Technical data

Everything you need to know about patient data (GPDPR) and its evolution


Information held in general patient records in England will be shared differently in the future, so that it can be more easily used for NHS research and care planning. Should Heart Patients and Others Be Worried? And what control do we have over our own data?

What’s on this page

What is the GDPR?

The use of GP data has been in the headlines in recent months, often portrayed in a negative light.

But what is the GP Data for Planning and Research (GPDPR) program? This has been referred to in the media as “data entry”.

It is understandable that people are worried about this problem. Your medical records are highly personal and sensitive as they contain information about you, your medical history, and your treatment.

They are also very valuable for science. Medical records held by GP surgeries are usually the most complete medical records held by the NHS as they will cover more of the treatments we have than hospital records, for example.

The GPDPR program is managed by NHS Digital, the NHS body responsible for IT and data services across the NHS in England. It covers the technical details of how the data will be transferred from GP practices to the NHS Digital, where the data will be held centrally and where researchers will access it. It does not apply to medical records in Scotland, Wales and Northern Ireland.

Will all of my health information be shared?

It is important to understand that not all information contained in GP records will be transferred. Names and addresses are not collected at all. Other data that could identify you (such as NHS number, date of birth, full postcode) is not transferred in this form. Instead, it’s replaced with unique codes that are produced by a computer before data is shared with NHS Digital, so you can’t be directly identified.

NHS Digital will be able to use software to convert unique codes back into data that could directly identify patients in exceptional circumstances. These include whether a patient has agreed to participate in a research project or clinical trial and has already given consent for their data to be shared with researchers. In some cases, researchers who need to find volunteers for their research may contact patients directly to ask them to participate in the research, but only if approved by regulators as well as representatives of general practitioners.)

So while we cannot say that it is impossible for your data to be disclosed or hacked, it is highly unlikely that any information that could be identified as about you could be seen, without your specific permission.

In addition, the written text is not transferred, so notes from discussions with your GP, or any other notes written by your GP, are not included. Old details (more than 10 years old) regarding medications, referrals or appointments will not be transferred.

Some sensitive information will never be shared – for example certain information about IVF treatment or sex change.

Why does the GDPR exist now?

Data from general practitioners’ medical records have been used regularly in research for many years. In fact, some aspects of BHF’s own work are based on this. For example, we produce statistical publications on heart disease rates in the UK, which help us and other organizations understand where the need for support and information services might be greatest, as well as than to inform our campaign work.

In the past, making this information available was often a manual process that required input from individual GP practices. The GPDPR aims to alleviate this burden on individual practices by allowing data to be transferred automatically and in bulk, rather than manually. The aim is to save time and free up general practitioners’ offices to focus on patient care.

The detail, quality and coverage of GP records make them an essential part of effective health service planning at local and national levels, and have a huge role to play in finding new treatments and approaches to health. cardiac. The pandemic has shed light on the use of patient data for the public good, especially in the search for treatments and vaccines against Covid-19. NHS Digital is keen to build on the success of the secure use of health data, which has made it possible to provide the public with the best treatments and vaccines against Covid-19.

Does this mean that I will get better treatment and better service?

In the longer term, easier sharing of medical data for use in medical research could lead to better treatments for heart disease.

Whether or not you share your medical data will not directly affect your treatment. For example, it won’t be used to help decide which treatment is best for you.

How different parts of the NHS share your health information in order to take care of you is completely separate from the GDPR. We know that addressing what can often appear to be inconsistent care is an important issue for patients and others. Separate strategies are being developed to improve the sharing of medical records between care teams from different NHS organizations to provide and improve patient care and the quality of the experience.

What does the BHF think of the GDPR?

We believe that well-organized, secure and safe clinical data is essential, not only to seek better treatments for heart disease, but also to fight health inequalities and help make medical research more representative of the whole. population.

We know how important patient data is to science because we’ve invested in science that uses patient data in new ways to deliver real benefits to patients. For example, the BHF Data Science Center has led the way in using a wide range of data sets, such as hospital admissions, A&E attendance, and vaccination records to better understand the direct and indirect effects of Covid -19 on Heart Disease and Cardiac Care Services. . The GPDPR is therefore an excellent opportunity to make scientific progress that will benefit people with heart and circulatory problems.

However, GDPR needs to be underpinned by a strong framework that ensures patients have full knowledge of what is being done with their data, and an easy-to-navigate consent and authorization system that keeps patients informed and able to control their information at all times. time. We support the pause in the deployment of the GPDPR, to make sure these things are done right – but this program is important to both scientists and patients, so it should not be put on hold indefinitely.

It is essential that patients can trust this process. NHS Digital must therefore do more to communicate what is going on. People need to be made aware of the risks as well as the benefits of GDPR and the safeguards in place to ensure that data will be kept secure and used appropriately for the public good. There needs to be more transparency about what happens to their data.

The NHS bodies that hold this data, and the NHS Digital in particular, must work in true partnership with patients, the public and researchers, to maximize the benefit that patient data can bring to advances in cardiac research and improving cardiac care. There must be an open dialogue, with NHS Digital listening to the views, and patients must have confidence that NHS Digital will act on those views.

The BHF works closely with national bodies, such as NHS Digital and NHSX in England, and their counterparts in other parts of the UK, to ensure the voices of heart patients and cardiology researchers are heard and that their concerns are taken into account.

I’ve heard a lot about selling my data, is this true?

NHS patient data, from GP surgeries or any other source, may not be sold, either by NHS Digital, or by any organization that accesses NHS Digital information. NHS Digital does not make any profit from data requests, but may charge a fee to cover the costs of the request.

Strict processes are already in place to ensure that data is used for the benefit of the health of the nation and is handled in a secure and appropriate manner. Access will not be given for marketing or insurance purposes.

There may be times when medical records are used by companies (or research institutes) in a way that could benefit patients, but which could ultimately generate profits as well. For example, companies can use it to develop new drugs or to manufacture different medical devices or medical software.

With regard to the commercial use of health data, we believe that:

  • The commercial use of data should aim to improve health above all, above economic benefits.
  • It is important that patients have confidence and clarity in how the commercial use of the data is carried out.
  • All profits from data sharing should go to the NHS. We’ve worked with patients to make sure we understand their perspective on this, and we know that is the perspective of many patients as well.

Top of page ^

What to read next …

Sharing health data: what you need to know about signing up and opting out

Read the article

Published in November 2021


Leave a Reply

Your email address will not be published.