NHS England puts patient database on hold

NHS England is to delay by six months the roll-out of its controversial Care.data scheme for sharing patient records through a central database

NHS England is to delay by six months the roll-out of its controversial Care.data scheme for sharing patient records through a central database.

An NHS England spokesman said the delay was to “allow more time to build understanding of the benefits of using the information, what safeguards are in place, and how people can opt out”.

The move comes after the Royal College of General Practitioners (RGCP), the British Medical Association (BMA) and Healthwatch called for improved public awareness of the implications of the plan.

The Care.data scheme proposes to upload all patient records from GP surgeries and hospitals into a central database, to be used for medical research by the NHS and private companies.

The first upload of data was due to start in April, but patients who wish to opt out must do so before that time or lose their right to withdraw.

A publicity campaign intended to raise awareness of the scheme saw leaflets delivered to every affected household.

But the RGCP and BMA said that campaign had failed to educate the public and more needed to be done before the service could be launched.

Data protection concerns

Privacy groups are concerned about how the data will be protected. NHS statistics that show more than two million serious data breaches by the NHS have been logged since the start of 2011.

More on NHS IT and data protection

  • Symantec helps NHS trust cut security costs by a quarter
  • NHS set to challenge ICO fine
  • ICO issues warning over NHS Data Protection Act breaches
  • ICO hits NHS Trust with biggest penalty to date
  • ICO finds NHS Liverpool Community Health breached Data Protection Act
  • Royal Cornwall Hospitals NHS Trust breaches Data Protection Act
  • ICO issues first monetary penalty to the NHS
  • ICO issues £175k penalty against Devon NHS Trust
  • NHS Trust to appeal £375k data loss penalty
  • ICO issues £200,000 penalty for failed IT disposal
  • ICO concerned about ongoing NHS data breaches
  • Royal Wolverhampton NHS trust loses patient data
  • NHS trusts breach Data Protection Act with patient records
  • Third NHS trust caught in breach of Data Protection Act
  • Lost NHS medical records: Laptops had unused encryption software
  • ICO takes enforcement action against NHS trusts for data losses

Earlier this week, the Telegraph revealed that NHS England’s own risk analysis admits that the planned database could be vulnerable to hackers or could be used to identify patients “maliciously”.

NHS England had claimed that it has all the necessary controls in place, although data protection watchdog the Information Commissioner’s Office has revealed concerns about aspects of the plan.

Privacy groups have also raised concerns about the planned database and sale of data to health researchers and insurance companies.

In January they warned there will be no way for patients to work out who has accessed their medical records or how they are using the information.

A YouGov poll, commissioned by consumer advocacy group SumOfUs.org, shows that 65% of the UK public are opposed to having their personal medical data sold to corporations.

Around 250,000 people have also signed a SumOfUs.org petition calling on NHS England to reconsider the scheme and pledge that access to patients’ private data will not be sold.

Martin Caldwell, UK campaigner for the advocacy group, said the decision to delay the roll-out of the scheme is a huge win for privacy.

The scale and scope of the proposals from NHS England was unacceptable to hundreds of thousands of SumOfUs members and to millions of English NHS patients.

“We hope that NHS England returns to the drawing board and finds a way to promote public health that doesn’t compromise our right to keep our personal medical histories private,” he said.

BMA GPs committee chairman Chaand Nagpaul said: "We are pleased that NHS England has listened to the concerns.

"With just weeks to go until the uploading of patient data was scheduled to begin, it was clear from GPs on the ground that patients remain inadequately informed about the implications of Care.data."

Heeding lessons from past IT project mistakes

Martyn Thomas of the Institution of Engineering and Technology (IET) said: “In delaying this massive IT project we hope that the government has learnt from past mistakes with big IT projects.

In delaying this massive IT project we hope that the government has learnt from past mistakes with big IT projects

Martyn Thomas, IET

“A big issue with this project has been flaws in the communications campaign. There appears to be a big question mark over whether the information contained in a leaflet aimed at the general public enables people to make an informed decision about whether or not to opt out,” he said.

Thomas said it also remained unclear how the anonymisation of data would work in practice. “One way to address these concerns would be to carry out a managed trial, before rolling out the plans across the entire NHS,” he said.

Nick Pickles, director of privacy group Big Brother Watch, said NHS England has failed to communicate properly to patients or GPs what this new database involves, how it affects our medical records and what the risks are.

“The scheme’s benefits are no justification for not properly informing people what will happen and a delay is the right thing to do to maintain public confidence and ensure people have an opportunity to opt out.

“Our medical records contain some of our most private information and any changes to how they are used should not be rushed into,” he said.

Big Brother Watch has called on NHS England to write to patients individually, including an opt-out form, explaining the scheme and allowing people to make an informed choice about what happens to their medical records. 

Read more on Privacy and data protection