GPs warned over 'illegal' extraction of diabetes data

A senior BMA GP has warned that plans to extract data from practice IT systems as part of the national diabetes prevention programme could be illegal.

Merton GP and GPC IT lead Dr Paul Cundy has warned local practices not to allow the extraction of data on patients with 'pre-diabetes' that the local council's public health department has requested.

Dr Cundy warned in an email last week that if practices allow the data to be extracted from their IT systems, as data controllers they 'will be breaking the law'.

Practices could face heavy fines - worth up to £5,000 per record released - if they breach data protection rules, the Merton GP told GPonline. Data is understood to have been extracted from a handful of practices in the area already.

Diabetes programme

Under the national diabetes prevention programme, patients at risk of developing diabetes are being offered referrals onto schemes to help them adopt healthier lifestyles. GPs began referring patients for lifestyle advice and exercise programmes from last year under the scheme.

Merton Council confirmed it was 'working with GPs' as part of the rollout of the national diabetes prevention programme.

Dr Cundy said there was no problem with information governance under the national programme. But in an email to local GPs this month, he set out an 11-point list of reasons why he believed the way data was being extracted locally was 'illegal'. His concerns include the involvement of a third-party company engaged to process the data and the lack of express patient consent for data to be shared in this way.

Dr Cundy warned that the Medical Act allows 'unconsented sharing' of patient data for direct, individual episodes of care - not for 'indiscriminate screening'. He adds that although patients who undergo health checks could be argued to have given consent for their data to be used, some patients' HbA1c results on practice IT systems are not collected through this process.

The likelihood of these patients having been consulted adequately is 'infinitessimally small', the GPC IT lead warned.

Patient records

Dr Cundy has written to both Merton Council and national data guardian Dame Fiona Caldicott to raise concerns about the data extraction. Dame Fiona has since written to the council asking for more information, while the BMA has backed Dr Cundy's fears that the data extraction may not be in line with regulations.

A spokeswoman for Merton Council said: 'We take data protection and the welfare of our residents extremely seriously and are committed to ensuring our compliance with the Data Protection Act. As a local authority, we have a statutory duty to work with the NHS to improve public health and are working with GPs as part of NHS England’s roll-out of their National Diabetes Prevention Programme.'

An NHS England spokesman said: 'This important NHS prevention programme is not screening people for risk of type 2 diabetes, but instead offering optional support to people already identified as being at risk through routine clinical practice or via the NHS Health Check.'

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus