Feeds

NHS chief cans patient control over health record access

Opt out guarantees downgraded?

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Government claims that patients would be able to opt out of the new National Health Service care records service (NHS CRS) have been undermined by the Department of Health's head of digital information policy. Assurances on privacy and confidentiality have previously been made by the Minister responsible for the NHS Programme for IT, John Hutton, but in a series of emails to a GP policy boss Phil Walker made it clear that patients will have little real control over their personal records.

According to a report by Radio 4's Today programme this morning, Walker said that decisions regarding the storage of patient data would primarily be the responsibility of the GP, and that the patient would have no right to veto the recording of information, or to say what should or should not be recorded. A spokesman later claimed to the programme that patients could discuss what details were recorded with their doctor, and have control over who is allowed to access them, except in an emergency. This was claimed as constituting the "opt out" Hutton had previously offered, and Walker's emails were claimed to be entirely in line with this policy.

The arguments over patient records arise from the nature of the change being brought in with the NHS CRS. Currently patient records are held by the GP in whatever format the GP chooses, whereas the new centralised system will allow instant access to any patient's medical records from anywhere within the NHS. In principle this should make treating patients throughout the service more efficient and reliable, and immediate access to data could be life-saving in emergencies. But who is allowed to access the data, when, and the nature of the data recorded clearly becomes an issue of concern for both the patient and the GP.

Seeking to squash suspicions about this area for the new centralised NHS IT structure, Hutton had said that patients could choose to have no records kept on the NHS CRS at all, or to restrict access to sensitive information in a sealed "electronic envelope" which could be accessed only in emergencies. Walker's statements however seem to suggest that the patient's rights here are dependent on the particular GP agreeing to them, i.e. it's not a patient opt-out, it's a GP-agreed patient opt-out.

If this is the case, Hutton's previous statements have been somewhat opaque on the subject. In answer to a parliamentary question last year, Hutton said: "The national programme for information technology is incorporating stringent security controls and safeguards that will mean patients have more control over who has access to their information than is possible with existing systems... A fundamental principle in the implementation of the national health service care records service (NHS CRS) is that confidentiality and privacy of sensitive patient information must not be compromised" and "Patients will have the right to specify that detailed information recorded at the point of contact with the NHS should not be available to other NHS organisations via the summary record held on their NHS care record. They will also have the right to define some information as especially sensitive and only accessible under terms of explicit consent. This reinforces the key statutory safeguards set out in the Data Protection Act 1998, with which all information users must comply. These facilities have been designed in to the NHS CRS...

"The Data Protection Act also provides patients with a right, where they are suffering substantial damage or distress, to object to processing of their data, including to prevent their data being held at all in an identifiable form, though this is expected to be a very rare event. We are currently considering how this right should apply to implementation of the NHS care record." (Examples of other Hutton answers can be found here and here.)

Today's revelations cast considerable doubt over these apparently cast-iron guarantees, and reopen the whole question of patient rights, privacy and confidentiality. In another answer last year Hutton trailed a "major public awareness campaign... to address the full range of issues posed by implementation of a national health service care records service (NHS CRS) and to ensure that NHS patients know their rights and how information about them can be used within the health service."

Right now that looks just a little bit urgent, although the NHS should probably nail down what the policy actually is before it kicks off the campaign. ®

Related Stories:

DoH broadens technology choice for GPs
NPfIT boss prepares to cut failing suppliers
GPs have no faith in £6bn NHS IT programme
Flagship NHS project in danger

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.