Feeds

Summary care records - you might die, but they never will

Once you can opt in, you can never opt out

Internet Security Threat Report 2014

Patients can decide whether or not to have their Summary Care Records included on the NHS national database, but if they change their mind afterwards there is no way to delete the record.

This emerged after a concerned Hampshire doctor asked several Primary Care Trusts what their policy was using Freedom of Information requests.

Dr Neil Bhatia wrote to the Information Commissioner's Office last week to ask if they consider the policy adequately follows data protection principles.

Bhatia said: "The government can in an instant, effortlessly and for free lose 25 million child benefit records but appears to have neither the funds not the technological capability to delete an individual medical record uploaded to the Summary Care Record."

The policy of automatically assuming everyone in the country is happy to have such an entry on a government database is already controversial. Forcing people to opt out is already unpopular, so stopping people from deleting their records is likely to raise more concerns.

The Department of Health told Bhatia in response to a previous request: "Whilst Health Ministers have determined that patients need not have an SCR if they do not want one, this should not be understood to mean that once created an SCR can be completely removed. Records can be made inaccessible to staff in a number of ways, but the cost of completely removing them would be prohibitive.

"As with all digital records systems, complete removal would require the hardware holding records to be completely sanitised. This is a process that destroys all data held, for example on a server or hard drive, and not just a particular record."

The DoH also claims "the issue of audit and the medico-legal evidential significance of the SCR" means that complete removal would be inappropriate even if technically possible. Bhatia pointed out this would only be true if the record had been accessed and changed.

Earlier this month the National Programme for IT changed the rules to allow people to opt out of having an SCR without appearing in person at their doctor's surgery.

Bhatia's surgery and website has advice for patients wishing to opt out of the project. If you don't want your medical records included, you should get in touch with your doctor sharpish.

A spokesperson for the ICO told us: "The ICO has met, and continues to meet, with NHS Connecting for Health about data protection matters, including data retention. The Data Protection Act clearly states that all organisations must store personal information for only as long as necessary. Personal information that is no longer required must be deleted to ensure compliance with the Act."®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.