England’s universal health-care system has potentially an enviable ability to integrate medical records into a data system that benefits patients and researchers alike. What a shame that it is making such a hash of the task, and undermining crucial public and professional trust in the process.

The National Health Service (NHS) in England has postponed the launch of its controversial care.data programme for six months, abandoning its earlier plan to start uploading data from this spring. The sensitive data consist of previously confidential records from people’s consultations with their doctors, such as their family history, diagnoses, prescriptions and the results of blood or other tests.

The data store, managed by the NHS’s Health and Social Care Information Centre (HSCIC) in Leeds, is part of an ambitious scheme to link patients’ doctors’ records with their hospital and other medical data, to create one of the world’s most comprehensive health-care databases. The plan is initially for the NHS to use the data to improve health-care management, with researchers and other users eventually being allowed access.

But the programme has been controversial, raising serious concerns, highlighted by this journal in January (see Nature 505, 261; 2014), that the authorities have paid lip service to informed consent, leaving the public in the dark about how their personal data would be safeguarded and used, and obfuscating their right to opt out. Opposition from patients, doctors and campaign groups swelled into open revolt in early February, with key bodies, such as the British Medical Association and the Royal College of General Practitioners, joining the chorus of criticism that the programme was being rushed.

On 19 February, the NHS, which had stubbornly dismissed such criticisms, reluctantly admitted that its critics might have a point, and postponed the launch until the autumn. But the agency still seems to be in denial, arguing that opposition is merely down to problems of communication and public perception. That response is wrong. Care.data is far from ready for launch.

Public trust

Incredibly, with just a few weeks to go to the scheduled launch, the NHS had not even laid out in detail which groups would be able to access the data, and on what terms. Thus, the public could not fully know what they were signing up to, raising fears that personal data might end up, for example, in the hands of insurance and other commercial companies. Economic growth is a core goal of any UK government, but there has to be confidence that this won’t trample on the rights of individuals.

Adding to the mess, over the past week it has emerged that the Leeds centre has handed over records from its existing massive database of personal hospital data to outside groups in ways that might have contravened its own rules. At the very least, these episodes raise questions about the functioning of the HSCIC, but they also risk diminishing what little public confidence is left in care.data.

Moreover, at a time when there has never been a greater need for the operators of care.data to win public trust, the HSCIC has stonewalled about explaining the terms and conditions of the data transfers made. It must quickly disclose full details of the transfers, and of any past violations.

Care.data needs to be thought about more deeply and recrafted, fully engaging all stakeholders.

Jeremy Hunt, the UK health secretary, seems to have grasped that the row over care.data is not just a public-relations hitch, and that the haphazard planning puts the scheme at risk of going into meltdown, with the loss of many of its benefits. Last Friday, he announced his intention to legislate to prevent the HSCIC from releasing pseudo­nymized data — in which patients’ NHS numbers are replaced by pseudonyms, but where people can often be re-identified — unless there were clear health benefits, and to ban the release of data for commercial purposes. He also said that the HSCIC would be subject to new external statutory oversight.

Hunt’s move is a step in the right direction, but the programme needs to be thought about more deeply and recrafted, with the necessary time given to engage all stakeholders more fully, including researchers and opponents of the scheme.

Whatever laws are introduced in England, they will be subject to an upcoming European Union (EU) General Data Protection Regulation, which will be legally binding on member states and so override national laws. The EU law, a major revision of 1995 legislation, also governs the use of medical records, and last October, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs voted for amendments that would remove many of the exemptions for medical research.

Although anonymized data could be used without restriction, one amendment would allow the use of pseudonymized data without consent only if the research was of “high public interest” and could not be carried out otherwise, with requests needing to be reviewed by an independent body. A joint statement in January by dozens of European research organizations and charities warned that medical research would be “severely threatened” by this, and pointed out that the use of such data is already subject to strong institutional ethical oversight.

Although the use of personal data for research, with the attendant high ethical standards, is probably the least of the worries, scientists must be sensitive to EU public concerns about the collection and use of health data more broadly. As always, democratic scrutiny, and striking a balance between regulatory overheads and genuine concerns, will be key. Again, it will be important to take the time to have the debate needed to get this balance right.

It is a fundamental human right that people can determine how their personal medical data are used, and exceptions to specific informed consent cannot be taken for granted. Informed consent is not an obstacle to be overcome, but a principle to be respected and cherished.