One Saturday in 2016, I rushed into a hospital where my father, who had collapsed at home, was lying barely conscious. “What medications are you on?” an orderly was asking him, pointlessly. I handed him a scribbled list. Having sat on the board of the hospital and GP regulator, I knew my father’s medical records were probably locked in a surgery’s filing cabinet which the hospital couldn’t open.
Three years later, a friend spent a night shadowing a London ambulance crew, as part of her initiation into a senior NHS job. The crew had no information about most of the people who’d dialled 999. They would arrive at a house, blue light flashing, and ask desperately “any allergies?” or — to one elderly lady — “do you have your hospital discharge papers”? My friend watched as this woman, gasping for breath, handed over a wodge of documents. Our “universal” NHS is not joined up.
Things changed during the pandemic, when the government eased restrictions on the sharing of medical data. Emergency regulations introduced under COPI (the Control of Patient Information Regulations) let the NHS access data held by 160 hospital trusts and 6,500 GP surgeries, all of which are legally separate data controllers. This enabled the creation of a “shielding” list of the most vulnerable people who needed food deliveries and priority access to the Covid vaccine. It allowed vaccine take-up to be monitored by ethnicity, which showed up vital gaps. The rapid integration of multiple data sources also facilitated the Recovery trial, which saved millions of lives around the world by identifying effective treatments such as dexamethasone.
This shouldn’t have been revolutionary, but it was. A fierce battle is now under way within the NHS because the emergency regulations are about to expire. Jennifer Dixon, chief executive of the Health Foundation, told me that if this happens on June 30, “NHS England will lose access not just to [the GP] data set but to many others they currently have access to under COPI.”
Sharing medical data can save lives, aid research and improve efficiency. A pilot at London’s Chelsea and Westminster Hospital claims to have cut the inpatient waiting list by 28 per cent. But past attempts have foundered amid confusing claims, technical incompetence, complacency about the potential selling of data and scaremongering by vested interests.
In 2016, an initiative to link medical records was shelved over concerns about the potential misuse of data by drug companies. Last summer, a second attempt was derailed when 5mn people opted out over concerns about the NHS making a “data grab”.
This was actually upside down: the NHS had been in negotiation with the doctors’ unions, the Royal College of General Practitioners and British Medical Association, to remove liability from GPs and create a single repository to ensure data for non-direct care was transparent and easily searchable. This would, its supporters claimed, be safer than the current chaos. But there was insufficient clarity about where extracted data would go, and for what purpose. There were also concerns that “pseudonymising” data — replacing names and dates of birth with unique codes rather than fully anonymising it — might not protect all patients from identification.
These fears were valid, far more so than those I often hear about private insurers buying health records and rejecting those deemed high-risk. The truth is that insurers won’t enter into a contract unless you give them access to your full medical history. But descriptions of the NHS’s 73 years of detailed GP data as a research “treasure trove” conjured widespread concern. Without public trust, we will never advance. And we won’t get public trust unless the system is trustworthy.
Last month, a review by Professor Ben Goldacre for the government proposed several solutions. These included keeping data safe within “Trusted Research Environments”, rather than relying on multiple small projects which do not join up. It also acknowledged security weaknesses, which in turn make the system slow and overly cautious.
The problem is not just the befuddling IT structures and public suspicion. Many GPs are naturally risk averse because they are legally liable for any misuse of data. Moreover, insiders claim, the doctors’ unions know that information is power. Centralising the data held by hospital trusts and GP surgeries would enable NHS England to compare surgical outcomes and GP activity. This could subsequently drive performance assessments, which might perhaps even be linked to pay.
To navigate this minefield, transparency is essential. Mistrust leads to opt-out demands, which risk undermining the whole effort. The opt-out process should distinguish between data used in research — from which it is reasonable to opt out — and data used for planning care. But this is not currently explained well enough.
The experiences of my father and my friend tell a very different story from the lofty talk about digitisation, “telehealth” and the UK being a potential world leader in life science. We patients would settle for a system that spells our name correctly, no longer loses our test results and treats those on waiting lists faster.
But to achieve those things, and enable world class research, we need to unlock the filing cabinets and give doctors and researchers the information they need to do their jobs. For decades, the NHS has survived on “getting by”. But the pandemic has given us a glimpse of something better — and we must not lose that chance.