Privacy & Cybersecurity Law Blog

On July 6, 2016, the UK government decided to close its controversial care.data scheme after concerns were raised about the safeguards in place to protect individuals’ health care data and issues with patient transparency.

Under the care.data scheme, all National Health Service (“NHS”) patients’ health care data was held in a central database. The NHS claimed that the program would benefit patients through improved knowledge of drug performance, greater budget efficiencies and an ability to compare regional performance across the UK. Two separate reports reviewing data security generally in the NHS, however, were critical of the safeguards currently in place.

The two reports, one published by Dame Fiona Caldicott, the UK’s National Data Guardian for Health and Care, and the other by the Care Quality Commission, made a number of recommendations to build patient trust, including:

• a new consent/opt-out model to give people a clear choice about how their personal data is used for purposes outside of their direct care;
• new data security standards for all organizations handling health and social care information;
• improved organizational measures, including the provision of training and support to staff, a system of internal audit and external verification and enhanced risk management procedures; and
• more extensive dialogue with the public about how their information will be used and the benefits of sharing for their own care, for the wider care system and for research purposes.

The care.data scheme was plagued by delays since it was first placed on hold in February 2014, shortly before the first patient records were due to be extracted. While it is unclear whether the NHS will propose an alternative, the UK government has stated its continued aim of realizing the benefits of sharing information.