Patients have until June 23 to opt out of having their health data scraped into a new database.

England’s NHS Digital is preparing to scrape the medical records of 55 million patients to a database which will be shared with third parties, the Financial Times revealed. The records also include sensitive data on mental and sexual health, criminal records and abuse. 

The database will be made available to academic and commercial third parties for research and planning purposes, however it remains unknown on the types of organisations that will have access.

The plan to create a new data set follows after a report by the House of Commons Science and Technology Committe suggested that the lack of data sharing and access impacted the UK’s response to the pandemic.

Patients have until June 23 to opt out by filling in a form and taking it to their GP, before their records will become a permanent part of the new data set. Those who opted out can stop future data being scraped into the new system.

UK Health secretary Matt Hancock announced the idea for the database in early April. 

The plans however has received a vast amount of criticism from privacy campaigners. Rosa Curling, a solicitor at Foxglove, a campaign group for digital rights stated she had serious concerns abouts its legality as no explicit consent had been given and “very few members of the public will be aware that the new processing is imminent, directly affecting their personal medical data.”

Whilist UK Health Secretary Matt Hancock announced the plan to create a new data in April and publicised it through flyers at GP surgeries and through blogs on the NHS Digital website, Phill Booth, founder of advocacy group Med Confidential, said ”They’re trying to sneak it out, they are giving you six weeks nominally and if you do not act based on web pages on the NHS digital site and some YouTube videos and a few tweets, your entire GP history could have been scraped, never to be deleted.”

NHS Digital said that the Information Commissioner’s Office has not objected to its plans, and is in the process of delivering a data protection impact assessment.