GP practices nationwide will soon be required to supply patients’ personal and confidential medical information, on a regular and continuous basis, to the Health and Social Care Information Centre (HSCIC). This could start happening within a matter of weeks.
This information will be extracted from the practice in a form that can identify you, and will include your NHS number, date of birth, postcode, gender and ethnicity, together with your medical diagnoses (including cancer and mental health), their complications, referrals to specialists, your prescriptions, your family history, details of your vaccinations and screening tests, your blood test results, your body mass index, and your smoking/alcohol habits.
Under the Health and Social Care Act 2012, GP practices have no choice but to allow the HSCIC to extract this information. The programme, called care.data, is administered by the HSCIC using software and services provided by a private sector company (ATOS).
The data will be stored on HSCIC national servers and not on GP systems. The HSCIC will administer the data, and states it intends to use it “for planning health services and for research”.
This is known as “secondary uses” of your medical records.
Medical staff treating you in GP surgeries, hospitals, A&E and out-of-hours centres will not use, or be able to use, this database.
However, the uploaded data is likely to be made available to organisations outside of the NHS, such as universities and commercial organisations. Initially, in “Release 1” of care.data, this information will be released to those requesting it in an anonymised form, but a bit later on, in “Release 2” of care.data, it will be identifiable as your information, and you will not be asked for your permission before your data is distributed.
Once the data has been extracted, the GP practice is no longer the data controller for that information, and cannot control or protect in any way how that information is used, shared or who has access to it.
The HSCIC will be the data controller for your uploaded information and will have total control over it.
Although GP practices cannot object to this information leaving the practice, individual patients and their families can instruct their practice to prohibit the transfer of their data,
i.e. you have the right to opt-out.
Opting-out will have no effect on the medical care that you receive either from your GP surgery or from anywhere else within the NHS or private sector.
Opting-out will have no effect on your GP surgery and the way it provide services.
If you do nothing, i.e. you do not opt out, then your medical information will be extracted and uploaded to the HSCIC.
Once uploaded, you will not be able to get this data deleted by the HSCIC.
You will still need to opt out to prevent care.data uploads even if you have already opted out of the NHS Database (The Summary Care Record).
The NHS Database opt out will not prevent care.data uploads.
There is a lot of information available about care.data, which you may choose to refer to before you decide on whether you wish to opt out or not.
Web-links to this information are included in this factsheet and copies of all three patient information leaflets are also available from reception and on our website.
How do I opt out?
Fill in the opt-out form below and return the form to reception (or hand it to the doctor or nurse that you are consulting with).
Information about care.data
• Patient information booklet (“How information about you helps us to provide better care”) http://tinyurl.com/cdptinfo
• Patient “FAQs” http://tinyurl.com/cdptfaqs
• Web site: http://www.nhs.uk/caredata
EMIS National User Group
• Patient information booklet http://tinyurl.com/nugcdinfo
• Web site: http://tinyurl.com/nugcdweb
• Patient leaflet http://tinyurl.com/mccdinfo
• Web site: http://medconfidential.org/