‘Data saves lives’ is the new slogan of the proponents of NHS Digital’s giant database of patient information. The plan is to take all the coded information from the GP records of patients in England to use for planning and research. This data includes all diagnoses of physical and mental health problems, medicines prescribed, smoking and alcohol consumption, and a huge amount more.

This information will be downloaded in a pseudonymised form: this means that the name, exact date of birth, postcode, and NHS number will be hidden, although NHS Digital will hold the key to re-identification, which they say they will do in certain legal circumstances.

This data will be shared to enable research and planning, and never for ‘solely’ commercial purposes. The organisations with whom NHS Digital may share this data include universities, charities, NHS bodies, other government departments, and pharmaceutical companies.

Most people want to help medical research: there were rapid advances in treatments for Covid-19, which were helped by the availability of huge amounts of patient data under emergency regulations which only apply during a pandemic. This research undeniably saved lives. However, there are a number of reasons why some doctors, researchers, and privacy campaigners are unhappy about the current proposals.

Some have reservations about NHS Digital’s industry partners: it has teamed up with a data tech company called Palantir, better known for its work in defence and surveillance, but now apparently keen to enter the health information arena. They originally offered their services to the NHS as part of the pandemic response for the price of £1 for three months’ work, and have since then been awarded two further contracts, for £1 million and then £23 million, all without open competition. The contracts were revealed only after threat of legal action.

Other concerns relate to data security. NHS Digital reassure us that they have robust procedures in place to protect patients’ confidential information and all requests for data are vetted carefully. Contracts will prohibit the re-identifying of patients from their data, but technically this is not very difficult to do, if someone was minded to break the terms of their contract. They say that data is the new oil, and so the incentives to use patient data outside the rules would be considerable.

Even if we could be totally confident about the security of our personal information, there are important questions to answer about the ethics of handing it over without consent. Patients seek guidance from their doctor when they are ill or need help, and do not expect their information to be handed on without consultation. To do so would be not only unethical, but would destroy patients’ trust in their doctors, and with it our capacity to help and heal. As a doctor, you are nothing if you do not earn and keep your patients’ trust.

The plans for this database have been in development for three years, and discussions have involved NHS Digital, research organisations, and professional bodies such as the Royal College of General Practitioners and the British Medical Association. Interestingly, these last two left the table in February this year, unhappy with the direction of travel – so the statement on their website that ‘NHS Digital has engaged with the British Medical Association (BMA) [and the] Royal College of GPs (RCGP)’ is strictly true, but misleading.

The timetable for data extraction was announced, very quietly, on a website on 12 May 2021, with an original deadline of 23 June for patients to opt out (now postponed until 23 August). The whole process seemed designed to slip past doctors and patients before anyone noticed.

During a previous attempt to build a database like this, care.data in 2013, leaflets were sent to every household detailing the proposals. Patients objected to the exploitation of their data for commercial purposes and opted out en masse, leading to the abandonment of the project.

Lessons could have been learnt from this failure about the need to engage with the public about proper use of their information, and consent processes. Instead, the main conclusion appears to have been that if they are open with the public they might object, so it is better to keep schtum and hope no one notices.

GPs are under a lot of pressure at the moment, but now have the added burden of communicating a plan they know little about to their patients and processing their opt-outs. To add to the confusion, there are two separate types of opt-out: one is a National Data Opt-out, which is what you will find if you search online, instructs NHS Digital not to share your data with anyone else; if you want to stop your GP handing over the data in the first place, you need to fill in a Type 1 Opt-out, and give it to your practice. This leads to the inevitable conclusion that NHS Digital does not want patients to know: if they really intended to offer choice, we would have a national information campaign and a simple, opt-in system.

There isn’t a binary choice between supporting medical research and maintaining complete data security. Software techniques are now being developed which enable research to proceed without data being downloaded – code is used to ask questions within the medical record with only the answers being extracted. This is likely to be the way forward.

Data can indeed save lives, but that doesn’t mean I am ready to trust NHS Digital, Palantir, or our government with my patients’ confidential medical information – nor do I have a right to hand it over without asking them.