You may have heard in the papers or on the news recently about a new system that will extract data from our GP systems. The new data extraction system is called ‘General Practice Data for Planning and Research’ (GPDPR). General Practice Data for Planning and Research (GPDPR) – NHS Digital
NHS Digital has told practices that the new programme to extract data from GP IT systems will begin on 1st July 2021. The GPDPR service will replace the existing General Practice Extraction Service (GPES) that has been in place for the last decade.
The overhaul means that from 1st July NHS Digital will begin to extract a much broader range of patient data – including diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health, data on sex, ethnicity, sexual orientation and data about staff who have treated patients.
Essentially what this means is that almost all the coded data from your patient record will be taken and pseudonymised (not anonymised – see info below), to potentially link with other data sources for the purpose of research and planning.
What does pseudonymised mean? This means the records are ‘key-coded’; they have all identifying data removed and can only be traced back to individuals using a ‘key’ which can be stored securely and separately from the patient data. In the future, if there was a valid reason, the data could be traced back to the individual patient using the ‘key’.
GPDPR going ahead under legal legislation and the data extraction is due to begin on 1st July 2021.
You are not being asked first.
You have the right to prevent your own data being extracted – to ‘opt-out’ if you wish.
But, time is running out.
NHS digital has set a deadline of 23rd June 2021 for you to opt out.
We feel this is wrong. We didn’t know about this until last week and NHS digital have not publicised this in the way we would have expected in order to ensure everyone is aware of the new system and the options to opt out if they wish. There has not been enough time. We have around 8500 patients and 2 weeks is not sufficient time for us to process the opt out forms before the deadline.
Therefore, we have decided that we are unable to comply with the legal requirement to switch on this data sharing before the 1st July 2021. We are aware this puts us in breach of the Health and Social Care Act 2012 but, as always, we will put what we think is our patient’s best interests first.
However, as it is a legal requirement we won’t be able to put it off forever, so please do your research, have a think and get your opt out forms to us if that is your preference. We will not switch on the ability for the extraction until we are satisfied that our patients have a) been adequately informed of this new (GPDPR) legal direction, b) had access to the privacy policies and c) had considered time to object to data sharing by lodging a type 1 opt out request. We anticipate that we may be ready to switch it on by 1/9/21 so if your opt out forms come to us later than 23rd June please don’t worry, your data will still be safely stored with us. We will post a notice here in advance of switching on the GPDPR system.
How to opt-out:
Type 1 opt out: You need to request a Type-1 opt out by completing a form and sending it to us.
Please put your form:
- through the letterbox,
- hand it to reception,
- post it to us at Hornchurch Healthcare, 58B Billet Lane, Hornchurch, RM11 1XA
- or scan and email to HAVCCG.email@example.com
Type 2 opt out: The national data opt out that you can set online, or via the NHS App, will NOT prevent GPDPR data extraction (this opt out relates to data held in the rest of the NHS, not GP surgeries, and you can opt out of this too if you wish). Make your choice about sharing data from your health records – NHS (www.nhs.uk)
Once NHS digital have your data they can choose to anonymise it at any time. Once they anonymise your information, it is no longer subject to the data protection act 2018, the common law of confidentiality or GDPR and they can then trade it with anyone, anywhere in the world, for any purpose or price. There is no requirement to let you know your data has been used and you will never know.
Useful sites for more information:
Link to our privacy policies: