Feeds

Patients gain right to scrub e-records from NHS database

Forceps, scalpel, data deletion tool...

Next gen security for virtualised datacentres

NHS patients will be given the ability to scrub electronic records of their treatments and medical conditions from a proposed national medical database.

The concession to patient privacy and data protection follows negotiations between health service officials and data protection watchdogs at the Information Commissioner's Office (ICO), The Guardian reports. Patients - who already had the right to opt out of the scheme - now have the right to have their medical records deleted instead of simply masked once they are put onto the system.

Health officials have previously fended off security concerns about data transmitted over the NHS extranet, which is called the Spine. They also claimed as recently as last month that the cost of running a system for deleting individual summary care records (SCRs) would be too expensive, instead offering to put in place a system to hide records from general access while still retaining them on the database.

The summary care records are designed to provide NHS doctors and nurses with ready access to care records irrespective of whether a patient has visited a particular hospital or facility before. Details will include past treatments, notes of possible allergies, drugs being taken and medical conditions already being treated. The information would be particularly useful in cases where a patient is in no state to answer questions, or is responsive but unable to recall details of their medical history.

The same SCRs could be used to indicate a dying patient's preference not be be resuscitated in cases where they experience a heart attack, for example. Tens of thousands of these summary records have already been established during pilot schemes in Bolton and Bury.

Dr Gillian Braunold, a medical director of the programme, told The Guardian that although most people see the benefits of the scheme, a "significant minority" want no part in it. The change in deletion policy means that "the deletion option is there if [individuals] are not happy they can choose to have [their SCR] deleted physically".

One important exception remains, however. In cases where a patient's SCR file has already been used, then it would be archived rather than deleted for legal reasons, Dr Braunold explained.

Some GPs, as well as privacy activists, oppose the scheme. One of the main concerns is that data held on the system will be accessible to all authorised users instead of only clinical staff treating a particular patient.

The records system is run by NHS agency Connecting for Health (CfH), who people would need to contact with a request to have their medical records deleted. However its unclear what forms and red tape might be involved. Suspicion also remains that the simple act of a GP accessing the records, for example, might be used as a bureaucratic excuse to refuse deletion.

An ICO spokeswoman confirmed that deletion of medical records would now be possible following talks between the watchdog and managers from the CfH.

In a statement, the ICO explained the thinking behind the procedure:

People want the assurance that they can restrict who can access their personal details in NHS electronic records.

We met recently with Connecting for Health (CfH) to discuss the permanent deletion of summary care records once a patient requests their summary record no longer appears on the database.

We are pleased that as a result of these discussions CfH have found a way to ensure that these records are permanently removed from the database when appropriate and we are continuing to talk to them about how this is put into practice.

Information can be removed by contacting CfH and making a request, the ICO spokeswoman added. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.