NHS. This Government will have their way and privatise these NHS services without a thought for the needs of the nation. This is just another step in providing an opportunity for private concerns to take control and it will more than likely be American companies that will eventually run our health services and that means the insurance companies will be keen to get this information.
None of these changes seems ethical, but this Government does not care about ethics, just profit. I fear for the GPs position in this as they are being forced into breaking their promise of confidentiality.
I will definitely opt out and will encourage as many people as I can to do likewise.
Dear Tony and Andrew,
Thank you for your comments.
I have just received my information leaflet.It seems so benign and reasonable about who will have access to the information.
“Approved Researchers”-I wonder who approves them?-I think we can .
“Never identify a particular person”-Your post code and your NHS number certainly will.
This information potentially has enormous commercial value.
Disease data is already available-via Hospitals in/out patients.Prescriptions costed and issued.Disease screening programmes.These are the obvious ones.
I am continually amazed how much of the NHS is already being out-sourced and privatised without any public knowledge or discussion.
It is or moral and ethical duty to inform our patients of the danger of these changes.
It appears that if a patient subsequently is unhappy with the information that has been released it is their GP who is responsible-Not the NHS managers or government.
I am so angry at this decision that I feel like to swear at the governing bodies who came across this idea and now on the way to the implementation. I believe one’s medical record is completely between a patient and their doctor. Who the hell are those people wants to share our data. I believe they should be punished for breaching the common human right of every patient.
when is the closing date to submit our forms?
At this point, with the latest 6 month delay, you in theory have until September 2014. *BUT* NHS England has reserved the right to run ‘pilots’ in an unspecified number of GP practices across England before September. We have no way of knowing which practices these will be – so our recommendation at this point is, if you have any concerns, opt out NOW. If NHS England manages to convince you that what it is doing is OK, you can always opt in later.