Who would trust Boris Johnson to keep their deepest secret? Would you dare lend him something valuable, and trust him not to flog it off when he needed the cash? These sort of questions are why citizens may balk at giving the prime minister the keys to their GP records, revealing who has addictions, dementia, psychosis, sexually transmitted diseases, has suffered domestic violence or had an abortion. People trust their GPs with these personal details, and understandably GPs cast a wary eye at the Johnson regime, needing cast-iron assurances that allowing those records to be used for research is guarded by the strictest protections.
There are times, never more than in a national crisis, when citizens need to trust their government. At first, many were wary of vaccines promoted by people on podiums in Westminster, until more trusted local people assuaged their suspicions. Ipsos Mori’s veracity index now shows local pharmacists come top of the list for trust, followed by nurses, then doctors, teachers and scientists. Politicians, always low, have fallen even lower.
Here’s why winning public trust matters right now. The NHS has the world’s richest store of data on patients – a treasure trove for researchers – as most other counties lack such a unified system. Using it during the pandemic vastly accelerated vaccine development, while the shielded patients lists, gathered fast for the first time from all GP and hospital records, helped to protect the most vulnerable. A data trawl rapidly proved the value of dexamethasone, saving many lives. Data helps to track long Covid. But all that was done through emergency permission: now researchers want permanent access.
Yet lack of trust in government risks putting it in peril. The government announced General Practice Data for Planning and Research (GPDPR) quietly in May, giving patients only until 23 June to opt out – if they could find their way to an obscure government website, print out a form and deliver it to their GP’s practice.
This risks repeating what happened eight years ago, when the ill-fated Care.data plan was sunk by of a lack of consultation with anyone affected and sinister commercial interests. Yet again, the government is dashing for the data without getting GPs’ approval for handing over their precious records and without explaining the now far better protocols, safeguards and guarantees. Campaigners want a vote in parliament guaranteeing data security – and why not?
Impatience, incompetence and arrogance shouldn’t be allowed to sink a plan of incalculable medical value: data about every hospital visit has for decades been collected and safely anonymised in medical research. It gives each hospital a dashboard telling them how effective their treatments are, how many patients have to be re-admitted and how many survive. But researchers have no way of knowing what happens to patients next, once back with their GP, whose records stay locked in their offices.
Hospital data uncovered the shocking fact that a quarter of cancer cases are diagnosed once the patient has appeared in A&E, usually far too late. But research into the reasons why and how to prevent that delay was stymied by lack of access to patients’ GP records; these may have showed whether they had complained of other symptoms first, if symptoms were missed, or if patients were failing to see their GP until they ended up in hospital.
Data trawls can turn up facts no one is looking for: patients taking metformin for type 2 diabetes had less chance of developing cancer. No one knew why, but it opened up a whole new area of cancer research.
Scotland does collect NHS patient data, which revealed that when parents were stopped from smoking in front of their children, fewer children were admitted to A&E with asthma attacks.
When fraudulent research in the 1990s suggested a link between the MMR vaccine and autism (as dangerously promoted by the Daily Mail), causing a mass boycott of the jabs, only a trawl of the GP records of vaccinated children, following their progress over the years, definitively debunked any hint of a link.
Now a sharp letter to NHS Digital, which is in charge of the new plan, from Prof Martin Marshall, head of the Royal College of GPs, and Dr Richard Vautrey, chair of the BMA general practitioners committee, has forced the government to delay its rollout until September. This time, crucially, the GPs are not blocking the plan but support “the principles of the new collection in promoting data sharing”. Their concern is that public doesn’t know enough, and GPs have been dumped with the legal duty to “to communicate with patients at a time of extreme workload pressures and focus on the Covid-19 vaccination programme”. A host of other organisations threatened legal action unless the plan was delayed – all, like the Royal College and the BMA, calling for “immediate action to run a public information campaign … to ensure the public is properly informed of this new collection and their options in terms of opting out”.
But why would you opt out? For research to work, most people need to be included: those who opt out may belong to specific groups, whose disease risk could be missed. Tracking disease through whole populations across life cycles reveals a wealth of invaluable information for everyone’s benefit. Too often, fear of data collection kills off good projects: Labour’s child protection register, ContactPoint, would have rescued many from neglect and abuse by flagging any child a professional was worried about, but the Tories axed it as a “nanny-state intrusion”.
To counter holdouts, an independent group, UseMYdata, set up by cancer patients, is campaigning for patients not to opt out but to consent to the use of their data. But they also say September is still far too soon to ensure informed consent, wanting a letter sent to every household telling people they can opt out, to ensure GPs are satisfied with full transparency on who gets access – with no data sold for other purposes – and the information commissioner and the national data guardian’s office involved in the process. UseMYdata, however, are confident steps can be taken to protect against patient reidentification: it would take a “monumental” hacking effort to identify an individual. Some, such as David Davis, believe no data passed across the internet will ever be secure. But does that risk outweigh the benefits?
Yet again, high-handed failure by this government to consult openly so everyone understands the purpose and the benefits of its plans could sink this invaluable research tool. Paranoia about the Big Brother state has been on the rise, trust is waning. But now, more than ever, people can see lives saved by vaccines – yet we can’t expect medical research to just perform miracles. So long as the safeguards are there, in the spirit of enlightenment, this is no time to deny the NHS the use of all our records.
Polly Toynbee is a Guardian columnist
This article was amended on 17 June 2021. An earlier version mentioned UseMYdata’s confidence in security of patient anonymity under the data-sharing system. The reference to anonymity has been removed: as UseMYdata notes, medical information flowing through GPDPR (General Practice Data for Planning and Research) is pseudonymised, not anonymised.