Clock starts ticking on UK's single patient record plan

Embattled UK Prime Minister Sir Keir Starmer has put changes to the health service on the legislative programme in today's King's Speech, moving ahead with the abolition of NHS England and the development of a digital single patient record (SPR).

With a lot of ground to cover, King Charles did no more than name-check the forthcoming NHS Modernisation Bill in a speech that focused heavily on the geopolitical pressures facing the UK in areas like energy, defence, and economic security – including closer ties with the EU – in what he described as a "dangerous and volatile world." More information can be found in briefing notes (PDF) published after the speech.

The broad sweeps of the Bill include following through on previously announced plans to scrap NHS England, which was established in 2013 under the previous Conservative government to handle the budget and day-to-day running of the commissioning side of the health service, and bring its operations back into the Department of Health and Social Care (DHSC).

The SPR or 'patient passport' programme will make it mandatory for GPs and hospitals to share patient data into a unified health and social care record that patients will be able to access via the NHS App, a move that lies at the heart of the government's £10 billion drive to digitalise the health service.

Health Secretary West Streeting – currently the subject of feverish speculation about a possible leadership challenge to Starmer – has said the SPR will be a "game changer" for the NHS that will allow it to "deliver better care faster and more conveniently" and save lives. It is due to start rolling out next year, with some patient access via the app in 2028.

The plan is also to go further by integrating genomic and lifestyle data with the SPR in the NHS App by 2035, to support the government's plan to pivot the NHS towards preventative care based on individual risk.

The SPR project has become somewhat contentious, however, with concerns voiced about the security of the data as well as the logistical challenges and disruption involved in setting up the infrastructure and architecture to deliver the programme at a time when the NHS is struggling to meet patient care targets.

The British Medical Association (BMA) is among those who are unhappy with the plan, as it wants GP data in the SPR to remain in the hands of doctors as the legal "data controllers," rather than the DHSC, as that would allow them to act in the best interests of patients. Taking that responsibility away from doctors and handing it to politicians poses a risk to patient confidentiality, according to the organisation.

Meanwhile, data security has become a thorny issue, particularly in light of the recent data breach at the UK Biobank – which saw "de-identified" data from its 500,000 volunteers listed for sale in China – and the ongoing £330 million contract with controversial US tech company Palantir to deliver the federated data platform (FDP) that is supposed to underpin the NHS's digitalisation drive.

Earlier this week, the Financial Times reported that some Palantir staff were being given "unlimited access" to identifiable patient data, before it is anonymised, although the company has insisted that its software can only process data and "using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS."

The SPR promises to improve efficiencies in the NHS, particularly between its various services, and give patients more control over their care, but the Bill will have to spell out carefully how their data will be controlled and secured, and a robust implementation plan, if it is to make it through Parliament.

Other elements of the bill include strengthening democratic accountability in health systems by requiring mayoral nominees to be on Integrated Care Boards (ICBs) and scrapping the patient voice organisation Healthwatch England, transferring its responsibilities to the DHSC.