Identifiable patient data releases have been released upon request more than 30 times since April last year by the group of independent experts that will govern access to GP records uploaded to the soon-to-be launched care.data system.
Following an analysis of applications to the Confidential Advisory Group (CAG), specialist health publication Pulse revealed today that there have been 31 releases of confidential patient data since April 2013 – 12 of which went to organisations outside the NHS.
The news will likely prompt concern from citizens and critics of the recently announced care.data scheme, which will see patient records extracted from GP systems across the country into a central database. The releases were made under the Section 251 exemption – a process similar to the one governing care.data.
NHS England is currently distributing leaflets to households across the country about the benefits of care.data, which it claims provides “low-cost answers” to questions about the quality of care that would have been difficult to answer previously.
The NHS will sell access to the datasets on to private companies and researchers, which supporters claim will greatly improve advancements in healthcare.
However, critics have hit out the scheme and said that although the data will be 'pseudonymised', it will only be a matter of time before identifiable patient data will be held by a number of companies across the world and patients won't be able to do anything about it.
There have also been questions raised about why patients aren't being given online access to these records and the ability to go to a website and opt out themselves. Instead they are being given a short lead time before the system goes live to tell their GP that they do not want their data extracted.
Pulse's analysis of the data shows that identifiable patient data is already being regularly approved for release by the NHS.
Section 251 of the NHS Act 2006 allows the health secretary to veto patient confidentiality for 'defined medical purposes', but has to take advice from the CAG.
The releases were largely provided to life science research, but details released include names, dates of birth, postcodes and NHS numbers, as well as medical details.
NHS England told Pulse: “Confidential information is sometimes released to approved researchers, if this is allowed by law and meets the strict rules that are in place to protect your privacy.
She added: “Patients who have objected to their data being used for anything other than direct care would not have their data shared under Section 251.”
Approved releases of patient data have included:
- A request from the University of Hertfordshire to access patient notes at six GP practices and pharmacies to review prescribing errors
- A request from the CQC for all the names and addresses of all adults who had one overnight hospital stay from June to August 2013
- A request from the Royal College of Anaesthetists for NHS number, hospital number and dates of birth and death for 40,000 patients who had an emergency laparotomy
- A request from Cardiff University for name, NHS number, date of birth, postcode and gender for all children presenting with a thermal injury