Data deadlines loom large for the NHS

To say patient data is a contentious topic is putting it mildly. On 15 January Public Health England (PHE) faced a barrage of media disapproval for releasing data on nearly 180 000 patients with lung cancer to a firm affiliated with tobacco companies.1 US consulting firm William E Wecker Associates, which has reportedly worked for tobacco company Philip Morris International as well as the American Medical Association, issued a freedom of information request to PHE and, says Jem Rashbass, PHE national director for disease registration and cancer analysis, the body has a duty to release such information.

“We have very strict processes for managing patient data and fully comply with NHS requirements for handling it,” he says. “No identifiable patient information has been released, and prior to the disclosure we thoroughly checked the study protocols, which stated clearly that it is a piece of medical research.”

As the NHS digitises, controversies like this—and Google DeepMind’s work at Royal Free NHS Foundation Trust, which hit headlines in 20172—are increasingly likely. In a speech on 2 September 2015, the health secretary announced that by 2018 all NHS patients should be able to access their general practice electronic record, including information from all their care and hospital interactions. By the end of 2018, according to the announcement, all doctors and nurses will be able to access up-to-date information across GP surgeries, ambulance services, and emergency departments, no matter where a patient is in England—and by 2020 the social care system will be included.3

Also this year, the government will pass the UK Data Protection Bill to implement the European …