The potential for Care.data to improve the health of the nation is hard to argue with, writes Jonathan Hammond. But he argues that a lack of patient control, security concerns and a lamentable communications strategy have tarnished the laudable aims of the whole scheme.

Let’s start with some facts about Care.data. It is a programme to create an extensive national database of patient information, administered and held by the Health and Social Care Information Centre (HSCIC). It involves extracting patient data from GP health records on a monthly basis and combining it with data such as Hospital Episode Statistics.

A range of data will be collected, including: family history, smoking and drinking habits, BMI, and prescriptions. Certain “sensitive data” (for example, information that relates to: abortions, sexually transmitted disease, or abuse) will not be included (although the list is open to future revision).

Data that identifies individuals, such as NHS number and date of birth, will be collected but will be “pseudonymised” (that is, it will not reveal the identity of an individual without supplemental information, which is kept separately) by the HSCIC. General practices are legally obliged to allow this data to be collected and all patients in England are automatically included unless they have contacted their practice to explicitly state that they wish to opt out.

Clearly, a national repository of data like this could be of enormous value. The HSCIC states that it gives researchers the potential to ‘identify patterns in disease and the most effective treatments’, along with a number of other benefits such as finding ‘more effective ways of preventing or managing illnesses’ and advising ‘local decision makers how best to meet the needs of local communities’.

Clearly, something like this has the potential to improve care for – and ultimately the health of – the people of the nation, and that is hard to argue with.

The NHS is an institution that belongs to society at large so it makes sense for individuals in that society to do what they can to help improve it for everyone’s benefit. It’s hardly an imposition on individual patients to have their data collected, and attitudes to privacy have changed a lot with developments in technology—for instance, many of us voluntarily provide lots of personal information to social networking sites, and supermarkets have been creating detailed customer profiles by tracking the shopping choices we make with loyalty cards for years.

So why should this be any different? What’s the problem?

Well, there are three main overlapping problems: choice, security, and communication. I’ll take each in turn.

The Care.data database will be available to NHS organisations but it will also be accessed by organisations external to the NHS that successfully navigate the HSCIC approval process. These could include insurance companies, think tanks, pharmaceutical companies, or universities. The trouble is that, as a patient, there is no way of exercising choice over what uses your data is put to. I might be perfectly happy for my data to be used by academic researchers but not pharmaceutical or insurance companies. Once your data has left your GP surgery you seemingly have no say in what happens to it.

‘Pseudonymised’ data could quite feasibly be re-identified either by cross-referencing the data set with other existing data sets or through the acquisition of the master database held by HSCIC. There would be financial penalties for any organisation proved guilty of this but once identifiable patient data escapes it cannot be put back in the bottle.

A centralised database like this, which many people have access to, is inevitably less secure than local databases held at GP surgeries and only accessed by a few people. Any security breach could potentially affect the population at large. For patients, there will be no way of knowing what organisations have access to your medical history and the future implications of this are unknown.

Every patient in England is automatically opted in to Care.data. A liberty of this magnitude must come with a clear and comprehensive information campaign to allow patients to feel genuinely informed before making their decisions. Unfortunately, information has been thin on the ground and poor at best. NHS England originally required GPs to raise patients’ awareness about Care.data but was ordered to conduct a national publicity campaign by the Information Commissioners Office, which prompted the Better information means better care leaflet and the related animation.

However, the leaflet is dulcifying to the extent of feeling contrived and light on detail. The Information Commissioners Office has commented that opting out of Care.data has not been explained sufficiently clearly, and the Royal College of General Practitioners, which supports Care.data “in principle”, have published a statement saying that a new clearer national information campaign must be undertaken to address the “crisis in public confidence” over the implementation of the programme.

Using the data of the NHS patient body to improve health care is a laudable ideal indeed, but it is done a disservice by the impression of liberties taken, and assumptions made, about the use of our personal medical data. The details of Care.data, and the manner in which they’re communicated to the public, should reflect the magnitude of the privilege of guardianship of this data.

Hopefully NHS England will use the six-month delay they have announced wisely.

• This is an edited version of a post that first appeared on The University of Manchester’s Centre for Primary Care blog site.