From 1 May 2026, general practice in England has been engaged in a form of industrial dissent quite unlike anything the profession has previously attempted. The dispute centres not on pay, premises or pensions, but on who controls the flow of patient information out of the consulting room. Following a 99% rejection of the imposed 2026/27 General Medical Services contract by almost 17,000 GPs in the BMA referendum held in February, the union’s General Practitioners Committee for England, chaired by Dr Katie Bramall, has urged practices across England to cease signing voluntary data sharing agreements for secondary use and to refer all new requests directly to the BMA. Bramall, speaking to Pulse in March, characterised the general practice record as the richest dataset in the Western world and described the resulting action as a deliberate spanner in the works for government strategy. The claim is not rhetorical: it is, by most academic accounts, demonstrably true. The Clinical Practice Research Datalink, a primary care research resource built on contributions from over 2,400 UK GP practices and covering more than 65 million patient records, has been cited in upwards of a thousand peer-reviewed studies. The action therefore poses a question that examination candidates and practising clinicians alike will have to confront: when general practitioners assert themselves as data controllers, against whom are they asserting that control, and to what end?
The contractual trigger and the legal architecture
The proximate cause of the May 2026 action is the unilateral imposition of the 2026/27 General Medical Services and Personal Medical Services contracts by the Department of Health and Social Care in April, following the collapse of negotiations and the BMA referendum result. Yet the action’s mechanism — withholding secondary use data - exploits a legal architecture older than the present dispute. Under the Data Protection Act 2018 and UK GDPR, GP partnerships occupy the position of data controllers for the records they generate, while electronic patient record system suppliers such as EMIS and TPP function as data processors. Patient data flows from primary care into the wider NHS for two categorically distinct purposes: direct individual care, for which lawful bases are well established under Article 6(1)(e) and Article 9(2)(h), and so-called secondary uses such as service planning, commissioning analytics and research, for which separate legal grounds and, frequently, separate data sharing agreements are required. The BMA’s instruction to refuse new voluntary agreements strikes precisely at this second category. As the GPC England guidance issued on 8 May 2026 makes clear, practices are not refusing to share data for direct care, nor are they breaching contractual obligations: they are exercising the controller’s prerogative to decline voluntary agreements that the union argues may not be lawful, nor in the interests of practices. The action is, by design, low risk for the individual partner and high leverage against the system architecture it targets. Whether that architecture deserves such an attack is the question on which medical opinion divides.
The infrastructure stakes: Palantir, the Federated Data Platform and the Single Patient Record
Behind the dispute sits an infrastructure controversy that has been gathering force since the 2023 award of a £330 million seven-year contract for the NHS Federated Data Platform to Palantir Technologies. The platform, which sits across NHS Trusts, Integrated Care Boards and NHS England, aspires to provide a unified analytic substrate for the English health system. It has attracted sustained opposition from clinical unions, parliamentarians and NHS analysts on multiple grounds: the political positioning of Palantir’s leadership, including Peter Thiel’s stated opposition to the NHS in its current form; the company’s contractual entanglements with surveillance and defence agencies; concerns about supplier lock-in and limited write-back to legacy systems; and reports of poor end-user experience among NHS data workers, articulated most publicly in an open letter coordinated by NHS analysts on openDemocracy in May 2026. In April 2026, Zubir Ahmed MP, a junior minister at the Department of Health and Social Care, told the Commons that the government was considering activating a break clause in the contract; the Hansard record of the 16 April debate, in which Martin Wrigley MP and Rachael Maskell MP raised concerns, makes for unusually forthright reading. In May 2026, the NHS England Data and Digital Technology Committee heard that a proposed Single Patient Record was likely to draw on the Federated Data Platform architecture. Sam Smith of medConfidential, giving evidence to the committee and quoted in The Register on 14 May, argued that existing mechanisms already allow secondary care to view live GP records and questioned why an additional centralised system was needed. The BMA action consequently lands at a politically sensitive moment. By instructing practices to throttle the flow of GP-held data into voluntary secondary use agreements, the GPC has functionally inserted itself between government infrastructure ambition and the data on which that ambition depends. The action is not, on its face, an attack on Palantir; in practice, it is difficult to read it otherwise.
What GP data has delivered: CPRD, OpenSAFELY and the evidential weight
Any honest appraisal of the BMA action must reckon with what UK primary care data has, in fact, made possible. The Clinical Practice Research Datalink, profiled by Herrett and colleagues in the International Journal of Epidemiology in 2015, has supported over a thousand peer-reviewed studies on outcomes ranging from cardiovascular pharmacovigilance to cancer epidemiology, and its primary care databases now encompass more than 65 million patients. OpenSAFELY, the secure analytics platform developed by the Bennett Institute at the University of Oxford and the Electronic Health Record Group at the London School of Hygiene and Tropical Medicine in collaboration with the EHR suppliers TPP SystmOne and EMIS Health and with NHS England, produced some of the earliest population-scale evidence on COVID-19 risk factors, vaccine effectiveness and disruption to chronic disease care. The 2023 BJGP Open review by Dambha-Miller and colleagues catalogued the UK’s interlocking ecosystem of primary care research resources — CPRD, QResearch (curated by Hippisley-Cox), OpenSAFELY, the RCGP Research and Surveillance Centre led by de Lusignan, SAIL Databank and the Scottish National Data Safe Haven — and described a research infrastructure that is, by international standards, exceptional. The argument advanced by proponents of secondary use is therefore straightforward: primary care registration covering over 98% of the UK population produces a longitudinal, gatekeeper-curated dataset that no other health system can match, and curtailing its flow imposes opportunity costs that fall not on government but on patients and researchers. The BMA response, articulated by Bramall on 12 May, is that the integrity of these uses depends on public trust, and that trust has been eroded by organisations whose values may not align with the NHS or the profession. Both claims are defensible; neither is sufficient on its own.
The trust deficit: care.data, GPDPR and the rising opt-out
The contemporary dispute cannot be understood without its prehistory. The 2013 care.data programme, intended to centralise primary care records for planning and research, was abandoned in 2016 following the Caldicott Review and sustained criticism over inadequate public engagement and an inadequate communications strategy. The 2021 General Practice Data for Planning and Research initiative collapsed under a similar load: in the month leading up to its 23 June 2021 opt-out deadline, over 1.3 million people in England added themselves to the National Data Opt-Out, raising the population rate from 2.77% to 4.97% according to the analysis by Tazare, Henderson, Morley, Blake, McDonald, Williamson and Strongman published in 2024 in BJGP Open. By October 2024, analysis by the Nuffield Trust placed the figure at 5.4%, totalling over 3.3 million people. These opt-outs are not uniformly distributed: the same Tazare analysis documented an 83% rise in opt-out rate among women and disproportionate rises in particular age and regional groups, with implications for selection bias in downstream research that have yet to be fully reckoned with. Dame Fiona Caldicott, whose successive reviews shaped the National Data Guardian role, repeatedly emphasised that the maintenance of public trust is the precondition of useful health data infrastructure, not its consequence. The successor National Data Guardian, Dr Nicola Byrne, has explicitly invoked the lessons of care.data and GPDPR in cautioning that any commercial actor within the Federated Data Platform must prove to the public that it is trustworthy. The BMA action thus draws on a constituency that has already partially withdrawn its consent through the opt-out mechanism; whether it will deepen that withdrawal or instead refocus public debate on infrastructure design rather than data flow is, at present, unclear.
The ethical fault line: direct care, secondary use and the Caldicott legacy
The deeper unease that the action exposes concerns the conceptual fragility of the direct-care/secondary-use distinction. The Caldicott Principles, most recently revised in 2020 under the eighth principle clarifying that there should be no surprises for the patient, presuppose a clear separation: information shared for individual care operates under a strong professional duty of confidence and an implied consent model, while secondary uses require either explicit consent, statutory authority under Section 251 of the National Health Service Act 2006, or the application of the National Data Opt-Out. In practice, modern integrated care arrangements blur these categories. Population health management, risk stratification, neighbourhood health team commissioning and AI-assisted triage all rely on aggregated patient data whose purpose lies somewhere between direct and indirect care. The BMA position is, in essence, that this blurring has been allowed to advance without commensurate democratic scrutiny, and that GP partnerships, as data controllers, retain the right and the duty to refuse participation in agreements they cannot endorse. Critics respond that the same logic, applied consistently, would undermine the legitimate research and planning uses on which the public health benefits identified by the BMA itself depend. The action also raises a less comfortable question for the profession: in asserting controller authority over secondary use, GPs are also asserting a degree of clinical-political power over the broader NHS data settlement that some patient groups, accustomed to assuming that their records are NHS assets rather than partnership assets, may find surprising. The discomfort cuts in both directions: a profession that protects confidentiality against bad infrastructure is also a profession that can, in principle, withhold data from good infrastructure. The line between the two is contested precisely because no consensus yet exists on where it lies.
Examination relevance for AKT and MLA candidates
For candidates preparing for the Applied Knowledge Test and the Medical Licensing Assessment, the dispute is not merely topical: it sits at the intersection of several content-map domains that examiners routinely test. Confidentiality questions in both assessments draw on the GMC Confidentiality guidance, which distinguishes disclosures for direct care, disclosures for secondary purposes with appropriate safeguards, and disclosures in the public interest. Candidates should be able to articulate the legal basis under UK GDPR for processing health data - Article 9(2)(h) for healthcare purposes and Article 6(1)(e) for public task - and to identify when separate consent, a Section 251 authorisation, or the application of the National Data Opt-Out is required. Vignettes involving secondary use, for example an industry researcher requesting access to anonymised primary care records, or a patient asking whether their data has been shared with a commercial analytics provider, are squarely within the scope of both assessments. Familiarity with the National Data Opt-Out, including which uses it does and does not apply to - it does not apply to anonymised data, to statutory disclosures such as those required by the Health and Social Care Act 2012 or to direct care - is examinable and frequently misunderstood by candidates. Candidates should also recognise the structural distinction between GPs as data controllers and electronic record system suppliers as processors, and the implications for accountability when data flows are challenged. Beyond the technicalities, the dispute offers a case study in professional regulation, industrial relations and informatics policy that may appear in extended matching, single-best-answer or oral formats. A working knowledge of the Caldicott Principles, the role of the National Data Guardian, and the historical lessons of care.data and GPDPR will provide a robust framework for navigating these questions under examination conditions.
