Privacy groups focus on national data opt-out as FDP tender concludes
As NHS England prepares to announce the winner of the £480 million contract to deliver the new Federated Data Platform (FDP), legal groups and data privacy activists are focusing on the national data opt-out and its future status.
The FDP project has been mired in controversy due to questions about its cost, purpose, a lack of transparency over the tender process and special concerns about the incumbent provider and presumed leading bidder, US data analytics giant Palantir, in partnership with Accenture, which some worry has corporate values culture at odds with the values of the NHS.
Yet legal and data privacy campaigners interviewed by Digital Health News say that there have long been concerns about NHSE’s management of the opt-out, which was introduced in May 2018 and allows citizens to choose not to have their health data shared, which the FDP project has now brought to the boil.
The argument is hardly a moot one, citizens have shown their willingness to vote with their feet on data sharing. As of April 1, 2023, more than 3.4 million people had patient data sharing opt-outs, accounting for 5.4% of those registered with a GP, according to NHSE data.
Campaigners argue the FDP tender and the prominence of Palantir have merely provided the context for efforts to scrutinise the government’s plans to protect the opt-out.
“We have serious concerns that the opt-out doesn’t protect patients’ rights as it really should,” Ian Browne, legal manager with the campaigning group the Good Law Project, told Digital Health News.
“We’re worried those people who opt-out are still having their data used in ways that don’t bear up under scrutiny, with NHS England giving itself broad-brush exemptions rather than asking itself whether privacy should be safeguarded.”
The government has indicated that it is likely to revisit the way in which the opt-out is used an explained to patients. In its June 2022 report Data Saves Lives, it said it wanted to “simplify” the opt-out process to make it “accessible, simple to action and easily explained.”
Late last month, a document from NHS England’s Transformation Directorate outlined its plans for public engagement on NHS use of data in which it said one of the topics it planned to cover was the “reform of the national data opt-out.” NHS England and the Department of Health and Social Care were not able to immediately provide more details.
Healthcare data is generally defined according to three broad categories: direct clinical care; research and clinical trials; and planning and design of services. The national data opt-out allows patients to opt-out of having their identifiable data to be shared outside of their GP practice unless it is in relation to their own direct care.
When a patient chooses the opt-out, it is registered with their NHS number in the spine, a digital central point for key NHS online services that allows the exchange of information across local and national NHS systems.
The health service has also defined specific exemptions to the opt-out, including flows to Public Health England National Disease Registers, national patient experience surveys and flows to Assuring Transformation, which covers people with learning disabilities and/or autism who are in hospital for their mental health or due to challenging behaviour.
Exemptions, secondary use cases and the impact of a centralised FDP
Many of the public concerns expressed about the potential data uses of the FDP are those involving planning, with some organisations – such as health data privacy group medConfidential – arguing this category is too vaguely defined currently.
Planners sometimes use data that is pseudonymised, which the UK Information Commissioners’ Office (ICO) defines as using techniques that replace, remove or transform information that identifies individuals, and keeping that information separate.
Privacy experts nevertheless argue that even the use of pseudonymised data provides insufficient controls on confidentiality. Data that has undergone pseudonymisation remains personal data and is in scope of data protection law, the ICO says. And with data uploaded into the cloud under the proposed structure of the FDP, Browne says, just a few relatively uncommon characteristics are all that would be needed to identify individuals, especially if NHS England also has access to other government records.
Neil Bhatia, a Hampshire GP, sent a Freedom of Information request to NHS England earlier this summer to try to get more information about the data guidelines for the FDP.
The health service ultimately confirmed that the national op-out would still apply “where the FDP is handling such confidential patient information for research and planning,” and that “such uses will be clearly identified to the public via Privacy Notices.” NHSE added that the opt-out would also apply to the secondary use of data sets “where there is a legal requirement to do so.”
Last month, Labour MP for Liverpool and Walton Dan Carden tabled a question to the health department in Parliament, asking what steps the department is taking to ensure the FDP delivers transparency on how it will handle patient data.
Minister of State Will Quince responded that the FDP would have access to a variety of data, including anonymised, pseudonymised and in some cases identifiable data “subject to stringent controls on access and use”.
“The line they use is that the national opt-out applies in line with national policy,” says Sam Smith, policy lead at medConfidential. “What does that mean? That means we haven’t decided yet, because it’s on a per[data] flow basis.”
It is the secondary use of data sets that are of special concern to many of those interviewed. The Good Law Project and other organisations are concerned that there is already little transparency in the granting of exemptions for the reuse of data; they worry that the centralisation of data under the FDP will make it harder to ensure that the opt-out works as it was designed to do.
While health organisations currently need to apply to the Health Research Authority if they want to carve out additional exemptions from the data opt-out, and provide evidence that such exemptions are necessary, it’s not at all clear that this process will hold once data is held centrally, Bhatia said.
“It’s very clear that what you won’t be able to do is stop your information from going there in the first place,” Bhatia told Digital Health News. And once the health service has access to data through the FDP, he adds, it will be difficult to prevent them from using it as they like. “NHS England will become the data controller and they will be the judge and jury as to whether they decide the national data opt-out applies or not.”
Stakeholders weigh in
As NHS England prepares to announce the tender winner and the conditions of the contract for FDP, those interviewed say they remained concerned that the health service will not continue to maintain vigorous guidelines relating to the opt-out once it has access to such a centralised store of data.
In a strongly worded statement at the end of August, the national data guardian for health and social care, Nicola Byrne, said NHSE would need to carefully articulate the nature of each use cases for the FDP and elaborate again on how the national data opt-out would work.
She observed that following the implementation of the General Practice Data for Planning and Research (GPDPR) program, national opt-out rates increased amid a lack of communications preparation that undermined public trust.
The GPDPR example provided a warning for FDP’s architects, she said, adding that “if opt-out rates now rise considerably further, it would be to the serious detriment of health research and planning nationally.”
The Good Law Project and other legal organisations say they are preparing for the possibility of legal challenges to the FDP if it isn’t clear they are complying with the opt-out.
The NHS is clearly intent to show that it is listening. At the HETT conference in London last week, the health service’s chief data and analytics officer Ming Tang spoke of the need to bring the public along with it when it comes to the use of NHS data.
On Friday, the NHS said it would hold a series of events from the new year until March 2025 to gather public views on digital and data transformation in the NHS, in order to give the public “a genuine means of informing and helping to shape policies around the use of their health data.”
NHSE’s announcement of the FDP tender winner will be closely scrutinised for its overall communications and for the level of detail it provides on the future of the national data opt-out.
Activists and clinicians alike will be looking for more intelligence on the user cases for different data flows and the extent to which it will be possible for NHSE to decide unilaterally to reuse those flows for other purposes or be restricted from doing so. The government’s skill in navigating this process will be crucial to the success of FDP.
3 Comments
The FAQ recently posted by NHS England states the will be no opt-outs as data is either for Direct Care or anonymised (presumably at collection).
But after that it is joined up across Trusts ‘federated’. How? By magic?
This programme is clearly in deep trouble and in need of a reset around requirements and engagement before getting anywhere near awarding a contract.
An excellent article accurately covering most of the important data issues. Unfortunately 67.9 million people still remain ignorant of this issue that has a profound personal impact. Many other issues also need to be addressed as part of this process.
I opted out a couple of years ago and handed my completed form over myself to the receptionist at my GP practice. I subsequently had a letter saying that written information about me and one of my medical conditions had been ‘handed in’ by a member of the public who had found it outside one of the practice centres!
Comments are closed.