General Data Protection Regulation

General Practice Data for Planning and Research (GPDPR)

Data is all around us, greater in variety and quantity than ever before. We can’t help but generate huge amounts of it, in almost all aspects of our lives. In the health sector, data underpins many of the future plans for the NHS, for both patients and staff.

Transparency around the way in which data is collected, for what purpose, and by whom is always of paramount importance, and is especially important for a new scheme to collect data from GP practices.

 

NHS Digital has developed a new way to collect this data, called the General Practice Data for Planning and Research data collection. The system launches on September 1st this year, with the aim of collecting data from GP practices to use for planning and research purposes. This will replace the previous scheme, the GPES (General Practice Extraction Service.

The new data collection reduces burden on GP practices, allowing doctors and other staff to focus on patient care.

The data held in the GP medical records of patients is used every day to support health and care planning and research in England, helping to find better treatments and improve patient outcomes for everyone. 

Please note NHS Digital will not collect patients’ names or addresses. Any other data that could directly identify patients (such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.

This process is called pseudonymisation and means that patients will not be identified directly in the data. NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.

Here is more information from NHS Digital https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research

What data will be collected?

Data in primary care is of particular value because it encompasses so many conditions, some of which are treated primarily (or entirely) in primary care settings. This data can be used to more accurately predict the demand for future care provision.

The data will consist of symptoms, observations, diagnoses, results, allergies, referrals, immunisations, appointments, sexual health and mental health, as well as the patient’s sex, ethnicity, and the staff who have treated them.

The data that will not be collected includes names, addresses, written notes from doctors, images, any information over 10 years old (old medicines or appointment data), or any data that GPs cannot ordinarily share by law – including IVF treatment or gender reassignment data.

What will the data be used for?

A good example of the need for high-quality, insightful data is in tracking the long-term impact of the Coronavirus pandemic. Using patient data we can learn more about the virus and how it affects people. Linked to this is the area of healthcare inequalities, something which the Covid-19 crisis has highlighted repeatedly. Data can be used to study how people of different ethnic backgrounds access healthcare, and how their outcomes may differ compared to other groups.

Finally, this sort of data will allow research and development work to confirm the safety and efficacy of things like vaccines, and investigate benefit/risk ratios.

Can patients opt out?

GP surgeries cannot opt out of the scheme, but patients can, in what is known as a Type 1 opt-out.

Patients who do not consent to share their data should submit a form to their practice by 23 June (though this may change and be extended, just as the implementation date was changed from July to September). You can still opt out after this date, but any data collected before the opt out will still be held.

If you don’t want your identifiable patient data to be shared for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out or a National Data Opt-out, or both. These opt-outs are different and they are explained here:

https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research#opting-out.

Your individual care will not be affected if you opt-out using either option.

Type 1 Opt-out of NHS Digital collecting your data

Urgent action required as the opt out window closes on 23 June 2021.  Patients need to complete a form and leave it at reception.  

NHS Digital will not collect data from GP practices about patients who have registered a Type 1 Opt-out with their practice.

Data collection will start on 1 September 2021. If you register a Type 1 Opt-out after this collection has started, no more of your data will be shared with us. We will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out.

If you do not want NHS Digital to share your identifiable patient data with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out.

National Data Opt-out of NHS Digital sharing your data

Please see https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research#opting-out for further information regarding National Data Opt out.

Patients can opt out for themselves (the practice cannot do this) by visiting the Make your choice webpage.

For children under 13 the form available here should be used. 

For dependant adults the form available here should be used. 



Please see this link to NHS Digital privacy Notice 

https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/gp-privacy-notice.

 Please see this link to NHS COVID-19 response transparency notice

Coronavirus (COVID-19) response transparency notice - NHS Digital

General Data Protection Regulation (GDPR)

This is an EU law that determines how your personal data is processed and kept safe and the legal rights you have in relation to your own data.

The regulation applies from 25 May 2018 and continues to apply even though the UK has left the EU

https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/gp-privacy-notice

What it will mean for patients

  • Data must be processed lawfully, fairly and transparently
  • It must be collected for specific, explicit and legitimate purposes
  • It must be limited to what is necessary for the purposes for which it is processed
  • Information must be accurate and up to date
  • Data must be held securely
  • It can only be retained for as long as is necessary for the reasons it was collected

There are also stronger rights for patients regarding the information that practices hold about them which include:

  • Being informed about how their data is used
  • Patients to have access to their own data
  • The right to request incorrect information is changed
  • The right to restrict how their data is used
  • The right to move patient data from one health organisation to another
  • The right to object to their patient data being processed (in certain circumstances)

You can view our Practice Privacy Notices and leaflets below

If you wish to have a copy of your medical records you must complete a Subject Access Request Form.