Did you know that New GP data extraction ‘far exceeds’ care.data plans according to privacy campaigners

[stumbledin]

New automatic extractions of data from GP-held patient records, due to come into force in early summer, are ‘far bigger’ and ‘more intrusive’ than care.data, GP privacy campaigners have warned.

NHS Digital announced earlier this month that it will be rolling out a ‘new and improved’ GP data collection system from 1 July called General Practice Data for Planning and Research (GPDPR), with patients wanting to opt out having to do so by 23 June.

GPs don’t have to contact patients but will need to update their privacy notice, for example on their website, NHS Digital has said, adding they may also wish to include information about the change on social media, newsletters and other communications.

This comes in contrast to the scrapped care.data plans which saw every household in England receive a leaflet about the upcoming changes in 2014.

www.pulsetoday.co.uk/news/workload/new-gp-data-extraction-far-exceeds-care-data-plans-warn-privacy-campaigners/

More information at www.foxglove.org.uk/nhs-data

I'm not sure if I'm missing the feminist angle here?

I need to opt out because domestic violence on my records and dangerous maybe to have it shared so thank you because didn't know about it.

Does anyone know if the data non identifiable? If so I’m cross that we haven’t all had more info about this, but if it helps with research, I don’t mind.

According to The Guardian, The data will be anonymised and given “codes” that can be used to reveal the identity of the data’s owners if there is a “valid legal reason”.

www.theguardian.com/society/2021/may/30/gps-warn-plans-share-patient-data-third-parties-england

I find this worrying.

According to The Guardian, The data will be anonymised and given “codes” that can be used to reveal the identity of the data’s owners if there is a “valid legal reason

Hmm. That doesn't sound great. Is there an easy way to opt out?

@LizzieSiddal

Does anyone know if the data non identifiable? If so I’m cross that we haven’t all had more info about this, but if it helps with research, I don’t mind.

The data are readily reverse-engineered.

According to the NHS website, the events – called ‘codes’ – it will collect include: “Data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health”.

Every single one of these events will be linked to your NHS number, your full postcode and your date of birth. Does that sound like “anonymous” data to you? (The ‘pseudonyms’ that will be used to obscure those bits of information are readily reversible, and the body running the database freely admits it has the ability to do so.)

All your encounters with your GP, once copied to the central database, will be “disseminated” for payment to third parties, including companies outside the NHS. (In case you find that hard to believe, here’s this year’s price list for the data already held centrally, such as that of your hospital visits). Did you have any idea your medical data was worth so much... or so little?

www.opendemocracy.net/en/opendemocracyuk/matt-hancock-has-quietly-told-your-gp-hand-over-your-health-data-why/

How to opt out:
medconfidential.org/how-to-opt-out/

The consequences of selling healthcare would definitely be a feminist issue. Do you have any confidence that women's healthcare usage wouldn't be used to offer them mortgages and loans that cost more etc.?

www.computerweekly.com/news/252501494/Privacy-experts-concerned-over-NHS-data-collection-plans

This is an interesting article about this, highlighting how security and data experts say the new database creates unacceptable levels of risk especially from third party data breaches.

It also suggests that they are not doing a full anonymisation but rather a pseudonymisation.

I am also concerned when they do things 'too quickly' - 6 weeks to inform 55 million people that some very personal information will be shared - either through a small piece on a GP website, a few blogs on the NHS Digital website or flyers in GP Surgeries - many of which still remain closed - all seems a little 'under the radar'.

Hmm. That doesn't sound great. Is there an easy way to opt out?

Depending on your surgery - most aren't taking an email notification, you have to be able to post/deliver an opt-out form to your surgery.

Form available here: medconfidential.org/how-to-opt-out/

EmbarrassingAdmissions thank you.

[quote EmbarrassingAdmissions]Hmm. That doesn't sound great. Is there an easy way to opt out?

Depending on your surgery - most aren't taking an email notification, you have to be able to post/deliver an opt-out form to your surgery.

Form available here: medconfidential.org/how-to-opt-out/[/quote]
There's a link from another page on the medconfidential site to the nhs digital form for opt out.

digital.nhs.uk/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docx

I'm not sure whether it matters which form you send in or why medconfidential have also made their own form when there is a standard NHS form available, although I think using the official NHS form with their standard wording might be preferable.

I'm not sure if I'm missing the feminist angle here?

Every issue in society has a feminist angle. It is absolutely essential that women have an input into decisions taken.

Not only because not just biological sex but gender stereotyping means that women's issues are overlooked, eg medical protection not being of an appropriate size.

Quite honestly it is far more revealing about the person who askes this than anything else.

Feminism is about every aspect of our lives, personal and political.

And it isn't a single issue campaign.

I just cant believe anyone posts this, because if it is something someone isn't concerned about they dont have to botther with the thread.

Or could just read the thread and see what other's say.

Someone up thread has raised what must be a real issue for a lot of women, DV.

Another aspect is that a lot of women dont get a medical diagnosis and will have some snotty GP recording that they are an hypercontriact.

*NB Deadline for opting out is 23 June 2021"

Does this just cover E&W, does anyone know?

I find this type of thing very worrying. Not least because one look at the history of people leaving laptops on trains, etc, shows that leaks are pretty much inevitable.

@ArabellaScott

Does this just cover E&W, does anyone know?

I find this type of thing very worrying. Not least because one look at the history of people leaving laptops on trains, etc, shows that leaks are pretty much inevitable.

Med Confidential refers only to England as affected by this.

If you live in England and want to stop your GP data leaving your GP practice for purposes other than your direct care

medconfidential.org/how-to-opt-out/

Long time lurker here. I’m one of the people that will be using this data. This data becoming available is massive in health research, we haven’t been able to do a lot of research because we can’t access GP records, it’s going to massively improve health research, and it will probably benefit women who by and large are excluded from clinical trials due to the risk of pregnancy/ menopause interfering with results (something I’m passionate about getting changed). Being able to access primary care records means we can look at different side effects of medications in women, look into inequalities in health care and investigate the differing risk factors between men (which we generally know about) and women (who are currently treated like men, despite us knowing that that isn’t the case). Each application to NHS digital is assessed on an individual basis, and it’s for health research use only. There is no way users can identify people from the records the way they are shared, and the data is far too large to have it saved on a laptop (not that we’re allowed to do that anyway). I work in the data access area and we are incredibly risk averse and ensure data is safe. It’s completely your right to withdraw consent, but please do look into it more beyond the above posts - there is a useful page here digital.nhs.uk/services/national-data-opt-out/mythbusting-social-media-posts. Regarding DV, usually sensitive codes like that are removed from records prior to being shared, but it’s worth contacting NHS digital to check as I can’t say for sure that’s the case here (although I will be very shocked if they aren’t).

I’m not sure if I’m missing the feminist angle here?

Women who have had children have the date of birth and sex recorded in their medical files. It is very easy to cross reference that data with other freely available data to identify the woman. The more children she has had the easier it is.

This has never been addressed by the governments glib assurances of anonymity

There is no way users can identify people from the records the way they are shared, and the data is far too large to have it saved on a laptop (not that we’re allowed to do that anyway). I work in the data access area and we are incredibly risk averse and ensure data is safe.

You're aware of the care.data fiasco, I'm sure, despite the assurances.

Do you have any particular grounds to disagree with:

Every single one of these events will be linked to your NHS number, your full postcode and your date of birth. Does that sound like “anonymous” data to you?

Is this untrue?

Are there any particular reasons why the secure approach of Ben Goldacre's DataLab can't be replicated to a similar standard?

.

Access to this kind of data is invaluable to better understand the health needs of a population. Data is generally viewed in the aggregate not at an individual level, and even if individual records are looked at, the data will never be made identifiable to anyone who isn’t a health professional.

Our health system is reactive and not at all proactive but by using data from GPs, alongside hospital data, it may be possible to prevent ill health, target populations who are not receiving care and plan better how to keep people well and support them to manage their own health.

It isn’t the same as accessing your personal medical records - it’s a set of data based on codes/inputs so it’s very high level. There’s no sinister reason behind collecting it. Many of the risks set out on this thread simply would not arise and are entirely hypothetical or impossible.

I just can’t get worked up about the sharing of data when the reality is it could lead to huge improvements in health and social care for some of the most vulnerable in society. It is going to improve many, many more lives than it could possibly impact due to privacy concerns.

StumbledIn. Thank you for this. I had no idea. How is this being allowed to happen with such little publicity? Millions of people are going to be caught out by it. June 23rd doesn't give us a lot of time. Do you know if there is a campaign to push back on this? The opt out process looks like a headache too. I'm sceptical of how well the opt out would work and whether it's a one time thing or whether we would have to opt out periodically.

BaggaT Good for you but you can understand that many women/people/families would feel very uncomfortable about this, right? Especially when the data is not secure and we have no way of knowing who might access it in the future.

@WaronWomen I can understand the discomfort totally, I really can, but the risks are perceived rather than real as far as I can see based on what’s been said. Is it proven that the data is not secure, or is there simply a fear that the data might not be secure? I’ve worked with health data for a long time and never breached any rules nor witnessed a breach. It’s very heavily controlled.

The benefits on the other hand could be far reaching. Being able to better understand and prevent poor health outcomes for women and children could change so many lives.

It is going to improve many, many more lives than it could possibly impact due to privacy concerns

Then it would be worth anonymising the records and meeting the security protections that would make people feel more comfortable and confident.

You and other PPs are confident that you know who notional 3rd parties to see the data might be. You're aware of the concerns about Palantir so it would be helpful if you would share why you're so sure this wouldn't happen despite previous NHS problems in re: Google Deep Mind/Google Health UK?

Cori Crider, co-founder of Foxglove, a campaign group for digital rights, said: “We all want to see the NHS come out of the pandemic stronger” but noted that the NHS had been “completely silent” on who would have access to the data.

“Is it pharma companies? The health arm of Google Deepmind? If you ask patients whether they want details of their fertility treatment or abortion, or results of their colonoscopy shared with [those companies], they’re not going to want that,” she said.

www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748?segmentID=635a35f9-12b4-dbf5-9fe6-6b8e6ffb143e

As for: the NHS will hold the keys to unlock the codes “in certain circumstances, and where there is a valid legal reason”,

I think there are some concerns over "valid legal reason" - and this is coming on top of the retention of biological material as part of the Coronavirus Act and similar measures. Post Windrush, if you were an affected community how confident are you that the Home Office wouldn't put forward a "valid legal reason"?

Other databases are coming under police pressure - and increasingly data that is obtained in one country is open to legal requests from others.

Consumer genomics company Ancestry has confirmed it fought two U.S. law enforcement requests to access its DNA database in the past six months, but that neither request resulted in turning over customer or DNA data.

The Utah-based company disclosed the two requests in its latest transparency report covering the latter half of 2020. The report said Ancestry “challenged both of these requests, which were withdrawn,” and that the company “provided no data” at the time of the report, published Tuesday.
…
The company also said in its most recent report that it “refused numerous inquiries” from U.S. law enforcement for failing to obtain the proper legal process. The report also said the company received four valid law enforcement requests, but that it did not provide any data in response.

techcrunch.com/2021/02/10/ancestry-police-warrant-dna-database/

US moving to reduce police powers to search DNA databases (2 states) but you might be surprised at how little is needed to search them:

www.nytimes.com/2021/05/31/science/dna-police-laws.html

[quote BaggaT]@WaronWomen I can understand the discomfort totally, I really can, but the risks are perceived rather than real as far as I can see based on what’s been said. Is it proven that the data is not secure, or is there simply a fear that the data might not be secure? I’ve worked with health data for a long time and never breached any rules nor witnessed a breach. It’s very heavily controlled.

The benefits on the other hand could be far reaching. Being able to better understand and prevent poor health outcomes for women and children could change so many lives.[/quote]

My main concern is for the future. Legislation can be changed to suit. A scenario could be a government strapped for cash and selling the data to third parties. Data, as we all know, is big business. Might not happen right now but could happen in the future. What are the chances? We don't know, do we? I might be dead by then but my DC, with their SEN info, won't be.

[quote BaggaT]@WaronWomen I can understand the discomfort totally, I really can, but the risks are perceived rather than real as far as I can see based on what’s been said. Is it proven that the data is not secure, or is there simply a fear that the data might not be secure? I’ve worked with health data for a long time and never breached any rules nor witnessed a breach. It’s very heavily controlled.

The benefits on the other hand could be far reaching. Being able to better understand and prevent poor health outcomes for women and children could change so many lives.[/quote]
You may not have breached or witnessed a breach, I've seen a few and had it happen to me. In the NHS. It's not secure now this sharing wont make it more secure.
I unfortunately had a stalker, said stalker has a job in data, not much of a hill to climb for him to get a job in any one of the companies that may want to use my data and find me. He knows my childrens dates of birth, they are very obviously in my records. So despite a name change and a move across country, he could find me.
I'm obviously opting out and did opt out from the spine (because I worked on the spine and saw the very obvious loopholes in it)
Most people have no idea of this so most wont opt out. You will still be able to do your job.

From GP, Helen Salisbury:

If data are the new oil then the NHS is a very rich field, especially the well coded, digitised GP records that go back decades. But the current position on extracting patient data is a bit of a mess: a patchwork of agreements between different research bodies and individual practices (or groups of practices). For the past three years NHS Digital has worked with the Royal College of General Practitioners (RCGP), the BMA, and others to develop a more coherent structure and process. This new method of data collection, the General Practice Database for Planning and Research (GPDPR), will enable these activities to continue more broadly beyond the pandemic.

…Not everyone is happy that this extraction is going ahead before agreement with all relevant bodies: significantly, the RCGP and the BMA have not endorsed this process.

NHS Digital will be working with a number of industry partners. Data taken from a patient record are de-identified, but if a company with huge reach and access to other data banks wanted to, the data wouldn’t be hard to re-identify.

www.bmj.com/content/373/bmj.n1325

Picking our way through the various initialisms courtesy of TrialbyTruth on Twitter:

GDPR - General Data Protection Regulation

GDPPR - GPES Data for Pandemic Planning & Research - the data collected under COPI COVID powers

GPDPR - General Practice Database for Planning and Research

twitter.com/TrialByTruth/status/1399657010656956416?s=20