The following information about is drawn from a range of sometimes-conflicting sources, including official documents, newspaper articles and campaign groups’ websites. We have tried to steer a way through this but cannot entirely guarantee the accuracy of what follows.

 What is

 In the UK there has been a system from the 1980s onwards for collecting information about every hospital admission (once at least some identifying information has been removed) in order to plan hospital services, monitor the quality of hospital care, and carry out research into new treatments. According to NHS England, this information alone does not provide a sufficient basis to plan for quality health care in future.

It is now launching an initiative known as the programme, to extend access to include information from patients’ records held by each GP practice in England. Over time, patient data from other settings such as community health services and social care will be also be included.

How soon will GP data be collected? was due to start Spring 2014. However, it recently became clear that the public were not sufficiently clear about the implications of the programme, or aware of the chance to opt out. The programme has therefore been delayed by 6 months and is scheduled to start some time in the autumn.

How will patients’ information be collected and stored?

Data in GPs’ records will be mined on a monthly basis using a method known as the ‘General Practice Extraction Service’ (GPES). To begin with, this will extract data from patients’ consultations with GPs from Autumn 2013 onwards, although the plan is to eventually collect data from before this date.

Patients’ data from GP records will be brought together at a national level, to be stored, analysed and distributed or published by the Health and Social Care Information Centre (HSCIC).

What is the Health and Social Care Information Centre (HSCIC)?

HCSIC was set up as a public body in April 2013. Its responsibilities include

    • Collecting, analysing and presenting national health and social care data
    • Setting up and managing national IT systems for transferring, collecting and analysing information as directed by the Secretary of State or NHS England;
    • Publishing rules to set out how the personal confidential information of patients should be handled and managed by health and care staff and organisations;
    • Developing ‘indicators’ that can measure the quality of health and care services;
    • Creating a register of all the information they collect and produce in ways that ensure it will be useful to as many people as possible, while safeguarding the personal confidential data of individuals.

Is this access to confidential data legal?

The Health and Social Care Act (2012) provides the legal basis for the extraction of personal confidential information in some circumstances. The Act sets aside the requirement under the common law duty of confidence to seek patient consent.[1]

Significantly, “The law pulls in different directions where dissemination of information is concerned; human rights legislation, data protection legislation, and the common law duty of confidentiality all require us to protect information that could identify an individual. The Health and Social Care Act 2012, however, allows the HSCIC to obtain and disseminate information about patients when acting under direction from the Secretary of State or NHS England.“[2]

What kind of data will HSCIC store?

NHS England claims that to identify examples of best practice, improve services etc., it is necessary for the HSCIC to bring together a patient’s data from different parts of the NHS and from social care services. A patient’s NHS number, postcode, date of birth and gender are used to ensure the accuracy of the links made between their data extracted from different services.

Apparently, the data collected can include

  • Your NHS number
  • Your date of birth
  • Your post code
  • Your gender
  • Your ethnicity
  • The date you registered with your GP surgery
  • Your medical diagnoses (including cancer and mental health) and any complications
  • Your referrals to specialists
  • Your prescriptions
  • Your family history
  • Your vaccinations and screening tests
  • Your blood test results
  • Your body mass index (height/weight)
  • Your smoking/alcohol habits

What does HSCIC do with the data?

How data is treated depends on which category it comes under:

Green flow: This covers “anonymous” or aggregated data,[3] which according to NHS England will be published in line with a recognised code of practice to ensure there is a low risk of being able to identify the original patient. However, in reality HSCIC only has to ensure ‘as far as it is reasonably practical’ that information published from this data does not identify individuals.  In other words, there is no guarantee that information cannot be re-identified as being about a specific patient. (see med.Confidential). In addition, according to, green flow data is not counted as ‘personal’. It therefore falls outside the Data Protection Act and can be freely given or sold on, without controls.

Amber flow: Pseudonymised data[4] will be available to specific approved groups of users, initially for commissioning uses only and in line with relevant guidance.

Red flow: It is claimed that identifiable data will only be made available where there is a legal basis for doing so (e.g. with patient consent or because of overriding public interest in disclosure, such as the outbreak of a new disease).  (see NHS England Privacy Impact Assessment)

In addition, changes in HSCIC’s remit (e.g. so that personal confidential data can be disclosed in other circumstances) may occur in future, subject to independent review.

There is some confusion about what happens when patients object to their personal confidential data being uploaded to the HSCIC or beyond: for example, NHS England’s Privacy Impact Assessment states that in these circumstances, the HSCIC will receive clinical data without any identifiers attached.

Who has access to data stored at HSCIC?

 Once the programme is up and running, a range of organisations can apply to gain access. These include drug companies, health charities, researchers at universities, hospital trusts, medical colleges, think tanks, IT specialists, commercial companies and insurance companies. The MP David Davis has expressed concern that, in addition, police will be able to access data from the HSCIC ‘by the back door’. [5]

While information from patients’ medical records may initially go to HSCIC, NHS England has been given an exemption that it allows it to pass identifiable – not just anonymised – data on to its Area Teams, to Clinical Commissioning Groups and Commissioning Support Units.  As medConfidential points out, it is worth bearing in mind that ‘commissioning’ covers a wide range of activities including monitoring, service planning, accounting and so on, meaning that a wide range of personnel could have access at this level.[6]

Applications for access to sensitive data are considered by an independent body, the Data Access Advisory Group. Private firms, among others, will be able to pay a fee to apply for access to sensitive or identifiable information. The assurance that ‘red flow’ data will only be available where there is a legal basis for this is undermined by scale of charges that HSCIC has published for data linkage and extract services (2013/14). This shows different categories of data available for purchase, including a ‘bespoke abstract containing personal confidential data”, with this defined as a one-off extract tailored to the customer’s requirements of specified data fields containing patient identifiable data, sensitive data items or both.[7] Apparently BUPA is one of the companies already cleared to access this ‘sensitive’ level of information.[8]

What are the arguments for allowing your data to be made accessible?

NHS England state that collecting information across the country through will be invaluable for the functioning of the NHS and improving the quality of patient care through

  • Giving commissioners of services accurate information for planning;
  • Monitoring services and improving the quality of health care provision;
  • Allowing insight into patient outcomes, patient experience and the efficiency of a service;
  • Comparing the quality of care provided by different NHS providers;
  • Providing the public with information on which to base health care decisions;
  • Offering people inside and outside the NHS information for medical research, clinical audit and public health planning.

And in what sounds a rather desperate justification, NHS England also suggests that will also support economic growth. It maintains, for example, that providing greater access to high quality health and care data will help “reinforce the UK as a global centre for life sciences and health services research”, while through making comparative data available to app developers and website designers, “will support the development of a vibrant market place”.  (See NHS England’s Privacy Impact Assessment).

Rather differently, some researchers have argued that if many patients opt out of, this will undermine the possibilities for monitoring inequalities of access to health care, or changes in the population’s health, such a rates of heart disease or cancer.

There is also the argument that if many patients opt out, this will hide the impact of government policies to privatise the NHS. This is because the private sector currently has a really poor track record for data collection, even when carrying out work funded by the NHS. In addition, general practices owned by private companies such as Virgin and Serco will be protected from scrutiny if their patients opt out, as there will be no data about them. This gap already exists in data about private nursing and residential care homes.[9]

What are the arguments for opting out?

 NHS England acknowledges that, as with any disclosure of personal confidential data, does pose risks to privacy and confidentiality, including threats associated with ‘cyberspace’ such as hackers attempting to access the data illegally.[10] The data may be differently at risk at different times, i.e. during the extraction of confidential data into the HSCIC; during the processing of confidential data within the HSCIC;  or during the onward disclosure of data to other organisations.

There is also the possibility that the extraction of personal confidential data from providers without explicit patient consent carries the risk that patients may generally lose trust in the confidential nature of the health service. Loss of trust may mean that patients withhold vital information from the clinicians treating them, with the risk that patients receive less than optimal care.

GP records are generally far more extensive than those contained in hospital admission records because they document many more episodes of care.  Because of this, if insurance companies had access to the HSCIC’s database, they might be able to link some of this information to the personal information that these companies hold about individuals.

At the moment, it is not clear how extracted data will be used and the extent to which it will be sold on. Nor is it clear who will own and control the data, how it will be used by the private sector (including insurance companies) and how data from NHS-funded private care will be made accessible. Many argue that should not start until these issues are properly resolved.

How can I stop my medical records being accessed?

The Health and Social Care Act (2012) removes any requirements for the HSCIC to ask for consent from patients or their GPs before extracting data. The information leaflet about that some households have received (which can be found at makes no mention of the fact that patients can opt out from

However, you can opt out by writing to your GP practice

  • Stating that you wish to opt out of
  • Asking that you want both the 9Nu0 and 9Nu4 codes to be added to your GP records, and
  • Providing your full name and date of birth.

Alternatively, you can download a form to give to your GP from

Don’t forget if you have decided you want to opt out and have dependents, such as children, you need to think about whether you should take responsibility for opting them out too.

Opting out will not affect your care. You can change your mind about opting out at any time. Just inform your GP practice and ask them to record your wishes.

Final comments

 Clearly, there are good reasons to have the best information possible to inform research into public health, new treatments, patient outcomes, as well as the planning of health and social care. At the same time, is viewed with suspicion for a number of reasons. The HSCIC has been established under the Health and Social Care Act (2012), which many see as largely concerned with the privatisation of the NHS and paving the way for an insurance-based health service. From what we know about, this could well be a way of privatising patient data collection and analysis, and an integral step towards an insurance-based care system.

The view that the intentions behind are not what we are told (or not ONLY what we are told) is supported, e.g., by the view of public health researchers who say that what they really need is census data (collected from an entire population) – but the next national census has been cancelled. There is also concern about the lack of clarity on how data will be used and owned, and about lack of transparency: the standard of public information about was atrocious and the leaflet raised questions about whether it intentionally said nothing about the possibility of opting out.

Because of lack of public confidence and insufficient information about, a six-month pause was announced on 18th February 2014, supposedly to allow time for the public to be reassured about the scheme.

Besides clearer information and increased opportunity for patients to make an informed choice about use of their data, what is really necessary during this pause is not just more patient information from NHS England. This time should be so the scheme can be rethought to ensure that patient data can be used to help research without patients being identifiable and without their data being used for commercial purposes.

For more information, including how to opt out

For more information on the HSCIC


[1] NHS England. Privacy Impact Assessment:  accessed 20.2.14

[2] NHS England. Privacy Impact Assessment:  p12.

[3] Data aggregation is any process in which information is gathered and then expressed in a summary form, e.g. for statistical analysis.

[4]  Pseudonymised data involves providing an individual with a pseudonym that will be attached to all their data, but not connected to their original identifying data.

[9] Pollock A, MacFarlane A. Opting out of is not the answer. 31.1.14

This entry was posted in Uncategorized. Bookmark the permalink.