Out-Law / Your Daily Need-To-Know

New law to prevent sale of health data for commercial purposes

Out-Law News | 03 Mar 2014 | 5:17 pm | 2 min. read

New UK legislation will ban the disclosure of aggregated patient medical records for commercial purposes, according to media reports.

The law is set to be introduced later this week in response to concerns about how patient records are to be collected and used under a new data sharing regime in England, according to a report by the Daily Telegraph.

Under the 2012 Health and Social Care Act, a new Health and Social Care Information Centre (HSCIC) was given power to compel the gathering of certain patient data gathered from GP surgeries in England to add to the patient data already gathered by hospitals in a new database, known as 'care.data', unless individuals opt out.

As well as using the data to improve health services, HSCIC has the power to grant third parties access to the data it collects for certain purposes and under certain circumstances, including for medical research.

However, earlier this month NHS England announced that the care.data programme, which was due to start in April, would be postponed by six months after admitting that it had failed to explain sufficiently how patients' data would be used and how individuals could exercise a right to opt out.

To address concerns, new laws will be outlined to prohibit the HSCIC from disclosing data from the care.data database for commercial purposes, the Telegraph reported. Last week it emerged that some patient data previously collected by hospitals had been shared with insurance industry body the Institute and Faculty of Actuaries.

"[This] puts beyond any doubt that the HSCIC cannot release identifiable, or potentially identifiable, patient data for commercial insurance or other purely commercial purposes," a spokesperson for the Department of Health said, according to a report by the Guardian.

According to the Telegraph, the new laws to be introduced will also ban organisations that have previously been found to have breached the UK's Data Protection Act from gaining access to the data collected under the care.data programme. The opt out regime will also be formalised under the new statutory provisions, the report said.

In response to questions by MPs at an inquiry into the 'care.data' scheme last week, Tim Kelsey, national director of patients and information at NHS England, said that it was important for health care providers to be able to access both hospital data and GP records to improve health care services. He warned that the future of the NHS would be at risk if 90% of patients decided to opt out of allowing the data stored about them by GPs to be included in the care.data database.

During the parliamentary session, Dr Chand Nagpaul, chair of the British Medical Association's GPs Committee, outlined concerns he said GPs had with the care.data scheme. He emphasised the need for there to be an "assurance to the public" about the safety of their medical records.

"At the heart of our concern as GPs is that if patients mistrust, or are concerned about the security of their data, or have concerns about how this data will be used, that would actually, potentially, irrevocably damage that fabric of trust when a patient walks into a GP surgery," Nagpaul said. "And that may actually have other consequences around confidence in the way the NHS records data, it may actually result in patients not attending their GP surgery at all for fear of what may happen to their records or data or if they do attend actually be inhibited in being totally open about some things and maybe not about others."