GPDPR September implementation date is scrapped
- 20 July 2021
The implementation date of the GP Data for Planning and Research (GPDPR) programme has been scrapped and instead data collection will now only begin once certain criteria have been met.
Originally planned to go live from 1 July 2021, concerns were raised about the programme and eventually led to the implementation date being moved to September.
However it looks like this date has now been scrapped as the minister for primary care and health promotion, Jo Churchill, sent a letter to all GP’s on 19 July which set out a new process for commencing data collection.
“While we are continuing to work on the infrastructure, and communication for the project, we are not setting a specific start date for the collection of data,” the letter states.
Instead, data will only begin to be uploaded when the following is in place:
- the ability to delete data if patients choose to opt-out of sharing their GP data with NHS Digital, even if this is after their data has been uploaded;
- the backlog of opt-outs has been fully cleared;
- a Trusted Research Environment has been developed and implemented;
- patients have been made more aware of the scheme through a campaign of engagement and communication.
Churchill’s letter also delves into the opt-out process, saying “we want to make the position around opt-out much simpler”.
“While 1st September has been seen by some as a cut-off date for opt-out, after which data extraction would begin, I want to reassure you that this will not be the case and data extraction will not commence until we have met the tests,” it adds.
As a result, three changes will be introduced to the opt-out system, they are:
- Patients do not need to register a Type 1 opt-out by 1st September to ensure their GP data will not be uploaded;
- NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt-out;
- The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the new arrangements up and running, and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian.
On the issue of data security and governance, Churchill’s letter confirms that the “government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study”.
“This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected,” the letter adds.
This TRE will be built in “line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service”, Churchill confirmed and data collection will only begin once this is in place.
“We will ensure that the BMA [British Medical Association], RCGP [Royal College of GPs] and the National Data Guardian have oversight of the proposed arrangements and are satisfied with them before data upload begins,” the letter states.
“I can also confirm that the previously published Data Provision Notice for this collection has been withdrawn.
“Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.”
NHS Digital has said it has “listened to feedback on proposals, and is determined to continue working with the sector on key elements to inform further safeguards, reduce the bureaucratic burden on GPs and step-up communications for GPs and the public”.
Simon Bolton, NHS Digital’s interim CEO, said: “Patient data is vital to healthcare planning and research. It is being used to develop treatments for cancer, diabetes, long Covid and heart disease, and to plan how NHS services recover from Covid-19.
“This research and planning is only as good as the data it is based upon. We know we need to take people with us on this mission and this decision demonstrates our absolute commitment to do just that.
“We will continue to work with patients, clinicians, researchers and charities to further improve the programme with patient choice, privacy, security and transparency at its heart.”
4 Comments
Where is the conversation about retiring the Type1 Opt-Out happening, that part of the road-map feels even more opaque than the other parts of the road-map.
Good on Foxlglove, Dr Neil Bhatia and Med Confidential for forcing this out-break of common sense.
The program hasn’t been abolished – just delayed – and the threat to “retire” (abolish) the Type 1 opt out – the one that prevents the Coded data – all of it except that protected by law – from leaving the GP practice – is explicitly still there.
The power for the Secretary of State for Health to issue the DPN – which GPs cannot legally refuse to obey – *requiring* GPs – as Data Controllers – to instruct the GP system suppliers – Data Processors – to upload all the Coded Data – comes from the Health & Social Care Act 2012: there is a new Health Care Bill before Parliament: how will it change the powers of the SoS for Health in this respect?
The powers to extract data under the COSI emergency legislation runs out in September: does anyone know what will happen to data already extracted & used for planning during the pandemic?
AND – after the problems with care.data – & before that the SCR (Summary Care Record) why oh why is NHS Digital still – according to evidence to the Select Committee – treating GPDPR “as an IT project”?
If there are no plans to communicate with patients directly, what *is* the plan to communicate with them?
Trust is easy to lose – hard to establish – although access confined to a Trusted Research Environment would help – if patients believe the reassurances.
Which is a shame: however dubious the quality of GP Coding, there *is* a case for consented use for research & planning – & this fiasco is likely to set it back for a long time!
If patient data has never been for sale, someone needs to explain that to Somerset NHS Foundation Trust
… And also why there’s a list of charges on the NHS Digital site; a list that includes a fee for Permission to Sublicence.
https://digital.nhs.uk/services/data-access-request-service-dars/data-access-request-service-dars-charges
Comments are closed.