• Draft plan includes targets for key projects including the use and sharing of confidential patient data
  • It said patient consent model will be developed by March 2017
  • Patients should get access to wi-fi across NHS estate by March 2019, it said
  • NHS Digital said plans were published in error and are “out of date”

NHS Digital has mistakenly published a business plan including timetables for flagship NHS digital programmes and plans for the use and sharing of confidential patient data.

The national body published the business plan in papers for its board meeting on Wednesday. But it removed the document on Monday and issued a statement which said the plans were “out of date” and had been published “in error”.

The business plan, seen by HSJ, set out target dates for flagship digital programmes, including patient data access for commissioners, projects for patients to opt out of their records being shared, free patient wi-fi access, digital referrals, NHS mail, and other paperless and interoperability targets.

The document said that both a new consent model to allow patients to decide how their records are used and a programme to “facilitate commissioner access to data by implementing a robust and responsive de-identification service” would be established by March 2017.

It said that by March it would also “implement the delivery plan to meet the secretary of state’s priorities regarding safe, legal and effective data sharing, including the national strategic consent model”.

Other targets include:

  • September 2016 – patients should be able to view local areas’ digital roadmaps
  • December 2016 – complete patient-level information costing systems pilot
  • March 2017 – accredited apps library for patients to be available
  • December 2017 – citizens able to record their preferences using the opt-out app
  • September 2018 – all GP to outpatient referrals to be made through NHS e-Referral
  • March 2019 – patient access to patient wi-fi across NHS estate
  • March 2019 – target for 10 per cent of citizens to be uploading wearable and tele-health information into their care record.

It follows national data guardian Dame Fiona Caldicott setting out recommendations for a new consent and opt out model for patients, and on the level of access commissioners should be allowed to patient data, in her report in July. The report said identifiable patient data should flow to NHS Digital, which would be a “safe haven” and should then “de-identify or anonymise and share it” with other parties both inside and outside the NHS.

It added: “The review considered whether people choosing to opt out should have their data withheld from this de-identification process. However, NHS and social care organisations are more likely to use de-identified and anonymised data if they can be confident that it is of high quality and provides the complete dataset.

“For that reason the review recommends that, in due course, the opt-out should not apply to all flows of information into [NHS Digital]. This requires careful consideration with the primary care community.”

A public consultation on the report ends on 7 September.

Sharing of patient data has been a huge problem for the NHS for several years, and most recently the subject of the Care.data debacle. Ministers announced on the day Dame Fiona’s review was published that the Care.data programme, which became mired in controversy over how patient identifiable data would be collected and used, was being closed.

HSJ revealed last month NHS Digital was developing a new data service capable of recreating key elements of the controversial Care.data and aiming to deliver secondary uses data services.

A statement issued by NHS Digital said: “The paper in question is based on out of date information and we apologise that it was included in the board papers in error. We have now removed this item from the board papers.

“NHS Digital is currently awaiting the publication of the National Data Guardian’s full recommendations, following a period of public consultation. The review will provide the basis of all of our work around patient opt-outs, consent and data collection and dissemination.”