Neil Turner's Blog

Blogging about technology and randomness since 2002

Reluctantly opting out of

Screenshot of Fax Your GP

I wrote this article before the six month delay was announced yesterday. However, most of it still applies, so read on.

Yesterday, I reluctantly opted out of having my medical records shared with third parties. I’ll explain why, and how to do this yourself.

NHS England are compiling a new database called ‘’, which will be available for health professionals, universities, drug companies and insurers to use. The main aim is for medical research, which could be ethnographic, or to look at individual cases for the advancement of healthcare and treatments. The NHS, being a mostly-integrated system which is used by a vast majority of the population, means that it is almost unique amongst healthcare systems in the world in providing cradle-to-grave care. The data produced by the NHS could be really valuable and lead to better health and wellbeing for everyone. Further information is on the NHS Choices web site, and this article in Nature explains why it is a good idea.

On this basis, it seems like a good idea. But whilst the idea is good, the execution isn’t.

The major issue is privacy. To compile this database, the full medical records of everybody who is registered with a GP in England will be imported into this database. You would expect, therefore, for this data to be anonymised; it is, but only slightly. Your name will be removed, but your date of birth, full postcode, NHS number and gender will still be included. That will still make just about everyone in the database uniquely identifiable.

For example, I work at a university – indeed, one where the data from such a database could be really useful, as we do medical research. In fact, I’ll make a shameless plug for our Crocus Cancer Appeal whilst I’m here. Anyway, we have a student database, and, given someones’ postcode and date of birth from their pseudoanonymised medical record, I reckon we could match 99% of those records with our student records. So it’s not at all anonymous. And there’s a particular worry that insurance companies will be able to access records, which could make it very difficult for some people to obtain life insurance.

To make matters worse, this is an ‘opt-out’ scheme rather than opt-in. If you do nothing, then in just a few weeks your data will be irrevocably added to this database, at which point, you will not be able to opt out if you change your mind.

Unsurprisingly opposition to this has been growing. A petition on has over 250,000 signatures, and there are concerns from the British Medical Association and the Royal College of GPs. In particular, there are concerns that only around a third of adults recall receiving a leaflet about the changes (I certainly don’t remember receiving one) and that there is no form to opt out. Others are worried about the potential for accidental data leaks, or for information to end up in the hands of organisations like GCHQ or the NSA.

So, although I’m in favour of the general idea, and agree with the spirit behind the database, I have contacted my GP surgery asking for my medical records to not be included in the database. Because I’m worried that my medical records could be abused or used in a way that would not be in my best interests, and because this is my only chance to opt out. I can’t just wait and see what happens, and try to opt out later, as it’ll be too late.

I hope that changes will be made, which will maintain the usefulness of the data whilst respecting the privacy of the people whose data is being used. In particular, a greater level of anonymity, perhaps with more vague dates of birth (month and year only) and less accurate postcodes (sub-districts rather than exact areas). And people should be able to opt out at any time, not just at the start of the project. If these changes are made, then I may consider opting back in.

So, if having read this, you also want to opt out, then the easiest way is using FaxYourGP, which will send a template fax to your GP. Alternatively, medConfidential has a form and covering letter which you can use. Whilst you can write your own letter, there are certain codes that you will need to include in your letter which is why I’d suggest using one of the two methods.

It’s sad that I feel like I need to opt out from what could be a great resource, and I’m angry that it has been managed so poorly.

Comments are closed.