Feeds

NHS chief cans patient control over health record access

Opt out guarantees downgraded?

  • alert
  • submit to reddit

Intelligent flash storage arrays

Government claims that patients would be able to opt out of the new National Health Service care records service (NHS CRS) have been undermined by the Department of Health's head of digital information policy. Assurances on privacy and confidentiality have previously been made by the Minister responsible for the NHS Programme for IT, John Hutton, but in a series of emails to a GP policy boss Phil Walker made it clear that patients will have little real control over their personal records.

According to a report by Radio 4's Today programme this morning, Walker said that decisions regarding the storage of patient data would primarily be the responsibility of the GP, and that the patient would have no right to veto the recording of information, or to say what should or should not be recorded. A spokesman later claimed to the programme that patients could discuss what details were recorded with their doctor, and have control over who is allowed to access them, except in an emergency. This was claimed as constituting the "opt out" Hutton had previously offered, and Walker's emails were claimed to be entirely in line with this policy.

The arguments over patient records arise from the nature of the change being brought in with the NHS CRS. Currently patient records are held by the GP in whatever format the GP chooses, whereas the new centralised system will allow instant access to any patient's medical records from anywhere within the NHS. In principle this should make treating patients throughout the service more efficient and reliable, and immediate access to data could be life-saving in emergencies. But who is allowed to access the data, when, and the nature of the data recorded clearly becomes an issue of concern for both the patient and the GP.

Seeking to squash suspicions about this area for the new centralised NHS IT structure, Hutton had said that patients could choose to have no records kept on the NHS CRS at all, or to restrict access to sensitive information in a sealed "electronic envelope" which could be accessed only in emergencies. Walker's statements however seem to suggest that the patient's rights here are dependent on the particular GP agreeing to them, i.e. it's not a patient opt-out, it's a GP-agreed patient opt-out.

If this is the case, Hutton's previous statements have been somewhat opaque on the subject. In answer to a parliamentary question last year, Hutton said: "The national programme for information technology is incorporating stringent security controls and safeguards that will mean patients have more control over who has access to their information than is possible with existing systems... A fundamental principle in the implementation of the national health service care records service (NHS CRS) is that confidentiality and privacy of sensitive patient information must not be compromised" and "Patients will have the right to specify that detailed information recorded at the point of contact with the NHS should not be available to other NHS organisations via the summary record held on their NHS care record. They will also have the right to define some information as especially sensitive and only accessible under terms of explicit consent. This reinforces the key statutory safeguards set out in the Data Protection Act 1998, with which all information users must comply. These facilities have been designed in to the NHS CRS...

"The Data Protection Act also provides patients with a right, where they are suffering substantial damage or distress, to object to processing of their data, including to prevent their data being held at all in an identifiable form, though this is expected to be a very rare event. We are currently considering how this right should apply to implementation of the NHS care record." (Examples of other Hutton answers can be found here and here.)

Today's revelations cast considerable doubt over these apparently cast-iron guarantees, and reopen the whole question of patient rights, privacy and confidentiality. In another answer last year Hutton trailed a "major public awareness campaign... to address the full range of issues posed by implementation of a national health service care records service (NHS CRS) and to ensure that NHS patients know their rights and how information about them can be used within the health service."

Right now that looks just a little bit urgent, although the NHS should probably nail down what the policy actually is before it kicks off the campaign. ®

Related Stories:

DoH broadens technology choice for GPs
NPfIT boss prepares to cut failing suppliers
GPs have no faith in £6bn NHS IT programme
Flagship NHS project in danger

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.