The NHS should move away from its current model where GPs are the sole controllers of patient data, an influential non-profit organisation has argued.
A report by the Tony Blair Institute (TBI) has looked at how NHS data could be shared ‘safely and securely’ with researchers to ‘accelerate healthcare discoveries’.
It argued that there should be a National Data Trust – a new platform for data access and clinical trials to help research – which should be set up by 2026 as a company owned by the Government and the NHS.
To do so, the TBI proposed to amend legislation on data controllership within the NHS to move away from the current model, where GPs are the sole controllers of a large share of patient data.
But GPs have told Pulse that there are worries this could cause issues, with the data being used for other purposes other than direct patient care.
According to the report, the project has the potential to generate £2bn which would be reinvested in the NHS, as well as patient benefits from medical innovation and better care.
The report said: ‘This shift will involve prioritising legislative changes to streamline the process of requesting access to data for research purposes (data-access requests), while ensuring robust safeguards for patient confidentiality.
‘The UK’s current approach to access to health data is piecemeal, holding us back from realising their significant potential to accelerate medical discoveries.’
The National Data Trust would operate as ‘an independent commercial entity’ with majority ownership by the Government and the NHS, and a proposed public-private ownership ratio of 70:30.
DAUK spokesperson Dr Steve Taylor said that creating a national body to act as data controller would ‘take away’ the premise of the information being collected only for patient care.
He told Pulse: ‘Patient data is largely held and collected by GP practices for the use of GPs in patient care. It was collected for the specific purpose of supporting an individual patient and the healthcare professionals supporting them.
‘The collective data is very useful for researchers in population health, but is also extremely valuable for many other uses.
‘Any change in the use of data has to be considered based on public consultation, clear guidelines about use, and should not be sold or managed without the permission of individuals.
‘Moving to a national body as data controller takes away the original premise of the information collected as just being for individual patient care. This is a big change and should not be done lightly.’
Dr Neil Bhatia, a GP and records access lead at his practice in Hampshire, told Pulse that while patients ‘trust their GP’ with their data, they are unlikely to trust a different organisation.
He said: ‘This has been proposed numerous times. Some GPs have also proposed relinquishing data controllership, because of the burden of dealing with data subject access requests.
‘Patients trust their GP, they don’t really trust the Government, especially with their medical information.
‘I suspect patients and the public would be very unhappy if their GP lost control over their sensitive information.’
The TBI report also pointed out that ‘a lack of public trust’ has previously stopped similar projects, citing the care.data GP-record sharing scheme, suspended in 2016 after more than a million patients opted out amid concerns about how their data would be used and shared with third parties, and the General Practice Data for Planning and Research programme, which faced ‘significant’ backlash in 2021.
It also criticised the Government’s approach to funding health-data initiatives, which is characterised by ‘small, short-term grants’ from multiple sources and ‘frequent reinvention’ of programmes.
It added: ‘[It is] in part as a response to a political desire to announce new initiatives. This leads to a fragmented landscape of competing programmes that rarely achieve commercial viability or scalability, in contrast with other leading countries in this space.’
The recommendation in full
4. Amending legislation on data controllership within the NHS to move away from the current model, where general practitioners (GPs) are the sole controllers of a lot of patient data. This shift will involve prioritising legislative changes to streamline the process of requesting access to data for research purposes (data-access requests), while ensuring robust safeguards for patient confidentiality.
Source: TBI
Former Government chief scientific adviser Sir Patrick Vallance, who wrote the foreword for the report, said: ‘Giving access to trusted researchers would enhance the discovery and implementation of better health care and a more sustainable model of delivery. This is essential if we are to tackle the complex challenges facing our society and deliver better outcomes for citizens.
‘This proposal also puts public trust and benefit at its heart, with appropriate safeguards in place to ensure the public have control over their data and how it is used, and that commercial interests never take precedence over the public good.’
In September, NHS England announced £2m of funding for an engagement campaign to gather views from patients on how data in their GP record is used.
This includes public views on NHS data projects such as the Federated Data Platform (FDP), which has been the subject of controversy among GPs and the wider NHS.
The health secretary recently suggested that GP data could be included in the FDP, despite repeated assurances from NHS England that the platform will not include GP data at a national level.
Earlier this year, Pulse exclusively revealed that NHS England took down a web page which hinted at plans to use GP Connect to create a ‘central database’ of GP-held patient records.
Haggling hard for that data. Creeps me out. There is a saying with online platforms; if you are not paying for that online product – YOU are the product. ie your data they collect is the product. This takes it one step further. Forget the first bit just ‘You are the product.’ Tony Blair and his institute. A vacuum for integrity
Personally, not being the data controller would be a big relief as now everyone seems to be adding data into the records from pharmacies, patients themselves and community teams etc.
The old Lloyd George dockets clearly stated it was the property of the Secretary of State.
I have reservations about utilising the data for other purposes. However this is already being sold to mates of NHS hierarchy and Politicians.
If this if formalised, peer reviewed and monetised by NHS, then I am cautiously supportive of the same.
COI: Understand many GP’s may find this unusual, but having done AI in healthcare at MIT, I understand the value carefully and ethically implemented AI can bring to the health sector.
I’m automatically suspicious of everything produced by the TBI. In fact I believe that GPs, having a professional instinct for ethical behaviour (more so than politicians or public-private schemes), should be the sole controllers of patient data, and should be able to monetise it for research purposes, the money being ploughed back into primary care. Local control rather than centralised.
GPs already are NOT the sole data controller for patient data.
We are only the responsible controller when someone else does something wrong.
We do not have any control over the data that is held on databases sited miles away from GP premisses on computers that we do not have control over, and can be excluded from access to at the click of a mouse by those who really control access to that data.
It is time we told patients this clearly. Their data is being taken by government and private data farms, and we have no cntrol over whether that is allowed or not.
Dear All,
The data’s already being taken and used for unlawful secondary purposes all over the country; “risk stratification” being the best example, this is a “secondary purpose” and thus cannot be processed on the basis of implied consent as in direct care. Risk stratification is not direct patient care so they need another lawful basis to use the data. This usually falls to explicit consent. Most GPs don’t understand this and readily sign up to ;oca; data sharing schemes but thanks to my and others the ICO wrote to all ICB and DPOs in November 2022 to remind them of this nuance. I rather doubt they understood the letter and are still using patient data illegally. What Tony Blair is describing is the mass industrialisation of the process. No longer hundreds of local data sharing schemes but one national one. Remember Tony Blair was behind Sir John Pattinson who appointed Mr Richard Garinger who was commissioned to create the pillars of ICRS which became Care.Data that became NPFit that became Connecting for Health or was it in another order? This can be done but it needs an awful lot of work, of which suprisingly a lot was done when I was Chair of GPCIT.
On the other hand they might save £2 billion a year if they just acted on what we already know about population health and NHS costs and they legislated against fast and highly processed food. The long term costs of the current epidemic in obesity cannot be calculated and will be many times that £2 billion.
regards
Paul C
Regards
Paul C
Dear All,
The data’s already being taken and used for unlawful secondary purposes all over the country; risk stratification being the best example, this is a secondary purpose and thus cannot be processed on the basis of implied consent as in direct care. Risk stratification is not direct patient care so they need another lawful basis to use the data. This usually falls to explicit consent. Most GPs don’t understand this and readily sign up to ;oca; data sharing schemes but thanks to my and others the ICO wrote to all ICB and DPOs in November 2022 to remind them of this nuance. I rather doubt they understood the letter and are still using patient data illegally. What Tony Blair is describing is the mass industrialisation of the process. No longer hundreds of local data sharing schemes but one national one. Remember Tony Blair was behind Sir John Pattinson who appointed Mr Richard Garinger who was commissioned to create the pillars of ICRS which became Care.Data that became NPFit that became Connecting for Health or was it in another order? This can be done but it needs an awful lot of work, of which suprisingly a lot was done when I was Chair of GPCIT.
On the other hand they might save £2 billion a year if they just acted on what we already know about population health and NHS costs and they legislated against fast and highly processed food. The long term costs of the current epidemic in obesity cannot be calculated but will be many times that £2 billion.
regards
Paul C