The Bench Report

Understanding Your NHS Health Data: Access, Sharing, and AI

The Bench Report Season 3 Episode 6

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 8:09

This episode discusses NHS patient health records, focusing on your rights to access and privacy and how data is shared for care, research, and legal needs. We explore the NHS's shift towards electronic and "single patient records" via the NHS App. Learn about public perceptions, cybersecurity, and AI's role in managing health data. Understand how your information is used and protected within the UK health system.

Key Takeaways:

  • Patient rights: Access and confidentiality of records, with legal exceptions.
  • Data sharing: Essential for direct care, but patients can object unless public interest overrides.
  • Digital transformation: NHS aiming for a "single patient record" via NHS App by 2028.
  • Public concerns: Privacy fears, especially regarding private company involvement in NHS data.
  • Cybersecurity threat: NHS is a target; government is improving cyber resilience.
  • AI in healthcare: Trialed for record analysis, transcription, and predictions; ethical issues noted.

Important Definitions and Concepts:

  • Data Controller: The organisation (e.g., GP, hospital) that holds your health records and manages access.
  • Single Patient Record: NHS plan for a single electronic health summary via NHS App from 2028 to improve care.
  • National Data Opt-Out: Service allowing you to opt out of identifiable data sharing for research/planning.

Discussion and Reflection Question: Given electronic records and AI in healthcare, what are the most crucial steps the NHS should take for patient trust in data privacy and security?

Source: Patient health records: Access, sharing and confidentiality
Research Briefing
Published Monday, 28 July, 2025

Follow and subscribe to 'The Bench Report' on Apple, Spotify, and YouTube for new episodes daily: thebenchreport.co.uk

Subscribe to our Substack 

Shape our next episode! Get in touch with an issue important to you - Producer Tom will grab another coffee and start the research!

Email us: thebenchreportuk@gmail.com

Follow us on YouTubeX, Bluesky, Facebook, Instagram and TikTok! @benchreportUK

Support us for bonus and extended episodes + more.

No outside chatter: source material only taken from Hansard and the Parliament UK website.  

Contains Parliamentary information repurposed under the Open Parliament Licence v3.0....

Ivan

Hello and welcome again to The Bench Report, concise summaries of debates and briefings from the benches of the UK Parliament. A new topic every episode. You're listening to Amy and Ivan.

Amy

Today, we're looking into something quite personal, patient health records here in the UK, how your information is handled, who gets to see it and what's changing.

Ivan

Absolutely. It's a complex area. Let's start with the basics. Your rights. You do have a right to access your own health records, don't you? How does that actually work with privacy?

Amy

You do. It's mainly governed by the Data Protection Act 2018. And generally, getting access shouldn't cost you anything.

Ivan

No charge.

Amy

Usually not. And they should provide the records within about a month. But it's not absolute.

Ivan

Ah, OK. So there are situations where access might be refused.

Amy

Yes, exactly. If, for example, sharing the information could cause serious harm either to you or to someone else, then access can be limited or denied.

Ivan

I see. So even with that right, limits exist. What about the other way around? When do health care professionals have to share your information, maybe even without your consent?

Amy

Well, confidentiality is fundamental, really. It's a cornerstone. But certain laws actually require disclosure.

Ivan

Require it? Like when?

Amy

For instance, specific contagious diseases must be reported to public health authorities. Or if there's a case of FGM involving someone under 18, that has to be reported to the police.

Ivan

OK, so specific legal duties.

Amy

Correct. And there's also the common law duty of confidentiality that can sometimes be overridden if there's an overriding public interest.

Ivan

Meaning?

Amy

Meaning situations where disclosure is necessary to protect individuals or maybe society more broadly from really serious harm.

Ivan

And this That can even apply to genetic information, sharing it with family.

Amy

In some specific, quite narrow circumstances, yes. If a patient refuses to share genetic information that could prevent serious harm to a close relative, there might be grounds to share it anyway. It's very carefully considered, though.

Ivan

It sounds like a real balancing act. And this whole issue seems complicated by how fragmented health records currently are in the UK. There isn't one single central record for everyone, is there?

Amy

That's right, there isn't. Your GP record is usually separate from your hospital records, for instance. And this fragmentation, well, Well, it causes challenges.

Ivan

Challenges for patient care, I imagine. And research, too.

Amy

Definitely. Getting a complete picture can be difficult. Now, there has been progress on electronic records as of May 2025. About 91% of secondary care trusts have them.

Ivan

Only 91%?

Amy

Yes. But the target is for all trusts to have electronic patient record systems by March 2026. Okay, so

Ivan

that's one step. But what about pulling it all together? What are the big government plans for that?

Amy

Well, the big engagement came in October 2024. The plan is to create a single patient record accessible through the NHS app.

Ivan

The NHS app. So everything in one place on your phone, potentially.

Amy

That's the idea. Consolidating your health information, test results, hospital letters. The aim is to start rolling this out from 2028. And

Ivan

there's legislation backing this up.

Amy

Yes. The Data Use and Access Act 2025 is key here. It received royal assent just this June. And the potential benefits they're talking about are quite significant.

Ivan

Such as?

Amy

Things like saving an estimated 140,000 NHS staff hours every year, reducing duplicate lab tests by almost 9%. Wow,

Ivan

that's substantial.

Amy

And potentially preventing around 20 deaths a year just from medication errors when patients are transferred between care settings really highlights the impact.

Ivan

It really does. Are there other systems involved in this push?

Amy

There are. You've got the Summary Care Record, which provides essential information for emergency care. And then there's the Federated Data Platform.

Ivan

Federated Data Platform. What does that do?

Amy

It's not one giant database. Think of it more like a secure network that connects existing NHS systems. It allows approved users to access the data they need safely without pooling it all in one place.

Ivan

Okay, so connecting the dots rather than creating one huge file. Yeah. But all this data sharing... How does the public feel, especially when private tech companies might be involved or when AI comes into play?

Amy

That's a crucial question. The Sudlow Review, which came out in November 2024, looked into public attitudes. It found, perhaps surprisingly, really strong support for using health data for good, for individual benefit and for society.

Ivan

Strong support.

Amy

Overwhelmingly so, according to the review. However, there's also a lot of public mistrust when it comes to private technology companies handling NHS data.

Ivan

Mistrust. Why?

Amy

People worry about privacy being eroded or their data being used for profit rather than patient benefit. That's a definite tension point.

Ivan

I can understand that concern. And what about just keeping the data safe? Cybersecurity must be a massive issue. We hear about NHS cyber attacks.

Amy

It absolutely is. The 2025 National Risk Register flags the NHS as a major target for cyber criminals. And we've seen the impact.

Ivan

Like the WannaCry attack.

Amy

Exactly. WannaCry in 2017 and more recently the Synovus incident in June 2024. These attacks caused thousands of appointments to be canceled. Operations postponed. The disruption and costs run into millions.

Ivan

What makes the NHS vulnerable?

Amy

Often it's things like outdated IT systems in some areas and also a shortage of skilled cybersecurity professionals within the health service.

Ivan

Are steps being taken to fix that?

Amy

Yes. There's a government cybersecurity strategy specifically for health and social care running up to 2030. And there's a new cybersecurity and resilience bill intended to strengthen defenses across critical sectors, including health.

Ivan

Right. One last area, artificial intelligence.

Amy

Yeah.

Ivan

How is AI starting to interact with all these patient records?

Amy

It's definitely an emerging area. The NHS is already trialing AI tools for different things. Like what? Analyzing text and health records, for example, to potentially spot patterns or risks. Using AI to convert spoken clinician notes into text to save admin time. Even trying to predict future health conditions.

Ivan

Predicting disorders. How accurate is that?

Amy

Well, some trials have shown predictive accuracy levels between 68% and 81%, which sounds promising.

Ivan

But also means that Potential error rate of 19% to 32%.

Amy

Precisely. And when you're dealing with someone's health, that error rate is obviously critical. So AI offers huge opportunities for better, faster care, but also brings significant ethical challenges.

Ivan

Challenges around data misuse, security breaches.

Amy

All of those. Plus, ensuring the AI is trained on accurate, representative data to avoid biases leading to incorrect diagnoses. It's a complex frontier.

Ivan

So wrapping this up. Your health data is clearly becoming more connected, more powerful. There's this constant push and pull between your privacy and using data for the greater good.

Amy

Definitely. And this whole journey towards a more digital, integrated NHS is incredibly complex. It's about balancing innovation and efficiency with the absolute need for security and maintaining public trust.

Ivan

It certainly is. And it leaves you thinking.

Amy

Indeed. As our health data gets smarter and more interconnected, how much real control Take care. Take care.

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Parliament Matters Artwork

Parliament Matters

Hansard Society