Feeds

NHS chief cans patient control over health record access

Opt out guarantees downgraded?

  • alert
  • submit to reddit

Boost IT visibility and business value

Government claims that patients would be able to opt out of the new National Health Service care records service (NHS CRS) have been undermined by the Department of Health's head of digital information policy. Assurances on privacy and confidentiality have previously been made by the Minister responsible for the NHS Programme for IT, John Hutton, but in a series of emails to a GP policy boss Phil Walker made it clear that patients will have little real control over their personal records.

According to a report by Radio 4's Today programme this morning, Walker said that decisions regarding the storage of patient data would primarily be the responsibility of the GP, and that the patient would have no right to veto the recording of information, or to say what should or should not be recorded. A spokesman later claimed to the programme that patients could discuss what details were recorded with their doctor, and have control over who is allowed to access them, except in an emergency. This was claimed as constituting the "opt out" Hutton had previously offered, and Walker's emails were claimed to be entirely in line with this policy.

The arguments over patient records arise from the nature of the change being brought in with the NHS CRS. Currently patient records are held by the GP in whatever format the GP chooses, whereas the new centralised system will allow instant access to any patient's medical records from anywhere within the NHS. In principle this should make treating patients throughout the service more efficient and reliable, and immediate access to data could be life-saving in emergencies. But who is allowed to access the data, when, and the nature of the data recorded clearly becomes an issue of concern for both the patient and the GP.

Seeking to squash suspicions about this area for the new centralised NHS IT structure, Hutton had said that patients could choose to have no records kept on the NHS CRS at all, or to restrict access to sensitive information in a sealed "electronic envelope" which could be accessed only in emergencies. Walker's statements however seem to suggest that the patient's rights here are dependent on the particular GP agreeing to them, i.e. it's not a patient opt-out, it's a GP-agreed patient opt-out.

If this is the case, Hutton's previous statements have been somewhat opaque on the subject. In answer to a parliamentary question last year, Hutton said: "The national programme for information technology is incorporating stringent security controls and safeguards that will mean patients have more control over who has access to their information than is possible with existing systems... A fundamental principle in the implementation of the national health service care records service (NHS CRS) is that confidentiality and privacy of sensitive patient information must not be compromised" and "Patients will have the right to specify that detailed information recorded at the point of contact with the NHS should not be available to other NHS organisations via the summary record held on their NHS care record. They will also have the right to define some information as especially sensitive and only accessible under terms of explicit consent. This reinforces the key statutory safeguards set out in the Data Protection Act 1998, with which all information users must comply. These facilities have been designed in to the NHS CRS...

"The Data Protection Act also provides patients with a right, where they are suffering substantial damage or distress, to object to processing of their data, including to prevent their data being held at all in an identifiable form, though this is expected to be a very rare event. We are currently considering how this right should apply to implementation of the NHS care record." (Examples of other Hutton answers can be found here and here.)

Today's revelations cast considerable doubt over these apparently cast-iron guarantees, and reopen the whole question of patient rights, privacy and confidentiality. In another answer last year Hutton trailed a "major public awareness campaign... to address the full range of issues posed by implementation of a national health service care records service (NHS CRS) and to ensure that NHS patients know their rights and how information about them can be used within the health service."

Right now that looks just a little bit urgent, although the NHS should probably nail down what the policy actually is before it kicks off the campaign. ®

Related Stories:

DoH broadens technology choice for GPs
NPfIT boss prepares to cut failing suppliers
GPs have no faith in £6bn NHS IT programme
Flagship NHS project in danger

Build a business case: developing custom apps

More from The Register

next story
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.