The Great NHS Data Grab

By Myles Dacres

The UK Government is planning to extract the practice history of every patient in England by the 1st July 2021. Surprisingly, not many people are aware of this plan, and it does not seem to have had much coverage in the media. NHS Digital are the body proposing the new scheme, they have described it as a way to improve the collection of information from patients, which will also allow for better planning of healthcare services and use of data in medical research. The aspect of this which is really making people uncomfortable is that the data has charging guidelines, essentially meaning that the sensitive medical details of the entire adult population may be provided to third parties, for a price.  

If you are wondering what your personal records might divulge, the proposal suggests records relating to mental health, smoking, and drinking habits may be included as well as information on, diagnoses of diseases such as cancer. Of greater concern for some, this may also include information on criminal offences, domestic violence, abortions, sexual history, and even sexual orientation. Given the proposed scope of such a database, it is reasonable to ask who will be given this data, and for what purpose. 

It seems ministers are not decrying the proposal while several GP’s have voiced their concerns and with reason, as they will be accountable for the data transfer. Campaigners, meanwhile, have pointed out the shocking failures to enforce patient privacy, with little push back for transgressors.  

There are over 55 million patients who are registered in England and each one has until the 23rd of June to opt out of the scheme. With little transparency or debate on the pros and cons it would be understandable for the public to be both suspicious and concerned.  

NHS Digital have claimed that this scheme is nothing to do with the pandemic, however some may say it was inspired by the research that has taken place over the last year. “Control of patient information” notices currently allow for access, and data-wrangling rights, to health records in connection with fighting Covid-19. This has caused some ground-breaking discoveries and in some cases preserved life, notably, in helping to identify dexamethasone as an effective Covid therapy.   This  is being called the Big NHS Data Grab, and for good reason, it is the biggest proposal for a collection of data in the history of the health service. NHS Digital said “we will not allow data to be used solely for commercial purposes” which is not massively reassuring and would suggest that the data will be used at least partially for commercial purposes. 

As we escape the pandemic and return to the ‘new normal’ we cannot abandon the safeguards which protect patient’s privacy. Allowing third parties access to GP records is a decision we should all be informed about, yes we have the power to opt out, but if the general public are unaware of the scheme have they really been given the option?

Have your say here:

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here

Data Protection People Limited – March 2021