Patients may be able to opt out of sharing their data with the FDP
- 10 September 2024
- NHS England has been informed by lawyers that key aspects of its Federated Data Platform (FDP) lack a legal basis, The Register reported
- This mean that unless NHSE can find a solution, citizens must be allowed to opt out of sharing their data
- FDP board documents reportedly show that NHSE received legal advice that its privacy-enhancing technology (PET) to be provided by IQVIA lacked a legal standing to proceed
NHS England has been informed by lawyers that key aspects of its federated data platform (FDP) lack a legal basis, meaning that unless it can find a solution, citizens must be allowed to opt out of sharing their data, according to a report in The Register.
In November 2023, US data analytics giant Palantir was awarded the contract to provide the FDP, which is planned to enable hospitals to bring together information from different clinical and HR systems in a single place.
The Register reported that documents shared with the FDP board in March 2024 show that NHSE has received legal advice showing that the privacy-enhancing technology (PET) to be provided by IQVIA, lacked a legal standing to proceed.
Board documents, reportedly seen by The Register, state that NHSE got the advice from King’s Counsel, its team of barristers, that PET “will require a separate lawful basis to process PCD (personal confidential data)”.
The board paper adds: “There is a risk that a Section 251 will be required, which could result in the National Data Opt Out being applicable to all flows”.
Unless NHSE finds a solution, it will have to offer all patients the opportunity to opt out of sharing their data with the FDP under the current legislation for the control of patient information (Section 251 of the National Health Service Act 2006), The Register reports.
It adds that the FDP programme board was told NHSE would work with its lawyers and information governance personnel “to develop an approach” and that further advice was “expected shortly” as of March 2024.
According to an NHSE FAQ about the FDP: “There is no specific patient opt out from information being accessed via FDP”.
Rosa Curling, director of non-profit legal advocacy organisation Foxglove, told Digital Health News: “The best policy here is honesty, the government should be transparent about whether the whole of the FDP is backed up by law, and if not, explain what it intends to change, then let patients decide if that action is sufficient to maintain their trust in the platform”.
In response, a spokesperson for NHSE told Digital Health News that the FDP has “the potential to transform healthcare by connecting the data we hold and harnessing it to deliver the best possible coordinated care for our patients”.
“The FDP is governed by a rigorous information governance framework and no data is processed without a lawful basis,” they said.
Digital Health News contacted IQVIA, for comment, but had not received a response at the time of publication.
In 2023, Foxglove launched a campaign against the proposed FDP and Palantir, following a report it sent to parliament about the risks posed to the NHS.
Foxglove argued that there is no lawful basis to create the FDP, as described in procurement documents, within the current legal directions used to obtain and share data within the NHS.
The Guardian reported in November 2023 that lawyers acting for Foxglove, the Doctors’ Association UK, National Pensioners’ Convention, and the patient organisation Just Treatment, sent a pre-action letter to NHSE’s solicitor, DAC Beachcroft.
At the time, a spokesperson for NHSE said the four organisations’ concerns were “totally incorrect”.
