Intended for healthcare professionals

Views And Reviews Primary Colour

Helen Salisbury: Should patients worry about their data?

BMJ 2021; 373 doi: (Published 25 May 2021) Cite this as: BMJ 2021;373:n1325
  1. Helen Salisbury, GP
  1. Oxford
  1. helen.salisbury{at}
    Follow Helen on Twitter: @HelenRSalisbury

One of the better things to come out of the pandemic has been a flourishing of medical research, and much of this depends on access to patient data, often derived from general practice electronic records. Some of this research has been enabled by the 2002 Control of Patient Information Regulations, which allow for emergency processing of data—regardless of patient identifiability—to control the spread of an infectious disease.1

If data are the new oil then the NHS is a very rich field, especially the well coded, digitised GP records that go back decades. But the current position on extracting patient data is a bit of a mess: a patchwork of agreements between different research bodies and individual practices (or groups of practices). For the past three years NHS Digital has worked with the Royal College of General Practitioners (RCGP), the BMA, and others to develop a more coherent structure and process. This new method of data collection, the General Practice Database for Planning and Research (GPDPR), will enable these activities to continue more broadly beyond the pandemic.2

There’s now a deadline, 1 July 2021, after which very large volumes of data will be extracted from GP records. Patients who wish to opt out must do so by 23 June. Not everyone is happy that this extraction is going ahead before agreement with all relevant bodies: significantly, the RCGP and the BMA have not endorsed this process.

NHS Digital will be working with a number of industry partners. Data taken from a patient record are de-identified, but if a company with huge reach and access to other data banks wanted to, the data wouldn’t be hard to re-identify. If a patient’s social media posts reveal where she lives and her children’s dates of birth, matching that to her patient record wouldn’t be difficult given adequate computing power. This would, of course, be illegal under UK law.

If it comes down to balancing the risk of breaching medical confidentiality against the benefits of research, it’s quite possible to argue in favour of the latter. However, it’s not a simply binary choice, as there are other ways to do this work without extracting whole medical records to a data store. Techniques developed by Ben Goldacre and his team at OpenSafely allow researchers to ask specific questions and get answers—for example, about the prevalence of a certain condition in people of different ethnic origins or the effect of a drug on renal function—without giving them access to the other details in that record.3 Nothing apart from those answers is extracted, and the threats to confidentiality (however theoretical) are avoided.

Consent to share data involves trust, and the ill fated project five years ago collapsed partly because of patients’ mistrust about how their data might be used.4 Concern hasn’t been voiced on a similar scale this time, but that may be because so few people know about GPDPR. Our patients have the choice to opt out—and we have a duty to let them know about it.