Do you Care for your Data? What means for NHS patients in England

The new database has prompted much debate about its impact on healthcare and patients.
(Image c/o Jamie on Flickr.)

The following post was written by Informed team member, Elly O’Brien.

NHS England’s new database,, will be populated with data collected by the Health and Social Care Information Centre (HSCIC) from different care providers such as General Practitioners (GPs). The HSCIC already collects Hospital Episode Statistics, which details admissions, outpatient appointments and accident and emergency department attendances. The concept behind is to create a single database with information spanning primary care (e.g. GP surgeries) and secondary care (e.g. hospital admissions), to enable this “big data” to be used to help understand and treat diseases, inform how local services are organised, identify people at risk of conditions and improve the “pathway” of treatment a patient follows.

We are frequently told that we are living in an age of “information overload”, where we are bombarded with information which can lead to an “information paradox” in which there are so many sources of information, that knowledge becomes hard to find and this superfluity of information can make it harder to reach a decision. is a perfect example of this in action, having created a flurry of media coverage and commentary from all sides.

The aim of this blog post is not to add to this excess of information or to try to sway anyone’s opinion, but to signpost sources of information from various organisations and viewpoints.

The HSCIC has background information on, NHS England has a range of information specifically for health professionals. NHS Choices has information tailored for patients including an electronic copy of the leaflet that has been distributed to all households in England and a video.

So what are some of the issues that have been raised about


NHS England has stated that the records will have identifiable information removed but the HSCIC has conceded that there is a small risk that records would be potentially identifiable as records will be pseudonymised rather than anonymised.

How the data will be used

The data will be used within the NHS nationally to inform research and improve practice, as well as by the NHS locally to understand local needs and for the NHS to commission services accordingly. It will also be made available (for a fee) to insurance firms and private organisations such as pharmaceutical companies. Some people are fundamentally opposed to this, but NHS England has sought to reassure patients that the data will not affect insurance premiums or be used for marketing purposes. NHS England has in place information governance measures designed to ensure that it complies with relevant legislation with regards to how will be shared, stored and used. The same laws will apply to any non-NHS organisations using, however, some critics have are concerned that any misuse of data would only be apparent after the fact and that law in itself is not necessarily a deterrent.

Having to opt-out

The new database is based on an opt-out system and patients who do not want their data included in the database are instructed to contact their GP in the leaflet being posted out. This has been criticised on principle by some, because people may not opt-out (perhaps due to laziness or lack of awareness) but in doing so are not necessarily positively consenting. Others have criticised that an opt-out form has not been provided, although some GP surgeries have created opt-out forms for patients on their websites (such as this Durham-based practice). To opt out you simply need to contact your GP surgery (not your actual GP), you can phone them or write to them (medConfidential has an opt-out form you can print out and send to your GP surgery).

The decision is yours to make, but a little reading can ensure that it is an informed, empowered decision rather than an unwitting opt-in.

5 thoughts on “Do you Care for your Data? What means for NHS patients in England

  1. The term opt-out should be used very cautiously. There is only an objection on offer. See question/answers 21-23. I have spent some time trying to understand this and have spoken with the project team on a number of occasions. It is not 100% clear yet. But I believe this is the case below:

    Data extracted from GPs will be matched with any existing data stored at HSCIC and stored. We can object to 4 items of identifiable data leaving the GP (NHS number, DOB for example) but it will not be a total opt out, the record is then only stripped of 4 identifiers and the remaining data is still shared with HSCIC and merged with other data from our hospital records for example. Data linkage will enable its release in red (fully identifiable), amber (pseudonymnised) or green (anonymous/aggregated, like tables of statistics). HSCIC and currently the Secretary of State determine which data under their governance and confidentiality agreements, can be released in which format, when and to whom.

    Dissent from disclosure of personal confidential data by Health and Social Care Information Centre’ code (Read v2: 9Nu4 or CTV3: aaVL or SNOMED CT 8815610 00000100). This prevents only ‘red’ data being shared with researchers. Amber and green are compulsory and we have no opt out of their use.

    1. Thank you for that clarification. As I understand it, red data will only be used in “exceptional circumstances” such as a an epidemic ( I will admit that I hadn’t quite appreciated that this means that you can’t opt out of that usage, hence that is not clear in the above post.

      Writing this blog post was sparked by the reading I was doing to help myself to understand the issues involved and make my own informed decision. After I’d done that reading, I thought I might as well pass on the useful links/information I found to potentially help others to wrap their heads around it. I fully acknowledge that I’m not expert and there are areas I may not have fully covered, so I appreciate comments like this.

  2. Elly it’s great you address this and comprehensively. It’s a wide ranging subject with lots of big picture issues which set the details of in context. Some of these details you address are exactly what individuals need to understand and know what we are signed up to, and we don’t have enough information on. The basics of ‘do we understand who will have how much of my data, for what purpose, for how long and can I know how they will use it?’ We all really need to understand this.

    I’m no expert either, I’m just an ordinary Mum trying to look after my children’s health care and data confidentiality. To sign away the latter today for their lifetime, is to me, not something that can be taken lightly.

    As I say in my other comment, this is my personal belief of how the objection will work in practice, and it is not 100% clear yet. But Geraint Lewis seemed to confirm it to me via twitter and offered a phone call to follow up, which I’m hoping will happen soon. For reference, see the GPES requirements: p.11 – GPES Customer Requirement Summary reference: NIC-178106-MLSWX March 2013 v2.1

    “For those individuals with a match, the HES ID will be appended to the primary care dataset, and the updated primary care dataset will then be machine read to confirm the match rate and to determine that the matching has been successful. For each record, a machine process will then match the HES ID to the HES dataset to form the linked primary and secondary care database (CES). For those records without a match, a new ID or pseudonym will be created and the data retained for subsequent matching. This is because, for commissioning purposes, it is important to understand activity undertaken…”

    To my mind, it is the only logical outcome because:
    1. is only approved for commissioning, not research yet (GL to me via Twitter) & is providing secondary uses (SUS) information only, not clinical care data
    2. SUS “mission critical” for Payment by Results and commissioning
    3. If the CCGs and others for commissioning purposes need to know how many patients in their region need for example, are receiving diabetes care, they need to have an accurate number of patients, therefore the total number of patients with diabetes must not show greater numbers, than is accurate.
    4. If lots of people object/opt-out we have been led to believe this would prevent any data going up – commissioning numbers may be wrong. If lots of records only send up “some” data as a result of the object/opt-out code and are not matched up, then you would have duplicate diabetes patients counted twice – once from a GP record, once from the existing hospital data.

    That’s my logic anyway for what it’s worth, and based on the GPES Customer Requirement NIC-178106-MLSWX in which “those records without a match, a new ID or pseudonym will be created and the data retained for subsequent matching”. I believe the dissent code data if it cant match straight away, hangs about in the system until it can be matched with a future upload, or another data set sends enough to provide a match – hospital, clinic, other setting.

    We can object to identifiable (but not all) data leaving GP practices, and in addition can object to red data then leaving HSCIC and to researchers with 251 permission. So all requests for amber data we cannot object to. And if the Secretary of State approves red releases, it goes too. Because he can do that without 251 approval, we don’t have visibility of that either. And I also didn’t get an answer if the ASH (accredited safe havens will get red data) as happens now to some CCGs with 251 approval, extension granted to end of 2014.

    If there are patients who wish to limit red releases, they should certainly still continue to register the objection codes with their GP practice. I just don’t believe it achieves what we have been led to believe, and how any modicum of common sense would understand the ‘prevent identifiable data leaving your GP practice’ code should work. And nowhere in public facing communications does it say, data use of XYZ is compulsory. Or ‘amber’ data is always compulsory regardless of your patient objection. The term being used increasingly of ‘amber’ data helps package it, but is very unclear as pseudonymised can mean different things in different circumstances to different people. And since we will mostly all have data already in HES then that is being used already.

    It is a neat workaround of patients’ objections, in my personal opinion. We have a choice says the front of the door drop leaflet, but do we? I don’t think it’s worth much. But as I repeat, that’s my opinion and I am really looking forward to the call with project to get it confirmed or corrected. I’m no expert, so I hope we won’t have to wait long for them to tell us.

  3. I think I’m neutral on this topic – anonymity is the key.

    There is a societal, moral issue here too … should you opt out? Are you undermining a greater good in society by doing so? (These aren’t necessarily views I subscribe too, but they are questions that should be posed.)

    Truly anonymous data will be very powerful and better inform the health professions and the industries that support them and come up with new treatments and therapies. Whatever you think of “big pharma”, we would be defenseless against some real killer diseases and infections if they didn’t exist.

    I previously worked as an information researcher supporting management consultants working with the pharmaceutical sector. Clinical trials are actually quite limited and often side effects slip through because people are infinite in their variety and response to drugs and treatments, which is why pharmaceutical companies are required to monitor adverse drug events beyond launch. If we could know that a group of people with certain characteristics were sensitive to a particular therapy or gained no benefit from it, then treatments could be better targeted and dosages reduced. There are examples in the literature where genetic screening has informed better use of drug therapies.

    This kind of summation of health data isn’t new … I have been surprised that it has received this much press attention:
    > The Cochraine Library – set up in the 1990s aims to consolidate research data to show larger trends through systematic reviews.
    > We should also not forget that GPRD – now CPRD ( has existed for decades.

    1. I agree with you. If it were anonymised only ‘green’ data I’d support without a second thought. And I totally agree on the public good – and it is in fact critical, because our statesmen must represent us all, as best they can, in the Public Good. So what do you think about a private vs public healthcare system – how do we balance what is ‘in the public good’ for the majority?

      Will this agreement to use our data, in whatever format they agree, enable private US enterprise a foothold in the NHS England healthcare services? I believe that is the intention. At best, those who signed it have not made it news, or explained what the purpose is and what it will mean for us. (

      “Open data initiatives, advancing Health IT adoption, and priming their respective markets for innovative new Health IT products and services.”

      I don’t know, so we should ask to find out more.

      Agree fully on CPRD – Data sharing and research should work well together under the right consent and governance guidelines as has done well under clinical care at the CPRD for so long, with active consent and GP awareness. It’s only now that the commercial data mining has hijacked that use of data, intended for the public good, I disagree. Public money is funding commercial private companies to undermine or at least, rechannel NHS services towards the private market if they buy data at ‘cut price’ recouping costs and then make a profit from their business.

      1. Data is not anonymised but identifiable from GP to central Health and Social Care Centre. Includes unique NHS number, DOB, postcode and gender. And is matched with more data on arrival.
      2. You can ask to have those 4 things removed before the rest of your data is extracted from the GP practice (Nu90). But HSCIC merges your data when it lands with their existing data about you from hospital, mental health, Child and Maternity data and so on. So the data is more complete and identifiable at HSCIC anyway, but in theory a more secure transfer.
      3. You can ask that no identifiable data should leave the HSCIC system (Nu94).That is objection to “red data” leaving the HSCIC. But it will still flow if the Secretary of State for Health gives permission. (presumably will be needed for ASH – CSUs access, as is now used by CCGs with permission until end of 2014)
      4. *Compulsory use of ‘amber’ and data even if you use the two codes*. Not stated anywhere in patient communications. Even if we ask for records not to be shared. That is data which might be re-dentifiable, but is not 100% identifiable to start with (ie Red data). We don’t know if pseudonymised data will always be the same, or if it can change which parts are clear and which are ‘scrambled’ depending on who asks for it.
      5. It’s not yet approved for Research, but only for commissioning purposes. Whilst I am in favour of sharing properly anonymised data in research, IMO it should not be compulsory and definitely not in he semi-identifiable ways it is offered now. But what if it is never approved for research if we can’t pin down what that should or should not include for example? We’ve given it away only for commissioning.

      And why open it up to a US market? If this is not a lot about care, and more about changing how care is delivered in a private market, that means our data being shared more and more widely. And will that model be of benefit to all or allow cherry picking by commercial and leave the unprofitable low end public health for our GPs to handle in collective practices? In the public good, is a great debate we should be having in the mainstream press.

Leave a Reply

Your email address will not be published. Required fields are marked *