‘NHS’ data grab

Is anyone else opting out of their data being put in the ‘NHS’ database in June? I certainly am, I suspect a sale of this data to Facebook and Google to start almost as soon as it’s been gathered (and I just don’t want them to have my psuedo-anonymoised medical records, I don’t trust them with it and I don’t trust the UK government to regulate their usage of it properly).

form to opt out (must do before June 23rd): https://nhs-prod.global.ssl.fastly.net/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docx

backstory The Government Wants to Sell Your GP Medical Records – Here’s How to Opt-Out – Byline Times


Yep have opted out too and alerted all my friends.

As you say - it’s gonna be Google (like before: NHS patients' data was illegally transferred to Google DeepMind | Science & Tech News | Sky News), and Palantir (We’ve won our lawsuit over Matt Hancock’s £23m NHS data deal with Palantir | openDemocracy) who have both been trying to get it for ages, and unfortunately unlawfully succeeding at times, per those two articles.

Simply do not want that level of personal data being only semi-anonymised as you say, and just sold off left, right and centre.


Nice! Will share with family and friends.

1 Like

Will opting out only affect the sharing of data with third parties, or will it also prevent my medical history being shared between healthcare providers?

In the past I had a few instances where providers asked for permission to access my medical records and I don’t want that to go away if I opt out.

The NHS website isn’t clear – also, is there a less direct link to the form to ensure it’s the right website?


The opt out is only for purposes other than your own care, so it wouldn’t affect those things :+1:


In terms of a less direct link, basically, not that I could find, you’d have to email your GP for a copy.

This is deliberate imo - they have made this process as cumbersome as possible - you have to email the form to your GP, or post it, there’s no online version. Alongside the tight deadline, and the non-existent attempt to inform the public about it.


Ah, I see.

There’s also a national data opt-out which can be done online. That seems like a more comprehensive option that’ll also opt me out of this newer data sharing attempt? Is that so? Would there be any disadvantages?

It’s a different thing, and it won’t stop your GP records being put in a database on 23rd June (and once they are there you will no longer be able to opt out of them being shared).


Everything I’ve read, and therefore my understanding, is that you need to do both.

The national opt out and the type-1 are different - with the former being for your non-GP data and the latter being for all your GP data.

See this: How to opt out | medConfidential


Is this happening in Scotland too?

Also, as you seem in the know, presumably opting out via the link @ndrw shared above carries over when you move GPs too, or will I need to repeat that as well?

I should be a bit more on the game with NHS stuff, but as you say, they make it very cumbersome and aren’t particularly forthright with it all.

Presumably the type 1 opt out covers the national data opt out too?

England only


The upcoming data round up is only for England GPs. I expect they’ll do the same to NHS Wales and NHS Scotland GPs soon though, I’d keep an eye out.

Opting out via the link is national. I don’t know about moving GPs though, I’d think it would transfer (as it’s a record that’s added to your file), but not totally sure.


Per my link above, I’m pretty sure it doesn’t. And that it’s GP vs non-GP data that’s the distinction.

None of it has been super clear though so ready to be proven wrong. I’ve done both for peace of mind and on my reading of it all.


Can anyone explain why you are opting out? I don’t see any reason to as long as the data in anonymous.


Thank you all for the replies! Very helpful!

For me, it’s precisely because it’s not truly anonymous.

It’s ‘pseudonymised’ but can at any point be decrypted. And rather than just sending over my blood type, height, whatever to be included in databases for tracking/linking stuff, they also attach my NHS number and DoB to double-make sure it can be linked back to me.

This goes into a bit more detail, but is to be fair quite an emotively written post: Matt Hancock has quietly told your GP to hand over your health data. Why? | openDemocracy

Screenshot from the NHS page itself saying it can be converted back.

So - given all of that, and in particular the shady stuff with Palantir and Google etc so far, I would rather my very personal data not be there for their benefit.


Totally disagree with this data sharing, as mentioned it is not truly anonymous and isn’t used entirely for medical purposes but commercial too. Also the lack of informed consent is appalling, frankly.

I suppose I’m lucky that I haven’t had cause to use the NHS much at all so they don’t have much info about me other than when I was born and some minor ailments/broken bones over the years. Nothing exciting. As such, I won’t be going out of my way to get into the GP to opt out as they’re almost impossible to access even if you need treatment.


As with AlexF (and my original post), the companies (Facebook, Google etc) who are likely to purchase this data are also likely to have the ability to deanonmyise it, and people have already demonstrated how the data can be deanonymised.

Sure, they might not do that with it. And it might get sold to Facebook, it might not. But there’s very few concrete answers about what will and won’t happen to it, and once it is in there you have no option to have it deleted or stop it being shared.

I wouldn’t actually opt out if, in the future if Hancock sells this to Facebook with no supervision and secret contracts and stuff, at that point I could opt out. But you won’t be able to, it’d be beyond your control at that point.


Does this also work if I email my GP? I don’t trust the receptionist to process a random paper form they receive in the post, an email might be better. But the GP only provides the details for online patient registration. I suppose no harm in emailing?

I won’t be going to any great length to opt out, it is futile trying to stop your data leaking or being shared.

If you’ve ever purchased anything online or for that matter have a Experian score, it’s all available to be purchased. Even if you haven’t done either of the above, the amount of data breaches from huge companies such as airlines means it is still likely out there if you’ve never even been online.

Heck, there is tracking installed on this community, so all your actions and stuff are going straight to Google as we speak.