Rationale of GPDPR is there but trust issues need to be addressed

  • 29 June 2021
Rationale of GPDPR is there but trust issues need to be addressed

Most talk around the paused General Practice Data for Planning and Research (GPDPR) service is positive but wider issues around trust need to be addressed. Digital Health News spoke to Dr Natalie Banner, Understanding Patient Data lead, about what needs to happen next.

GPDPR is a proposed new GP data collection service which aims to give planners and researchers, faster access to pseudonymised health data.

Dr Banner told Digital Health News that GPDPR is “not an entirely new process” as the General Practice Extraction Service has been in place for the last ten years, but the system is “fragmented” and with GPDPR there is an opportunity to have a more of a streamlined system in place.

“It’s better to have a more consistent process for GP data that goes to NHS Digital,” Dr Banner says.

While there is an argument for GPDPR, there are also challenges and issues. Concerns have been raised about patient consent and who will have access to the data, though Dr Banner believes this is part of a much wider issue surrounding data usage.

“The reaction to this particular programme is really symptomatic of a wider set of issues,” she says.

“Even if you fix the issues of GPDPR, there is a much bigger context in play here, which is about how people feel about the use of data about them by governments and by corporations.

“We all feel that data about us is collected by all sorts of organisations in ways we don’t necessarily understand, and there is a kind of wider set of systemic issues that need to be addressed and GPDPR is just one symptom of those wider issues.”

Not long until September

The GPDPR service was originally planned to go live from 1 July 2021 but this was moved to September after concerns were raised that not enough time had been allocated to inform patients about their choices.

While the pause does give NHS Digital more time, Dr Banner said that two months is not a long time to “turn this around” and it is essential that NHS Digital “use the time well” to “make sure that programme is implemented in a more trustworthy way” with communication and engagement listed as a high priority.

“In a nutshell, it is not long to fix these issues and I think this is symptomatic of a wider set of issues across the system about transparency and about meaningfully involving people in decisions about data,” she adds.

“Even if you could fix the issues with GPDPR within two months, you’re going to be left with a whole bunch of other things that still need fixing.

“So I would say it has to be seen as more a long-term shift in how we think about transparency in health data use, governance and meaningful involvement.”

What happens next?

So what should happen between now and September? Understanding Patient Data has listed six recommendations for NHS Digital which include improving “meaningful transparency about access to GP data” and investing in “communications and media to respond to people’s concerns”.

One recommendation which is critical, according to Dr Banner, is the need for secure environments.

“I would say probably a critical recommendation that is going to be absolutely essential from a technical and a public trust perspective is to really make sure that secure environments are the default for data access,” she said.

“We have these models of trusted research environments, platforms like OpenSAFELY, and the idea behind those is researchers and users come to the data, the data doesn’t go to them.

“If you create an environment in which you are not disseminating that data and releasing it out to users, you solve a lot of the questions and concerns that people have about what is happening to data.

“We know from our attitudes research that people are worried about it spinning out of control – that the data goes to one user but it then gets passed on. If the data is not leaving the environment, you can audit it and you can have a full digital trail of what is happening to that data and how it is being used and that solves a lot of those concerns.”

While there are limitations with such platforms, Dr Banner believes from a patient trust perspective it is a “no-brainer”.

“The difficulty of a trusted research environment is that its capacity is limited by the computer power, by the software and code that you run within that environment. I think for many researchers that is going to be quite constraining and limiting,” she says.

“However, from the perspective of trust and confidence, it feels like a no-brainer to us so I would say developing that environment, resourcing it, getting really good data and technical expertise to help run it and maintain it, if NHS Digital can do that, it would solve quite a lot of concerns that people have been expressing.”

Thoughts on the data strategy

Alongside GPDPR, the government’s draft data strategy has been published and includes new requirements for data sharing across the entire health and care system.

Dr Banner told Digital Health News that a lot of the same issues surrounding health data and GPDPR are present in the data strategy.

“From what we have seen so far – there is an awful lot of ambition around innovation, around using and capturing data better and harnessing it for the benefits for patients, public and the health system. But there hasn’t been that same ambition around ensuring individuals can express their choices and preferences, and societal mechanisms for on-going engagement and involvement in the data governance,” she says.

Dr Banner also raised the issue of data bias and stressed why it is so important to include the right stakeholders in the conversation.

“The strategy needs to address issues such as data bias – it’s not always the case that more data is better data which equals better outcomes and I think the strategy needs to engage with those challenges and questions around data quality and again, bringing people into the conversation will help anticipate whether there will be unforeseen consequences, are some people going to be discriminated against or harmed by using data in this way?” she says.

“You are going to spot those questions and challenges early if you bring people into the conversation more.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Patient data published online following south east London cyber attack

Patient data published online following south east London cyber attack

Cyber criminals have published patient data online which they claim was stolen as part of an attack on Synnovis, NHS England has confirmed. 
ICBs allocated £48m for digital pathways, demand and capacity tools

ICBs allocated £48m for digital pathways, demand and capacity tools

NHS England have announced funding of £48m for integrated care boards to fund capabilities relating to digital pathways and demand and capacity tools.
Ransomware group releases NHS Dumfries and Galloway patient data

Ransomware group releases NHS Dumfries and Galloway patient data

NHS Dumfries and Galloway have confirmed that patient data has been released by a ransomware group, following an earlier cyber attack on its IT systems.

2 Comments

  • There is no point in “bringing people into the conversation” if you totally ignore what they say, unless it happens to be what you want to hear.

    The basic choice is between obtaining valid consent or using coercion. Since 25 May 2018, under data protection law (GDPR/Data Protection Act 2018) tghe only consent that is valid is active, freely given and fully informed. This excludes obtaining patient data by blackmail (no data no healthcare); it excludes obtaining patient data by duplicity and lies; it excludes using an opt-out system that delivers implied consent by default. The NHS must use an opt-in system to obtain active consent. If they do not do this there will never be any trust and the only option patients will have to protect their privacy is opting out of healthcare. Currently, the only way to have confidentiality or control of our data is opting out of NHS healthcare. Even then, NHS Digital will grab all historical (already existing) data WITHOUT CONSENT. That permanently excludes the possibility of trust. It also fails to allow all citizens equal access to NHS care, by excluding anyone who objects to data grabbing without consent. This is just as bad as excluding people on grounds of their race.

    • …. and, if Bertl and his ilk have their way, health care will stick in the 20th – or even 19th century!

Comments are closed.