A survey by consumer watchdog Which? has revealed that almost half of adults in England are unaware of plans for their medical records to be shared with a new NHS database.
What Data Sharing?
Back in May, NHS Digital launched its plan for sharing medical data from GP records in England. As part of the General Practice Data for Planning and Research (GPDPR) scheme, GP surgeries in England can automatically upload and share the medical records of every patient in England to an NHS Digital platform, unless the person has opted out.
Original Opt-Out Date Has Passed
Although the original opting-out date of June 23 has now passed, a campaign supported by medical professionals and MPs has acquired an extension period to an (as yet) unspecified final opt-out date after it was agreed that the scheme had not been publicised enough, and also, extra time was needed to work on the necessary privacy safeguards.
Confirmed By The Which? Survey
This lack of awareness of the scheme and its implications was confirmed by recent Which? survey where only 55 percent of the 1700 people surveyed said they had heard of it, and 71 percent of them said that the NHS hadn’t publicised it well.
Why Is The Data Being Collected?
NHS Digital says that the data is being collected to support the planning and commissioning of health and care services, such as the development of health and care policy, public health monitoring and interventions, and to help with research (e.g. analysing the long-term impact of COVID-19).
What Kind of Data?
The medical record data that’s being shared under the GPDPR scheme includes your sex, ethnicity and sexual orientation, physical, mental and sexual health, and lots of other data including referrals, diagnoses, test results, medications, allergies and immunisations.
What About Insurance Company Access?
One of the big concerns of those who are aware of the scheme is whether data (that could be linked to an identity) will be shared with insurance companies. However, it has been reported that data from the scheme will not be shared with marketing or insurance companies. Also, data shared in the scheme will be anonymised, thereby replacing some possible identifiers with unique codes making it more difficult to directly link details to an identity.
Still Possible To Identify A Person
The data, however, will not be completely pseudonymised which means that although it is unlikely that anyone can be identified from the data, it is still technically possible. For example, software could be deployed to decode the data where there is a legal reason to do so.
What Does This Mean For Your Business?
Since the pandemic and the development of vaccines, many people may be feeling more sympathetic to the need for sharing data, perhaps their own, to be used for medical research and, as such, might be less worried than before about their medical data being shared. That said, the thought of personal medical data being shared with companies that could use it for marketing (targeting) or by insurance companies to make judgments about eligibility or ramp up premiums is a worry for many, even though there are assurances in this case that marketing and insurance companies won’t be able to do this. The fact that the scheme requires opt-out rather than opt-in and that the opt-out date has long passed with half the population knowing about the scheme at all does feel as though it is something that is being sneaked in. That said, it’s worth noting that UK’s data protection laws already allow access to data when needed for research and scientific purposes. This story is also an example to businesses of the importance of communication, transparency, and giving plenty of information in plenty of time for any important changes to terms, services, or any other factors that customers feel are important, of value, or may influence (have influenced) their decision about choosing or continuing with services.