A crackdown is needed on the way health service officials treat confidential information about patients after demands were made for details of millions of GP appointments, privacy campaigners said.
Concerns were raised when an appointment booking service was asked to handover records about the dates, times and lengths of appointments made with family doctors in England as well as reasons for consultations, partial postcodes and dates of birth.
NHS England said the letter making the request was old and did not explain its plans.
It will now work with GPs to collect information but insisted partial postcodes and dates of birth will not be gathered.
Campaigners said the explanation "doesn't cut the mustard" and gave a "terrifying" insight into the way data is treated in the health service.
Phil Booth, coordinator of patient confidentiality campaign medConfidential, said he believed the letter breached the Data Protection Act.
"Whether they have changed the plan or not, the fact that they wrote that letter was unlawful," he said.
"It was their clear intent to go for patient data. It's indicative of a culture and a way of thinking that says collect it all and decide what to do with it later."
He added: "It just doesn't cut the mustard. They should not have done it in the first place."
Mr Booth called for stronger oversight of the way information about patients is dealt with.
He added: "It is terrifying. We saw this one but what else is going on?
"If they decide to rip up the rule book and go for patient data we have a very serious problem.
"The NHS can't afford another devastating collapse in trust."
Appointment booking service EMIS Health was asked to hand over the information urgently by NHS official Tracey Grainger to allow GP workloads to be assessed.
The company said no data had been released in response to the request.
"We can confirm that EMIS Health, along, we believe, with all the other GP software suppliers in England, received a request from NHS England about a proposed data extract," a spokesman said.
"As a software provider, EMIS Health is the data processor not the data controller. This responsibility rests with GP practices who must give their consent to any extract as the data controllers of this information.
"We have strict information governance procedures that we follow for any request of this nature. As well as internal assessment this includes careful consultation with a representative panel of our GP practices.
"No data has been released in response to this request. We remain in consultation with the representative panel."
An NHS England spokesman said: "It is crucial not to misunderstand what is being proposed. We are not talking about individual personal information in this letter.
"What we are referring to is overall statistics for GP surgeries on issues such as total numbers of appointments. Practices have asked us if we could secure more help from the system suppliers in auditing their data so as to reduce their costs and workload.
"Such information is clearly needed to ensure the £125 million is wisely invested through the Prime Minister's GP access fund. To repeat, there is no question whatsoever of patients' personal information being shared with NHS England."