This link has a summary of what was (re-)announced by Wes Streeting and Keir Starmer on 21 October

The new government is taking “a data-led approach”, and has already announced that it will:

• take Ministerial control of all GP medical notes in a central care record;
• dissolve the distinctions between “NHS” and “Government”;
• genetically sequence every baby in england;
• have DWP give prescription-only desire altering drugs to those on UC to “prevent them holding back our economy”;
• link clubcard data to departmental data for policy making;
• require data from fitbits/smart watches be shared with NHS via the NHS app
• have any data shared via the NHS app go up to Palantir, where it can be fed to AIs, and anything in Palantir can be made available to others for “economic growth”;
• those who refuse permissions to the app will find that their care is impacted and the app may refuse to work until all access and sharing permissions were granted (as the English covid19 app refused);
• give more data to ONS whose transparency remains “we have answered 2 or 3 Parliamentary questions”;
• remove independent transparent oversight of data use in government from the NHS allow ONS to give permission to departments to do whatever they wish for policy purposes;
• support biobank as they defend handing data on their entire cohort to “researchers” that declare their focus as “race science” (aka racism);
• Remove from GPs any input on where/how GP data gets reused, principally to give it to biobank and friends;
• dissolve GP practices to undermine the profession with direct responsibility to patients;
• revoke promises made to GPs and patients during the pandemic about how “pandemic only” data would be used, risking public confidence next time as no promises can be believed;
• replace NHS staff with more chatbots and diagnosing AIs, and replace your GP surgery with 111 (your GP has already lost control of their phone lines, has no influence over the features of the app or the NHS.UK website);
• Streeting’s first act was a political decisions to override any clinical judgement,
• the Tory data bill will return largely unchanged to legalise everything found unlawful over the last decade (the civil service had reused the same briefing notes until we pointed it out)
• Population health management will be the focus of the “neighbourhood health service” strategy [announced tomorrow as we publish this]

These different strands will start to overlap and merge over time – fitbit data provided to care for people will be copied to the Department of Health in England who’ll give a copy to DWP so DWP can design policy and future sanctions regimes. 

Pregnant women will be required to share data with the app if they want NHS care, and that data will then be sold on. In many cases the “choice” in Wes Streeting’s NHS will become “your data or your life”.

Government believes that any data that is available anywhere should be available everywhere, reflecting the turbocharging of the database state using techniques unimaginable when labour last left power, and they will leave a powerful set of tools for the next government. Wes Streeting wants to believe he’ll be Secretary of State forever, neglecting both his own desire for promotion and forgetting that all governments end.

Thu 2pm: We are aware of media reports about an unfolding catastrophe at the UK Biobank, and are awaiting more information to be in the public domain.

Losing the DNA, medical history, and wider contributions would be a catastrophe with existential consequences for any Biobank.

Thu 9pm: Some hours after the Guardian published the above, biobank put out an angry and threatening statement attacking the Guardian (cached here). We’ll update this page on Fri Monday.

We have a new government, which has finally started to say what it wants to do.

Making new promises about your medical records while breaking past promises is a weird way to start governing. In his lust for control Wes Streeting forgets that all governments end and one day soon he’ll have been the future once, and others will have to pick up his pieces. We’ll be here then too.

Ripping up past promises

If Streeting tears up promises made in the last pandemic he will critically undermine any promises that are given by a future Health Sec about the next pandemic. This will come about partly because the Department of Health in England has failed to do the paperwork for normal times in the same way that it did, with consensus, for the pandemic. When Streeting undermines pandemic promises he will render meaningless any promises he makes about the new database he wants to create. The Health Sec should be able to overrule their predecessors. Indeed sometimes that may be wise, but this shouldn’t be mainly due to laziness of his staff.

Biobank have been lobbying hard to get access to data without having to explain themselves to data controllers, and doctors should just defer to the shared culture of Biobank and HDR so they can do whatever they want. A new SecState picked the path of least resistance which caused this Biobank to gloat because they’ve confused the supposed short term bung to them with the bigger long term plan. (We note the science media centre press release had one quote that wasn’t from people associated with Biobank or the GeL CEO – how weak is the supposed “support” for biobank?)

All your medical notes available wherever the NHS logo is seen, and you’ll have no idea who read them

The main announcement was that he’s taking control (video) of your medical notes. Streeting wants politicians, him, not doctors, will decide who can see and read your medical notes for what and where. This isn’t immediate as it’ll take a few years to grab, and then a few years more to close down GP as you know it afterwards, but once he has the data he can do what he likes. And you will not be able to do anything about it

The ability for anyone in the NHS to read any patient’s whole medical history, notes and all, will replace the existing local health and care records, the Shared Care Records scheme, Summary Care Records, and GP Connect. If the Department of Health in England believes this is a real proposal, then we’ll see those systems start to lose budget in the Comprehensive Spending Review. Having a fifth (or more?) way to lookup your GP records will not resolve the issues in the previous four methods. (As an aside, medConfidential has long argued the “regional SDE” programme is pointlessly ineffective, and we welcome secretary of State implying that it’s entirely irrelevant now, because once all data is copied into his national database, there is no need to have the “regional” systems which will have less data. Hopefully the Spending Review will scrap the lot, and it gives UKRI £18.2m back in the process).

Wes Streeting says it’s his 10 year plan, and then some bright spark will say Palantir should be challenged to do it in 4.

We know all the existing methods to lookup and access GP data for care are hidden away from patient view, and hence completely open to abuse when creepy single doctors decide to look up the medical notes of women they go on dates with or their partner’s ex. Streeting and Palantir could immediately solve this problem by saying loudly and clearly that every access to any single care record will be visible to the patient via the NHS app This would to prevent such abuses. instead the government is set to enable them.

If the Department of Health in England wish to build public trust and demonstrate that trust is meaningful, audit trails within the app could start tomorrow with GP Connect and the Summary Care Records – system logs that the NHS already has but hide from you. New systems should demonstrate accountability to the patient and since promises get broken, they should start with the systems that there are today.

As it stands, the new planned database of your medical notes about you and your family will deny you the basic right to know who is accessing your record and why. This plan replicates the recklessness of the previous governments where you have no idea when/where your records are accessed and so you can’t know whether they’ve been misused, or when they should have been checked and weren’t. If that is going to change, it should change today where it already can before promises get made for tomorrow.

Wes’s “innovation” is that the existing GP IT systems all go away to leave only his new record. So Labour are exacting revenge on Frank Hester by destroying his health records business but they are also diminishing the role of GPs who they claim they want to empower.  The Family Doctor will lose control of your personal health record just as they have lost control of their phone lines to NHSE and their appointment book to 111.. Care will get progressively worse as the Department of Health in England rather than your doctor manages demand and waiting lists by gaslighting you. A visit to your GP will increasingly be like going to the job centre. Your GP may want to help you, but their systems wont let them, the same way GPs already have no mechanism to get improvements to the NHS app for GP services.

The oft trialled proposals that you must call 111 (or 999) to ask permission to go to A&E will be extended to calling 111 to get a same-day GP appointment. When the chatbots behind 111 can see your full medical history, you may not even need to have a GP at all, which will be an excuse to close your local GP surgery in the second half of the ten year period because, as Wes said to RCGP “one in every 5 of you are working in buildings older than the NHS itself.”

The details will start to appear around the 10 year plan for Palantir the NHS expected to be published in the new year, and it will be curiously vague about the GP estate in the second half of the time period…

==

If you’d like the slightly weird audio summary of this blog post from Google’s NotebookLLM, it’s here (it only hallucinates a bit).

The next 10 years of the NHS might include dissolving your GP practice and replacing it with a chatbot, but all of that will depend upon data. To ensure every use of your data is consensual, safe, and transparent for the next decade, we expect it will cost medConfidential about £100k a year to scrutinise these plans and find the gaps. If you can help find that sort of money down the back of the sofa, we’d love to hear from you.

Hello again from medConfidential,

Given the upcoming general election on 4 July, we thought it might be helpful to give an update on what’s happened since our March newsletter, and to give a brief summary of the current ‘state of play’.

What just happened?

NHS England’s “Federated Data Platform” (FDP), running on the half-billion pound Palantir platform, went live with two national ‘dashboards’ in late March. NHSE officials say it is now being used for four such dashboards – none of which use individual-level patient data directly, at present. 

Meanwhile, the Data Protection Impact Assessment for the FDP is being withheld by ‘the Department of Health in England’ (i.e. NHSE) because it is so controversial that its publication could affect the election. Statements made before launch that FDP would be used for direct care omitted to say that it would also be used for anything else…

Around the country, a number of NHS Trusts across England are continuing to use Palantir without telling their staff what to tell patients, or even what they are using it for. According to the Department of Health in England, you should be able to check if your hospital is one of them on this list – but as you will see if you click on the link, they’re keeping the membership of that list secret, so you have no way to know if your hospital is involved. 

The Department of Health in England has also been doing a bunch of ‘public engagement’ work, to try to justify taking your choices away in future. Ignoring the ‘spin’, the first published results are in fact very damning: 21% of patients either strongly or slightly disagreed with the statement, “I trust the NHS to keep my patient data secure” (Table 2), for example – and two thirds said they wouldn’t want anyone who isn’t directly treating them to have access to their medical records (Figure 3). The numbers who are concerned that the NHS may sell their data to companies without their permission speak for themselves.

Digging further into the detail, Table 4 suggests that up to 11% of patients are not happy for the NHS to use their data for purposes beyond their direct care, a proportion which increases to over 25% if that means “work[ing] in partnership with companies” (Table 3). Meanwhile, when the ‘dashboard’ isn’t broken, official figures show that only just over 5% of patients have actually opted out. There’s clearly still a lot to do.

Published days after the election was announced, the Public Administration & Constitutional Affairs Committee’s report on Transforming the UK’s Evidence Base says, on page 35:

101. Although statisticians and researchers publish a wealth of information on which data sources they hold, and how they are used, very little information is made available about how personal data are being used for the purposes of government analysis.

102. We recommend that the analysis function explore options for improving transparency around the use of personal data in official analyses, and that this work be made publicly available.

We agree. And hopefully a new Government will do something about it.

The General Election

The best time to commit to transparency is early in a new Government of a new Party, when the legacy of toxic behaviours all belong to the previous Government.

Public and manifesto statements to date, however, show there is no substantive difference on uses and misuses of your health records between the two major parties. You should of course know how your medical records are used, but the government of the day will always prefer a quiet life…

Behind the scenes, the Conservatives have been lobbied by Palantir – and those lobbyists are led by a Labour Peer. Meanwhile, Labour’s ‘kingmaker’ at the Tony Blair Institute continues to receive funding from the runner-up for the FDP contract, Oracle. So whatever election spin you encounter, whether or not there will be any changes to your rights around confidentiality, consent, and non-care uses of your medical records is not the partisan issue you might think. 

medConfidential will, of course, continue to keep a close eye on whoever wins.

In order of publication, the Liberal Democrat manifesto says they will be “’Protecting patient data and patients’ rights to opt out of data sharing”; the Conservative manifesto means continuing with the Palantir platform while widening (the risks via) ‘Pharmacy First’ and access to GP data; and the Labour manifesto hints at large changes to data policy, but offers no detail as to what they will be – beyond giving children identifiers that ‘follow them for life’ (remember ID cards?). 

On one specific data item, Labour’s “data library” could perpetuate the calamity of contradictions in the outgoing Government’s “Integrated Data Service”, or it could enable commercial exploitation of data in secret, as desired by UK biobank and HDR UK. Or it could be closer to the safe and transparent approach of OpenSAFELY… as ever, the detail and execution matters.

Neither the Green Party nor Reform say anything specific on health data policy that affects the Department of Health in England. And if you would like some longer analyses, others have focused on data and health.

Whoever wins the election, the new Government is going to be doing more on data. Beyond health, and whatever its focus, central Government should copy the model of the NHS National Data Opt-Out – creating something like a ‘Data Preference Service’ for the (non-NHS) rest of Government; a single place to opt out once. (Outside government, that same model – akin to the Telephone Preference Service – would help reign in the secretive companies that make money selling data about you without your knowledge or consent.)

After the election, actions will speak much louder than words.

What’s next

Next comes the voting. We hope all candidates offer clarity on their own views, and we encourage you to vote however you think best for the future of the country. 

We will still be here, whatever the result of the election – and whatever it is that the next Government wants to do to your medical records…

Just to confirm, as of this Bulletin, your current opt-out choices still boil down to this:

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds Redditch for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt-out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt-Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

Please note: in the current situation, your GP Data Opt-Out is just as crucial as your National Data Opt-Out. 

As ever, as we learn more, we will let you know. Thank you for your support.

Phil Booth & Sam Smith

21st June 2024

Everyone deserves privacy, and everyone deserves medical privacy. 

Whomever you are, Princess of Wales or not, you have the right to know where and when your records have been accessed, and in being able to see that those accesses were legitimate – and for action to be taken if they were not. As events have shown, the princess had access to her records monitored for abuses, the NHS won’t let you do that. The ‘Department of Health in England’ (NHS England) could tell you, but they don’t want to; doctors have been struck off for accessing records inappropriately, but abuse is far more common than punishment.

At the start of the 2019-2024 Parliament, we had no idea if mRNA worked at scale, and no real idea how to find out safely. A pandemic intervened, and we figured it out. At the end of the Parliament, trials to detect and cure cancers using mRNA seem promising and could revolutionise treatment (and the NHS budget) over the term of the next Parliament – if done properly. 

The outgoing Government’s choice to implement the recommendations of the Cass Review within hours shows that care choices can and are being politicised, with criminal penalties being created so very quickly. If only the independent Windrush Review, the many safe staffing reports, or conclusions on Grenfell had been so rapidly adopted by Ministers. The Cass Review will now undergo the slow, meticulous process of academic peer review – assessing the choices made, and seeing which parts demonstrate rigour and which show cherry picking, misunderstanding, or simply prior policy beliefs masquerading as independent impartial evidence. 

Whether the HDR / Sudlow Review will ever be published is unclear, but – if it is – any narrow evidence base and distortions that favour HDR UK’s own institutional policies will enter that same process of scrutiny and assessment which HDR does its best to avoid when nudging funding decisions to cronies. It is entirely possible to write a report focussing only on the subset of reality that is convenient to the institutional culture towards which you want to steer cash; permanently attaching your name and reputation to a temporary star is, however, a choice that remains fixed as time moves on, and temporary incongruences have been resolved. Career priorities are political. 

The Department of Health in England would prefer to control a single consolidated record of every health ‘event’ in your entire medical history – including things like copies of readings from the sensors on your smartphone and smartwatch (see Annex 8 of our UC work) – and to make them available not only to anyone in the NHS but to any private provider, to do with as they see fit. 

“Pharmacy First” can diagnose you with a UTI, prescribe accordingly, and then write that to your NHS record; DH policy imperatives show they believe a private GP doing the same thing is no different. But if you receive a diagnosis of ADHD or gender dysphoria that fulfils all NHS criteria, why does that not become an NHS diagnosis in the same way? Why does the system oblige your family doctor to follow some non-NHS diagnoses, but seek to criminally punish them for others?

(As an aside, allowing people to write arbitrary diagnoses into arbitrary records provides a system-wide ability for any rogue doctor to write anything they choose into a record – giving the Minister of the day, for example, SNOMED code 247667002 or 247670003. And of course, once entered into an NHS record, “diagnoses” are supposedly impossible to remove…)

The politicisation of care has become utterly incoherent. Things will eventually be resolved, but the real question is how many serious harms there will be in the interim.

Sustainability of data decisions

Sustainable decision structures are those which can exist for the longer term – and in which any individual decision is secondary to the process continuing. Where organisations aren’t disinvited from the process for giving private critiques or briefing Parliamentary Select Committees. (The culture of Paula Vennells is not unique to the Post Office.) And while imposition of a contract or rules is an emergency act, institutional ignorance is a temporary choice. It may feel easier to engage only with those who agree with you – something the ideologies of the outgoing Government made a policy goal – but what is temporary will eventually end. 

Whatever happens with NHS data it must be stable to survive. Every important stakeholder must have what it needs, which may not be what it wants. NHS England wants to do analyses; GPs need confidence and clarity in their responsibilities to all patients; interested patients need trustworthiness and dissent; researchers need to be able to do research ethically.

OpenSAFELY and Palantir are both tools; how the tech will be used remains unclear.

If the Department of Health in England were being honest, the public narrative of the ‘Federated Data Platform’ in Palantir and the NHS App would be that they are, in their view, the future of NHS care. If an algorithm running in Palantir and displayed in the App says No, then you won’t get NHS care – in exactly the same way as when the A-Level algorithm said No in 2020, students didn’t get their University places.

Culture of Coverups

The internal culture of NHS England has barely changed since the care.data debacle in 2014. That shouldn’t be a surprise, as it’s largely the same people doing the same jobs – and their ongoing actions suggest they have learned very little in the past decade. It is a common argument around Government that the civil service does churn too much, but perhaps lack of churn has harms too…

While the faces remain the same, the culture of the current “new NHS England” (aka the Department of Health in England, as NHSE has de facto seniority over policy staff) has degraded to the level of trustworthiness and integrity demonstrated by the Boris Johnson administration, while the current power structures were last defined by Matt Hancock’s DHSC.

The Department of Health in England takes reckless risks on your behalf without you even knowing. And UK Biobank and Our Future Health have evolved in that culture – the NHS England form to buy patient data is around 30 pages long; the biobank form is less than four pages long. There is no way that could cover everything required, but they have made the calculation that investing in PR and bluster will be more successful with Government and the Department of Health in England than offering real substance and evidence. Indeed, that approach clearly has worked for biobank and HDRUK under the outgoing Government. But all Governments end.

No Privacy, No Transparency, No Trust

Information such as service performance, which NHS Digital (RIP) proudly published proactively, is now routinely covered up and FOI requests are only answered after complaints to the ICO about stonewalling and non-response. “Transparency” may be something the new NHS England says – it is demonstrably not what it does.

Since the absorbtion of NHS Digital, the so-called ‘Privacy, Transparency, and Trust’ group is where NHS England dumps these vital issues in order that the rest of the organisation can ignore them, and so that group can focus on how to avoid them. The only outputs are performative statements – rather than building a trustworthy organisation that is worthy of public confidence, by demonstrating trustworthiness.

That this is the case is best demonstrated by the Department of Health in England’s sustained incoherence around a patient’s legal rights to object to unnecessary data processing. And their complete lack of interest in telling you where and when your medical record has been accessed.

Every NHS GP record is now supposed to be accessible in every pharmacy in the country, via a service called “Pharmacy First”. But you will have no idea if someone has accessed your GP record – let alone if that was a legitimate access, or one where your stalker or creepy bad date was ‘going fishing’ – entirely because the Department of Health in England refuses to tell you. Until recently, pharmacy staff could only read records. Now they can write a diagnosis into your record and, if they do, it’s almost impossible for you to know that it happened, or to challenge or have it removed. MPs (rightly) changed the law to allow the removal of malicious child safety reports, but that’s just the tip of the iceberg.

If your GP uses TPP/SystmOnline you may have access to an “online audit”, but this is not available in the supposedly “main” NHS App. Despite this audit trail being a contractual requirement imposed by NHS England, they never implemented it for you. Its actions demonstrate that the Department of Health in England believes they, not your GP, should decide what your GP can tell you about your health, what medical care they can provide, and which organisations can buy the personal data in your health records.

While patients should be able to see the correspondence about them, the reckless imposition of this by the Department of Health in England pushed all of the risks onto the patient and GP. It may be clinically essential for a letter between clinicians about genomics involving family risk to mention that the patient is adopted; but surprise! An entirely benign letter about a child can disclose that an investigation is underway simply by implicit reference to documents a potential abuser can’t see. The Department of Health in England’s view is that ‘This is not our problem’, and they adopt the same approach and attitude time and again – such as with the form that allows anyone to register with a new GP from anywhere, which can be weaponised by abusers.

As time goes on, various “national services” will interpose “national” goals between you and your family doctor, and the care they provide you. Is this really the NHS you want?

Being seen to Respect Patient Choice 

The opt out for secondary uses of your health data exists; the opt out for Shared Care Records is a ‘postcode lottery’ – making promises to patients that others in the NHS believe don’t apply to them when they copy the data again and again. 

When it comes to data use for purposes beyond your direct care, the Department of Health in England still believes that no opt outs should apply to them, even while saying opt outs that clearly do apply in law are via mechanisms that they simultaneously ignore. No process involving NHS England ‘Privacy, Transparency, and Trust’ (PTT) can be considered trustworthy in the current setup. That’s not to say that every outcome is always wrong – but outcomes are self-evidently incoherent, and disconnected from the processes supposedly creating them.

Even the Tony Blair Institute recognises that the current opt out process is punitive and destructive. medConfidential always said that it should be as easy to opt in as it is to opt out (and vice versa) so we agree on that. While the current process may be used to opt both ways, it’s still punitive – especially if you have dependent children living at home. TBI, however, prefers the intrusive power of the state be used to support its goals – and it is notable that Mr Blair’s proposals for the sale of NHS patients’ data don’t appear to have been implemented in any of the dictatorships he advises.

Claims from TBI and from the Department of Health in England about what Palantir will do for direct care – the care that is delivered by hospitals and GPs, not by centralised computer systems – are completely disconnected from the reality of NHS systems that already exist, and that work, and that are both used well and abused badly. Meanwhile, NHS England has covered up the Data Protection Impact Assessment for its Federated Data Platform, allowing FDP to launch without publication during the (local) election period, because the text says that public claims made previously about FDP being ‘for direct care only’ were abandoned before FDP launch.

The (first) Goldacre Review in 2022 was clear that the risks of the current use and misuse of patient data are an “emergency” – and “not a new emergency” – and yet, as back in the Kelsey years, the Department of Health in England is still hoping things will go wrong on someone else’s watch.

The outgoing Government may have had one success in that Review; the new Government could choose to announce in its first weeks that, retroactive to the date of the election, patients will be able to see in the NHS App – or in the TPP/EMIS apps if NHSE can’t get its act together – a list of when and where every patient’s records have been accessed via all national NHS services.

The list should begin with accesses to your Summary Care Record, your Shared Care Record, to GP Connect, and in FDP – all of which are capable of such audit functions. If it is claimed that any aren’t, then those who commissioned them were either grotequely incompetent or wilfully negligible. The ‘trial period’ could begin with digitally-engaged patients who have prospective access to correspondence enabled already. The new Government could then say that the secrecy ends, and patients would from that point forward have a clear evidence base of how data about them is used, and whether it has been misused.

For a new Government wanting more use of technology and more system access, this would have another significant additional benefit. One of the hardest aspects of such systems is getting clinicians to use them. If every patient can see how data about them has been used, they can also see where these new systems have not been used when they should have been – providing an evidence base and empowering patients to ask why these expensive data systems weren’t used to benefit their care.

Rest of Government: UC, Governments and computers

In the last days of the Parliament, the Administration Committee of the House of Commons said:

“Although statisticians and researchers publish a wealth of information on which data sources they hold, and how they are used, very little information is made available about how personal data are being used for the purposes of government analysis.”

“102. We recommend that the analysis function explore options for improving transparency around the use of personal data in official analyses, and that this work be made publicly available.

(paragraphs 100/102, Public Administration and Constitutional Affairs Committee report on Transforming the UK’s evidence base)

We entirely agree.

If you were to hear the description of a computer system whose users are overpowered by the system designers and operators, which tells users how much money they owe without showing any detail on how that figure was created, where staff working for the system designers can change those figures at will, and when figures change there’s no way for the users to know about it unless they keep their own independent records –and where discrepancies result in prosecutions, sometimes deaths – you might think someone was talking about the Post Office Scandal.

The previous paragraph is also a 100% accurate description of the systems of Universal Credit, about which we recently published Annex 8 and the wrap-up report.

The final section of Annex 8 relates to the rest of Government as much as it does DWP, and we’ve written a short note on what GDS / CDDO / CO should choose to do.

After all, all Governments end.

Enclosed new documents:

• Universal Credit
  • Annex 8: Government ‘Super-Apps’
  • Annex 8B: How digital services and apps get built
  • Related available next steps for CDDO / GDS
  • UC work wrap-up
• Letter to biobank about sending data to hostile states

Hello again from medConfidential,

It’s been a while since our last newsletter, and if you signed up to find out if NHS England would provide more details to help you with your choices around its half-billion pound Palantir platform before it “goes live” at the end of March, the answer is now clear. They won’t.

NHS England has said pretty much nothing new in public since before Christmas. The ‘Department of Health in England’ is instead leaving you to puzzle out the process, and to do all the work. As of this newsletter, your choices boil down to this:

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

Please note: in the current situation, your GP Data Opt Out is just as crucial as your National Data Opt Out. 

What’s going on?

Your GP sees you as a whole patient; they know it’s important to maintain trust in your family doctor. The Department of Health in England clearly doesn’t share this concern, and – though they’re not being entirely transparent about them – NHS England’s plans and actions show they intend your GP data to be copied again and again.

For example, the Frequently Asked Questions for the Palantir Project state:

“…if there is data sharing agreement between integrated care system (ICS) and GPs locally to share data for care co-ordination then they can use the local version of FDP for that purpose.”

There are many such agreements across England, and once your data is in Palantir, it can be “federated” – i.e. copied – again and again. 

NHS England’s Board were told in December 2023, “Absolutely, primary care data can go in” [time code 1:43:20] and “For direct care, it’s not in their [patients] interests to opt out, but they can” [time code 1:48:30]. And in February, the Government confirmed that GP data could be “brought in” to Palantir and Ministerial answers show they are content for NHS England to break past promises to be transparent and honest about how they use your data. 

What just happened?

Last week’s Budget effectively mandated Palantir for NHS Trusts and ICSs, even after the public were told it would be ‘optional’. And the public’s views won’t even be listened to until later this year, when it may be too late for many.

Budget week obscured another unauthorised data collection of all GP records across England, which was inadvertently revealed on NHS England’s official GitHub page.

On that page, officials at the Department of Health in England stated in terms that “the aim is to grab the data” from every patient in every GP practice. (This, despite having strenuously complained at medConfidential’s characterisation of its GPDPR programme, less than three years ago, as a “GP data grab”…)

The ultimate intention, as ever, is for the Department of Health in England to sell (access to) patients’ data in one form or another. As with previous attempts, officials didn’t inform GPs, who are responsible for their patients’ data in law. Instead, a team at NHS England wrote code to simply “grab” the data… because they could. 

This story is still emerging, but NHS England’s denials don’t match its actions thus far. And, as with their continued secrecy around Palantir, Department of Health in England officials don’t appear to think alternative perspectives on their intentions are worth considering – or even seeking.

Looking forward, legals and otherwise

Lawyers are lawyering about Palantir – our best advice for most people is to make your own choice for yourself and your family, and to leave the lawyers to do their work. (We’ll continue to help them.)

Legal action involves more than just ensuring government bodies follow their own rules; it’s about ensuring that they follow the law. We’ve never received clear answers from NHS England on this, only statements that they will “comply” with policies that they themselves have written to permit them to pursue their own desired actions.

This is far from reassuring. Whether it is legal or not remains to be determined. 

Decisions made by the Department of Health in England’s “Privacy, Transparency, and Trust Unit” fail to provide patient privacy and professional confidentiality, have self-evidently failed to provide meaningful public transparency, and – combined with the actions of the body it is supposed to ‘challenge’ – critically undermine trust in both the process and the wider NHS. (Legally-speaking, this deficit of robust, coherent internal processes makes it unlikely NHS England will be able to present such things to a court of law.)

The Federated Data Platform was meant to “end the era of chaos” in health data. But while a platform like Palantir could in theory make secrecy much harder, NHS England seems as determined as ever to try to keep its uses of – and ambitions for – your data hidden.

Unfortunately, the next Election won’t protect your NHS data; Opposition statements and actions already show the next Government won’t do any better than the current one.

The culture of data grabs continues spreading all across UK government, fuelled by tech salesmen promoting their platforms, magic thinking about tech not people, and officials (and others) with their own agendas. And even if the companies don’t make a sale, they embolden those who seek to operate without constraints – and who disregard the rules that are there to protect you.

What you can do

If you want to express your objection to your NHS data (“confidential patient information”) being used for purposes beyond your care, i.e. to opt out, you should use this paper form for your GP and post this paper form to Leeds for your kids and you.

(If you’re single and over 13 years old, this online page works only for you – and NHS England states that this opt out will not apply to the Federated Data Platform, which rather undermines it as a so-called ‘National Data Opt Out’…)

For other data flows around your direct care, you should ask your hospital doctors what your hospital currently does and what your choices are there.

You may also want to tell your friends and other family members about this, and/or forward this Bulletin to them with a short note of your own.

Finally, if you are in a Patient Advisory Group for a hospital, an ICS or your GP practice, please do ask for official answers on what information patients will receive on the ‘Palantir Platform’ / Federated Data Platform, and what their choices will be about their care and the use of their data as a result. The (lack of) guidance and meaningful options for patients should be on record. 

NHS England’s Board were told that patients would be able to make different choices about their care and their data; NHS England itself is refusing to give guidance on implementing those choices. Should this situation continue, things may come down to NHS doctors being forced to present their patients with the ultimatum, “Your data or your life” – as dictated by Palantir and the Department of Health in England.

The suggestion of using NHS numbers to track children in schools and children’s social care has reappeared again, with labour talking about recreating contactpoint (again).

The arguments in favour haven’t changed, simply using 2023 examples rather than 2003 examples, and the arguments against remain.

Using the NHS number to track children means also tracking adults who were once children, because NHS numbers don’t change.

DfE discloses data on children to anyone who wants it (including the school records of every state educated MP younger than 40). Using the NHS number means the security of the NHS number will be dependent  on DfE’s data handling practices (which do not satisfy the NHS rules, to say the least).

Some council will argue that because your school recorded a problem “managing self” at age 4 (“Manage their own basic hygiene and personal needs, including dressing, going to the toilet…”), adult social care should be reduced and incontinence pants used instead; or the crimes someone fell victim to become their fault in court because of the linked school records of every detail of every day they were in school. 

If you argue they should link health records to school records to support children’s education via the consistent identifier, then you equally believe (in special pleading, or) that they should link school records to others to “support young people affected by crime”. Using the NHS number to track ‘opinion-based’ policing data, or arrest people is a high risk extension of linkage, similar to Tony Blair’s Institute supporting the suggestion that (future) receipt of Universal Credit be dependent upon injecting wegovy (which will also require DWP data to be linked too). 

What gets linked for one reason gets reused by others – health records get linked to “clubcard” spending “for research”, and then pressure to use that data for more things is as “obvious” as the current arguments for more linking and more use. Always more.

The ideas aren’t new; neither are the problems. The only debate is about which victims they are choosing not to care about.

The NHS has spent 25 years getting the NHS number used for direct care. A new government may destroy that in 25 weeks.

It’s been several weeks since our last newsletter, and a few things have happened.

A Good Thing: OpenSAFELY

The GP data analysis environment which is capable of being consensual, safe and transparent – known as OpenSAFELY – has announced that the NHS will continue support for their analytical environment, which does not create any additional copies of the data and which respects patient choices to opt out of data being used in ways they don’t want it to be.

Things of another kind

You may have received some junk mail (with an NHS logo) from a company called Our Future Health which would like to sell access to your DNA and medical history to allow others to find new medicines. We’ll have more on that in the New Year.

Government spending £480m on Palantir

The Department of Health in England announced they will spend £330m on Palantir software and an extra £150m on ‘improving’ Palantir – so it’ll cost more next time – which has proved a little controversial.

Palantir will get one or more copies of all health data used by the national NHS across England, and the Department of Health in England has also bought the software for your local NHS Integrated Care System (ICS), and may impose it on your hospital.  Whether your local hospital or ICS wishes to take up this “offer” from the Department of Health in England is supposedly up to them. Some officials have however said that while using Palantir might not be “mandatory” for other NHS organisations, there are disincentives to spend money on anything else. 

This announcement is a start line, not a finish line. Nothing much changes before March 2024.

The National Data Opt Out exists and works as it always has, although it could always be stronger. The Department of Health in England has not published enough details to know whether patients’ objections will be respected, whether and where it believes your objections don’t apply, and/or whether the Department of Health in England will make everyone opt out again. We have a lot more details here.

As things develop, if you wish to protect your and your family’s medical information, you will likely need to have both an (online) National Data Opt Out and a GP Data Opt out, as your GP data could be used locally in Palantir.

As lawyers continue to pore over the text, if the Department of Health in England does disclose that it has created a new opt out that you have to apply for, we will tell you. To find out, use the box on the right to join our mailing list.

Remember, the announcement of the winner of the contract is the start line for this national data programme. It has to get to March 2024 without collapsing, and there are plenty of precedents for such programmes not managing that.

What you can do

The National Data Opt Out does what it always has. We agree with the Department of Health in England that it could be better – they could do something about that, but they refuse to. 

The Department of Health in England currently only links to the National Data Opt Out, once again neglecting to point out that the GP Data Opt Out exists and works to block secondary uses of your GP data that may be copied into Palantir if it is not applied to your GP record.

Meanwhile, Palantir shareholders want twitter warnings on anything that suggests the opt out works… 

Seasons’ greetings

This is probably our last newsletter before the New Year. We wish you well for the festive season with your loved ones. If you are feeling inclined, medConfidential is always grateful for your support of any kind, and we are grateful that so many of you are on our mailing list. As ever, please do pass this Bulletin on to anyone to whom you think it may be relevant.

Warm wishes,

Phil & Sam

Having had a few days to find some more surprises and omissions in the statement to Parliament and the press release confirming that Palantir won the £330m FDP contract, we understand why it is confusing. The goal is, after all, to copy everything into Palantir and only get support afterwards – and to not allow anyone to say no.

On Saturday The Times (incorrectly) said there is no opt out; a day later, the Sunday Times correctly said there is. Things are clearly in a mess, but it must be remembered that last week’s announcement was a start line for this project, not a finish line.

In brief: The opt out exists just as it has previously, and nothing changes until around March 2024. Everything else is a currently mess; we’re working on it.

Slightly less brief version: The National Data Opt Out exists – it works as it always has, though it could always be stronger. NHS England has not published enough details to know whether patients’ objections will be respected, whether and where it believes they don’t apply, and/or whether the Government will make everyone opt out again. This is because there are no details of individual data flows in the FDP as yet; maybe by March 2024 we will know more. Maybe.

Some have read NHS England’s briefing to argue strongly that patients cannot opt out; medConfidential and others, however, work for a world where patients’ wishes are respected. Join our mailing list to find out how it goes, or opt out at any time.

We will continue to scrutinise details. NHS England could still decide that people’s opt outs don’t apply where they should, and officials will probably try doing this – which is akin to making you opt out again. NHS England talks about its five high level “priorities”, but data choices and uses and paperwork is about very specific purposes – exactly what data, to and by whom, treated how and for what uses (e.g. “strike analysis”), with or without respecting opt outs? The devil is in all the details.

We do not yet know whether those who have already expressed their wishes will have to do anything else – NHS England has not yet said whether Government will make patients opt out again, but as of now, the opt out process is enough.

The Details Do Matter

The Government is as committed to giving Palantir £500m over seven years (the current contract is for five) as it was to HS2 and Net Zero. If you wish to opt out, we have a page on how to do that. Many details are still to be argued about by lawyers and others, but you currently have the same choices after last week’s announcement that you had before.

As an administrative body, not the NHS in England, NHS England (NHSE) can only make decisions for NHS England. It can try to bully NHS Trusts and Integrated Care Systems into going along with its decisions – seemingly with limited success – but, as separate legal entities, ICSs and Trusts get to make their own decisions. Sometimes NHSE says Trusts “can” choose to use it, sometimes NHSE says they “will”. The comments published by the Science Media Centre demonstrate the lack of support that NHSE tends to respond to with strong-arm tactics.

While it is good that NHS England has an “engagement portal” of sorts, it will be far better when there is meaningful content in it – and when that content is entirely accurate and complete. 

We note that NHSE’s public press release was less informative than its statement to Parliament. And while the press release talks about “Trusts and ICSs” having access “from spring next year”, NHS England itself is notably absent from that timeline. 

Our current understanding is that NHSE will get access to data at the same time as Trusts and ICSs, when the “Privacy Enhancing Technology” is available. Previously, officials had suggested NHSE would have access before that. Of course, there is no obligation on NHS England staff to be fully candid in meetings, and someone decided not to make this all clear in the press release. This kind of decision has caused and continues to cause many problems.

NHS England has until around March next year to get its story straight, and for its officials to be transparent about governance and patients’ choices – hopefully far better than they managed on Radio 4’s Today programme last week.

(For example, GP data could at some point be copied into Palantir for where you live, and then copied elsewhere, unless you have done the separate GP Data Opt Out. Despite asking repeatedly, details on this are unclear. The Palantir Federated Data Platform is the first time that National Data Opt Outs and GP Data Opt Outs will overlap in this way, and we still have no idea how this is going to be handled – based on past behaviour, NHS England will probably just try to grab the data, because that’s what they instinctively do.)

“Direct care”

The heavy lobbying from NHS England has focussed on “direct care”. While it is unclear what direct care the bit of the Government that calls itself NHS England actually does, NHSE’s FAQ initially said (and some versions still do):

Then they took that text away. 

NHS England was correct that, in some circumstances, you can object to aspects of care that you don’t want, for any reason you like – this is normally referred to as “patient choice” – but it has apparently been decided by NHSE that such choice is not here and not now, any more. Or, to put it most generously, there’s no clarity. Again. (This is becoming a theme…)

NHSE is only clear that the National Data Opt Out and GP Data Opt Out do not cover direct care uses, and it is critical that that remains true; were it not true, that would be a resignation issue.

That an administrative body which treats no patients and runs no hospitals wishes to define some (or any) of its activities as “direct care” as a figleaf for processing data it otherwise could not access is spookily reminiscent of the failed GP data grab of 2021 and the catastrophic care.data programme before that.

Confusion about purposes beyond direct care

Many people have noticed that the National Data Opt Out (NDOO) is somewhat limited – and, if you rely solely on the way NHS England chooses to describe it, it appears far from effective. But it exists. And it does work. Some argue that it is useless; we and others work to make it stronger and better.

For now, if you have chosen to do a National Data Opt Out, it does as much as it can be made to do currently, and will hopefully do more in the future without you needing to take any further action. (The same applies for a GP Data Opt Out, if you have done one of those.)

The National Data Opt Out was created to avoid a proliferation of new opt outs as new data programmes came along. So while NHSE could say that the NDOO doesn’t apply in a particular scenario, under the law (see below) and in effect it would be saying, “there’ll be a different opt out for that”. In practice, this is untenable, and it is precisely the reason why the NDOO came about. A single National Data Opt Out will eventually cover all dissentable processing, but that will take more campaigning. And lawyers. And time.

The day before the contract announcement, on the same page as the text above which confirms that you can opt out of data use for direct care, the FAQ said:

“Can patients opt out of their data being shared in the FDP?

No. Patients can only opt out of sharing their identifiable data for research and planning.”

A week later, the answer to that question now provides a link to the National Data Opt Out – so the answer was clearly not ‘No’ but ‘Yes’. Additionally, while NHSE attempts to narrow the opt out at any opportunity, the choice of words both initially and now reflect NHSE’s persistent belief – since its inception, and the ‘bad old days’ of Tim Kelsey and care.data – that patients have limited rights, and that if NHS England wants to do something with data, or Government wants to do something with data, then they can ignore patients’ express wishes.

The FAQ does not say that NHS England will respect all of the rights of a data subject – for example, the right to object to unnecessary processing – instead it simply ignores that any inconvenient rights even exist. Courts tend to take a wider view…

NHS England might tell people in future that there is or will be processing of their data to which they can object, but to which NHSE will not apply the National Data Opt Out. This would be creating (yet) another opt out, and making everyone have to opt out all over again. Alternatively, NHSE could apply the National Data Opt Out to all such processing, despite what it is saying today. 

These are the two choices facing Government – and it should be clear that this is a Government decision, not an NHS decision. And when that decision is made, either way, the paragraph will have to be changed again. The current version is less wrong than simply saying “no”, but it’s still not right. Yet.

medConfidential does not believe anyone should have to opt out again – we can’t make that a promise because that’s a Government decision – so you should be able to make your NDOO choice now and not worry; but if you want to keep informed, join our mailing list for more as we know it.

Making inaccurate statements to the public

The FAQ mess – that it publicly stated contradictory things between last Monday and Friday – means that someone, somewhere inside NHSE, agreed that both statements were accurate at some point. Who changed their mind?

The same FAQ has previously claimed, “The existing web copy was produced in conjunction with Med Confidential”. This was not true, and in the weeks it took NHS England to remove that entirely false claim, we were assured that the FAQ ‘had process to follow’, and that it couldn’t be done quickly, as everything was checked. We never received a proper answer as to how that claim came to be made – officials seemed to be relying on a meeting in August 2022 for the claim they made a year later, as if they believed they had learnt nothing in the interim period. (Perhaps they didn’t.)

Even if one were to accept statements that such occurrences were honest mistakes, how many other similar mistakes are there in NHS England’s decisions? And why is it that those mistakes inevitably tend to benefit NHSE and fit its intentions, and remove choice from patients? Every. Single. Time.

Honest mistakes would go both ways; systemic failings only benefit NHSE.

No meaningful check, no meaningful challenge

NHS England’s “Check and Challenge” group met for the first time on Friday, but is only scheduled to meet once every two months. That means its first substantive meeting will be in January, and NHSE expects to start using Palantir in March, possibly even before the second substantive meeting of the group.

Even if the best possible questions having been provided with perfect information were to be asked at the January meeting, officials could (entirely reasonably) say, “We’ll come back to you on that,” and NHSE could do whatever it wanted – Palantir could even start running before the group meets again. It should be noted that some decisions made at this stage are irrevocable, and some very hard to roll back once begun.

We don’t expect the “Check and Challenge” group will be allowed to do much of either checking or challenging, and to make doubly sure they don’t – and in stark contrast to previous debacles like care.data – medConfidential were not invited to join it.

One “check” the new group might discuss is “pseudonymisation”, and the extent to which NHS England will once again ignore that pseudonymised data remains personal data – and that, as such, any unnecessary processing is dissentable. So the NDOO should be applied. If not, the “check” group will be allowing NHSE to create a new opt out.

The group is not expected to publish minutes or papers, so we shall be FOIing them regularly which is a waste of everyone’s time. It should be noted that since “new NHS England” was formed, it does not promptly respond to requests for such things – the “Digital Data and Technology” subcommittee of NHS England’s Board, for example, refuses even to disclose its membership. 

Palantir Access To Data?

We don’t know what data flows will be in the Federated Data Platform as yet, as NHSE hasn’t told anyone. And we don’t yet know who will be auditing NHS England’s setup of Palantir – but we’ll certainly have questions for whomever it is. All we can do in the meantime is look at the data flows that were in the precursor system to the FDP in January and July of this year.

Notable in January was “strike analysis”, for which NHSE apparently used spreadsheets instead of Palantir Foundry – an item which conspicuously disappeared from the list in July, despite other items being “included for completeness to show a reconciliation with the original list of purposes”.

The July list gives sixteen purposes described as “system admin”, and we don’t know who those admins are. (This is why purpose descriptions are helpful; a feature Palantir Foundry has by default, which NHSE chooses not to reveal.) 

Hopefully when NHSE publishes the full list of which flows of data are being used for what – something they could choose to publish today on their engagement portal – we will know, and so will you. NHS England has signed the FDP contract, and all we know is that it would be illegal for Palantir to use data in ways that NHSE doesn’t allow – the problem being we don’t know what they don’t allow, and still know precious little about what they do allow.

Hopefully NHS England is better at writing and managing contracts than they are at writing FAQs. We don’t think this is a severe risk, but NHS England has failed at managing so many obvious risks, and so many bland reassurances have been shown to be untrue, that further bland reassurance at this point is clearly insufficient. 

If NHSE wants to use NHS patients’ data, it must provide full information about all of  the data it wants to use, how it will use it, and precisely what for, and for each flow, at each stage, either respect opt outs or explain clearly (and accurately!) why not.

The NHS procurement was done carefully, and had to be, despite some interests wanting to cut corners. But the contract was awarded, the facade fell, and Palantir sent round an unpublished briefing saying how wonderful Palantir is – ending with a quote from NHS England saying, “you have to liberate the data, and as we have done that”… 

Join our mailing list for more information as we know it.

---

---

Below is the text put together in pieces as we went through the documents for the first time:

According to the written statement to Parliament, Palantir won the £500m contract. The announcement is a start line, not a finish line. NHS England will now have to keep their contradictory promises. We’ll be here.

The Government is as committed to giving Palantir £500m as it was to HS2 and net zero. You still have choices.

If you wish to opt out, we have a page on how to do that (there are details to be argued about by lawyers), but you have the same choices today that you had yesterday.

NHS England can make a decision only for NHS England. NHS England can bully Trusts and ICSs into going along with it (seemingly with limited success), but as separate legal entities, ICSs and Trusts get to make their own decisions.

It appears Trusts/ICSs will not be able to start using it until “spring next year” (April?), because that is when the “privacy enhancing technologies” start, but NHS England will use the platform immediately, with or without those technologies.

NHS England’s FAQ used to say that opt outs don’t apply, but it now says they do. The day before the announced, The FDP FAQ started the answer to a question about opt outs applying with “No.”, and now is much of a vague yes. NHS England can still decide that the opt outs don’t apply where they should. We’ll continue to scrutinise details, because you shouldn’t have to opt out again. NHS England talks about 5 high level “priorities”, but data choices and uses and paperwork is about very specific “purposes” – what data, to what point, for what purpose (e.g. “strike analysis“), with or without opt outs? The devil is in all the details.

We do not yet know whether those who have already expressed their wishes will have to do anything else – NHS England have not yet said whether Government will make patients opt out again, but as of now, the opt out process is enough.

NHS England has until around March to get their story straight, be transparent about governance and patient choices, better than they managed on radio4; NHS England’s “mistakes” only seem to make life easier for NHS England…

NHS England gave a chosen few organisations different briefings on the 20th November, ahead of the announcement on the 21st, and we don’t yet know what else they’ve mislead people on, in the same way the FAQ used to say “no” to opt outs, and which now confirms you can opt out. We’ll update this page as we have more considered views.

Join our mailing list for more as we know it.

After 1st November 2023: If you have found this page after coming across something distressing and googling various terms, we’re sorry the Government has made the NHS and your GP put you in this position.

If immediate attention is required by what you have read, your GP will get in touch with you as soon as they read what you have already read (as you may have seen it before them). If you are immediately concerned and your GP has an out of hours message box, you can leave them a message asking for a call back when they’re open, or you can call 111. When this feature was being tested, people would think to call 999 or go to A&E (this is when to do that), and neither the Government nor NHS England did anything to minimise the fear or confusion you feel; they should have done so.

If someone else has become aware of information from misusing your app, NHS England give you no recourse. If you have become aware of something that was being withheld from you for legal reasons, please don’t harm your children, yourself, or anyone else.

The Government has contractually required your GP (in England) to facilitate access to “prospective medical records” from your GP record to the NHS app. From 31 October 2023, any correspondence sent to your GP will be available to you through the NHS app (and, over time, the NHS website).

In simple terms, these are letters about your care, not “to” you as such, but to/from different doctors providing your care, who may also send a copy to your GP. The doctors outside your GP have not been effectively told this is happening, and so won’t know to take it into account when writing the letters.

These may be distressing, as they may contain medical language you’d need to look up, they may discuss your mental health, and may contain bad news and diagnoses that the author of the letter expects a doctor to break to you with compassion.  You may also see how much work is shifted onto your GP from other parts of the NHS, and how secondary care “manages” their waiting lists. 

With the usual lack of attention to detail, Government and NHS England have not told anyone other than GPs that this is happening.

Online access will be helpful for most patients, but the process of making this available has created unnecessary risks and The Government with NHS England has chosen to leave them unaddressed, as described by domestic violence charity Refuge.

What happens next?

To implement the requirement placed on them, some GPs will text you to ask what you choice you would like to make, and some will turn it off until you ask them to turn it on for you. There are no government provided communications on this – every GP will have to do this all themselves. The Health Secretary has demanded it be on for everyone from day one, saying as his Tory Conference speech that family GPs “are even threatening to take the Government to court over our plans to let patients see their own test results on their own phones, rather than taking up a GP appointment. This clearly shows that the BMA leadership is not on the side of change, and they are not on the side of patients”. You will see these test results potentially before your doctor, and you may have to interpret them alone.

If this is harmful to you, you can ask for it to be turned off

If your device is not your own or is shared in a way which makes this uncomfortable, or you have reason to be concerned, you can send your practice a message asking for “prospective access” to be turned off for your record. (Deleting the NHS app isn’t enough if someone else knows your NHS Login username and password and has the app on their device).

You can’t see if others have accessed your record this way

Despite requiring access be made available, there is no requirement to see whether your record has been accessed to give the reassurance that your record has not been abused by others who may gain temporary access to your device.   If this feature were to be abused, the app gives you no indication that it has happened, so NHS England doesn’t care to protect you.

You should be able to see what’s in your record if you wish, and equally, you should be able to know how that record is accessed, but this government is playing contractual games with the biggest bit of the NHS that hasn’t yet gone on strike.

Access to records is a useful tool for the majority of people (and those it harms should be better protected than they are), but we await, more in hope than expectation, any announcement that NHS England will also provide the details of when your record has been accessed and from where. Will NHS England hold themselves to the same standards they mandate from others?

This process is a mess, and patients and GPs pick up the pieces. Again.

(That this change is being imposed at the same time as the “Palantir procurement” continues is a source of confusion, the reasons for which are… speculation)