Home General Info & Awareness NHS Digital : New Medical Records Data Harvesting Scheme

NHS Digital : New Medical Records Data Harvesting Scheme

by InvisiblyMe
An image of someone's hands touching a screen; the background is deep blue and there's a digital overlay of colour and silhouettes of people in circles to suggest an interconnectedness of data online. Below is the post title - NHS Digital New Medical Records Data Harvesting Scheme.

The NHS holds over 67 million files across GP surgeries that contain patient medical records, detailing all appointments, diagnoses and treatments. This private, personal information is what’s at the heart of the latest change within the UK’s healthcare system. 

The New NHS Digital Data Grab

NHS Digital, the body overseeing data use within the NHS, has developed a new scheme: General Practice Data for Planning and Research. This essentially involves all GP practice records for every individual in England to be uploaded to the NHS Digital’s own central database

This was originally set so that from July 1st 2021, the records from GP practices for all NHS patients across England will be uploaded to the NHS Digital-owned central database. This meant that patients had until the 23rd June 2021 to opt out this new data sharing scheme. The short deadline and lack of publicity was received with much criticism and has now been pushed back to 1st September 2021

“To provide more time to speak with patients, doctors, health charities and others, the collection of GP data for Planning and Research in England has been deferred from 1 July to 1 September 2021”.

A stack of medical files with patient data on a table with a blue stethoscope on top.

It’s unlikely that all that many people have heard of this latest initiative, much less understand what’s involved. All patients in England will have their medical records uploaded to the central database unless they opt out.

If you’re happy to proceed – or simply fail to opt out – some or all of your confidential information can be shared with organisations that request it, for instance in an attempt to plan improvements for the NHS or in the name of medical research. 

This scheme has been given a thumbs up by Professor Chris Whitty, the Government’s chief medical officer. However, some doctors have voiced concerns over the rate at which this initiative has been rushed out and how it could affect patient trust in their GPs, who will be legally required to upload patient information to NHS Digital. 

The time extension to 1st September should allow for greater publicity to educate the public, though whether this happens remains to be seen.

It’s Nothing New

Of course, data sharing is nothing new. Within the NHS, confidential patient information has been shared for over 30 years. All data, such as from routine testing or planned surgery, is collected by NHS Digital. It’s believed that each year NHS Digital collates approximately 16 million ‘episodes of care’, which can include the likes of the patient’s name, sex, medical issues and home address.

This data is then available for ‘interested parties’, like other NHS bodies, data analysis, universities and even commercial companies. However, safeguards are stipulated to ensure patients are unable to be personally identified. Data requests from these interested parties are subject to a fee for processing the information. 

The General Practice Research Database is another that holds records, with around 5 million anonymised files being held for people across the UK since its inception in 1987. This is run by the MHRA to gather data from around 480 GP practices before passing data onto the likes of governmental departments, charities, universities and drug companies in the name of research. The MHRA claims to make no money from this initiative, though GPs get a one-off 10p fee per patient whose records are shared. 

In comparison, the new initiative starting now starting on 1st September 2021 takes things up a notch by including every individual in England, both adults and children. This is a much grander scale of data harvesting. 

The Benefits of Sharing Data

Apparently, the health records in Britain are so thorough that they’re considered to be among the best records worldwide. NHS Digital’s records indicate that 4,660 ‘batches of patient data’ were released in April 2021. The data harvested is thought to be imperative for improving NHS services and making them more efficient. 

  • The General Practice Research Database has proven vital for various breakthroughs. For instance, data used in 2004 led to a study to prove the MMR vaccine didn’t cause autism.
  • In 2008 the database was pivotal in confirming Cox-2 inhibitor painkillers used for arthritis increase the risk of strokes and heart attacks, enabling new use guidance to be developed. 
  • Covid-related data was also stored and used at the start of the pandemic to ascertain which individuals should shield. 
  • AstraZeneca was previously provided with patient data concerning heart disease rates. In this sort of example, a ‘research purpose’ belies the request, though commercial interest could be the driver and the pharmaceutical industry is then getting the data incredibly cheaply. 

NHS Digital make assurances that data and its release is ‘very secure’. Those requesting data must jump through hoops to ensure there’s a ‘legitimate’ need. 

A nurse in blue scrubs and a stethoscope around her neck is reading a medical record. She's in a room with lots of patient data files on shelves behind her.

Outrage & Criticism Of A Huge Data Grab

Critics are suggesting the roll-out of this scheme is being rushed through while the focus is on the pandemic, meaning it’ll fly under the radar without patients being aware of what it’s all about or the need to opt out should they not wish for their private information to be shared.

There’s also growing concern about the unprecedented scale of the scheme, which involves all records for all patients in England, where there’ll be details of all medical interactions you have potentially since you were born. Some are outraged at this “unwarranted” data grab, where patient data won’t be fully anonymous and where there’s risk of indirect selling of personal information to companies for profit.

There’s been little in the way of publicity of this new scheme of mass data harvesting. Even if you agree with data being used in such a way, many doctors and campaign groups are voicing concerns at the opportunism NHS Digital are taking rather than having patients adequately informed. 

Trust in data security and sharing has already taken numerous hits over the years, from data breaches to the intended sharing of confidential information without patient consent.

For instance, the Public Health England came under scrutiny in 2018 when around 180,000 lung cancer patients had their data shared with a consulting firm in the US that was affiliated with the tobacco industry. In another example, it was ruled in 2017 that research between the Royal Free NHS Foundation Trust in London and tech giant Google breached data protection legalities after 1.6 million patient files were shared. 

Then there’s also the issue of data sharing in general and the feeling that some people have of being watched, tracked and scrutinised in this increasingly online, connected world. Even if the data is secure and shared only in the circumstances of utmost importance, some individuals may simply dislike the idea and feel things are getting too invasive and reminiscent of ‘Big Brother’. Keeping things personal and private seem to be less possible as the years go by.

NHS Digital have said, with regard to this latest venture, that “we do not sell health and care data” and that they don’t share it with “marketing and insurance companies”. That’s great. But they don’t actually tell us who the information IS shared with. 

Campaigners are pushing for more information and greater transparency over the new NHS Digital scheme so that patients are aware of what’s going on, why, who sees their data and how to opt out. 

A stack of medical record files on a white table. Around them is a heavy duty metal chain and padlock to suggest data privacy and security.

Want To Opt Out?

If you don’t wish for your GP to upload your medical records to the new NHS Digital database, you’ll need to complete a type 1 opt-out form, which you should be able to get from your GP practice. Alternatively, call NHS Digital directly on 0300 303 5678 (open 9am-5pm Monday-Friday) and ask for one to be sent to you. Unfortunately this is not a free number to call.

You’ll need to return the form in advance of the transfer start date (September 1st 2021) to allow for the processing of your form. You can opt out after the deadline but this will only prevent new data from being uploaded; data already on the database won’t be erased. 

You can find more information on this new General Practice Data for Planning and Research on the NHS Digital website.

A black scroll divider.

I personally think it’s a double-edged sword because I can see each side of the argument. Technology is incredible in enabling the collation, sharing & analysis of data on an immense scale, which could be priceless for medical advances and improvements to healthcare.

But every individual needs to know of this initiative, and the public need to be given adequate, transparent information on what’s involved and who can gain access to the information. It would also be helpful to be assured of data safety given the potential for data breaches and how the data will be used, not just in theory but in reality.

Given as how most technical endeavours in the UK have bellied up at soon as they’ve started, I just hope NHS Digital’s central database is robust enough to deal with the traffic & hardcore nature of so many files being uploaded!

Do you think data sharing on this monumental a scale is helpful or a worrisome data-grab? 

Caz  ♥

Facebook   ||   Twitter  ||  Instagram

Related Posts


Jo Boyne June 18, 2021 - 5:16 pm

I’d love to see the positives to this data sharing. But considering Dido Harding is in the running to be the chief exec of the NHS after her shocking performances with data breaches in her previous jobs, I think it’s pretty reasonable to be concerned over it all.

There are too many questions.

WHY has this been rushed through during a pandemic?
WHY has been nothing said by GPs to us as patients?
Why is there NO publicity over this happening?

It’s like it’s all being done secretly, hoping that Joe Public doesn’t find out. Seems a bit sus.

And WHY is it compulsory data sharing? I think that ANY data sharing should be an opt IN, rather than consent being assumed if the patient doesn’t opt out. They should be getting patient consent to share the data!

Expecting people to jump through hoops by handing things into the doctors practice and filling in forms to opt out is a disgraceful way to do things.

They say they won’t sell this data to insurance companies. Sorry, I don’t believe them.

InvisiblyMe June 19, 2021 - 5:25 pm

If anyone were to take Dido Harding on, you would have to question their sanity. She still stands by her comment that the Test & Trace thing was a roaring success, which is ludicrous. If she becomes a head honcho of the NHS then there’ll be no words. It’ll be very, very suspicious if that happens.

I agree on the concerns over it being rushed through because it’s flown under the radar. I’m glad it’s been extended for a few months before it starts but more needs to be done to let people know about the scheme because this will affect every person in England.

Perhaps they don’t want people to get itchy feet, sign the form and keep their data private. It’s not easy and straightforward to opt out either, unless you know to go to the GP practice (and if each practice knows about the scheme to be able to advice or help you opt-out accordingly). It also worries me that they allow you to sign the form after the scheme has started, BUT any data already uploaded can’t be removed. Surely that’s not how things should work?

Thank you for sharing your thoughts on this. You make some excellent points. xx

ashleyleia June 18, 2021 - 5:25 pm

The NHS sounds dodgy in so many ways. A consolidated electronic medical record for the purpose of better care, and perhaps to provide universities fully anonymized data for research purpose, would be a good thing. No private companies should be getting anywhere near that data, even if it is anonymized.

InvisiblyMe June 19, 2021 - 6:29 pm

It is seeming a little ‘off’ in some way, isn’t it? They don’t state who exactly will see the data, or in what form. They leave a lot open to opportunity and the public are already weary and sceptical enough as it is. Without thorough and transparent information on this new initiative, it could be a disaster waiting to happen one way or the other. I think there’s a decent chance too of the whole system going down on the day the transfers are supposed to start, followed by all the confidential information being hacked. In theory, data collation like this would have the potential for a lot of good to come of it, but the way it’s being done doesn’t inspire much confidence.x

Sandee June 18, 2021 - 6:30 pm

I’ll bet the op-out form won’t work either. Might for a bit like being put on the do not call list for all the spam calls. That didn’t work long either. Bugger.

Have a fabulous day and weekend, Caz. ♥

InvisiblyMe June 19, 2021 - 6:34 pm

That’s a good point, Sandee. The public need assurances as to what the opt-out form really means in detail and a guarantee that data definitely won’t be used in any way. It concerns me that once any data is uploaded, you can opt out of future data being shared but what’s already on there cannot be removed.

I hope the weekend is a relaxing one for you & hubby! ???? xx

Rachel Duerden June 18, 2021 - 8:06 pm

Thanks for bringing this to my attention.

InvisiblyMe June 19, 2021 - 10:33 pm

You’re welcome, I’m glad I could share it and hopefully let a few more people know about it ????

annieasksyou June 18, 2021 - 10:51 pm

This is a valuable, well-researched post, Caz. While it seems that our privacy has already been so compromised by Big Tech, et al, I think it’s important that individuals have their say over how their personal health and medical data are used. Perhaps if there’s enough public outcry, the NHS will offer less stringent options?

InvisiblyMe June 19, 2021 - 10:41 pm

Thank you, Annie. I thought it was an important topic to broach, not just because of the direction of healthcare and tech merging in future, but because this is something not many are even aware of. I agree with you in how individuals should have their say on how data is used, and that the public needs more transparent, adequate information on what’s involved and who exactly might be seeing this data. I’m glad the date for commencement has been pushed back by a few months and yes, perhaps if there’s enough outcry something will change, be that the options given or the information provided so that informed decisions can actually be made. Thank you for reading and commenting, Annie. I hope the weekend is treating you kindly ???? x

Liz June 19, 2021 - 9:59 am

Yes, there has been a rush about this originally and the way they have gone about it. I don’t like it. I am glad it has been pushed back to September the deadline now. I didn’t know that, so it gives me time to badger my gp practise in ensuring they follow my wishes through, because I am opting out and I am still waiting on them to confirm they have done this. So tofay I have messaged them a reminder.

InvisiblyMe June 19, 2021 - 10:51 pm

I’m also glad they’ve been pushed into delaying it. It was pushed through far too quickly with very few people being aware of what it was or what’s involved. Even now there’s no transparent, adequate information on exactly who could see the data. This is something that will affect every person in England, but I doubt even 50% of people know about it. I’m glad you were already aware and that you’ve made your own decision. Chasing up to make sure the opt-out has been processed is a good idea. It would surely be better if they processed these forms and sent an automatic acknowledgement to let the individual know it’s gone through successfully, otherwise there’s no way to know for sure. And we’d be none the wiser because we’ll never be able to check their database ourselves…

Despite Pain June 19, 2021 - 2:15 pm

Great post about this very important topic. It’s not really making the news just now due to the pandemic, so I fear that most people won’t even know about it, never mind know that they can opt out.
I’m like you though, I can see both sides to this. In the right hands, I have no worries. In the right hands, our medical information could help with research which will ultimately help people. But in the wrong hands…who knows what it could be used for?

InvisiblyMe June 19, 2021 - 11:21 pm

That’s my concern too, that so few people are likely to have even heard about it, let alone know what it entails. Considering it’ll affect every individual in England, there needs to be more done so that people can make an informed decision about what to do with their very personal data. Hopefully the delay will allow for NHS Digital to actually do something to rectify this, but more transparency over exactly who could be using the information would also be useful because there’s already so much scepticism where data harvesting is concerned. And absolutely, in the right hands this sort of scheme could be amazing and technology would help make some strides in healthcare that wouldn’t have been possible before. In the wrong hands, it’ll be a disaster. Thanks for sharing your thoughts, Liz. I wonder if Wales and Scotland will be added to this in future..? xx

Kymber June 19, 2021 - 2:46 pm

I don’t think I like the sounds of this. I can see both sides, but I’m leery, I guess. This article is so informative and well thought out. Thank you for bringing this to our attention. ♥♥

InvisiblyMe June 19, 2021 - 11:24 pm

Thank you lovely, I’m glad you like the post. I thought it an important topic to cover, especially as I don’t imagine all that many people have even heard about it. I only came across it recently and knew very, very little until I did some digging. The way it’s gone under the radar means the public can’t make an informed decision about what to do with their data, which doesn’t seem fair or ethical. I don’t think you’ll be the only one that’s weary about such initiatives, and I think we’ll see a lot more issues of contention like this in future with the rise of technology. xx

doublegenealogytheadoptionwitness June 19, 2021 - 10:29 pm

Thanks for the neutral stance of sharing. Worrisome, because once shared, it cannot be unseen. Then, we rely on the integrity of politicians over time as to its use.

InvisiblyMe June 19, 2021 - 11:34 pm

It’s good to see both sides of this, but for most people there’ll be a gut instinct – that sharing is so beneficial and risks are overemphasised, or that there’s good reason to be weary and sceptical. More information is needed and the public should be able to make an informed decision, so hopefully the delay will allow for this to happen. Hopefully. But you’re right, we rely on the big wigs in charge to handle data requests fairly and with integrity. That requires a level of trust that many people, quite rightly, probably don’t have in the powers that be. We can only hope that it’s done well and fairly because in theory it could be very beneficial for research, healthcare improvements and medical advances. But if it’s given to companies and becomes about profits, then it’ll be a media sensation in the making. Thank you for reading and commenting ????

SpookyMrsGreen June 20, 2021 - 11:11 am

I don’t feel particularly outraged about this new scheme, indeed at this point I feel like it makes no difference if my records are shared or not as I have rarely come across a doctor or medical professional that took genuine interest in my condition and how to treat it. I have reached a point in time where I am looking beyond the NHS for treatment options that I may need to pay for, but if it improves my situation then I feel I have to consider it. Bring on the changes!

InvisiblyMe June 23, 2021 - 3:09 pm

Thank you for sharing your opinion on this because it’s a really interesting one – I’ve also been fobbed off more times than I can count and have had to go past the NHS for care, though of course not as much as I’d like because of the cost. Sadly there will be many in a similar position and that speaks volumes, doesn’t it? A system that lets down so many, partly because of the system itself and partly because of those who work in it. I don’t know what kind of changes out data would enable, but I hope they are changes for the good of patients (and not just more changes to create more work, more hassle and more headaches!) xx

Naomi June 20, 2021 - 10:09 pm

This is a great and informative post.

I was aware of this scheme and had my doubts about it as there seemed to be political drivers in addition to health related research. This concern appears supported by comments about the value of personal data in the latest “Taskforce on Innovation, Growth and Regulatory Reform independent report” (paragraph 205) on the UK government’s website.

The Information Commissioner’s office have released a statement saying that they’re working with the government and so am interested to see what comes of it!

InvisiblyMe June 23, 2021 - 4:08 pm

Thank you for sharing this and for the reference to that report. I’d not come across it until now. So point 205 – “Consumer data is highly profitable and a currency in itself” – that doesn’t surprise me. Data is valuable, even if they say they’re not profiting from the collation and dissemination of it. You know there’ll be money involved somewhere. I agree, it’ll be interesting to see what comes next and how the Information Commissioner’s office comments on the scheme. x

James Viscosi June 21, 2021 - 1:03 am

This is a tough one. It’s definitely helpful to have all the information codified and usable for cross-referencing and data mining to improve public health, but it’s an extremely tempting target that’s almost impossible to protect. Here in Southern California, the Scripps health network was hacked last month, with data encrypted and held for ransom, plus they made off with patient data. And I’m just in the middle of a New Yorker article about the hack of patient psychotherapy records in Finland last year which is being used to blackmail patients:


I guess my feeling would be that the data consolidation is inevitable, and that organizations that fail to protect it need to pay a meaningful price. And also that it would be nice if we lived in a world where it wouldn’t be possible to blackmail people over their medical history. And while I’m wishing for impossible things, I would like a jewel-encrusted pony, please.

The Oceanside Animals June 21, 2021 - 1:05 am

Charlee: “We sure are glad we’re cats.”
Chaplin: “Nobody cares to hack our patient data, and if they did, they wouldn’t be able to use it to blackmail us.”
Charlee: “For one thing, we have no money.”
Chaplin: “And for another, we’re cats, so we wouldn’t care what anyone thought of us.”
Lulu: “And if anyone tried to blackmail me, I would give them that sad-dog look, and then they would feel so bad about it they would probably give me a treat.”

InvisiblyMe June 23, 2021 - 4:26 pm

Maybe the patients in Finland should try sending a sad-face photo to the blackmailers, see if they can emotionally blackmail them into returning their data!

InvisiblyMe June 23, 2021 - 4:25 pm

You make an excellent point about safety. That would be my concern, assuming the database and system in place could even handle that data in the first place (I have my doubts here in the UK given the history of other technological initiatives!) It must be insanely difficult to protect data on a large scale because while the protection gets smarter, so too do the hackers. Before long there won’t be many organisations that can say they’ve not had a data breach of some kind.

I’d not come across the news about the Finland records so thank you for sending the link. It seems very unnerving that patients were directly contacted by the hackers and blackmailed individually. I’d imagined it would have been the company being held to ransom, not the patients. That’s an awful situation to be in.

You’ll get a bejewelled pony on your doorstep well before the vermin stop blackmailing people. It’s a grim world we live in sometimes. x

Cathy Cade June 22, 2021 - 10:53 am

I wasn’t allowed to attend my husband’s last couple of checkups (diabetes and heart bypass) and I know from experience that when asked how he’s been, he will have said ‘Fine’ or ‘Mustn’t grumble’ (He was still saying this when he could hardly walk from arthritis and when he was experiencing chest pain from angina.)
By ensuring we inform the practice of his shortness of breath before the next appointment (via his online prescription ordering system which also has a messaging facility) I can be confident that the information I would be ‘reminding’ him of at the appointment will get through to the practitioners assessing him for follow-up.

As an ex-met policeman from the 1970s until retirement he has suffered injuries, concussions, explosions and traumas that pre-date computerised records and have contributed to mobility and hearing loss among other things. Since he’s an optimistic and generally cheerful sort, these aren’t immediately obvious unless explained.

While he, in particular, recognises the importance of security, getting his medical history on record means it is available should he have an accident or suddenly collapse in the street – a matter of life or death.

InvisiblyMe June 23, 2021 - 6:14 pm

Oh Cathy, it sounds like you’re describing my father! He struggles with rheumatoid arthritis and his breathing, but he’ll never say he’s struggling to a doctor or nurse during checkups. He just says “good thanks” or “absolutely fine”. I’ve done similar with adding a note on his online account, but they’ve just ignored it on the other end. It’s definitely a good idea though and it sounds like they’ll acknowledge it at your hubby’s practice.

The NHS have tried, and failed, at a linked up system in the past. At present, there’s supposedly more interconnectedness so that hospitals, for instance, can see your relevant history and information. Sadly that doesn’t always seem to be the case. If they get the infrastructure in place, then greater information sharing – just among those who NEED to know, like your medical professionals at the GP practice, A&E departments, fire and police services, specialists at the hospital and so on – would be a huge benefit for patients and the staff helping them. It could save lives and a lot of hassle, but even that hasn’t been fully achieved yet. Hopefully the developments in the pipeline, because it’s not just NHS Digital but other initiatives being brought by the government, will see some useful aspects coming into place for patients.

Thank you for sharing this, Cathy. I wish your hubby all the best for his next appointment and I hope his shortness of breath eases up or can be helped in some way. xx

Inspiring Dude October 22, 2021 - 2:19 pm

Expecting people to jump through hoops by handing things into the doctors practice and filling in forms to opt out is a disgraceful way to do things. Great post about this very important topic. It’s not really making the news just now due to the pandemic, so I fear that most people won’t even know about it, never mind know that they can opt out.
Thanks & Regards,

InvisiblyMe October 22, 2021 - 2:32 pm

There certainly seems to be a lot more faffing these days even to get an appointment, increasing the workload and time taken by both patients and the GP surgery staff. I suppose I wouldn’t be surprised if this was likewise more longwinded than necessary. They should take the time to let patients actually know about this latest scheme, what it involves and how to opt out, I absolutely agree. Thanks for reading and your comment!


Leave a Comment

Follow The Blog

Get the latest posts delivered to your mailbox: