NHS Digital CEO says organisation needs to ‘face GPDPR challenge’
- 21 June 2021
The interim CEO at NHS Digital has said the organisation needs to ‘face the challenge’ after concerns were raised over the General Practice Data for Research and Planning (GPDPR) service.
Speaking at NHS Confed on June 17, Simon Bolton spoke about the role NHS Digital plays in healthcare and what it was set out to do, adding that the organisation has an “important role in helping to drive a step change in people’s digital experience of the NHS”.
The former CIO at Test and Trace also mentioned GPDPR – a new GP data collection service which aims to give planners and researchers faster access to pseudonymised patient information.
Bolton said it was “right that we have the debate” about the concerns raised around GPDPR as the data involved is “highly sensitive” and “highly personal”.
“We have a responsibility to demonstrate how we are going to keep that data safe,” he added.
The service was originally planned to go live from 1 July 2021. However, after concerns were raised about whether enough time had been given to inform patients about the change, the implementation date was moved from July to September.
At the time, NHS Digital said the extension would ensure that more time is allocated to speak with patients, doctors, health charities and others to strengthen the plan even further.
Bolton also added that NHS Digital “didn’t describe adequately enough the why” and did not “describe fully enough on what is being done to keep the data safe”.
He said NHS Digital needs to “face the challenge” and be open with the public.
“If you have got a problem you have to be even more open and even more engaged with those concerned,” he said.
It was announced in April 2021 that Bolton would be replacing Sarah Wilkinson as CEO of NHS Digital on an interim basis. Wilkinson announced earlier in the year that she was stepping down as chief executive of NHS Digital after four years in the role.
4 Comments
Happy to test this out through the courts, sounds like a simple way of making a little pension pot. GDPR is on the side of the owner of the data. Simple.
. . . And since data protection law requires that consent should be active, and freely given, as well as fully informed, why has NHS Digital chosen to use an opt-out system, to collect implied consent by default? This form of “consent” has been invalid, since 25 May 2018, when the GDPR came into force in the UK. Perhaps NHS Digital finds data protection law an inconvenience and they wish to turn back the clock? Perhaps NHS Digital simply wishes to appear to base their data collection on consent, without actually doing so? How many public bodies are colluding in this deception?
Why should anyone entrust their personal data to an organization that does not comply with data protection law, particularly when that organization is an agency of the Government?
Bolton also added that NHS Digital “didn’t describe adequately enough the why” and did not “describe fully enough on what is being done to keep the data safe”.
>Nor did NHS Digital give nearly enough advance notice that this action was taking place
>There has been no widespread consultation with patients … information via GPs when GPs didn’t know about it, and Practices were closed during the pandemic, is disingenuous
>Opt-outs have not been made explicit enough, and when information is found the Opt-out is via a paper document that needs sending to a GP; archaic, and at odds with other opt-out methods that can be executed via the NHS App
>Pseudonymisation needs to be explained, along with a note that information can be tracked back to full patient identification
>And there needs to be explanation of the circumstances under which data may be handed to commercial and/or Non-NHS organisations
>Information about the constitution and make-up of IGARD is essential
> Other NHS Digital comment noted that patient representatives have been consulted: Tells us who, when, what topics were discussed, how concerns were responded too. My request: Publish the meeting minutes
NHS Digital has a binary choice: either process patient data lawfully, fairly and transparently, which implies upholding dissent; or do the government’s bidding, which implies grabbing every patient’s data, in disregard of dissent, by using duplicity, deception and coercion, if necessary. It will be necessary, so there is no third course. That is the truth that NHS Digital needs to face up to. The government does not do truth.
Comments are closed.