care.data2 - General Practice Data for Planning and Research (GPDPR)
www.gpdpr.info


This non-commercial website was written by Dr Neil Bhatia, General Practitioner (GP)
Records Access Lead, Caldicott Guardian, Information Governance Lead, Data Privacy Officer, Data Protection Officer, Data Autonomy Advocate.

Twitter: @docneilb

This is a personal website and in no way affiliated with any GP surgery, Clinical Commissioning Group, STP, ICS, or any other organisation.

All information is correct, and up to date, as far as I can tell.
Opinions on lawfulness, fairness, trasnparency, confidentiality, privacy, misuse of private information, and loss of control, are my own.

Links to further sources of information are provided.

Visit www.nhsdatasharing.info to find out about the very many ways by which information from your electronic GP record is, or can be, made available to others.

There is no third-party user tracking technology present on this website.
See my privacy policy


Do you just want the opt-out information for care.data2/GPDPR?
Jump straight here.


Just looking for information about the National Data Opt Out ("Your NHS data matters")?
Jump straight to this webpage, www.nationaldataoptout.info

Just looking for information about the National Summary Care Record?
Jump straight to this webpage, www.summarycarerecord.info


"Confidentiality, once breached, is lost for ever"

Cream Holdings Limited and others (Respondents) v. Banerjee and others (Appellants) [2004] UK House of Lords


care.data2 only applies in England

Personal confidential information will be collected from GP medical records about:


This website - www.gpdpr.info - aims to provide information to everyone about care.data2 - the General Practice Data for Planning and Research (GPDPR) extraction - so that you can make an informed decision about opting-out or not.

It tells you about the different formats that NHS Digital disseminates and trades your information in - anonymised, pseudonymised, and clearly identifiable.

This site tells you how to control your GP record, so that you decide what happens to your personal confidential information. Once you know what can happen, or is already happening, to your personal information, then you can make an informed choice as to whether to allow such data sharing to happen or continue - in other words, whether to opt-out or not.

So you can share data on your terms.

It's a binary choice - and the decision is yours, once you know that you can do something.


Getting involved in medical research

Click to drop down/close more information about getting involved in medical research

One of the best places to find out information about contributing to, and getting involved in, medical research is the National Institute for Health Research (NIHR).

They have an excellent "Public Information Pack (PIP): How to get involved in NHS, public health and social care research".
The guide has been written for patients, carers and members of the public who are interested in getting involved in health or social care research. It aims to answer the questions that people frequently ask when they first get involved in research.

And they have an excellent "Public Information Pack (PIP) Supplement: Finding out more".
This resource provides information about some of the different organisations that are involved in health and care research, which may be useful to know about.

If you are interested in contributing to medical research, with your explicit permission, then have a look at NIHR's Be a Part of Research website.

The NIHR also have a "People in Research" website, a database of opportunities for members of the public to get involved in research.

The Medical Research Foundation "funds and supports research in areas of great clinical need but where there is low investment".
There are always opportunities to help them raise funds for such research.


care.data2 has nothing to do with COVID-19 planning and research.

There is already a mandatory data flow from GP surgeries, to NHS Digital, for precisely that. In fact, multiple data flows.


You need a Type 1 opt-out to prohibit the extraction and uploading of your GP information to NHS Digital for care.data2 / GPDPR.

The Type 1 opt-out stops your GP from being extracted and uploaded, to NHS Digital, for care.data2

The National Data Opt Out alone will not stop that extraction and processing.

The National Data Opt Out only affects information about you if and when NHS Digital get hold of it.

The NHS App only allows you to set your National Data Opt Out.
You cannot express a Type 1 opt-out, to your GP surgery, via the NHS App.
You cannot express a Type 1 opt-out "online".
You need to contact your surgery directly.

This chart explains it.


It does not matter if you have opted out previously.
It does not matter if you're not sure if you've opted out previously.
It does not matter how many times you opt-out.

If you're not sure whether you have opted out previously, just opt out again.
Your GP surgery won't mind.
It's far easier for them just for you to opt-out again, than for you to try to contact them to make that enquiry.


4 Myths about caredata2/GPDPR - debunked

Your information is not being disseminated just within the NHS.

Your information is not being used just for medical research.

Your information is not anonymised.

Not opting out of care.data2 does not mean you are giving your "informed consent" for your records to be taken and used.


Terminology:

Click to drop down/close more information about terminology in data protection and data privacy

Data protection: the lawful control and use of personal data held by an organisation (the data controller). Data protection encompasses data security, data privacy, and data ethics. An important part of data protection is ensuring control over the access of personal information, as held by the controller, to third parties; and in particular, ensuring that there is no unauthorised access or disclosure.

Data privacy: ensuring and empowering data subjects to control the use, dissemination, and access to, their personal (and sometimes confidential) information. It enables people to make their own decisions about who can process their data, and for what purposes - autonomy over their personal information. That means upholding a person's right to privacy under Article 8 of the Human Rights Act.

"Privacy is having the choice - it is the right to decide who we tell what, to establish boundaries, to limit who has access to our bodies, places and things, as well as our communications and our information."
Privacy International

Data security: the protection of data from accidental, or intentional but unauthorised, modification, destruction, or disclosure of data held by an organisation. In other words, and simply - keeping data secure. Not keeping data secure may result in a data breach.

Data ethics: the correct, appropriate, proportionate, responsible, fair, privacy-respecting, subject rights respecting, harm-avoiding, use (or processing) of an individual's personal information.
Fairness, transparency, accountability.
It includes respect for the individual's right to know what is happening to their information (to be informed), and their right to control it - the right to autonomy over their personal information.

"You need to stop and think not just about how you can use personal data, but also about whether you should.”
Information Commissioner's Office

Personal data: any information relating to an identified or identifiable natural person (data subject). Examples include your name, home//work address, email address, your computer IP address - and your medical records. Personal data includes personally identifiable information, special category data, and confidential data.

Personally identifiable data (or information): sometimes referred to as PII. Personal data which can be used to distinguish or trace an individual's identity, such as their name, NHS number, medical records, alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.

Special category data: sometimes called sensitive data. Personal data revealing or concerning certain types of data, such as racial or ethnic origin, political opinions, religious beliefs, genetic data, sexual orientation, and health data (medical records).

Confidential data (or information): information given in circumstances where it is expected that a duty of confidence applies, and that information cannot normally be disclosed without the information provider's permission. Your medical records are confidential data.

So your medical records, whether held by your GP surgery or a hospital, clinic, or service:


Your information is personal confidential information when disclosed to NHS Digital for caredata2/GPDPR. It is not anonymised.
Your information is personal confidential information as held by NHS Digital for caredata2/GPDPR. It is not anonymised.
Your information is personal confidential information when disclosed by NHS Digital in pseudonymised and clearly identifiable formats.


Primary uses are uses of data for the main purpose for which they were originally collected directly from the individuals concerned.

For your GP record, this means making that information available, to healthcare professionals that you are seeing, within your GP surgery, for your direct medical care.

You have the right to opt-out of allowing your medical record to be shared, or be directly accessible, for primary purposes - for your direct medical care - beyond your GP surgery, if you so wish.

You can opt back in to primary uses of your GP record at any time in the future.

Secondary uses are uses of existing data for purposes other than those for which they were originally obtained.

For your GP record, this means making that information available, to anyone (not just within the NHS), for purposes other than providing your direct medical care.

Examples of secondary uses include, research, audit, healthcare planning, "population health management", commercial and even political uses.

You have the right to opt-out of allowing your medical information to be used for secondary purposes - in ways unrelated to your direct medical care - if you so wish.

You can opt back in to secondary uses of your GP record at any time in the future.


Please do not make an appointment with your GP, or ring your surgery, just to opt-out. You do not need to.

Just hand in, post, or email a Type 1 opt-out form, or a letter, to your GP surgery.
Or use your surgery's eConsultation system (if it has one) - just make clear that you are expressing a Type 1 opt-out to GPDPR, and select the "I want administrative help" section in the online form

That's it. Simple. No questions asked.

Don't forget to opt-out your children as well. They may well thank you for that when they're older.


care.data2 - what is going to happen?

care.data, the planned data-grab project that ended in disaster in 2016, is back from the dead. And it's bigger than before.

From 1st September, and every day thereafter, NHS Digital will extract a vast amount of information from your GP record and upload it to its servers. It will then disseminate that information, for purposes beyond your direct medical care, to various third parties.

Data from every living person at the your surgery will be extracted and uploaded to NHS Digital. Every man, woman, and child.

Unless you have opted out.

What will be extracted from my medical record?

Pretty much everything.

Almost a full copy of your GP record.

Information about your:

Information from the following sections in your GP record:


Is this anything at all to do with COVID-19?

NO.

GP surgeries are already, and quite separately, providing NHS Digital with information for that (they are legally compelled to).


Will anything "sensitive" be extracted from my GP record?

YES.

Lots and lots. More than I can possibly fit on this web page.

medConfidential have a list that you can look at here.

Almost a full copy of your GP record.

Legally restricted codes for Gender Recognition, Human Fertilisation and Embryology will not be collected.

Other items not collected are as follows:

NHS Digital does not collect names and full addresses - because it does not need to. It already holds that information about you within the Personal Demographics Service that it is the data controller for.

It can easily link your medical information to your demographic data.


Will I be asked for my consent before my data is extracted and uploaded to NHS Digital?

NO.

If you do nothing, this will happen by default. All you can do is to object to it : to opt-out.


Consent - your informed, explicit permission - plays no part in care.data2

At no point - ever - are you asked for your permission for anything to happen to your medical records.



Is this really an "NHS data grab"?

grab (verb) \græb\

: a sudden attempt to hold, get, or take something

NHS Digital aren't asking for your information.

They're not asking you for permission.
Your consent plays no part in care.data2

They're not asking your GP surgery for permission.
Your surgery is legally compelled to upload.

They're taking your information.
Legally, but arguably not fairly. Not transparently.

And it's going to happen very soon.


Will I be informed about this extraction of my personal confidential information to NHS Digital?

Well, you're being informed by reading this site. But millions of people simply will not have a clue that this is happening.

Their right to be informed is not being upheld. And, as a consquence, they will not be afforded the right to object : the right to opt-out.

No radio or TV ads, no letters to individuals, no junk mail to households. On the quiet.


Can I ever get my uploaded information deleted, for example if I opt-out after 1st September?

NO.

No. You can never get your uploaded GP record deleted.

There is no Right of Erasure.
There is no "Right to be Forgotten".

NHS Digital will never stop processing your uploaded information, even if you opt-out, even if you die, and will continue to disseminate/trade it in anonymised, pseudonymised, and clearly identifiable formats.

Forever.


"Patients do not have a right under the UK GDPR to request deletion of their data collected by NHS Digital as part of this data collection. This is because the legal basis under the UK GDPR for the data to be collected is Article 6(1)(c), legal obligation and the right to be forgotten under Article 17 does not apply in these circumstances."
NHS Digital, FOI response


NHS Digital are not saying that they can't delete your data - they absolutely can reidentify your information and delete it.
They're saying they won't delete it.


Will my information be anonymised by my surgery before it is extracted and uploaded, or upon arrival at NHS Digital?

NO.

Your information is not anonymised by your GP surgery before it is sent to NHS Digital.

Your information is not anonymised by NHS Digital once received by them.

Click to drop down/close more information about anonymisation and caredata2

Neither your uploaded GP record nor the caredata2 database is anonymised.

If it was anonymised by your GP surgery, before uploading to NHS Digital, then there would be no Type 1 opt-out for this.
Because the Type 1 opt-out prohibts the disclosure of identifiable information from your GP record.

And the information uploaded to NHS Digital is identifiable (to NHS Digital), personal confidential data.

It will be pseudonymised at source, so made less identifiable. But not anonymised.
NHS Digital hold your data in a pseudonymised format, and NHS Digital hold the "key", so you can, and will (upon request, and if justified), be reidentified.

And pseudonymised data could quite easily identify you if it was given to an organisation that already holds other data about you.

Pseudonymised data remains personal data, and remains confidential data.
It remains subject to the UK GDPR, the Data Protection Act 2018, and the Common Law of Confidentiality.

Yes, NHS Digital can produce anonymised data analytic outputs, which may or may not contain information about you (you'll never know and never be able to find out if so). But that's the extent of "it's anonymised" in caredata2.

And even then, your linked record as held by NHS Digital is so rich in information about you that, arguably, effective anonymisation of individual records is not possible.


Can I request that only anonymised information about me is uploaded?

NO.


What will NHS Digital do with my personal confidential information?

It will link it with any corresponding information about you that NHS Digital has obtained from NHS Trusts, mental health providers, ambulance trusts, and community providers, and then disseminate the linked information about you to third parties, for purposes such as commissioning, population health management, NHS planning, and research.

Any purpose beyond your direct medical care, if so badged as "healthcare".

NHS Digital may anonymise your linked information before disseminating it.

NHS Digital may keep your linked information as pseudonymised before disseminating it.

NHS Digital may re-identify you before disseminating your linked information (clearly identifiable information).
It can do this because it holds the reidentification key.

Recipients of your linked information will be from within the NHS and out with the NHS, including:

some in the UK, some overseas.

Any organisation that can convince NHS Digital that it needs your information for "healthcare purposes", for "planning", for "research".

You can see, in detail, the types of organisations with which NHS Digital currently trades information, here:

www.theysolditanyway.com

There may well be "panels" scrutinising applications for your confidential medical information (such as IGARD - and one would expect nothing less), but every decision about who can access your information, for what purpose, at what price, and in what format, is made by someone else other than you.

You may be happy about that, or you may not.


Will NHS Digital sell/trade my information to those requesting it?

You decide. NHS Digital are not giving away your information for free.

sell (verb) \'sel\

: to exchange (something) for money
: to make (something) available to be bought
: to be able to be bought for a particular price

trade (verb) \'treid\

: exchange (something) for something else, typically as a commercial transaction


NHS Digital charges money in exchange for providing data that it holds, especially if it contains personal confidential data.
"Paid dissemination", if you'd rather call it that.

That they make little or no profit from such trading is irrelevant (and perhaps poor business acumen).

How much will organisations have to pay to get hold of my personal data?

It depends on the format of your data.

The full NHS Digital price list - the "menu" - is here.


Can I request that NHS Digital anonymise all the information that it holds about me?

NO.

NHS Digital will not anonymise all the information that it holds about you.

NHS Digital cannot anonymise that information, as if they did:

NHS Digital hold information about you in a linked, pseudonymised format, and adds to your personal record on a daily basis.
They hold the "key" and can easily reidentify your record as a result, if so required or requested.
They can match your linked record to your demographic details (name, address, telephone number, email address).

They coudn't do that if your information had been anonymised.


Opting out of caredata2 - the Type 1 opt- does not prevent your GP surgery from providing completely anonymised, or aggregate (just numbers), data to anyone (including NHS Digital), for any purposes, including NHS planning, disease surveillance, prescription monitoring, and medical research.

Such information is anonymised, or aggregated, by the surgery and before it is disclosed to any recipient.

The Type 1 opt-out does not prevent any of that.

Click to drop down/close more information about GP surgeries and anonymised data

GP surgeries already do this via aggregate data uploaded from GP systems as part of the Quality and Outcomes Framework (QoF) - data that cannot identify you.

Many practices contribute information to QSurveillance, a real time clinical surveillance system based on data from 3,400 EMIS general practices spread throughout the UK. QSurveillance collects, analyses and reports of rates of infectious diseases and vaccine uptake (flu, pneumococcal, DTaP/IPV/Hib, MMR, shingles and rotavirus), but crucially only extracts summary data which is aggregated (just like QoF).

Much is made of prescribing data - that is, the prescriptions issued by GPs, dispensed by pharmacies, and taken by patients. That data is already available, via NHS Prescription Services.

The Type 1 opt-out does not prevent any of the above.



Will doctors and nurses treating me have access to the information in the caredata2 database?

NO.

Medical staff treating you in GP surgeries, hospitals, A&E, pharmacies, NHS 111 call centres and GP out-of-hours centres will not use, or be able to use, this database.

They will have access to your medical information in other ways, such as their own clinical records, access via the National SCR, or local shared care record schemes..
A Type 1 opt-out will not prohibit such access.

care.data2 is not about sharing your medical information with doctors, nurses and other health professionals outside of your GP surgery.

It's not about enabling the sharing of patient medical records between hospitals and GP surgeries.
It's not about the ways in which your GP shares information about you as part of providing essential medical care.
It's not about ensuring that hospital specialists have the information that they need when you are referred to see them.
It's not about creating a single electronic record that can be viewed by healthcare professionals in any clinical setting.
It's not about submitting information so that GP surgeries and hospitals are paid appropriately for the care that they provide.

It is about data extraction, linkage and analysis: in other words, data mining.
A "data trawl", if you prefer a commercial fishing analogy.


Can I limit the information uploaded about me under care.data, e.g. not include certain diagnoses or my smoking/alcohol habits?

NO.

It's your whole GP record, and everything in it, or nothing.


Will it be a one-off upload of my data?

NO.

Your GP data will continue to be uploaded, on a daily basis. So any new diagnoses, medication prescriptions and results will be automatically uploaded and added to the copy of your record held by NHS Digital.


Who will be the data controller for my uploaded information?

NHS Digital will be.

Once the data has been extracted, the GP practice is no longer the data controller for that information, and cannot control or protect in any way how that information is used, shared, sold, or who has access to it.

Your GP will neither be the data controller nor any sort of joint data controller with NHS Digital for your uploaded information.


Is this really care.data2?

YES.

Click to drop down/close more information about the similarities between care.data1 and care.data2

Just like its predecessor, care.data2 involves:

But care.data2 is:

NHS Digital will use care.data2 as a replacement for certain existing data disclosures by GP surgeries (so called GPES extractions), because the extraction now involves so much information from the GP record.

But that does not make this extraction, and this project, any less of another care.data



Your anonymised and aggregate data

Will I be informed when my anonymised or aggregate data is released or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Will I be asked for my consent before my anonymised or aggregate data is released or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


Consent - your informed, explicit permission - plays no part in care.data2

At no point - ever - are you asked for your permission for anything to happen to your medical records.



Can I object to my data being provided or sold to organisations in an aggregated or anonymised format?

NO.

You cannot prevent, or control in any way, the release or sale of aggregate data about you from NHS Digital.

You cannot prevent, or control in any way, the release or sale of anonymised data about you from NHS Digital, even though it could possibly identify you.

Aggregate and anonymised data, because they are de-identified, no longer count as personal data and so fall outside of GDPR and the Data Protection Act and the Common Law of Confidentiality.

That means NHS Digital can give or sell any aggregate or anonymised information about you:

You won't know that it's happening, and you won't be able to find out if your information was used in this way.
NHS Digital won't tell you, and will claim they can't tell you.



Your pseudonymised, personal confidential information

Will I be informed when my pseudonymised information is released or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Will I be asked for my consent before my pseudonymised information is released or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


Consent - your informed, explicit permission - plays no part in care.data2

At no point - ever - are you asked for your permission for anything to happen to your medical records.



Can I object to my data being provided or sold to organisations in a pseudonymised format?

NO.

You cannot prevent, or control in any way, the release or sale of pseudonymised data about you from NHS Digital.

Although pseudonymised data could quite easily identify you, you cannot stop NHS Digital from releasing or selling your uploaded GP data to organisations in this format.
Nor can you insist that it must not be released or sold to organisations that may hold other information about you.

You won't know that it's happening, and you won't be able to find out if your information was used in this way.
NHS Digital won't tell you, and will claim they can't tell you.



Your clearly identifiable, personal confidential information

Will I be informed when my clearly identifiable information is released or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


Will I be asked for my consent before my pseudonymised information is reidentified by NHS Digital?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


Will I be asked for my consent before my data is provided or sold to organisations in a clearly identifiable format, once I have been reidentified by NHS Digital?

NO.


Consent - your informed, explicit permission - plays no part in care.data2

At no point - ever - are you asked for your permission for anything to happen to your medical records.


Click to drop down/close find out more about disclosure of your clearly identifiable information

Organisations seeking your identifiable, personal confidential information can obtain approval by the Confidentiality Advisory Group (CGA) of the Health and Rsearch Authority (HRA) for such a disclosure by NHS Digital. That authority sets aside the normal requirement for your explicit permission (your consent) to be required first, and such information can be requested for both research and non-research purposes.

You might be asked for your permission, first, in a few exceptional circumstances. That is where an organisation is seeking authority from CAG simply for NHS Digital to disclose your contact details (which is still personal confidential data) in order for you to be invited to contribute to a specific research study. Such approval would be granted as Class 3 support under Regulation 5 of COPI 2002.

But you won't be asked for your consent before your contact details are provided to such organisations.
You only might be asked for your consent after you have been contacted.

In reality, such applications simply for Class 3 support are rare. Most simply ask for disclosure of medical information without consent, using class support under Regulation 5 of COPI 2002.

CAG provides authority for non-consented disclosures of personal confidential information, where consent would not be feasible, from all data controllers in England and Wales, not just NHS Digital.
But with care.data2, NHS Digital will hold the largest amount of confidential information, by far.

Organisations can also simply request that GP surgeries to write to such patients (identified by their GP), inviting them to make contact with the researchers if they wish to participate - without the initial disclosure of any confidential information to the research organisation. Any subsequent disclosure of medical information would then come from the GP surgery (not NHS Digital) with the express consent of the individual who had signed up to the study. CAG authority would not be needed as no non-consented disclosures would be taking place.


Can I object to my data being provided or sold to organisations in a clearly identifiable format, once I have been reidentified by NHS Digital?

YES.

That is what the National Data Opt Out is for.

Remember - the National Data Opt Out will not stop your GP record being uploaded to NHS Digital in the first place.
The Type 1 opt-out will though.

But be aware of this: the National Data Opt Out is not guaranteed.

"However, CAG can, in exceptional circumstances, approve an application that has robust justification for opt-outs to be overridden, for example 100% inclusion is statistically required. In such rare situations CAG can deem that there is an overriding public interest for the research to go ahead without opt-outs being upheld."
GDPR: Lawful basis, research consent and confidentiality, Medical Research Council

The National Data Opt Out does not stop every identifiable disclosure about you. More on my other site.



All data formats

Do I have any say in who my data (anonymised or otherwise) is given to, or for what purpose?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to particular aspects of my data (anonymised or otherwise), such as certain diagnoses, being provided or sold to organisations?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided or sold to particular organisations, or for particular research, that I find ethically unacceptable?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided or sold to organisations based overseas?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided or sold to organisations who might already hold other information about me?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided to government departments, like DWP and the Home Office?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided to the police or security services?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I insist that my data (anonymised or otherwise) is provided only for health research and NHS planning, and not given or sold to commercial companies or insurance companies?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I insist that my data (anonymised or otherwise) is provided or sold only to organisations within the NHS?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being provided or sold in ways that might contribute to the closure of local NHS services (such as my local A&E department or hospital trust)?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I object to my data (anonymised or otherwise) being monetised - sold by NHS Digital?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.

Can I insist that NHS Digital charge for access to my data (anonymised or otherwise), and that all profits made are reinvested into the NHS?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


Will setting my National Data Opt Out stop NHS Digital providing or selling any and all information about me?

NO.

You lose all control of your GP record once it is uploaded to NHS Digital.


What about my children's records?

NHS Digital is taking everyone's medical records, no matter how young or old you are. As soon as newborn children are registered at their GP surgery, their data will be uploadable.

Your children's medical records will be uploaded too, on 1st September, unless you opt them out.

When your children are old enough to understand and make a decision for themselves about the transfer and use of their data in this way, they will never be able to get that information deleted should they wish. It's far too late.

You do not need to see, discuss with, or seek the permission of your GP (or anyone else for that matter) before opting your children out of care.data2, if they are too young to understand and make that decision for themselves.

An opt-out for your children now means an opt-in if and when they want, when they're older.

You can give them that choice - and ensure that they retain control over their medical information.


What happens when I die?

When that happens, no further information flows from your GP surgery to NHS Digital (as if you had opted out whilst you were alive).

But NHS Digital retain all the information that it has on you, and can continue to disseminate and trade your information long after you die.
Seemingly, forever.

Your digital legacy is important, and few people have considered it, despite most of us having a very large amount of information "online".

When you die:

So, consider whether you want your GP record to be used, by NHS Digital and indefinitely, "beyond the grave" - and if you do not want that, then opt-out before 1st September. Remember, it's too late if you opt-out after that date.


Can I find out what information NHS Digital holds about me, now, and in the future if I don't opt-out?

YES.

Your can make a Subject Access Request (SAR) to NHS Digital.

Click to drop down/close more information about subject access requests and NHS Digital

By law, NHS Digital must then provide you with information that it holds about you.
You can ask for:

And after 1st September, assuming you do not opt-out:

By law, NHS Digital must provide you with this information within 30 days, and it costs nothing to make a Subject Access Request.



Your GP surgery

Is it true that GP surgeries do not share data?

NO.

GPs do share information about patients as part of providing excellent clinical care, for example:

Have a look at this surgery's detailed privacy notice to see the myriad of ways that GP surgeries share information.

But GP surgeries do not upload vast amounts of personal, confidential and identifiable information about you, from your GP record, forcibly, hurredly, without your explicit consent and probably without your knowledge, to databases out with your GP surgery, into the hands of different data controllers, for purposes unrelated to your direct medical care.

Until now, that is.


Will care.data2 be the only source of information from my GP record for NHS Digital?

NO.

NHS Digital already hold some information about you, derived from your GP record.

Some of that information will have been provided through other routes, in many cases a mandatory disclosure from your GP surgery.
Some information will have been provided to NHS Digital because of COVID-19.

Opting out of care.data2, via the Type 1 opt-out, won't affect data about you that NHS Digital already hold.


Will my GP surgery mind if I opt-out?

NO.

Your GP surgery justs wants you to find out what's going to happen to your medical records, read, think, and decide whether to opt-out or not.


If I opt-out now can I opt back in later?

YES.

You can opt back in to care.data2 at any time in the future.

If you want.
When you want.
It then becomes an opt-in scheme for you - so your record will only be uploaded with your explicit consent.


Will my GP surgery undertake a Data Protection Impact Assessment (DPIA) before proceeding with the processing of personal data in this way?

Maybe.

They should, by law.

They should be able to demonstrate a DPIA that they have produced, in order to be accountable.

The ICO has made it clear that the surgery is the data controller, and where a DPIA is warranted the surgery is therefore responsible for it.

But surgeries are overwhelmed at present, with NHS work, with COVID work, with vaccinating the population.

They simply will not be able to provide the information blitz required to uphold their patients' right to be informed.
They will find it very challenging to undertake more than a cursory DPIA.
They absolutely should undertake a DPIA first.

No-one can do a DPIA on their behalf. There is no data processor involved in the processing to NHS Digital (who becomes the data controller for the uploaded information).

And they haven't been provided with the NHS Digital DPIA to help them. That's not in the public domain.


Will my GP surgery be breaching the common law of confidentiality by uploading my personal confidential information to NHS Digital?

NO.

The Common Law of Confidentiality mandates that there be a legal basis for the disclosure and processing of such information for secondary uses.
For example, the explicit permission of the individual, or approval by the Health and Research Authority - Regulation 5 of The Health Service (Control of Patient Information) Regulations 2002.

One other legal basis is "legal obligation" and as GP surgeries are under a legal obligation to upload to NHS Digital for care.data2, no legal breach of confidentiality will occur.


Is care.data2 unlawful?

Maybe. Almost certainly, had uploads commenced on 1st July.

But all such processing must comply with the principles of the UK GDPR and the Data Protection Act 2018.

Everyone has the right to be informed. To know what is going to happen to their information and what they can do to stop such processing, should they wish.

If people - in this case, the entire population of England - are unaware of what will happen, and so their right to be informed is not being upheld, then that is neither transparent processing nor fair processing.

If people cannot opt-out because they don't know that they can opt-out, or they are told to opt-out via the National Data Opt Out when that will not stop extraction and uploading of their GP record to NHS Digital, then that is neither transparent processing nor fair processing.

And if processing of our most personal and confidential information is neither transparent nor fair, then that is unlawful.


Can my GP surgery refuse to supply information to care.data2?

NO.

GPs are legally compelled to upload to NHS Digital. They cannot refuse to comply.
You can read the data provision notice that compels them to process your information in this way.

But you can refuse to supply your personal confidential information to care.data2, if you so wish.


Where can I find more information about care.data2 (GPDPR), and sharing medical records in general, so that I can make an informed decision about opting out?



Opting out of care.data2 / GPDPR

So do I stop my GP record from being uploaded to NHS Digital? How do I opt-out of care.data2?

If you decide to opt-out then it's easy. Just ask your GP surgery to record a Type 1 opt-out in your GP record and those of your family.

And if you do decide to opt-out, do this fast. Uploads to NHS Digital start on the 1st of September, and whilst an opt-out recorded after that date will prevent any future uploads to NHS Digital from your GP record, it will not result in your already uploaded data being automatically deleted by NHS Digital.

They will hold your GP record forever. And they can then process it forever.

You cannot get your uploaded information deleted.

And even if you could, any information about you traded by NHS Digital, and provided to third parties, is gone forever.
Pretty much untraceable. You can never get that information deleted.

You can fill in any one of the forms below, and hand it in to your GP surgery, or post it, or email it.


You need the Type 1 opt-out to prevent your GP record being uploaded.
The National Data Opt Out will not prevent the extraction and upload to NHS Digital.


It does not matter if you have opted out previously.
It does not matter if you're not sure if you've opted out previously.
It does not matter how many times you opt out.

If you're not sure whether you have opted out previously, just opt out again.
Your GP surgery won't mind.
It's far easier for them just for you to opt-out again, than for you to try to contact them to make that enquiry.


You can opt-out verbally at your practice should you wish. A verbal expression of your wish to opt-out is perfectly valid.

You can do so if you happen to be having a telephone conversation with a member of staff at the surgery, or a telephone consultation with a doctor or nurse.

You can do so if you happen to be having a face to face surgery appointment with someone at the surgery.

But, please, do not make a GP appointment just to opt-out.


Remember - you can opt back in (and revoke your Type 1 opt-out) at any time in the future.

You do not have to lose all control of your medical records to help the NHS with research and planning.

Do not let anyone tell you that care.data2 is the only way.

Click to drop down/close more information about why you shouldn't worry about the Type 1 opt-out

Do not worry about the Type 1 opt-out.

Neither opting out of care.data2, nor setting your National Data Opt Out to "do not share", have any effect on your direct medical care.

Neither opting out of care.data2, nor setting your National Data Opt Out to "do not share", prevents you form contributing to medical research - if you are asked for your explicit permission first.

Have a look at my National Data Opt Out site, or read this leaflet about Type 1 opt-outs, to be reassured about this.

They are your medical records and you have the absolute right to determine if, how, and why, they are being used for purposes beyond your direct medical care.

Research is important, but it must be undertaken correctly, fairly, ethically, with people being informed, given time to decide, and with people having the right to object at any time.

The Type 1 opt-out and the National Data Opt Out:

The Type 1 opt-out and the National Data Opt Out:

Neither the Type 1 opt-out nor the National Data Opt Out will prevent you from using the NHS App (or any other, similar, online services app), or any of the features it provides, including secure online access to your electronic GP record.



Feel free to send me constructive comments about this site.

Neil.Bhatia@nhs.net

PGP public key: 9651 BDC9 46B5 7768 3B3F AF79 8FE1 DACC FEFA 344F

S/MIME public key: 61EA AD3A 8356 258B 4390 4362 AE0C 8DCA 3ACC 50CA


Last updated: 13.06.2021


Privacy Policy

This website is hosted by 1&1 IONOS Ltd.

This website does not accept or host any advertising.

This is a non-commercial website and receives no external source of funding from any organisation.

This website does not use first-party cookies, third-party cookies, or ad-trackers..

This website does not collect or process personal data.

This website does not use Google Analytics or Facebook Pixel.

All links from this website are provided for information and convenience only.

This is a personal website and in no way affiliated with any GP surgery or Clinical Commissioning Group.

Back to index