Feeds

BMA may seek NHS records system boycott

DoH 'unlawful'

Intelligent flash storage arrays

Doctors will be advised to refuse to use the NHS's computer system unless the Department of Health (DoH) changes its mind on behaviour which the British Medical Association says is unlawful.

The DoH has refused to allow a large number of patients to opt out of its controversial computerised patient records system, which is still in development. The BMA says that that refusal is unlawful and could result in a boycott of the system by GPs.

"We believe this particular suggestion by the DoH is unlawful and certainly it's outwith our understanding of the Data Protection Act," said Dr Richard Vautry, the BMA's negotiator on IT issues and a member of its GP committee.

"If they insist on that position, which we think is untenable, then it would mean that we would be obliged to advise practices not to get involved in putting any information into the summary care record," Vautry told OUT-LAW.

The system depends on GPs inputting the information and would be likely to collapse if GPs refused to carry out that task. "I'm sure practices would be very unwilling to do so because they would feel that it would put them in a very legally indefensible position," said Vautry.

The DoH did not respond to a request for comment before publication.

The controversy stems from a letter sent by the DoH to a large number of people who asked to opt out of the system. The Department told them that they could not opt out unless they could show 'substantial and unwarranted distress' would be caused by being in the system.

The BMA says that the Department had no right to make that judgment. Under the Data Protection Act the only person who can make that kind of ruling is the data controller, said Dr Chris Pounder, a data protection expert with Pinsent Masons, the law firm behind OUT-LAW.

That has traditionally been the GP and not the Department, and by making that judgment the Department was essentially declaring itself the data controller.

"By stating in its letter the fact that the DoH will offer the right to object to the processing of personal data, the DoH is claiming the status of data controller under the Data Protection Act," said Pounder. "As a data controller, the DoH can determine the purpose and manner of the processing of the nation's health records."

The BMA believes that the DoH may already be softening its position. "What we intend to do is seek clarity from the DoH on the issue because from the press statements Lord Warner was giving a few days ago he was indicating that there had been a change of policy within the department in response to reports," said Vautry. "As part of the press briefing he indicated that patients would be able to truly opt out, so we'll need to find out what that means."

The BMA backed an opt in rather than opt out system, but has lent its support to the summary care record plan unveiled this week.

Vautry said that although the DoH has always owned patient records it has always been the GP practice that has been the data controller in working practice. The DoH's letter marks an attempt to fundamentally change that.

"The reasons that you gave as the basis for claiming substantial and unwarranted distress are not based on an accurate understanding of the summary care record," said the letter, which was sent by the DoH to people who requested an opt out.

"This could play into the hands of the critics who argue that once the NHS system is up and running, then the DoH would be in a position to exploit the medical records for different purposes in future," said Pounder.

"The problem is that if a patient were to take action as a result of information being uploaded to the record against their wishes it is likely in our view that it would be the GP that would find themselves in the firing line, and we think that's unacceptable and it's our responsibility as the BMA to ensure that GPs are not put in such a vulnerable situation," said Vautry.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.