care.data - in detail


This non-commercial website was written by Dr Neil Bhatia, a GP and Caldicott Guardian / Information Governance lead in Hampshire.

Follow @docneilb


The care.data project has now been shut down by the Department of Health.

You can find out about all of the NHS Databases, secondary uses projects, and other NHS data sharing schemes, via www.nhsdatasharing.info

care.data will be back, in one form or another, so this site will remain available (though no longer updated) for reference purposes.

Please note that some of the links may no longer work.


This site tells you all about care.data .

There's also information about hospital data (HES and SUS).

It's a detailed and comprehensive site, with links and references, and Freedom of Information responses.

It tells you about Type 1 ("9Nu0") and Type 2 ("9Nu4") opt-outs (or objections) - electronic flags added to your GP record, at your request, that prohibit the use of your personal confidential information in various ways.

You can find out about all of the NHS Databases, and other NHS data sharing schemes, via www.nhsdatasharing.info


When it come to how your GP-held medical information is used:


Primary uses are uses of data for the main purpose for which they were originally collected directly from the individuals concerned.

For your GP record, this means making that information available, to healthcare professionals that you are seeing, for your direct medical care.

You can download a simple factsheet about data sharing between healthcare professionals here.

You have the right to opt-out of allowing your medical record to be shared, or be directly accessible, for primary purposes - for your direct medical care - beyond your GP surgery, if you so wish.

This may limit the opportunity for certain health professionals (other than those within your GP surgery) to directly access aspects of your electronic GP record in a particular way.

However, it in no way limits all of the other and many ways that your medical information can be made available to those who require it.

That information can, is, and always will be made available to those who require it by your GP, whether directly, by phone, fax, text, letter, email, e-referral or e-prescription.

That information can be made available by you - the patient - directly, by temporarily giving the health professional secure online access to your medical record, or by many of the other ways in which you can share information with health professionals outside of the surgery.

An example of preventing a primary use of your GP record would be opting out of the Summary Care Record.

You can opt back in to primary uses of your GP record at any time in the future.

You can opt back in and allow all the primary use schemes to extract and upload, or stream your data, or you can opt back into each scheme individually, as you prefer.


Secondary uses are uses of existing data for purposes other than those for which they were originally obtained.

For your GP record, this means making that information available, to anyone (not just within the NHS), for purposes other than providing your direct medical care.

Examples of secondary uses include, research, audit, healthcare planning, "population health management", commercial and even political uses.

You can download a simple factsheet about the Type 1 secondary uses opt-out here.

You can download a simple factsheet about the Type 2 secondary uses opt-out here.


If you want to express a Type 1 and/or a Type 2 objection, then do so now.

The Government is currently consulting on consent and opt-outs, and it is highly likely that the right to express a Type 1 opt-#out (at least, as it applies to the extraction and uploading of information from your medical record to the HSCIC) will be withdrawn from a certain date.

If you haven't opted out by that date then you may not be able to do so anymore.


You have the right to opt-out of allowing your medical information to be used for secondary purposes - in ways unrelated to your direct medical care - if you so wish.

You can register a Type 1 objection ("9Nu0") with your GP surgery, which will act on your GP-held medical records, and/or you can register a Type 2 objection ("9Nu4") with your GP surgery, which will act on information that the HSCIC holds about you (whether derived from your GP record or hospital information).

You can find out more about these opt-outs on the HSCIC website.

Not allowing secondary uses of your GP record - which should prohibit risk stratification, the national audits and GPES extractions - will in no way affect the medical care that you receive, anywhere in the NHS or privately.

Opting out of secondary uses of your GP record will not prevent medical researchers accessing your information - they just have to ask for your explicit permission first.

An example of prohibiting a secondary use of your GP record would be opting out of one or more of the national audits.

You can opt back in to secondary uses of your GP record at any time in the future.

You can opt back in and allow all the secondary use schemes to extract, upload and process your data, or you can opt back into each scheme individually, as you prefer.

care.data is an example of a secondary use of your GP medical record.

There are no primary uses of the uploaded information in care.data


Index to sections

  1. Introduction
  2. In a nutshell
  3. What is going to happen?
  4. Your data - uploaded
  5. Your data - dissseminated
  6. Your data - sold and resold
  7. care.data - what do GPs think about it?
  8. Data released about you - aggregate and anonymised
  9. Data released about you - pseudonymised
  10. Data released about you - clearly identifiable
  11. Control of your data release
  12. Your data sales and the Data Protection Act
  13. Insurance companies and care.data
  14. Pharmaceutical companies and care.data
  15. Fast Food/Soft Drink/Alcohol/Tobacco companies and care.data
  16. care.data and organisations/research that you are ethically opposed to
  17. Providers of private medical services and care.data
  18. Other profit-making companies and care.data
  19. Government departments and care.data
  20. The police and care.data
  21. The security services and care.data
  22. The Partridge Review of data releases
  23. Your data - overseas
  24. The law and misuse of care.data
  25. Anonymising your SUS record
  26. Anonymising your HES record
  27. How can I prevent my medical information from being sold like this?
  28. care.data and medical research
  29. care.data and the 100K Genomes Project
  30. care.data and your direct medical care
  31. care.data and accessing your GP record online
  32. Seeing what's in your care.data record - Subject Access Requests
  33. Finding out when your data has been released or sold
  34. Can I sue companies if they misuse my care.data?
  35. care.data and the Summary Care Record
  36. care.data and the Hampshire Health Record
  37. care.data and EMIS Web data streaming
  38. care.data and Risk stratification
  39. Public awareness
  40. More information and links
  41. Can I opt-out of care.data?
  42. Can I delete my uploaded data?
  43. care.data after you die
  44. When can I opt-out?
  45. An opt-out now means and opt-in when you want
  46. The delays to care.data - has anything changed?
  47. So how do I opt-out?
  48. In summary
  49. Press articles about care.data
  50. Contact me

This web site


This website aims to provide straightforward information to everyone about care.data so that you can make an informed decision about opting out or not.

After reading this site you'll be in a much better position to make that decision.

It's for you to decide whether to opt-out or not. This site will tell you what will be happening to your medical information and what control you have, if any, over the data flows to and from the HSCIC databases.

If you are happy with what is happening to your uploaded medical information - and what might happen to it in the future - then you may choose not to opt-out and so allow your data to be extracted.

But if you are not happy, or unsure, and do decide to opt-out, then this site will tell you how to do so and the opt-out options that you have.

There is no consent with care.data - the decision has been made for you, and for your GP surgery, by the HSCIC.
All you have is the right to object - the right to opt-out - and reverse the decision affecting your medical information.

And you have to act fast, because GP practices in a number of areas will be uploading data very, very soon.

Once your data is uploaded you can never get it removed from the HSCIC databases.

care.data is not about sharing your medical information with doctors, nurses and other health professionals outside of your GP surgery.
Its not about enabling the sharing of patient medical records between hospitals and GP surgeries.
It's not about the ways in which your GP shares information about you as part of providing essential medical care.
It's not about ensuring that hospital specialists have the information that they need when you are referred to see them.
It's not about creating a single electronic record that can be viewed by healthcare professionals in any clinical setting.
And it's not about submitting information so that GP surgeries and hospitals are paid appropriately for the care that they provide.

It is about data extraction, linkage and analysis: in other words, data mining.


It is easy to opt out of care.data

And do not be worried about opting out.


Please do not make an appointment with your GP, or ring your surgery, just to opt-out. You do not need to.

Just hand in, post, or fax an opt-out form or a letter to your GP surgery.

That's it. Simple. No questions asked.

Don't forget to opt-out your children as well.


Back to index


care.data in a nutshell....



Back to index


care.data - what is going to happen?


GP practices nationwide will soon be required to supply patients' personal and confidential medical information, on a regular and continuous basis, to the Health and Social Care Information Centre (HSCIC).

The HSCIC's current Data Protection Register entry (Registration Number: Z8959110) is the same Data Protection Register registration for the previous HSCIC (also known as the NHS Information Centre).

Under the Health and Social Care Act 2012, GP practices have no choice but to allow the HSCIC to extract this information.

The Act removes any requirement to seek the consent of either patients or GPs before extracting and uploading the data.

This project, called care.data, is administered by the HSCIC using software and services provided by a private sector company (ATOS).


When will this take place?

It is now thought that care.data extractions from GP surgeries will start in 2016 (it has been delayed three times already).

Initially, care.data will start with pilot practices, so called pathfinders. Certain GP surgeries who are part of NHS Somerset CCG, NHS West Hampshire CCG, the three Leeds CCGs and NHS Blackburn with Darwen CCG, will be the first to upload,

If your GP surgery is a member of either of those three CCGs, and you wish to opt-out of care.data, then you need to act fast as uploads could begin at any time.


A list of GP surgeries that will be pilot practices in Somerset CCG can be found here.

If your surgery is one of those listed, make sure your GP explains the differences between care.data, the Summary Care Record, risk stratification, and all the other secondary uses of your medical data.

It's your information - don't lose control of it.


A list of GP surgeries that will be pilot practices in West Hampshire can be found here.

If your surgery is one of those listed, make sure your GP explains the differences between care.data, the Summary Care Record, the Hampshire Health Record, risk stratification, and all the other secondary uses of your medical data.

Almost all of the pathfinder surgeries in West Hampshire CCG are uploading GP data to the Hampshire Health Record.

It's your information - don't lose control of it.


A list of GP surgeries that will be pilot practices in Blackburn with Darwen CCG can be found here.

If your surgery is one of those listed, make sure your GP explains the differences between care.data, the Summary Care Record, risk stratification, and all the other secondary uses of your medical data.

It's your information - don't lose control of it.


A list of GP surgeries that will be pilot practices in the Leeds CCGs can be found here.

If your surgery is one of those listed, make sure your GP explains the differences between care.data, the Summary Care Record, the Leeds Care Record, risk stratification, and all the other secondary uses of your medical data.

All 12 pathfinder surgeries in Leeds CCG are sharing GP records via the Leeds Care Record.

It's your information - don't lose control of it.



How much is care.data costing the taxpayer?

As of March 2014, the care.data programme had cost £1.3 million so far, with the vast majority of the money being spent on "raising awareness" leaflets sent to millions of households in the UK.

As of June 2015, the care.data programme had cost £5 million.

A business case for the care.data programme has not yet been submitted to HM Treasury.

Estimated costs are £93 - £122 million.

ATOS are being paid about £8 million, over 5 years, to provide the infrastructure (known as GPES) to extract care.data from GP systems.


Where's my data going and what's its purpose?

The data will be stored on HSCIC national servers and not on GP systems.

The HSCIC will administer the data, and will use it for purposes other than for providing your direct medical care.

This is known as "secondary uses" of your medical records.


How does the HSCIC think that care.data will be of benefit to the NHS?

The HSCIC believes that care.data will help:


Will doctors and nurses treating me have access to this information?

NO.

Medical staff treating you in GP surgeries, hospitals, A&E, pharmacies, NHS 111 call centres and GP out-of-hours centres will not use, or be able to use, this database.

care.data is not about information sharing between healthcare professionals.

It is about data extraction, linkage and analysis: in other words, data mining.


Will medical staff with an NHS Smartcard be able to access my uploaded care.data?

NO.

NHS Smartcards are used to access software systems that help provide direct clinical care, for example the Summary Care Record, the Personal Demographics Service, Choose & Book and the Electronic Prescription Service.

NHS Smartcards will not permit access in any way to care.data uploaded to the HSCIC.

care.data is not about the provision of direct medical care by clinical staff.



A bit about data


care.data is not anonymous.

The identifiable information uploaded from your GP records is known as the Primary Care Dataset.

Once uploaded, information released about you can be divided into four main formats:

Aggregate data is de-identified completely, is not published at patient level, and so cannot be traced back to an individual. Aggregate data is often expressed as numbers or percentages - summary statistics. An example of aggregate data is the information uploaded by GP surgeries as part of the Quality and Outcomes Framework.

Anonymised data has identifiers such as date of birth and NHS number removed, some indicators such as postcode truncated, but is expressed as individual patient records. However, it is potentially identifiable, because it is not aggregated, and the risk of re-identification rises as the data fields published are higher in number, richer in content, and the numbers of patients being referred to diminishes (for example, data about rare conditions).

Pseudonymised data is potentially identifiable. Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. The pseudonyms render the data record less identifying whilst allowing tracking back of the data to its origins. There is a genuine risk that pseudonymised data could identify you, especially if that data is provided to organisations that already hold other data about you and can link the pseudonymised data to it. And especially if the pseudonymised data contains very large amounts of information, or very detailed and rich information - just like care.data does. It can be very easy to identify you from pseudonymised data, especially where more than one identifier is still present: such as where your name and address have been removed or pseudonymised, but your postcode and date of birth remain, and remain linkable to, for example, credit reference data.

Clearly identifiable data is as its name suggests - clearly identifiable. The identifiers with the data mean that it is obvious that the data refers to you. This data is also known as personal confidential data, or PCD. An example of this would be your GP record as held by your surgery.

So:


As regards care.data, there really are only two types of data release:


Back to index


The data uploaded from your GP records


Will my information be anonymised before it is uploaded from my GP surgery?

NO.

The information will be extracted from your GP surgery in a form that can clearly identify you as the patient that the data refers to.
It is personal confidential data.


"Care.data involves the extract of personal confidential data from health records, including sensitive personal data as defined in the Data Protection Act 1998. Identifiers (NHS number, date of birth, postcode and gender) are extracted from providers together with coded clinical information and sent to the HSCIC. As with any disclosure of personal confidential data, there are associated risks to privacy and confidentiality."

HSCIC
Privacy Impact Assessment: care.data



Can I request that only anonymised information about me is uploaded to care.data?

NO.

There is no "anonymised" or "trimmed" option for GP care.data uploads.

It's the full, clearly identifiable data upload or nothing.


What information will be extracted from my medical records?

The data extracted - your Primary Care Dataset will include the following:

This information is clearly identifiable - the NHS number alone uniquely identifies you.

Certain "sensitive" data will not be extracted in the initial upload (so-called Release 1 of care.data).

For example:

But it has already been stated that this list will be reconsidered for a future phase of care.data. In time, your entire GP medical record will be uploaded to care.data .

Be aware that prescription items that could reveal sensitive data, such as medication for HIV or chlamydia, or hormonal treatment for infertility, will be uploaded.

codeList is an online tool that lets you search or browse the information that will be extracted from your own and your family's GP records under the initial care.data specification. It can be accessed here.

Comprehensive details about the information to be extracted can be found within this HSCIC document.


Can my GP surgery refuse to supply information to care.data?

NO.

GPs are legally compelled to upload to the HSCIC. They cannot refuse to comply.


But this isn't new, is it - GPs have been uploading and sharing data like this for years?

NO.

Absolutely not.

GPs do share information about patients as part of providing excellent clinical care, for example:

But the NHS does not upload vast amounts of personal, confidential and identifiable information about you, from your GP record, forcibly and without your explicit consent, to databases out with your GP surgery, into the hands of different data controllers, for purposes unrelated to your direct medical care.

Until now, that is.



care.data and QOF


All GP surgeries in England collect and store clinical information about patients, and submit that information to NHS England, via the HSCIC, in order to get paid. That information collection programme is known as the Quality and Outcomes Framework. GPs are incentivised to investigate, manage and monitor medical conditions according to clinical guidelines, and to encourage people to attend screening programmes (such as cervical smears) and general health checks (such as blood pressure tests). The information collected is very detailed and the data collected is similar in many ways to that forcibly extracted by care.data (unless you opt-out of course).

However, the information submitted by your GP surgery is completely aggregated and consists of numbers and percentages only. In stark contrast to care.data, no identifiable information whatsoever about you is submitted as part of QOF.

You can see what the information uploaded under QOF looks like here.

A study from the British Journal of Cancer reported that one cancer patient in five waits at least three months after noticing symptoms before visiting a doctor, most commonly because of embarrassement.

Many young women would already rather Google their illnesses than see their GP, especially if it's something they think is embarrassing.

GPs are quite rightly concerned that patients might begin to refuse to attend their surgery for essential investigations, monitoring and management of medical problems, both new and ongoing, out of fear that the subsequent information collected will be uploaded in an identifiable format under care.data.

And in all honesty, such information will be uploaded as part of care.data unless you do opt-out.


"The extraction of personal confidential data from providers without consent carries the risk that patients may lose trust in the confidential nature of the health service. This risk is two fold: firstly, patients will not receive optimal healthcare if they withhold information from the clinicians that are treating them; and secondly, that this loss of trust degrades the quality of data for care.data and other secondary uses of NHS data."

HSCIC
Privacy Impact Assessment: care.data


So please be reassured of the following:

Opting out of care.data will have no effect whatsoever on QOF. It will neither affect the recording of clinical information about you by your GP, if appropriate, nor the completely anonymised and aggregated data that your GP submits in order to get paid.

Opting out of care.data should give you absolute confidence that you can see your GP, about any matter, without worrying that identifiable information about that consultation, and any necessary investigations or follow-up, will be uploaded to the HSCIC and subsequently passed or sold to other organisations.



Can I limit the information uploaded about me under care.data, e.g. not include certain diagnoses or my smoking/alcohol habits?

NO.

It's the full, clearly identifiable data upload or nothing.


Will happens to my uploaded information then?

This extracted data will be combined with, or linked to, data extracted from any information about you held by hospitals, such as A&E attendances, operations or out-patient appointments, and which has already been uploaded to the HSCIC.
The identifiable hospital data is known as Hospital Episodes Statistics (HES).

From April 2014, the data that HES contains will be greatly expanded, to include hospital tests and results, investigations performed, medications prescribed, as well as nursing observations.

In addition, data from other settings where you may have received NHS care will, in due course, be added to your HES record:

In due course, genomic records (genetic or DNA data) will be linked with care.data .


This combined database will be known as Care Episodes Statistics (CES), and data from this can be released to organisations in aggregated formats, anonymised formats, pseudonymised formats and clearly identifiable formats.

So CES = GP data + HES data.

Once your full care.data record, containing your GP data plus your hospital data, has been created then your primary care dataset is destroyed, leaving the identifiable CES record (if you're technically minded, see this diagram).


Will it be a one-off upload of my data?

NO.

Your GP data will continue to be uploaded, initially on a monthly basis, and added to the CES, effectively updating it. So any new diagnoses, medication prescriptions and results will be automatically uploaded and added to your record held by the HSCIC.


Unless you opt-out, the HSCIC will then have 3 sets of information, or care.data, about you that it can release or sell. It will have:

care.data is therefore an extension of data already held and traded by the HSCIC.

care.data:

In exactly the same way that the HSCIC has been selling HES data for years.



Open data is information that is available for anyone to use, for any purpose, and at no cost. It is commonly made available on websites for download, usually in an easily readable format, such as a csv file.

As regards care.data, some information extracted from either your GP record, your HES record, or your linked CES record may be published by the HSCIC as open data.

The data format will either be aggregate or anonymised data.

Pseudonymised data is not open data.

Data sharing is not open data.

And care.data is not open data.


Back to index


Your data - disseminated


Who will have access to my uploaded data?

Your information is made available to organisations both within the NHS, such as NHS commissioning bodies (e.g. CCGs), but also outside of the NHS, such as:


Back to index


Your data - sold and resold


sell (verb) \'sel\

: to exchange (something) for money
: to make (something) available to be bought
: to be able to be bought for a particular price


The HSCIC charges money in exchange for providing data that it holds, especially if it contains personal confidential data.

How much will organisations have to pay to get hold of my personal data?

It depends on the format of your data.

The full HSCIC price list - the "menu" - is here.

Aggregate data, published on the HSCIC website as "Open data" is, obviously, free.

A statistical table of aggregate data costs approx. £800 - £1200.

Pseudonymised data extracts cost approx. £900 - £1800.

Personal confidential data extracts cost approx. £1700 - £2000.

Certain personal confidential data extracts can cost as much as £12000.

The HSCIC state that they will not make a profit from selling your data, that they operate a cost recovery scheme only. However many of the companies that they will sell your data to will be profit-making.

Some organisations that the HSCIC have released your HES data to, and could release your GP data to, have a commercial reuse licence - they sell your HES data (quite legally) on to other organisations, such as pharmaceutical organisations, or just about anyone that they're allowed to. They have billions of patient level linked HES records.

AXON

HES data is everywhere.



"Everyone in government, in every Department at every level, should be asking themselves, 'What can we sell to the rest of the world, in order to repair our damaged public finances?' "

"I know from my own experience that we are sitting on billions of pounds-worth of patient data. Let us think about how we can unlock the value of those data around the world."

George Freeman MP (Mid Norfolk) (Con)
House of Commons Hansard Debates, 11 Nov 2010 : Column 517


"Data are a 'digital gold mine', the 'oil' of the future. In fact, they have already turned into today's 'oil' for some companies"

Thierry Breton
Atos Chairman and CEO



Who won't have access to my uploaded information?

GPs, hospital doctors, nurses, physiotherapists, pharmacists and all the other clinical staff involved in providing your direct medical care will not have access.

care.data is not about information sharing for the purposes of direct medical care.


Who will be the data controller for my uploaded information?

Once the data has been extracted, the GP practice is no longer the data controller for that information, and cannot control or protect in any way how that information is used, shared, sold, or who has access to it.

Your GP will neither be the data controller nor any sort of "data controller in common" (with the HSCIC) for your uploaded information.

The HSCIC and NHS England will be joint data controllers for your uploaded information and will have total control over it.


The data that the HSCIC releases or sells may be obtained:


Back to index


What do GPs think about care.data?


GPs feel very strongly about care.data


"And whatever mud is slung, let us not forget that the sanctity of the interaction between GP and patient in the privacy of the consulting room has remained unchanged for decades. We're let in to the world of our patients, confiding in us secrets not even known to their loved ones."

"General practice remains a great job, indeed the best job in medicine. And it's rooted in the trust that defines the GP patient relationship. Trust that cannot be taken for granted, and which once lost will not be regained."

"And which is why we must reject, oppose and challenge any system that threatens it, from perverse schemes that crudely incentivise GPs to deny patients care, systems that contaminate the consultation with conflicts of interest, or anything that threatens the confidentiality of the personal information that patients provide to us."

"And this is at the heart of why GPC called for a halt to care.data - because we want to ensure that patients trust the security of their personal information held by their GP, and what happens to it."

Chaand Nagpaul
British Medical Association GPs committee chair, LMC Conference 2014



At the 2014 BMA GP's Conference, the following policy motion was adopted:

That conference believes the introduction of care.data has been nothing short of a disaster and

  1. approves the decision of NHS England to put its roll out on hold until the autumn
  2. believes that GPs have been placed in a difficult position in respect of the demands of the Health and Social Care Act and the Data Protection Act
  3. asserts that data should be pseudonymised or anonymised before it leaves the practice
  4. asserts that extraction should only take place with the explicit and informed consent of patients opting in
  5. insists that it should only be used for its stated purpose of improving health care delivery, and not sold for profit

At the 2014 BMA Annual Representatives Meeting, the following policy motion was adopted:

That this Meeting agrees that the care.data system should not continue in its present form as

  1. it lacks confidentiality and there is a possibility for individual patient data to be identified
  2. it carries the risk of GPs losing the trust of their patients who may feel constrained in confiding in them
  3. the future potential users of the data are not well definede
  4. it should be an opt-in system rather than an opt-out one
  5. the data should only be used for its stated purpose for improving patient care and not sold for profit

Back to index


Aggregate and anonymised data


Can I object to my data being provided or sold to organisations in an aggregated or anonymised format?

NO.

You cannot prevent, or control in any way, the release or sale of aggregate data about you from the HSCIC.

You cannot prevent, or control in any way, the release or sale of anonymised data about you from the HSCIC, even though it could possibly identify you.

Aggregate and anonymised data, because they are de-identified, no longer count as personal data and so fall outside of the Data Protection Act. That means the HSCIC can give or sell any aggregate or anonymised information about you, when it likes, to anyone it chooses, for any purpose, and for whatever price.

care.data is not open data, though aggregate and anonymised extracts from your care.data record might well be published, publicly, as open data.

The HSCIC has been selling your aggregate and anonymised HES data for years.


"Notably, some of the data the Information Centre will provide to others won't fall under the Data Protection Act. This is because it will be anonymised. This is crucial, as once an individual can no longer be identified from information, either alone or in combination with other information, the law no longer considers it to be personal data. That means that the Data Protection Act no longer applies to it, so it doesn't impose any limitations on what can now be done with it."

ICO blog
NHS patient information: the Information Centre and the DPA


You can, however, opt-out using the 9Nu0 code - this will ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no data from your GP record can then be released or sold as aggregate or anonymised data.
The HSCIC can only then release or sell aggregate or anonymised data obtained from your HES record, or publish it on its website as open data.


Back to index


Pseudonymised data


Can I object to my data being provided or sold to organisations in a pseudonymised format?

NO.

You cannot prevent, or control in any way, the release or sale of pseudonymised data about you from the HSCIC.

Although pseudonymised data could quite easily identify you, you cannot stop the HSCIC from releasing or selling your uploaded GP data to organisations in this format.
Nor can you insist that it must not be released or sold to organisations that may hold other information about you.

The HSCIC assserts that pseudonymised data is de-identified data, no longer counts as personal data, and so falls outside of the Data Protection Act.
That means the HSCIC can give or sell any pseudonymised data about you, when it likes, to anyone it chooses, for any purpose, and for whatever price.

There is a very real risk of re-identifcation with pseudonymised data, despite the HSCIC's assertion that it falls outside of the Data Protection Act.

Pseudonymised HES data - as sold by the HSCIC (and by its predecessor, the NHSIC) - is not open data.

The HSCIC makes no attempt whatsoever to ascertain the risk of re-identification of the data by organisations that it sells or releases pseudonymised data to, even though many of these organisations hold a great deal of information about individuals.


"We therefore do not currently assess applications against whether the receiving organisation might hold 'other information which could be used in conjunction with the pseudonymised data to identify individuals'"

"The HSCIC does not provide such organisations with identifying details of the data subjects whose records the pseudonymised data was extracted from, in order for that organisation to determine whether it already held information about them."

HSCIC
FOI Response


The HSCIC, and its predecessor the NHSIC, have been selling our HES data for years and years.

The HSCIC approved 459 data releases to 160 organisations between April and December 2013 alone, the vast majority of these pseudonymised HES data sales. Every single one of these pseudonymised data releases were classed, by the HSCIC as "non-personal", and so were out with the Data Protection Act.


"Within the Register pseudonymised (amber) releases of data were considered to be 'non personal data' under the Data Protection Act as they are sufficiently deidentified to virtually eliminate the risk of reidentifying the individual"

"We recognise that there will however remain a latent risk that when combined with other sources of data the identity of the individual may be ascertained"

HSCIC
FOI Response


No individual can ever find out whether their pseudonymised HES data was sold to any particular organisation.

Because that data was classified as non-personal, the HSCIC was legally entitled to do whatever they liked with it.

Access to pseudonymised information extracts have no legal requirement for independent advisory group consideration and approval, or independent oversight and scrutiny.

Sometimes the HSCIC sell your potentially identifiable information after approval from its own in-house advisory group, known as DAAG (see below), sometimes just under a "memorandum of understanding" with the buyer.

You can, however, opt-out using the 9Nu0 code - this will ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no data from your GP record can then be released or sold as pseudonymised data.
The HSCIC can only then release or sell pseudonymised data obtained from your HES record.


"pseudonymised or de-identified data may be very valuable to researchers because of its individual-level granularity and because pseudonymised records from different sources can be relatively easy to match."

ICO
Anonymisation: managing data protection risk code of practice


Back to index


Personal confidential data - clearly identifiable


In Release 1 of care.data, this information will only be released or sold to those requesting it in an aggregated, anonymised or pseudonymised form, but a bit later on, from Release 2 of care.data onwards, it could be clearly identifiable as your information, and you will not be asked for your permission before your "Red" data is distributed.

While the Health and Social Care Act 2012 empowered the HSCIC to collect and hold confidential data compulsorily from GP surgeries, this did not include the power to distribute this data in a clearly identifiable form without a legal justification such as individual patient consent or Section 251 of the NHS Act 2006.

Section 251 can and will inevitably be used to disseminate clearly identifiable information from care.data to other organisations - so bypassing any requirement to seek your consent. It grants the Secretary of State for Health the legal authority to do this, for both research and non research purposes.

The HSCIC already uses s251 exemptions to allow clearly identifiable data, currently from HES, to be disseminated to commissioning groups and to other organisations, without seeking explicit patient consent.

The HSCIC has been selling your clearly identifiable HES data under s251 for years.

The regulations that enable and control Section 251 are called the Health Service (Control of Patient Information) Regulations 2002.

Currently, the Confidentiality Advisory Group (CAG) meets to consider applications for access to clearly identifiable data without patient consent under Section 251, as empowered by Regulation 5a of the Regulations, and makes recommendations to the SoS for Health for research applications. Releases under Reg 5a require both the approval of the SoS for Health and CAG.

However, Section b of Regulation 5 allows the Secretary of State to have sole power to release sensitive medical and personal information, which would include that sourced from care.data, for non research purposes. He/she may seek the advice of a research ethics committee, such as CAG, but is under no obligation to.

The largest application for identifiable data ever received by CAG was from the HSCIC in November 2013, and was for the disclosure of the majority of "all data from primary and secondary care for all patients" (see p31 here).

At present, it remains uncertain as to whether there will be truly independent scrutiny for applications to extract and buy clearly identifiable information from your care.data record without your explicit consent. Approval for research purposes might be considered by the CAG, but might well be considered by the HSCIC's own in-house advisory group, The Data Access Advisory Group (DAAG).

Researchers may well be "approved" - but they won't be approved by you.

Researchers may well have to demonstrate that there is "an ethical reason" to their research - but they won't have to demonstrate it to you.


"There will be no identifiable disclosures in version 1"

"expect to return with proposals for version 2, with treatment of legal basis and handling of patient objections "

care.data and GP extract
GPES IAG Feb 2013


When can we share something that is confidential?

When the patient has clearly said that we can do it (i.e. when a patient has given their consent)

Where we have to do it by law (for example, in a public health emergency like an epidemic)

Where the recipient has approval to receive it under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (anecdotally known as 'section 251 support').

HSCIC
Rules for sharing information


Is the combined CES database identifiable or completely anonymised?

care.data is clearly identifiable, although the HSCIC separate the clinical data from the identifying fields (such as NHS number, DOB). These are recombined when pseudonymised data or clearly identifiable data is released, such as under section 251.

The identifiers are not destroyed once your data is with the HSCIC, merely separated from, but still "linked to" the clinical data.

If the HSCIC only held completely anonymised care.data:


Will I be asked before my personal confidential data is released or sold to an organisation under Section 251?

NO.


Will I be informed when my personal confidential data is released or sold to an organisation under Section 251?

NO.


Can I select or approve the particular organisations that my personal confidential data is released or sold to under Section 251?

NO.

You cannot select who the HSCIC disseminates your care.data information to under section 251.



Any organisation - a government department, university researcher, pharmaceutical company or insurance company - can apply to the HSCIC to buy your information, in whatever format (although their application may not be successful of course). The decision whether to release or sell your information - what information, to whom, in which format, whether GP, HES or CES, at what price, and for what purpose - is made by the HSCIC, not you.

The HSCIC believes that "it would be wrong to exclude private companies simply on ideological grounds" from applying to buy information from your care.data record.

The HSCIC would determine whether the reasons for any organisation wanting the data were acceptable, stating that they should be "for the purposes of the provision of health care or adult social care".

"We have private hospitals and companies like Virgin who are purchasing NHS patient care now. This is a trend that will continue. As long as they can show patient care is benefiting then they can apply." the HSCIC states.

Organisations that have been previously granted access to sensitive identifiable health data held by the HSCIC include the Cabinet Office, Dr Foster Ltd, Capita PLC and BUPA.

Google also (secretly) applied for both anonymised and pseudonymised HES data, in order to include such information within its search results, although it subsequently withdrew its application.



Can I insist that that my personal confidential data is not released or sold to insurance companies under Section 251?

NO.

You cannot select who the HSCIC disseminates your care.data information to under section 251.


Can I request that my personal confidential data is only released or sold for research purposes under Section 251?

NO.

You cannot control the purposes for which your identifiable information is released.

Section 5 of the Health Service (Control of Patient Information) Regulations 2002 allows the release of identifiable information from your care.data record, as legally authorised by Section 251, for research and non research purposes.


Can I request that certain aspects of my personal confidential data is not released or sold under Section 251?

NO.

You cannot control which aspects of your identifiable information the HSCIC releases.


Can I prevent Section 251 releases of my personal confidential data from the HSCIC?

YES.

You cannot control when, to whom, at what price, or for what purpose, the HSCIC releases or sells Red information about you.

You can, however, opt-out using the 9Nu0 code - this will ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no data from your GP record can then be released or sold as clearly identifiable data.
The HSCIC can only then release or sell clearly identifiable data obtained from your HES record.

You can, also, opt-out using the 9Nu4 code - this will ensure that no clearly identifiable data whatsoever is released or sold by HSCIC, from any information that it holds about you.
The HSCIC cannot then release or sell clearly identifiable data obtained from either your GP or your HES record.


Back to index


Control of your data


Will I be asked for my consent before my data (anonymised or otherwise) is released or sold to organisations?

NO.


Will I be informed when my data (anonymised or otherwise) is released or sold to organisations?

NO.


Can I object to particular aspects of my data (anonymised or otherwise), such as certain diagnoses, being provided or sold to organisations?

NO.

You cannot control or select which areas of your care.data information the HSCIC disseminates.


Can I object to my data (anonymised or otherwise) being provided or sold to particular organisations, or for particular research, that I find ethically unacceptable?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


Can I object to my data (anonymised or otherwise) being provided or sold to organisations based overseas?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


Can I object to my data (anonymised or otherwise) being provided or sold to organisations who might already hold other information about me?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


Can I request that my data (anonymised or otherwise) is provided only for health research and NHS planning, and not given or sold to commercial companies?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


Can I request that my data (anonymised or otherwise) is provided or sold only to organisations within the NHS?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


Can I object to my data (anonymised or otherwise) being provided or sold in ways that might contribute to the closure of local NHS services (such as my local A&E department or hospital trust)?

NO.

You cannot control or select who the HSCIC disseminates your care.data information to.


How will the HSCIC ensure that organisations given my care.data will process it lawfully and ethically?

The HSCIC is responsible for ensuring that its customers, those that it provides your personal data to, comply with standard data processing guidelines. Effectively, it asks organisations to "promise" to handle the data properly.

The HSCIC states that:

"Customers accessing data through our service are required to sign a data sharing contract before any data is supplied. This contract regulates how the data is shared, used and managed and includes storage security requirements and restrictions on onward sharing or publication. The data sharing contract states that customers must not attempt to link the data with other data sources such that individuals might be re-identified."


So will the HSCIC audit these organisations to ensure that they are complying with the rules, not onward sharing my information and not linking my data?

NO.

The HSCIC does not routinely audit these organisations.


So tell me again - will my information always be in a de-identified form, that cannot possibly identify me, when released or sold to third parties, such as research organisations, universities and private companies"?

NO.

Your data may be released or sold to organisations in an aggregated form, an anonymised form, a pseudonymised form, or a clearly identifiable form.

If an organisation is stupid enough to declare that they want access to your care.data for "purely commercial purposes" then it will be denied your information.

If an organisation states that it wants access to your care.data "for the purposes of the provision of health care or adult social care" then it is likely that it will be given your information.

If an organisation states that it wants access to your data "for the promotion of health" then it is likely that it will be given that information.

There is nothing to stop an organisation, or multiple organisations, using a not-for-profit "front" company, or "information intermediary", to apply for access to your data on its behalf.
These companies have commercial re-use licences for NHS health data, and so can resell your care.data on to anyone they choose.

And if such organisations do resell your care.data onwards, under their commercial re-use licence, then you cannot find out where your information has ended up, with whom, or for what eventual purpose.

The decision to release or sell information from your care.data record to any given organisation is made by the HSCIC, not you.
And the HSCIC does not question or investigate the nature of organisations applying for access to data that it holds about you.

The House Of Lords has rejected a proposed amendment to the Care Bill, tabled by Lord Owen, which would have brought in independent statutory oversight to better protect the handling of patient information across the health service.

The House of Lords has also rejected a second proposed amendment to the Care Bill, limiting secondary use of patient data to the provision of care and "biomedical and health research", tabled by Lord Turnberg.


"Rather than legislating to restore public confidence, the government has opened a loophole a mile wide through which to keep selling NHS patient data. It doesn't matter how 'sympathetic' ministers are to public concerns."

"The fact is the government has ducked the only sort of independent scrutiny that might help convince both patients and professionals to trust or have confidence in what it and its arms-length bodies want to do with the medical records of every man, woman and child in the country."

medConfidential



Is care.data anonymised, and at a population level, so that it cannot get back to an individual?

NO.


Back to index


Your data sales and the Data Protection Act


The Data Protection Act (DPA) regulates the processing of personal data. Processing would include the release or sale of your data, either from your uploaded GP data, your HES record, or your linked CES record.

You might have thought that any such data released or sold about you would be classed as personal data, and afford you - the data subject - the rights and protections of the DPA, such as the right to see a copy of the information that was sold about you (i.e. make a Subject Access Request) and controls over the sending of your data abroad.

Aggregate and anonymised data, because they are de-identified, no longer count as personal data and so fall outside of the Data Protection Act.

The HSCIC also classes pseudonymised data as non-personal data, even though there is a very real risk of re-identification, and even though it makes no attempt to assess the risk that the organisations that it sells pseudonymised data to (such as insurance companies and hospital trusts) already hold, or could easily obtain, information about you that would or could enable re-identification of the data.

That means the HSCIC can give or sell any aggregate, anonymised or pseudonymised information about you, when it likes, to anyone it chooses, in any country, for any purpose, and for whatever price.

And you can never find out when your data was sold in these formats, to whom, and for what purpose.

Abuse, misuse and breaches of data that does not fall under the Data Protection Act cannot be investigated by the Information Commissioner. So you cannot complain to the ICO about the sale of aggregate, anonymised or pseudonymised data about you.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data.

The HSCIC is under no obligation to process aggregate, anonymised or pseudonymised data extracted from your uploaded GP data, your HES record or your combined CES record, fairly or in line with any of the principles of the Data Protection Act - because the Act only regulates the use of personal data.

Clearly identifiable data (PCD) is the only type of data release or sale that the HSCIC classes as personal data, and as such it is the only type that is afforded protection by the Data Protection Act. That is why you can object to its release or sale, by means of the 9Nu4 code, that is why you can find out when PCD about you, as an individual, has been released or sold, and to whom. And the processing of your PCD is the only type of data format that you can complain to the Information Commissioner about.

For personal confidential data about you, released or sold by the HSCIC, there's the Data Protection Act.

For everything else..... well, there's no protection whatsoever.


Back to index


Insurance companies and access to care.data


Your information, in whatever format, will be available to insurance companies - as long as those companies promise that they will not use it "for the purposes of selling or administering any kind of insurance", and as long as their reason for wanting the data was "for the purposes of the provision of health care or adult social care".

There is no legal obstacle to the HSCIC releasing or selling information to insurance companies.
It has done so before (it has been selling HES data for years) and it will do again (with both HES and care.data).

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

THe HSCIC has provided insurance organisations in the UK such as BUPA and Scor Global Life, and even in the United States, such as Pacific Life, with HES data.



"The Health and Social Care Information Centre are not prohibited by legislation from providing data to insurance companies specifically, but it is empowered to apply discretion as to who information is provided to, based on the purpose for which the data has been requested and the interests of the health service in England."

"We are unable to state whether any organisations we have provided data to are providers of insurance since this is not a question asked when an application is submitted. Our focus is on the intended use of the data."

HSCIC
FOI response



The Health and Social Care Information Centre has admitted that it has no power to force private companies, such as insurance companies, holding potentially sensitive patient data obtained from its predecessor body, the NHSIC, to comply with its requests to delete the information.

In fact, the HSCIC believes that anonymised and pseudonymised data should be given to insurance companies as:

they "can make good use of the data", and it will

"enable insurance companies to accurately calculate actuarial risk so as to offer fair premiums to its customers"

HSCIC
Information Governance Assessment - care.data addendum

And certainly, your HES data has been sold to insurance companies for just this purpose, in this case pseudonymised data traded for £2,220.

You may be happy for your medical information to be used by these sorts of organisations - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to insurance companies then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to insurance companies. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.


If I opt-out of care.data, will it hinder any application for insurance that I might make?

NO.

If you opt-out then insurance companies can only obtain your medical information with your explicit consent, directly from your GP. They may ask your permission to request a medical report from your GP, commonly known as personal medical attendant (PMA) report, or, increasingly, may approach your GP with a Subject Access Request made with your explicit permission (and if you do agree to this, make sure you understand exactly what you are consenting to, or, if you're not happy about it, refuse or find another insurer).

Opting out of care.data will ensure that insurance companies cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Pharmaceutical companies and care.data


Your information, in whatever format, will be available to pharmaceutical companies - as long as those companies promise that they will not use it for purely commercial reasons and as long as their reason for wanting the data was "for the purposes of the provision of health care or adult social care".

There is no legal obstacle to the HSCIC releasing or selling information to pharmaceutical companies.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

According to the Competition Commission, a company known as i4Health will "offer access to NHS prescription data". One of the aims of this firm is to allow drug companies to get together to access medical information easier than if they applied to the HSCIC for care.data on an individual basis.

The HSCIC confirmed that i4Health had been looking to sign a Memorandum of Understanding with it last year to reduce delays in purchasing patient information from care.data. A sort of fast-track business deal.

The HCIC has provided pseudonymised HES data to AstraZenica, Bayer PLC, Baxter, Roche, Otsuka Pharmacetuticals Ltd and to many companies that hold a commercial re-use licence to sell that information on to pharmaceutical companies.

You may be happy for your medical information to be used by these sorts of organisations - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to pharmaceutical companies then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to pharmaceutical companies. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.

Opting out of care.data will ensure that pharmaceutical companies cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Fast Food/Soft Drink/Alcohol/Tobacco companies and care.data


Your information, in whatever format, will be available to Fast Food/Soft Drink/Alcohol/Tobacco companies - as long as those companies promise that they will not use it for purely commercial reasons and as long as their reason for wanting the data was for the purposes of the "promotion of health".

Knowing where populations smoke, are overweight, or drink heavily, could be extremely valuable to organisations looking to target sales of such products, under the guise of offering "healthier alternatives" such as carrot sticks, diet drinks or e-cigarettes.

There is no legal obstacle to the HSCIC releasing or selling information to such organisations.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

You may be happy for your medical information to be used by these sorts of organisations - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to such organisations then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to these sorts of companies. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.

Opting out of care.data will ensure that Fast Food/Soft Drink/Alcohol/Tobacco companies cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


care.data and organisations/research that you are ethically opposed to


Your information, in whatever format, will be available to organisations that provide services, conduct their business, or conduct research, in a way that you might find ethically unacceptable, as long as those companies promise that they will not use it for purely commercial reasons and as long as their reason for wanting the data was for the purposes of the "promotion of health".

Organisations, pharmaceutical companies or charities such as those that provide abortion services, are involved in sweatshops, exploit child labour, pollute the environment, or conduct research or pharmaceutical testing on animals, have as much right as any other organisation to apply to the HSCIC for your care.data . They just have to know how to ask for the information.

There is no legal obstacle to the HSCIC releasing or selling information to such organisations.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

You may be happy for your medical information to be used by these sorts of organisations - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to such organisations then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to these sorts of companies. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.

Opting out of care.data will ensure that organisations that your are ethically unhappy about cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Providers of private medical services and care.data


Your information, in whatever format, will be available to organisations looking to set up private alternatives to NHS services, or looking to take over existing NHS services, - as long as those companies promise that they will not use it for purely commercial reasons and as long as their reason for wanting the data was "for the purposes of the provision of health care or adult social care".

There is no legal obstacle to the HSCIC releasing or selling information to such organisations.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

It will give them exactly the information they need to target areas of the country to invest in, as an "Any Qualified Provider".

The HSCIC has supplied organisations such as BMI, BUPA, Optum UK (formerly UnitedHealth) and Care UK with pseudonymised HES data.

You may be happy for your medical information to be used to facilitate this - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to such organisations then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to such organisations. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.

Opting out of care.data will ensure that private providers of medical services cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Other profit-making organisations and care.data


Your information, in whatever format, will be available to many other profit-making organisations looking to maximise their income.

There is no legal obstacle to the HSCIC releasing or selling information to such organisations.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

The HSCIC has supplied organisations such as McKinsey, PriceWaterhouseCoopers LLP, EC Harris LLP, Maxwell Stanley Consulting, Ernst & Young, the BMJ Publishing Group, OmegaSolver, Finnamore Management Consulting, Beacon Consulting, Capita Ltd, Experian and RedMed Consulting Ltd with pseudonymised HES data.

You may be happy for your medical information to be used by these sorts of organisations - or you may not.


If you are unhappy or unsure about the possibility of your care.data being given or sold to such organisations then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to such organisations. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.

Opting out of care.data will ensure that these types of profit-making organisations cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Government departments and access to care.data


In June 2013, the HSCIC waved through an application from the Cabinet Office to allow the government to examine the "sensitive" medical records of individual teenagers who took part in the Prime Minister's volunteering project, the National Citizen's Service.

The data was extracted from HES, without consent, and without DAAG approval.

Government departments are just as eligible as any other organisation to apply to obtain your care.data information. In this case, even the supposed safeguard of DAAG consideration was ignored.

The Department of Work and Pensions (DWP) tried, unsuccessfully, to obtain access to confidential patient information, seeking approval under s251 from the then ECC (now CAG), in 2012.

THe HSCIC has provided clearly identifiable HES data to HMRC, for onward linking to tax return data. And now, HRMC has proposed selling tax data to third parties including companies, researchers and public bodies "where there is a public benefit".

The HSCIC's predecessor, the NHSIC, has given or sold medical data to the Department of Transport, the Met Office, HMRC and the Home Office.

Government departments selling personal data is nothing new - researchers and third party organisations can apply for data extracts from the National Pupil Database run by the Department of Education.

There is no legal obstacle to the HSCIC releasing or selling information to government departments.

As far as the HSCIC is concerned, aggregate, anonymised and pseudonymised data are treated equally - all such data is non-personal, out with the Data Protection Act, and the HSCIC can do whatever it likes with this data, and give it to whomsoever they wish.

If a government department states that it wants access to your care.data "for the purposes of the provision of health care or adult social care" then it is likely that it will be given your information.

If a government department states that it wants access to your data "for the promotion of health" then it is likely that it will be given that information.

The decision to release or sell information from your care.data record to any given government department is made by the HSCIC, not you.

You may be happy for your medical information to be used by government departments - or you may not.


If your are unhappy or unsure about government access to your GP data from the HSCIC then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to government departments. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to anyone.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to government departments.

Opting out of care.data will ensure that government departments cannot obtain information from your GP record directly from the HSCIC, and without your knowledge or consent.


Back to index


Police access to care.data


Before care.data, police wanting access to your GP records would have to approach your GP or GP surgery and request the information, no doubt quoting section 29(3) of the Data Protection Act 1998 as justification for not seeking your consent first. s29 of the DPA means that information can be disclosed, without a breach of the Act occurring, but it does not compel disclosure.

Your GP - a doctor - would be mindful of the GMC's guidance on confidentiality, particularly in relation to disclosures in the public interest. Paragraph 37 of this guidance states that personal information can be disclosed in the public interest without consent, or if consent has been withheld, if the benefits to society outweigh the patient's interests in keeping the information confidential. Generally, this means for the prevention or investigation of a serious crime, or to prevent a terrorist offence.

Your GP is likely to resist simply handing over the information, and may well insist on trying to seek your consent first, or refusing to do anything until presented with a court order compelling release of the relevant information.

Once your identifiable GP data has been uploaded to care.data, and especially once combined with your hospital data, the police might approach the HSCIC as an alternative way to obtain GP information about you.

The police have requested information from the HSCIC 472 times since April 2013. The majority of these requests were looking for the current address or current GP for an individual, although occasionally information about "recent NHS interaction" was requested. Nearly all the requests were made, as expected, under section 29(3) of the Data Protection Act 1998.

From April 2013 to March 2014, there were 2,758 releases of non-clinical information, such as the geographical area where someone is registered with a GP, along with their name and date of birth, made from the HSCIC, including 491 to police forces, 321 to the National Crime Agency and 1,944 to the Home Office.

What is not known is whether the police will begin to request clinical or medical information from the HSCIC more frequently, once information from the entire country's GP records have been uploaded to the HSCIC and linked to HES, and especially if that medical information can be provided with names, addresses and telephone numbers.

Some within the police force are already demanding the right to see medical records without consent.

The police might well be very interested in care.data if it is, as planned, combined with DNA profiles.

If police access to your GP data from the HSCIC is of concern to you, then be aware of the following.

You cannot prohibit your uploaded GP data from being given to the police. There is no such control.

Details of your current address and GP are stored within the Personal Demographics Service, a separate "address book" system managed by the HSCIC. Opting out of care.data will have no effect on your data as stored within that system.

All you can do is to ensure that the HSCIC have no medical information about you as uploaded from your GP record, and, if you're really concerned, consider requesting that your HES record is anonymised (see below).

The 9Nu4 opt-out code would not prohibit release of your clearly identifiable medical data by the HSCIC in such circumstances.

However, the 9Nu0 opt-out code would ensure that no medical data whatsoever is uploaded to the HSCIC from your GP record, and so no medical information from your GP record can be released by the HSCIC - to anyone.


Back to index


The security services and care.data


Will the security and intelligence agencies have access to information uploaded under care.data?

The government will, of course, neither confirm nor deny this.

If security and intelligence agencies having access to your GP data from the HSCIC is of concern to you, then be aware of the following.

You cannot prohibit your uploaded GP data from being given to the security and intelligence services. There is no such control.

Details of your current address and GP are stored within the Personal Demographics Service, a separate "address book" system managed by the HSCIC. Opting out of care.data will have no effect on your data as stored within that system.

All you can do is to ensure that the HSCIC have no medical information about you as uploaded from your GP record, and, if you're really concerned, consider requesting that your HES record is anonymised (see below).

The 9Nu4 opt-out code would not prohibit release of your clearly identifiable medical data by the HSCIC in such circumstances.

However, the 9Nu0 opt-out code would ensure that no medical data whatsoever is uploaded to the HSCIC from your GP record, and so no medical information from your GP record can be released by the HSCIC - to anyone.


Back to index


The Partridge Review of NHSIC Data Releases


Sir Nick Partridge, a non-executive director of the HSCIC, was asked to lead a review of data released by the HSCIC's predecessor, the NHSIC, as took place from April 2005 to March 2013.

The review discovered serious lapses in arrangements that were supposed to protect personal data and prevent its misuse.

Much of the data sold by the NHSIC was pseudonymised - potentially identifiable.

As detailed above, the HSCIC sells information to a very wide variety of customers, not just research organisations and NHS institutions.

There were:

There are four Data Sharing Agreements made by the NHSIC with three re-insurance companies which allow those re-insurers to continue to use the data until the agreements expire in 2015 and 2016. This was of such concern that the HSCIC was asked to write to those three companies to delete the data that they held.

The NHSIC systematically failed to keep accurate records of where an individual's sensitive and personal health data was going, and for what purpose, and data was often released without appropriate approval (such as ONS Legal Gateway Approval).

But people will never find out, or be able to find out, whether their data was sold, to whom, or for what purpose. They will not know whether their data has been misused or re-sold. Nor will they ever be able to get their data, as sold by the NHSIC to anyone who was willing to pay for it, retrieved or deleted.


Back to index


Your data - overseas


Principle 8 of The Data Protection Act states that "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data".

The ICO has issued guidance to organisations on sending personal data overseas.

Information extracted from your care.data record in an anonymised, aggregated or pseudonymised way could certainly be sent or sold directly to an organisation based overseas.

Because these types of data are de-identified, and the HSCIC asserts that pseudonymised (potenially identifiable) data is also de-identified, they no longer count as personal data and so fall outside of the Data Protection Act. That means the HSCIC can give or sell any aggregate, anonymised or pseudonymised information extracted from your care.data record, when it likes, to anyone it chooses, in any country, for any purpose, and for whatever price.

HES data has been sold by the NHSIC to organisations overseas (e.g. The United States), such as World Cities Project International, ZS Associates, Boston Scientific, Portland VA, Cegedim Dendrite and Pacific Life.

Anonymised or aggregated HES data has already been provided to organisations abroad, notably the MedRed/BT Health Cloud which will provide public access to 50 million de-identified patient records from the UK.

Neither Principle 8 nor any other part of the DPA protects such data.

Remember, you cannot prevent, or control in any way, the release or sale of aggregated or anonymised data about you by the HSCIC.

Organisations with links to foreign companies, or who have headquarters abroad, will not automatically be denied access to your care.data . It will be up to the HSCIC - not you - to decide whether to release your information to such organisations.

It is unlikely, but not impossible, that your clearly identifiable, personal confidential, data would be sent or sold directly to an organisation based overseas. At least, not for research purposes as CAG would be extremely unlikely to approve it.

What is certain though is that your data can and will be given and sold to organisations based in this country. It may well be that once that organisation has the information, it is transferred overseas - without you, the HSCIC, NHS England or the ICO ever finding out.

Pseudonymised HES data - the entire HES database - has already been given, on 27 DVDs, to US-based Google for upload to "the cloud" and analysis.

The HSCIC recently signed a Memorandum of Understanding with the United States of America, in order to further facilitate sharing of health data.

If your are unhappy or unsure about the possibility of your care.data being sent overseas then opt-out using both the 9Nu0 and 9Nu4 codes.

You cannot prohibit your uploaded GP data from being given to organisations overseas. There is no such control.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - in any format, to anyone, in any country.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to anyone, in any country.


Back to index


The law and misuse of care.data


Misusing your clearly identifiable care.data, whether that is unlawfully obtaining it from the HSCIC, disseminating it (overseas, for example), or illegally re-selling it, is a breach of section 55 of the Data Protection Act.

Policing of this falls to the Information Commissioner, but he has pretty limited powers. For example, he has prove in court that "substantial damage and distress had been caused" by the misuse of the data.

The ICO can only serve a monetary penalty notice, which is a civil notice, a penalty and not a fine. Even the criminal offence of unauthorised disclosure or obtaining of personal information, as under Section 55 of the Data Protection Act, carries only a fine and is often dealt with by a magistrate.

More serious cases of information theft are dealt with in crown courts, which can impose unlimited monetary penalties. But jail sentences - which information commissioners have called for since 2006 - are not able to be imposed for s55 breaches.

For many large organisations, the paltry fines would be little or no deterrent.


"The track record in the magistrates court is pretty pathetic."

"If people don't think this sort of thing matters and if you get to the magistrates court you will be fined about £120, not surprisingly the public doesn't have great confidence that their personal information will stay secure."

Christopher Graham, Information Commissioner
The Independent, February 2014



For a very good explanation of all of this, see this excellent blog.


On 11th March 2014, the government voted against introducing stronger penalties for the misuse of HES and care.data .

And if the data released or sold about you fell outside of the Data Protection Act, that is aggregate, anonymised or pseudonymised data, then the ICO is powerless to investigate.

Only personal confidential data extracted from your uploaded GP data, your HES record, or your linked CES record - the type of data released under section 251 - has the protection and rights afforded by the DPA.


If your are unhappy about the woeful penalties for misuse of your care.data then opt-out using both the 9Nu0 and 9Nu4 codes.

The 9Nu0 opt-out code would ensure that no data whatsoever is uploaded to the HSCIC from your GP record, and so no information from your GP record can be released by the HSCIC - to any such organisation, in any format.

The 9Nu4 opt-out code would also prohibit release of your clearly identifiable data, from whatever source, under s251, by the HSCIC, to any such organisation.


Back to index


Hospitals and other sources of care.data - the SUS warehouse


Can I stop care.data from extracting and uploading my personal information from non-GP sources, such as HES, social care and psychiatric care?

NO.

At present, you cannot object to this data being extracted by the HSCIC.


Can hospital trusts and other non-GP organisations refuse to supply information to care.data?

NO.

The non-GP data that is linked to your GP records to form the combined care.data is sourced from the SUS data warehouse (see below), and all such organisations are mandated to supply information to this database.


Can I stop organisations, such as hospital trusts, from sending my identifiable information to HES in the first place?

YES.

Though it's not particularly straightforward.

Routine collection of data from hospitals predates the Data Protection Act, but all patients can object to their data being used in this way.

You will have to contact each organisation (e.g. each hospital that you use) on an individual basis (your GP surgery cannot do this), requesting that they do not send your personal and identifiable information to the SUS data warehouse (from which the HSCIC extracts HES data). They still have to send information, but all data about you then sent to SUS will be completely anonymised.

And if your SUS data is sent as anonymised, then your HES data extracted from it will be anonymised too.

At a patient's request, hospital trusts are required to remove all patient identifiable data (NHS number or name/address, local patient identifier (hospital number), DOB, postcode) from any SUS submission (CDS file) and render it anonymised and not pseudonymised.

Hospital trusts already have strong anonymisation procedures that are currently used for sensitive cases (e.g. IVF), and that can be extended to include patients who have requested that their identifiable information is not sent to SUS.

Some hospital trusts produce straightforward SUS opt-out forms for patients to use. For example, if you live in or around Plymouth, you can request that Plymouth Hospitals NHS Trust do not send personal and identifiable information about you to the HSCIC as part of SUS, by filling in this form.

Guidance on how trusts should achieve this has been published by the HSCIC and can be found here.

Some more information on SUS anonymisation by hospital trusts can be found in this FOI response.


However, it is much easier to request that your SUS record is anonymised by the HSCIC. This will ensure that any data about you arriving at the SUS data warehouse, from whichever hospital trust, will be anonymised on arrival. Any subsequent HES extract will therefore also be anonymised, though your existing SUS and/or HES record cannot be retrospectively anonymised.

You will need to fill in a 'Preventing use of your information' form, and send it, with proof of ID, to the HSCIC.

It costs nothing to do this, other than the price of a stamp. And it's free if you email your request.

Here is the pdf form that will enable you to request anonymisation of your SUS record.

The same form will also ensure that your HES record is anonymised (see below).

The HSCIC will remove, on this request, all identifiable information held on you by them, other than what is required by law to have you registered as an NHS patient and to enable the provision of your direct medical care (so completing this form will not, for example, stop you being called upon for any relevant screening or immunisation programmes). Detailed information about this is provided in the opt-out form.

The form can be either:

To email, use enquiries@hscic.gov.uk

The HSCIC is the sole data controller for SUS records.

It takes the HSCIC up to 6 weeks to process your request. When it has been processed, they will contact you with a confirmation similar to this.


Your SUS record can be accessed by:

Please be reassured - this does not anonymise your records as held by hospitals that have provided, or continue to provide, you with medical care. It simply anonymises, on arrival, the data that they are required to send to the HSCIC SUS data warehouse for secondary purposes.

The HSCIC will remove, on this request, all identifiable information held on you by them, other than what is required by law to have you registered as an NHS patient and to enable the provision of your direct medical care (so completing this form will not, for example, stop you being called upon for any relevant screening or immunisation programmes).

Anonymising your SUS data will have no effect on the medical care that you receive either from your GP surgery, from any hospital trust, or from anywhere else within the NHS or private sector.

Some more information on SUS anonymisation by the HSCIC can be found in this FOI response and also in in this FOI response.

Just like any uploaded data from your GP records under care.data, you cannot get your SUS data deleted.


Back to index


Can I control how information from my HES record is released or sold?


If you opt-out now, with the 9Nu0 code, then the HSCIC will not hold any information obtained from your GP record. It will just continue to hold your HES data.


You cannot prevent, or control in any way, the release or sale of aggregate data about you from your HES record.

You cannot prevent, or control in any way, the release or sale of anonymised data about you from your HES record.

You cannot prevent, or control in any way, the release or sale of pseudonymised data about you from your existing HES record.

The HSCIC refuses to allow historical HES data to be retrospectively anonymised.


You can prevent all releases of clearly identifiable data from your HES record by means of the 9Nu4 opt-out code. This action will take effect in January 2016.


You may have read in the national press recently about how, for many years, the HSCIC has been selling data extracted from your HES record to commercial organisations and information intermediaries, for re-sale onwards to insurance companies and pharmaceutical organisations.

This data was pseudonymised HES data.

You can request that any new HES data is, and remains permanently, anonymised.

This will have the effect of preventing both pseudonymised and clearly identifiable data releases from any new HES data.

Again, you cannot do anything whatosever about your existing HES record. That is for the HSCIC to sell, forever.


You will need to fill in a 'Preventing use of your information' form, and send it, with proof of ID, to the HSCIC.

It costs nothing to do this, other than the price of a stamp. And it's free if you email your request.

Here is the pdf form that will enable you to request anonymisation of your HES record.

The same form will also ensure that your SUS record is anonymised (see above). In fact, it ensures anonymisation of all information that the HSCIC receives about you.

The form can be either:

To email, use enquiries@hscic.gov.uk

The HSCIC is the sole data controller for HES records.

It takes the HSCIC up to 6 weeks to process your request. When it has been processed, they will contact you with a confirmation similar to this.


Please be reassured - this does not anonymise your records as held by hospitals that have provided, or continue to provide, you with medical care. It simply anonymises new data that the HSCIC subsequently extracts from those hospital records and uploads to its own databases for secondary purposes.

The HSCIC will remove, on this request, all identifiable information held on you by them, other than what is required by law to have you registered as an NHS patient and to enable the provision of your direct medical care (so completing this form will not, for example, stop you being called upon for any relevant screening or immunisation programmes). Detailed information about this is provided in the opt-out form.

Anonymising any new HES data will have no effect on the medical care that you receive either from your GP surgery, from any hospital trust, or from anywhere else within the NHS or private sector.

Anonymising any new HES data will not stop the HSCIC making aggregate and anonymised data available to everyone, in the form of open data.

Some more information on HES anonymisation by the HSCIC can be found in this FOI response and also in in this FOI response.

Just like any uploaded data from your GP records under care.data, you cannot get your HES data deleted.


Back to index


How can I prevent my medical information from being sold like this?


You can't - at least, not completely.

You can limit, to a degree, what information is sold about you though.

You can:


Back to index


care.data and medical research


Opting out of care.data will have no effect on aggregate information about you being shared within the NHS to help medical research.

As it always has been.

Many of the so-called "potential benefits" of care.data are already being achieved, or could easily be achieved, via aggregate data uploaded from GP systems as part of the Quality and Outcomes Framework (QoF) - data that cannot identify you.

Some examples:

And what could not be achieved by uploading aggregate, or completely anonymised, data about you, whether part of QoF or a separate process, could easily be done so using identifiable data uploaded with your explicit consent.

Data extracted from GP systems - primary care data - is important for research and to improve care and outcomes. But such data is already being provided, in aggregate and completely anonymised ways, and in identifiable formats with the explicit consent of patients, and care.data is not required for this.

Many practices contribute information to QSurveillance, a real time clinical surveillance system based on data from 3,400 EMIS general practices spread throughout the UK. QSurveillance collects, analyses and reports of rates of infectious diseases and vaccine uptake (flu, pneumococcal, DTaP/IPV/Hib, MMR, shingles and rotavirus), but crucially only extracts summary data which is aggregated (just like QoF).

Some outcomes require data that isn't even recorded in your GP record. For example, it is useful and important to know what treatments those patients diagnosed with cancer have received, such as chemotherapy or radiotherapy, or combinations of such treatments. But chemotherapy and radiotherapy are treatments provided by hospitals and specialist centres, and not by your GP surgery, and as such are not reliably recorded in GP records, and if so only maybe whilst the treatment is being undertaken. GPs do not record valid repeatable cancer treatment outcomes data, and so uploading identifiable information about such patients under care.data would not provide the necessary information.

Where linkage of GP data and hospital data could be useful, whether to improve outcomes in cancer, or to improve patient safety by monitoring complications of prescribed medications, it has already happened without care.data, and often (if not always) with the explicit consent of the patients with the disease, or those being prescribed that particular medication, and who are only too happy to allow their information to be used for these clearly defined, medical research purposes - once asked for their permission.

Much is made of prescribing data - that is, the prescriptions issued by GPs, dispensed by pharmacies, and taken by patients. That data is already available, via NHS Prescription Services.


Opting out of care.data in no way prevents you from agreeing - with your explicit consent - to partake in high-quality medical research based at your GP surgery, particularly if your surgery is a Research Ready accredited practice.

You can always ask your GP surgery or hospital specialist about clinical research programmes that are running or actively recruiting patients, and whether any such programmes would be suitable for you to participate in.

It's OK to ask.

You can even download apps for your smartphone or tablet which will help you find local research programmes, such as this one for Android and this one for IoS.

Participation in such research is only ever with your full, explicit consent, and you choose the type of research that you wish to be contribute to, and the organisation that you allow your medical information to be shared with.

Your GP knows your medical history and can ascertain whether your particular medical circumstances might mean that you would be a useful candidate to help a particular line of research. Many GP surgeries already participate in high quality research.

Opting out of care.data will not prohibit your GP from writing to you to invite you to take part in such research, should you wish to.

NHS Research Scotland have set up SHARE, a new initiative created to establish a register of people interested in participating in health research, and who explicitly consent to their medical records being used for research that they approve of.


"There need be no conflict between good research, good ethics and good medical care and that - taken as a whole, in balance - every data flow in the NHS is capable of being consensual, safe and transparent."

medConfidential
Open letter to NHS England and the care.data Advisory Group, April 2014



Remember, if you do not opt-out then you cannot specify that your uploaded GP data is only released or sold by the HSCIC for medical research purposes, only released or sold to research organisations within the NHS, or released or sold only for research studies that you approve and find ethically acceptable.

You have no control over how your uploaded information is used other than to opt-out.

And opting out of care data will not stop you from:


Back to index


care.data and the 100K Genomes Project


The 100K Genomes Project is an ambitious plan to sequence the DNA of about 40,000 patients patients with cancer and rare diseases over a four-year project.

Whilst not directly related to care.data, it is useful to know where these two projects differ, and where they overlap.

The 100K project seeks the explicit consent of patients before sequencing their DNA. This is in marked contrast to care.data where no consent is sought prior to extracting and selling your GP information.

It is likley that patients will not "apply" to have their DNA sequenced, rather they will be asked by their hospital or specialist team during their treatment, management or follow up.

Just like care.data, patients cannot place restrictions on the research undertaken on the data, such as limiting it to non-commercial research. Patients who donate DNA must sign a consent form to allow academics, doctors and industry access to the data.

It is important to realise that genomic data will ultimately be linked to patients medical records, and it is likely that uploaded care.data will be one method by which this is achieved.

However, opting out of care.data will not prohibit you from explicitly consenting to have your DNA sequenced under the 100K project, should you be eligible.


Back to index


care.data and your direct medical care


Opting out of care.data will have no effect on the medical care that you receive either from your GP surgery or from anywhere else within the NHS or private sector.

Opting out of care.data will have no effect on your GP surgery and the way that it is paid by the NHS or on the services that it provides.

Opting out of care.data will have no effect on the way that any hospital is paid by the NHS for treating you (PbR).

Neither of the two opt-out codes will affect any of the above.


Will opting out of care.data prevent medical staff in A&E, GP out of hours centres, or hospital out-patient departments having access to my medical information?

NO.

If medical staff are authorised to, and have access to that information (for example if they are enabled to, and are using, the Summary Care Record, and you have agreed to have a Summary Care Record created for you) then your opt-out of care.data will have absolutely no effect on that whatsoever.

If medical staff are authorised to access your electronic hospital records (if any exist at a given hospital) then your opt-out of care.data will have absolutely no effect on that whatsoever.

The government has set ambitious targets for one third of all ambulance services, NHS 111 call centres and A&E departments to have access to patients' GP records by the end of this year. Your opt-out of care.data will have absolutely no effect on that whatsoever, because these organisations will not be accessing care.data to achieve this requirement.

Opting out of care.data will have absolutely no effect whatsoever on the way your GP records are stored or accessed electronically by your surgery.

care.data has absolutely nothing to do with information sharing between healthcare professionals or with access of your electronic records by medical staff.

Anonymising any new HES or SUS data will also have no effect on the medical care that you receive either from your GP surgery, from any hospital trust, or from anywhere else within the NHS or private sector.


Will opting out of care.data prevent or hinder my GP looking after me?

NO.

Opting out of care.data will have absolutely no effect whatsoever on the way that your GP provides your medical care.

It will not affect your prescriptions, vaccinations, screening procedures, investigations, monitoring of chronic conditions or referrals to specialists.

You will still be invited to cervical screening, breast screening, bowel cancer screening, diabetic retinopathy screening, abdominal aortic aneurysm screening, and any other current or future national screening programmes, if you are eligible, as these are not secondary uses of your data but primary uses required for your direct clinical care.


The HSCIC can confirm that when a type 2 objection code (i.e. codes 9Nu4, XaaVL, 881561000000100) is recorded in a GP record and extracted and implemented at the HSCIC it will not affect any of the following direct care services .. :

The HSCIC can also confirm that when a type 2 objection code (i.e. codes 9Nu4, XaaVL, 881561000000100) is recorded in a GP record and eventually registered at the HSCIC it will not affect data flows that are required for any other NHS services that can be regarded as for a patients’ direct care.

HSCIC
FOI Response


If you opt-out of care.data, you can still be referred to a specialist under Choose & Book, your surgery can still manage your prescriptions via the Electronic Prescription Service, you can continue to request your prescriptions online, and continue to email, or securely message, your GP or surgery (if you are offered these facilities).

Opting out of care.data will have no effect whatsoever on your relationship with your GP surgery.


I am part of the UK Biobank project - will my care.data opt-out impact on this?

NO.

Neither the 9Nu0 nor the 9Nu4 code block the extraction of data from your GP records, that you have explicitly consented to, if you have signed up to this project.

The 9Nu0 code only blocks the extraction of GP data where your explicit consent has not been sought - such as care.data .


Will my GP mind if I opt-out?

NO.

Whether or not you opt-out is immaterial to your GP.

And you certainly don't need your GP's approval or permission to opt-out of care.data .


Back to index


Accessing your GP record online


Opting out of care.data will have no effect on you accessing your medical record online (if and when this is offered to you by your GP surgery).

By 2015 all patients should be able to access their GP records electronically if they wish to. Many are able to so right now. And this is not - and will not be - via care.data.

Remember, medical staff treating you in GP surgeries, hospitals, A&E, pharmacies, NHS 111 call centres and GP out-of-hours centres will not access, or be able to access, the care.data database.

And nor will you.

You can find out about accessing your medical record online in this factsheet. EMIS is one GP software system that already offers this, but the other GP software systems will be doing this as well.

If you are interested in obtaining secure records access then just fill in this form and hand it in to your GP surgery.


In addition, care.data has absolutely nothing to do with the ability to securely access some aspects of your hospital records online, again only at your explicit request.

These portals include Patient Portal and Patient View.


Back to index


Subject Access Requests


Can I see what data the HSCIC has extracted from my GP records into care.data?

YES.

The information that the HSCIC holds about you, whether your HES data, your uploaded GP data, or your combined care.data record, is identifiable (i.e. not anonymised) and so information relating to just you can be identified, extracted and provided to you.

Everyone has the right to make a request for personal information from a data controller under the Data Protection Act 1998.

You have the right to make a Subject Access Request (SAR) to the HSCIC.

The HSCIC have produced guidance about subject access requests.

A form that you can apply on is here.

The HSCIC holds your extracted health data in an exclusively electronic form (as compared with your GP, who holds your information in both electronic and non-electronic (Lloyd George envelope) forms).

Nevertheless, ensure that you request your health records as held electronically by the HSCIC.

You will be supplied with a permanent copy of the relevant information, within 40 calendar days.

The maximum fee payable to the HSCIC for the SAR will be £10, regardless of the number of pages the information comprises.


Can I see what data the HSCIC already holds about me, such as in SUS or Hospital Episodes Statistics (HES)?

YES.

The procedure is exactly as above, just state that you wish for your personal SUS or HES data to be provided to you.


After my GP records have been uploaded to care.data, can I see what data the HSCIC then holds about me as Care Episodes Statistics (CES)?

YES.

You can request your "full", linked, care.data record, exactly as above.


Back to index


Finding out when your data has been released or sold



Can I find out each occasion when aggregate data involving me has been released or sold, to whom, and for what purpose?

NO.


Can I find out each occasion when my anonymised data has been released or sold, to whom, and for what purpose?

NO.


Can I find out each occasion when my pseudonymised data has been released or sold, to whom, and for what purpose?

NO.


Aggregate, anonymised and pseudonymised data are classed as non-personal data by the HSCIC, and as such the Data Protection Act does not apply to them. Accordingly, you have no rights under the DPA for these data classes, you cannot prohibit their processing (assuming the HSCIC has the information about you to process) and you cannot find out when data about you was released or sold in any of these three formats.

The HSCIC does not even keep a copies of aggregate, anonymised or pseudonymised datasets that it sells to organisations.

The HSCIC doesn't know whether it has sold pseudonymised information about you, or what that information was, even if you were entitled to request it under the DPA.

And just as the HSCIC doesn't know this, it also has no idea whatsoever if organisations, such as information brokers, that it has sold pseudonymised - potentially identifiable - information to has resold or redistributed this information on to yet further organisations.

Try to make a Subject Access Request about pseudonymised HES data sold about you and it will always be rejected.

All of the above will apply to your uploaded GP data and your combined CES data too (unless you opt-out).


Can I find out each occasion when my clearly identifiable data has been released or sold, to whom, and for what purpose?

YES.


Processing of personal confidential data does fall under the the Data Protection Act, and as such you have this right.


But you will have to:


Back to index


Can I sue companies if they misuse my care.data?


In all honesty, no.

Not because that legal avenue isn't open to you, but because you can almost never find out when your data has been misused.

Remember:

You'll never know when your sensitive and personal medical information has been misused or abused by any of the hundreds and hundreds of organisations, including insurance companies and information brokers, that the HSCIC might have sold it to.


Back to index


care.data and the Summary Care Record


care.data and the Summary Care Record (SCR) are two entirely separate projects.

The Summary Care Record (SCR) is a national centralised database of medical information (allergies and medication, initially) extracted and uploaded from patients' GP records. This project's aims are to make this information potentially available to emergency doctors (in A&E and GP out-of-hours centres countrywide).

For further information about the Summary Care Record, please see my other site.

As regards the Summary Care Record:

care.data is very different to the Summary Care Record:

You will still need to opt-out to prevent care.data uploads even if you have already opted out of The Summary Care Record.

Summary Care Record opt-outs will not prevent care.data uploads.

Opting out of one database does not mean that you have automatically opted-out of the other.


The Department of Health have reneged on a pledge made in April 2013 that patients who opted-out of the Summary Care Record would not have to opt-out again for care.data.

"We're not going to cancel the opting out that's already happened. There may be a process of recontacting people to explain the new arrangements and that's a detail which we'll work through in operational terms. But we will respect people who have already said they wish to opt out of NHS sharing."

"We will respect those who have already opted out."

Jeremy Hunt
on care.data, April 2013


Can I have a Summary Care Record but opt-out of care.data?

YES.

Can I agree to care.data extractions but opt-out of the Summary Care Record?

YES.

Opting out of either database, or both, will not in any way affect the medical care that you receive from your GP surgery.



care.data and the Hampshire Health Record

care.data and the Hampshire Health Record (HHR) are two entirely separate projects.

The Hampshire Health Record is a locally accessible centralised database of medical information (the entire GP record as it happens) extracted and uploaded from patients' GP records. This project's aims are to make this information potentially available to healthcare professionals across Hampshire.

For further information about the Hampshire Health Record, please see my other site.

You will still need to opt-out to prevent care.data uploads even if you have already opted out of the Hampshire Health Record.

Hampshire Health Record opt-outs will not prevent care.data uploads.

Opting out of one database does not mean that you have automatically opted-out of the other.

You can have a Hampshire Health Record but opt-out of care.data

You can agree to care.data extractions but opt-out of the Hampshire Health Record

Opting out of either database, or both, will not in any way affect the medical care that you receive from your GP surgery.


Back to index


care.data and EMIS Web data streaming


care.data and EMIS Web data streaming are two entirely separate data sharing schemes.

For further information about true, interoperable data streaming, please visit www.nhsdatasharing.info, or alternatively have a look at this example factsheet from North East Hampshire and Farnham.

EMIS Web data streaming, sometimes referred to as the MIG, involves information from your GP record being "streamed" in real time and on-demand, meaning that data from your GP record is neither extracted, nor uploaded, nor sent anywhere. The data remains within the surgery database and select organisations, such as your local Accident and Emergency department or GP out-of-hours centre, are only allowed to "view" it.

It is a primary use of your medical information, for the purpose of delivering direct medical care.

Since no information from your GP record is extracted or uploaded anywhere with data streaming, there are no secondary uses of the information made available.

If data streaming is available in your area, then:

Opting out of one scheme will not automatically opt you out of the other.

Opting-out of either scheme, or both, will not in any way affect the medical care that you receive from your GP surgery.


Back to index


care.data and Risk stratification


care.data and Risk stratification are entirely separate projects

Though they are similar.

For further information about risk stratification schemes, please visit www.nhsdatasharing.info

Across the country, many GP surgeries are uploading their patients' entire GP records to third party databases, for analysis and scoring, in order to identify so-called high risk patients who are likely to cost the NHS a lot of money.

In most cases, opting out of care.data will also opt you out of risk stratification.

If you really want to be sure, download and use the form from www.nhsdatabase.info that opts you out of all of the NHS Databases.

Opting out of either care.data or risk stratification, or both, will not in any way affect the medical care that you receive from your GP surgery.


Back to index


Public awareness about care.data


Do GP surgeries have to ensure patients are aware of care.data and of their right to opt-out?

YES.

Your GP surgery is the data controller for your medical records. Whilst it is legally obliged to release the information to the HSCIC without your explicit consent, unless you opt-out, the surgery has an obligation to provide fair processing information to its patients, making them aware of care.data and of their right to object.

As the organisation with primary responsibility for their patients' data, GP surgeries have an obligation to ensure that information about the use of their data is actively communicated to patients, by any and all reasonable means.


What is NHS England and the HSCIC doing to make patients aware of care.data?

In January 2014, a household leaflet drop, reaching approximately 24 million homes, should have explained data sharing for patients and the public. The leaflet should have made it clear that everyone has a right to object to their confidential data being shared in certain ways.

The cost of the NHS England leaflet drop to households in England was approximately £1.2 million.


Did the leaflet include an opt-out form?

NO.

That would have made it very easy for people to opt-out.


Did the leaflet include the phrase "care.data", even once?

NO.


Was the leaflet personally addressed to me?

NO.

The leaflet was simply pushed through your letterbox.


In other words, junk mail?

YES.


He is critical of the NHS's efforts to explain the care.data system, saying the ICO had advised individual letters to all patients.

"They said 'No, we're going to do a leaflet.' I never received my leaflet," he says.

Christopher Graham, Information Commissioner
The Independent, February 2014



We know that very many patients did not receive it (you are allowed to opt out of unsolicited leaflets via Royal Mail), did not read it (binning it or recycling it immediately), or understand its significance.

Between January and March 2005, 750,000 leaflets of a similar type were delivered by Royal Mail to households within Hampshire and the Isle of Wight outlining the Hampshire Health Record (HHR), another massive medical database. This was supposedly to provide comprehensive information to the entire population of Hampshire & IOW and (just like care.data) was based on an opt-out.

The leaflets were unsolicited junk mail then, and they were again for care.data .

The HHR's attitude to 'obtaining consent' in that way was heavily criticised by the Department of Health.


"We have learnt from what Hampshire did, because we believe that it did not go to every person who needed to learn about it, and I have learnt more about the junk mail rule than I ever want to know, but it exists and you need to send to every addressed adult in order for it not to get thrown away if you have got Safeways or Tescos trying to tell somebody something at the same time."

Connecting for Health
Oral evidence to the HSC Enquiry into the EPR, Question 61


Back to index


Where can I get more information about care.data?


There is a lot of information available about care.data, other than this site, which you may choose to refer to before you decide on whether you wish to opt out or not.

NHS England/HSCIC

EMIS National User Group

medConfidential

Wired.co.uk

Patient.co.uk


Back to index


So can I opt-out of care.data?


So can I stop the HSCIC extracting personal information from my GP records?

YES.

Although GP practices cannot object to this information leaving the practice, individual patients and their families can instruct their practice to prohibit the transfer of their data, i.e. you have the right to opt-out.

Not objecting to care.data is akin to 'donating' your medical records.

What If I do not opt-out?

If you do nothing, i.e. you do not opt-out, then your medical information will be extracted and uploaded to the HSCIC.



Naturally, we were all denied an opt-out from care.data to start with.

As far back as 2009, those now in charge of care.data were arguing than no-one should be able to object to sharing of their medical records.

"But no one who uses a public service should be allowed to opt out of sharing their records. Nor can people rely on their record being anonymised - at the moment sexual health services can be anonymous, and as a result there are almost no measures of performance in that sector."

Tim Kelsey, co-founder of Dr Foster, now NHS England's director of patients and information
"Long live the Database State"


Back in February 2013, the HSCIC had argued that patients should have no right whatsoever to opt-out of care.data extractions.

"The legal basis for the disclosure from general practice systems is statute. As a result, there is no legal necessity to allow patients to opt out of the extraction."

HSCIC
Information Governance Assessment, February 2013


And indeed, that is true. There is no "legal" requirement for an opt-out, because no such requirement exists within the Health and Social Care Act.

But it was made very clear to the HSCIC, by the IAG and the BMA, that not allowing an opt-out from care.data would be in violation of both the NHS Constitution and the GPES Principles (the rules governing the software system, managed by ATOS, that will extract care.data from GP records).

"You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis"

The NHS Constitution


"Where data are extracted for secondary purposes, no patient data will be extracted if the general practice has recorded a patient's objection to disclosures of patient identifiable data from the general practice for secondary uses even where Section 251 approval has been given"

General Practice Extraction Service (GPES), Information Governance Principles


And so, begrudgingly, the HSCIC were forced to concede an opt-out.

Though they're still not happy about it.


"For us it's important to recognise that citizens have rights which are irritating and awkward but which we have to honour."

Kingsley Manning, chair of the HSCIC


Back to index


Deleting your uploaded data



How long will the HSCIC keep my uploaded data for?

Indefinitely.

The HSCIC have no intention of ever deleting your information. In fact, your personal data will be added to on a regular basis by ongoing uploads from your GP records (unless you opt-out).


Can I ever get my uploaded data deleted?

NO.

Once uploaded, you will never be able to get this data deleted by the HSCIC.


Can get my uploaded data deleted if I make a Section 10 DPA request?

NO.

Section 10 of the Data Protection Act gives an individual a limited right to ask a data controller (organisation) to stop processing information about them if it is causing them unwarranted and substantial damage or substantial distress.

Section 10 does not give an individual the right of deletion or removal of data.


So who can help me get my uploaded information deleted?

In personal communication, the ICO have stated the following:

As regards a Section 10 DPA application to the HSCIC, "In order for such a request to be considered, unwarranted and substantial damage or distress would need to be quantified, rather than a just a simple objection because someone does not agree with the processing or has changed their mind."

The HSCIC will almost certainly reject all such applications.

And if you were to complain to the ICO:

"I can also confirm that in relation to the ICO. If requested (via a complaint) we can only look at the process of s10, this is where such a request has not been responded to within the time scale of 21 days. We cannot look at a response where an individual does not agree with the outcome. In such a case, the individual would need to apply to a court for a decision to be made as to whether their objection is justified. The court would then order what action, if any, must be taken.

So, when it comes to trying to get your uploaded information deleted:

Your only option will be an expensive legal challenge.

You cannot get your uploaded data deleted - when it comes to care.data, you do not have the "right to be forgotten".


And it's just the same when it comes to trying to get deleted data sold about you to organisations such as credit reference agencies and insurance companies.

The HSCIC won't tell you when data about you has been sold in aggregate, anonymised or pseudonymised formats - so you won't have any idea where your data has gone.

The HSCIC cannot track your data, and does not know whether organisations have sold your data onwards, to whom, for what price, and for what purpose. And so, nor can you.

The HSCIC cannot compel any organisation to delete data that it has sold it to. And so, nor can you.


Back to index


What happens to my uploaded care.data when I am dead?


If you are unfortunate enough to die after your data has been uploaded, and without having opted out of care.data, then two things will happen.

Firstly, and once your GP surgery has registered on its system that you have died, no further data about you will be uploaded to the HSCIC.

Secondly, any uploaded GP data, any HES data, and any linked CES data, can and will continue to be released or sold to organisations, in any format.

Eternally.


Back to index


When can I opt-out of my GP data upload?


You can request that the codes are added right now, before extractions and uploads to care.data have begun, or you can request that the codes are added at any time thereafter.

The 9Nu0 opt-out

If the 9Nu0 opt-out code is added before your initial GP dataset upload then:

If the 9Nu0 opt-out code is added after your initial GP dataset upload, or subsequent to any monthly GP uploads to your care.data record, then:

The 9Nu0 code has an immediate effect in preventing information (or any further information) from your GP record from being uploaded to the HSCIC for secondary purposes.


The secondary uses (9Nu0) opt-out will ensure that no identifiable information about you will be extracted and uploaded - to anyone, not just the HSCIC- without your express consent, for secondary uses, both now and in the future.

That includes care.data, risk stratification, the national audits and identifiable GPES extractions.

In addition, the 9Nu0 opt-out will also prohibit de-identified information about you concerning any eMed3 Statement of Fitness to Work reports (i.e. sick notes) being uploaded to the HSCIC and subsequently passed to the Department of Work and Pensions.

You can find out more about the effects of the 9Nu0 (secondary uses) opt-out at www.nhsdatabase.info



The 9Nu4 opt-out

Your personal confidential data, as held by the HSCIC, and from whatever source, can be released, is already being released, and will be released in a clearly identifiable format, as detailed above.

As soon as the 9Nu4 opt-out code is added to your GP record and transmitted to the HSCIC, then no further clearly identifiable data releases about you will occur from the HSCIC.

The 9Nu4 code will prevent the HSCIC from releasing or sell any information that it holds, and that clearly identifies you, when that code has been passed to the HSCIC.

At present, the HSCIC have not requested that information from GP surgeries, and (believe it or not) they are incapable of processing the 9Nu4 opt-outs, and the sheer numbers of those opt-outs, at the present time.

But do not hesitate to opt-out as the HSCIC is obliged to honour any and all 9Nu4 opt-out requests made to GP surgeries by patients.


Back to index


An opt-out now means an opt-in - when you want


If you opt-out now, you can opt-in at any time in the future, if you want, when you want, at a time of your choosing.

Perhaps if and when care.data has been changed so that :

When any, or all, of the above, or any other requirements that you want met are reliably in place, then you can choose to opt back in.



"Informed consent is not an obstacle to be overcome, but a principle to be respected and cherished."

Nature
"Careless.data", March 2014



Until then, opting out will ensure that your GP information will not be used in ways that are unacceptable to you.


Back to index


The delays to care.data - what has changed?


Absolutely nothing.

care.data may well have been delayed again, but still, when it does begin:


Back to index


So how do I opt-out?


If you have decided to opt out of care.data then it's very easy to do so.

First, download an opt-form:

There is no "official" or mandatory opt-out form that you are obliged to use, whether produced by the HSCIC or anyone else.

It doesn't matter which form you use.

Make sure that you haven't been given, or downloaded, a Summary Care Record opt-out form by mistake.

Fill a form in, and hand it into, post it to, email it to, or fax it to your GP surgery.

You do not, however, have to fill in a form to opt-out of care.data .

You can just write a letter to your practice:

If your GP surgery has enabled you to use EMIS Access, then you can use the secure messaging system within that to let your GP know that you wish to opt-out of care.data .

Alternatively, you can tell your GP that you wish to opt-out the next time that you see him or her (if you have an appointment planned for the near future).
(Don't make an appointment to see him or her just to opt-out though, please!)

Remember to opt-out your children, or those for whom you have parental responsibility, as well.

Ensure that you make your opt-out wishes known to your GP surgery.
No-one else can add the electronic flags to your GP records.

Do not send your opt-forms or letters to the HSCIC.


Do I have to give any reasons for my opt-out?

NO.

Absolutely not.


What about my children's records?

The HSCIC is taking everyone's medical records, no matter how young or old you are. As soon as newborn children are registered at their GP surgery, their data will be uploadable.

Your children's medical records will be uploaded too unless you opt them out.

When your children reach their 16th birthdays, they will not be automatically written to about care.data and their uploaded information.

But when your children are old enough to understand and make a decision for themselves about the storage and use of their data in his way, they will never be able to get that information deleted should they wish.

You do not need to see, discuss with or seek the permission of your GP (or anyone else for that matter) before opting your children out of care.data.


If I opt-out, what will my GP do to my records to prevent care.data processing?

Your GP will add two electronic flags, known as read codes, to your records.


One flag, known as 9Nu0, will ensure that no data whatsoever from your GP record will be uploaded to the HSCIC and released or sold, in any format.

The HSCIC will then be unable to release or sell information from your GP record to insurance companies, pharmaceutical organisations, private providers or government departments, in this country or abroad. It won't be able to sell it to anyone - because it won't have your GP information in the first place.

All the HSCIC could then release or sell would be information obtained from your existing HES record.

The 9Nu0 flag will ensure that no identifiable information about you will be extracted and uploaded to anyone, for secondary purposes and where your express permission is not being sought beforehand.


The other flag, known as 9Nu4, will ensure that any data held by the HSCIC, whether extracted from your GP record or other sourced data (such as HES, mental health, social care), will not be released to any organisation in a clearly identifiable format.

The 9Nu4 flag is important if you wish to control how the HSCIC releases information held about you, particularly from organisations other than your GP surgery. Section 251 cannot be used to override patient dissent, so if you have indicated that you do not want your information to be shared in this way, by the presence of the 9Nu4 code, then section 251 cannot be used to override this - other than in the most exceptional circumstances, e.g. serious public safety concerns or civil emergency.

With both the 9Nu0 and the 9Nu4 opt-outs in force, all the HSCIC could then do is release or sell aggregate, anonymised or pseudonymised data obtained from your existing HES record (which it has been doing anyway, for years).

Be aware that the 9Nu4 code alone does not stop the release or sale of:

obtained from your uploaded GP information.

To prevent those, you must ensure that no GP information whatsoever is uploaded to the HSCIC in the first place - by means of the 9Nu0 code as well.



care.data only affects England. If you are registered with a GP in Scotland, Wales or Northern Ireland then you do not need to opt-out, as no data will be extracted from your GP record under this project.

care.data will only be extracted from the GP record held by the surgery that you are currently registered with. So you do not need to opt-out at all your previous GP surgeries.

If you do opt-out, and then subsequently register with a new GP surgery in England, then you would be well advised to re-register your opt-outs with your new surgery. It is possible that your opt-outs will be transferred across (for sure if your GP record is sent electronically between surgeries by GP2GP) but quite possible that they will not.

If you have moved abroad then it depends on whether you are still registered with an English GP surgery (you shouldn't be). If you are still registered with a GP surgery in England then either de-register, by informing the surgery that you have moved away, or request that the codes are added and then de-register, if you prefer. Whilst this will stop any further data being uploaded to the HSCIC from your GP record, you cannot do anything about already uploaded data, which the HSCIC will keep for ever and can continue to release and sell.



If I opt-out, can I allow uploads to care.data but prohibit release of identifiable information from the HSCIC?

YES.

You can ask your GP to just add the read code 9Nu4 to your records, if you so wish.

This will allow identifiable data from your GP records to be uploaded, but no information, from whatever source, released or sold to organisations in a clearly identifiable form (Red data).


If I opt-out, can I change my mind and opt back in?

YES.

If you opt-out now you can opt-in at at any time in the future - if you are happy to, when you are happy to, and at a time of your choosing. It's your data, you should be in control.

Once you opt back in, your GP will add different electronic flags that will permit uploading to care.data and/or the release of other clearly identifiable information from the HSCIC to organisations.


How can I be certain that my opt-out has been actioned by my surgery, and the codes added to my record?

If your opt-out form, letter, or fax has clearly stated your wish to opt-out of care.data, the codes that you want added, and your name/DoB, then your surgery will action your request appropriately, otherwise it would be in breach of the Data Protection Act and you would have every right to make a formal complaint.

You do not need to confirm that your opt-out has been registered, but if you are concerned that your surgery may not fully understand the process then the easiest way would be to:

If all else fails, you are entitled to make a subject access request (SAR) to look at your GP records yourself.

Because:

your GP surgery must offer you the opportunity to inspect (i.e. view on a computer screen) your records free of charge, rather than providing you with a permanent copy of the records for a fee. Your GP surgery is also obliged to help you access the information within your record that you are looking for.

Faced with having to organise all of that, most surgeries will quickly confirm that the codes have been added.


Back to index


So what do I need to do to ensure the maximum protection for my personal and confidential medical information, both at my GP surgery and at the HSCIC?


Ask your GP surgery to add both the 9Nu0 and the 9Nu4 codes to your GP records.

With both the 9Nu0 and the 9Nu4 opt-outs in force:

Make a request to the HSCIC that any new HES/SUS data is anonymised upon receipt.

This will prevent pseudonymised data from any new HES uploads being released or sold.

Opting out of care.data, or anonymising your HES/SUS data, does not mean that you are "opting out" of the NHS, in any way.

This summary shows the effects of the various combinations of care.data opt-outs.


Back to index


Press articles regarding care.data



Contact me


Feel free to send me constructive comments about this site.

Neil.Bhatia@nhs.net

PGP public key: 9651 BDC9 46B5 7768 3B3F AF79 8FE1 DACC FEFA 344F

I will read every comment sent, though please do not be offended if I do not reply to your message.

Privacy policy: I will not sell, trade or otherwise transfer to any third parties your personally identifiable information (your email address or the content of your email)


This non-commercial website was written by Dr Neil Bhatia, a GP and Caldicott Guardian in Hampshire.

Last updated: 28.04.16



Back to index


This website does not accept or host any advertising.

This is a non-commercial website and receives no external source of funding from any organisation.

This website does not use cookies.