PogoWasRight.org

Menu
  • About
  • Privacy
Menu

England’s NHS data-sharing to third parties: the view from New Zealand

Posted on July 24, 2021June 24, 2025 by Dissent

Ephraim Wilson of the NZ Privacy Commissioner’s Office writes:

In 2013, UK Prime Minister David Cameron tried to instigate the sharing of UK National Health Service (“NHS”) patient data to private organisations for a small fee. Despite plans to anonymise the data, the move was sufficiently controversial that the Government had to drop the plan – there were major concerns over transparency and privacy. Eight years later, a similar plan has emerged, this time during the pandemic response of Boris Johnson’s Government.

As part of its General Practitioner Data for Planning and Research Programme (“GPDPR”), the Government is planning to put the GP records of England’s 55 million enrolled patients into a single NHS database which will become available to third-party companies and researchers for a fee. It is an ‘opt-out’ programme, meaning that patients need to fill out a form to prevent their data from being included. Originally, GPDPR was supposed to come into action in July 2021 but has now been pushed back to September.

GPDPR will give private organisations access to the NHS Digital central database containing data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, and appointments, including information about physical, mental, and sexual health. The information will include data about patients’ gender, ethnicity, and sexual orientation.

Technically peoples’ data will be anonymised, but there are two qualifications. First, given how specific the data is, it will at least be possible to cross-reference with other databases to reidentify the data. Secondly, NHS Digital can unlock the codes to allow access in certain circumstances and where there is valid legal reason. No names and addresses will be available to researchers, but encoded postcodes will be included.

What about these third parties? According to NHS Digital, the data will only be used for health planning and research purposes by organisations that can show they have an appropriate legal basis and a legitimate need to use it. Any data sharing will be overseen by the British Medical Association (“BMA”), the Royal College of General Practitioners (“RCGP”), and the Independent Group Advising on the Release of Data (”IGARD”).

One issue is that neither the NHS, nor their chosen third parties, have had the best record when it comes to data sharing.

Read more on the New Zealand Privacy Commissioner’s Office Blog.

No related posts.

Category: Non-U.S.

Post navigation

← Office of the Privacy Commissioner of Canada and the National Security and Intelligence Review Agency to collaborate on issues of mutual interest
Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Navigating Privacy Gaps and New Legal Requirements for Companies Processing Genetic Data
  • Germany’s top court holds that police can only use spyware to investigate serious crimes
  • Flightradar24 receives reprimand for violating aircraft data privacy rights
  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help

RSS Recent Posts on DataBreaches.net

  • Updating: Two Telegram channels and two accounts banned, one bounty offered, and BreachForums goes down
  • North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
  • Hackers post stolen St. Paul data online as efforts to reset city employee passwords surge forward
  • Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
  • NL: Hackers breach cancer screening data of almost 500,000 women
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy