NHS England warned about plans to extend Covid-era rules for patient data access

A group overseeing UK health data sharing has advised the government not to expand legal rules allowing access to patient information introduced during the Covid pandemic until there has been further public consultation.

NHS England's Advisory Group for Data (AGD) was responding to a move by the ruling Labour Party. This expansion of the original remit is awaiting direction from the secretary of state for health, Wes Streeting.

NHS England, the government quango, is seeking to scale the scope of research away from purely Covid topics to also include "service evaluation, clinical audit and health surveillance."

In minutes of its 19 September meeting, the AGD says the expansion project - dubbed NHS England Secure Analytics Service Pilot Directions 2024 - planned to widen the scope, but this should not take place until there is further dialogue with the public.

"NHS England [has said] that the ongoing engagement / transparency would be undertaken concurrently with the progression / launch of the Direction; however, it was suggested by the Group, that the Direction does not progress further without a communication / engagement plan being in place," it states.

NHS England first announced the platform expansion last year. It relates to the OpenSAFELY service, developed in collaboration with the Bennett Institute for Applied Data Science at the University of Oxford.

OpenSAFELY won praise after creating a COVID-19 analytics platform that can draw from 17 million NHS records. Its model avoids extracting sensitive patient records and instead runs analytics with the data in place within its original data store - largely GP systems. Analysis is carried out by a select group of data scientists and the only data leaving the group is summaries of specific queries. All queries of the data are logged.

The service has enabled a number of clinical research projects, including a study of Covid risk factors published during the early stages of the pandemic.

However, AGD warns that the expansion of the use of OpenSAFELY in the NHS England pilot - officially NHS England Secure Analytics Service Pilot Directions 2024 - raises questions about data governance.

The minutes add "that the documents provided with the Direction were subject to ongoing internal governance and therefore still in draft" and highlighted "potential inconsistency in the Direction.

"It was noted that there needs to be consistency with the handling of data and if there is an inconsistency, then this should be clearly justified," the AGD minutes note.

The Register has given NHS England the opportunity to respond.

At the time NHS England announced its plan to expand the use of OpenSAFELY, professor Ben Goldacre, science communicator and director of the Bennett Institute for Applied Data Science, said:

"OpenSAFELY has shown that it's possible to address privacy concerns, and also deliver research outputs at scale, in collaboration with our diverse community of analyst users across the country. We are excited to be working ever more closely with NHS England on this important service."

Earlier this month, Streeting said he was directing NHS England to remove from GPs the "burden" of getting patients' consent to share their health data.

"Just like they did during the pandemic, if a patient explicitly consents to sharing their data with a study, NHS England will take responsibility for making this happen. In return, we will demand the highest standards of data security," he told the Royal College of General Practitioners.

In a blog post, campaign group medConfidential said:

"Streeting wants politicians, him, not doctors, [to] decide who can see and read your medical notes for what and where. This isn't immediate as it'll take a few years to grab... but once he has the data he can do what he likes. And you will not be able to do anything about it." ®