care.data

care.data
Name	care.data
Type	NHS data-sharing programme
Launched	2013
Status	cancelled (2016)
Owner	National Health Service (England)
Country	United Kingdom

care.data care.data was a national programme initiated by the National Health Service (England) to extract, centralise, and reuse patient data from General Practitioner records and other clinical sources for planning, research, and commissioning. Announced under the Health and Social Care Act 2012 era reforms, it aimed to link primary care information with secondary care datasets held by NHS Digital (formerly Health and Social Care Information Centre). The project faced intense scrutiny from privacy advocates, professional bodies, and political actors, and was effectively suspended and then discontinued amid legal, ethical, and operational concerns.

Background

The programme originated in policy discussions involving the Department of Health and Social Care, NHS England, and NHS Digital after the passage of the Health and Social Care Act 2012. It built on earlier initiatives such as the Care Record Guarantee, the Summary Care Record, and local health information exchanges tested in Greater Manchester and West Yorkshire. Stakeholders included primary care networks represented by the British Medical Association, patient groups like Which?, research bodies such as the Medical Research Council, and health informatics organisations including the Royal College of General Practitioners and the Health Informatics Society. Debates reflected tensions evident in prior datasets projects like the Care.data predecessor schemes and international comparisons with initiatives in Denmark, Sweden, and the United States's Health Information Technology for Economic and Clinical Health Act.

Implementation and Operation

Operational responsibility rested with NHS Digital in coordination with NHS England and commissioning bodies including Clinical Commissioning Groups. Data flows were planned from General Practitioner clinical IT systems supplied by vendors such as EMIS Health, TPP, and INPS. Extraction processes proposed extraction of patient-identifiable and pseudonymised records into a centralised warehouse intended to support organisations including Public Health England, academic institutions like University College London, and commercial partners. Governance frameworks referenced legislation including the Data Protection Act 1998 and guidance from the Information Commissioner's Office. Technical design drew on standards promulgated by Health Level Seven International and interoperability work by NHS Digital and the Professional Record Standards Body.

Privacy, Consent, and Legal Issues

The programme set out an opt-out model rather than opt-in consent, which raised legal and ethical questions tied to statutory provisions such as the Data Protection Act 1998 and later the Data Protection Act 2018 and General Data Protection Regulation considerations. The Information Commissioner's Office and the Caldicott Review principles were invoked by clinicians and privacy campaigners including MedConfidential and Big Brother Watch. Concerns included the scope of data sharing with commercial entities, safeguards against re-identification, adequacy of patient information materials, and lawful basis for processing. Judicial scrutiny emerged through legal challenges and parliamentary questions raised by MPs across parties including members of Parliament of the United Kingdom representing constituencies in Westminster and beyond.

Controversies and Public Response

Public opposition and professional unease coalesced around perceived failures in transparency, communication, and governance. Campaigns led by organisations such as Royal College of General Practitioners, British Medical Association, MedConfidential, and civil liberties groups mobilised complaints to the Information Commissioner's Office and petitions in the United Kingdom Parliament. Media outlets including BBC and national newspapers covered patient stories, GP resignations from data-sharing schemes, and whistleblower accounts. High-profile incidents—such as poorly timed publicity materials delivered to households and confusion about the process for opting out—intensified scrutiny from parliamentary select committees and prompted reviews by the National Audit Office and internal audits at NHS England.

Impact and Outcomes

Operational suspension and eventual termination curtailed large-scale secondary use of primary care data under this programme, leading stakeholders to pursue alternative models for research access and commissioning analytics. Consequences included revisions to consent and opt-out policy, strengthened information governance expectations for data controllers like NHS Digital, and accelerated development of federated or de-identified research environments used by academic centres including those at University of Oxford and Imperial College London. Policymakers cited effects on trust between clinicians, patients, and health authorities, influencing subsequent projects such as the National Data Opt-out initiative and data access approaches underpinning later NHS data platforms.

Lessons Learned and Legacy

The episode informed NHS data strategy by emphasising robust public engagement, transparent governance, legal clarity, and technical safeguards against re-identification. Recommendations from professional bodies, the Information Commissioner's Office, and parliamentary reviews shaped protocols for data linkage, patient choice mechanisms, and vendor accountability. Legacy outcomes include enhanced scrutiny of partnerships involving commercial entities, reinforcement of the role of Caldicott Guardians in data stewardship, and a greater focus on federated analytics and secure research environments promoted by organisations such as Health Data Research UK. The case remains a reference point in debates on balancing innovation in biomedical research with privacy rights and democratic oversight in the United Kingdom.

Category:Health informatics Category:National Health Service (England)