NHS Confidential?
June 8, 2008 at 8:42 pm | In Musings, Paperwork, Winds me up | 8 CommentsTags: NHS Spine, patient confidentiality, opt-out
Last week I wrote an entry entitled Repetition bemoaning the number of times of that I had to enter exactly the same information, on different forms, about the same woman when booking her. I was musing upon the fact that in our electronic age there was not a computer programme, which would allow me with one press of a button to print off all the necessary paperwork. One of the comments I received about the post was from Helen at TheBigOptOut.Org concerning confidentiality and the information about data protection that I give my women. I will admit that initially I was defensive; I felt that I was giving them all the information there was to know, well as much as I knew anyway. Now I know that not only was I sketching a very incomplete outline for them but I also had no idea what was happening to anyone’s, including my own, medical details. I should really have been more savvy, after all it’s not the first time that a government body has allowed personal details to be passed on to other companies. I’m thinking here of DVLA and the way our details, which we have to submit if we wish to be driving legally, are sold to private firms. £15 million is what DVLA have apparently made from allowing car clampers, solicitors etc. to have access to our personal details. Following an outcry about this back in 2005 the government promised to tighten DVLA’s information release practices, however Liberal Democrat M.P Norman Baker obtained figures recently from the Department of Transport and commented that “It’s quite clear that the Government has failed to live up to its promise to stop the inappropriate release of information.”
The situation at present is that all our medical records, hospital and G.P are, if they’re not already they soon will be, being stored electronically. Is that a problem? Well, if you don’t want anyone employed within the NHS to have some degree of access to them, yes it is. You know that receptionist at your G.P’s surgery, the one who lives in the next road, well she will have access to some of your personal information. I’m using the future tense here, in many practices this is already happening, and in some of the practices I have contact with anyone who is able to logon can read ALL about you. I have to admit that this does not overly concern me, after all they are sworn to secrecy when they sign their contracts, it’s not pleasant knowing that someone you see at the school gates may know all your medical complaints but it’s exactly the same when you bump into your G.P at the supermarket, and he rarely sniggers at you whilst whispering to his wife!
So, what does concern me? It’s the way we have no control over who else, what unnamed individuals or companies may be allowed access to, or indeed sent, our medical details. Dr Foster, you have heard of this information giver, well apparently they receive all their info “from data provided by individual trusts and doctors, as well as from the Department of Health.” (BMJ 2002), and what’s more it is given to them in identifiable form. Incidentally, whilst trawling around Dr Foster I found this interesting little contribution from The National Audit Office concerning the “joint venture between the Information Centre and a private sector company Dr Foster LLP” . Staggering to read the monetary details between the Department of Health and The NHS Information Centre’s deal with Dr F “The Information Centre paid £12 million in cash for a 50 per cent share of the joint venture. This price included an acknowledged strategic premium of between £2.5 million and £4 million, and was higher than their financial advisers’ indicative valuation of the share. The Department also spent more than £1.7 million on professional fees, £50,000 of which was paid to Dr Foster Ltd for advice about the establishment of the Information Centre and a possible relationship with the private sector. The report also raises concerns about the Department’s decision to pay Dr Foster Ltd for advice when it had already entered discussions about a partnership”. Nice money if you can find some government body willing to pay it.
So, now we know how the government sells our details what is there we can do about it? Apparently we can opt-out, well we could if we knew how. The organisation I linked to at the beginning, The Big Opt Out, have a page which advises on the pro’s and con’s of opting out, and also how to go about it. Remember, it is up to you to make the move, consent is implied.
What do Doctors think about this? NHS Blog Doctor wrote about the issue back in March, he seems to have very little confidence in the Spine’s ability to maintain patient confidentiality “The British government promised that there would be strict confidentiality of all private medical records uploaded to the NHS Spine. The government lied”. Dr Rant is far more directive in his approach ” OPT OUT NOW” is his advise. Dr Paul Thornton, in written evidence to The House of Commons Select Committee on Health says “There is a direct conflict between the sharing of information, even among health care professionals, and the protection of patient privacy. Patients divulge information to individuals, perhaps to teams, rarely to institutions and certainly not to the entirety of the National Health Service. The risk to privacy increases in proportion to the number of users of a database.” And boy are there going to be a awful lot of users. (This written evidence is brilliant, well worth reading). According to the Guardian two-thirds of G.P’s are going to boycott the scheme, hardly confidence giving.
The computer world itself is questioning the security of a national database. Martyn Hart, chairman of The National Outsourcing Association, said in Computerworld ”The only place you can make that kind of arrangement work is where there is strict control and governance, like in the army. Not in a health organisation.”
There is no stopping the governments plans for amalgamating all our health records…but….I finish with his from the Guardian article:-
“After a Guardian campaign last year ministers conceded that patients would have the right to stop their medical files being passed from the GP to an NHS data warehouse known as the Spine.
But they said everyone not exercising this veto would be assumed to have given “implied consent”.”
8 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
-
A Midwife’s Muse-
Flickr Photos
More Photos -
Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.
Brilliant, thank you a lovely article. You have done a lot of reading. It is a full-time for about 5 us at TBOO to keep on top of the reading with emails flying literally numerous times a day! Never mind the patients, campaigning, organising vonteers etc.
Comment by helen — June 9, 2008 #
I for one won’t be opting out. If, God forbid, I should have an accident anywhere in the country and I was admitted unconcious, I would like to know that they had all my medical details to hand. As for IT individuals having access to the systems, yes they do but these personnel go through a very high security check and also have to sign a confidentiality agreement. The systems will have auditting on them, so if people do choose to pry willy nilly at details, they will be traceable.
Comment by Jessio — June 9, 2008 #
Jessio – From the ready access to your medical records should you be admitted unconscious it is an excellent scheme. My problem is with the auditing of access, this is not monitored well at present and will in fact be an extremely hit and miss affair and also the fact that non-anonimised records are being sent, and more will be sent, to other agencies. How long before insurance companies etc. are given the right to see them? We had the fiasco with child benefit data and medical data before, I am unhappy about the whole area which may be because I work for the NHS and I really do not want colleagues etc. perusing my personal details.
Comment by midwifemuse — June 9, 2008 #
The other side of the coin is if you have say 30 million people on the database there will be errors with NHS Staff in a hurry getting the wrong patient with a similar/same name, date of birth. If you have a serious allergic reaction to say penicillin you may end up receiving it if you are unconscious and they have not accurately identified you. This could be deadly or life threatening. Also, who will take responsibility if NHS staff enter clinical details on the wrong patient medical records? Will a patient have to prove the information is incorrect to get it amended? Who will take responsibility for correcting it? Who will monitor medical records to ensure they correct? How much work will all this entail?
Additionally Scotland and Wales are setting up a different systems unique to themselves. These systems are not compatible at all. All 3 systems are incompatible. If you are taken ill in Scotland or Wales they will not be able to access your medical records at all. Hence back to the sytems we currently use.
Helen
Comment by helen — June 9, 2008 #
Ok, at the moment anybody at the hospital/doctors have access to everybodies medical records, from the cleaners up. All they have to do is go to where the records are stored and hey presto, they can dig out your notes. With the IT systems being implemented, they will have to be given access to the system to enable them to read patient notes. As I understand it, these systems are tiered, so not all data will be available to all personnel.They have to have a reason to require access. The companies installing these systems are not the same who did the Child Benefit and Tax systems, they did not even bid for the contracts, they cannot be tarred with the same brush.
Remember, the only safe computer is the one that is not networked and I bet they are very few and far between nowadays.
Comment by Jessio — June 10, 2008 #
Unfortunately its not that simple. Firstly its much harder to local a patients paper notes as you need to know which GP they are registered with and which hospitals they have attended. Its like looking for a needle in a haystack.
NHS Passwords are shared in Hospital Trusts. Its gets so manic you just go to a colleagues PC. Staff just do not have time to logging in and out.Yes its not good but that is the reality of the situation.
This makes auditing who has access to your records very difficult.
Its not nationally laid down who will have what level of access to the sytsem its down to Hospital Trusts and GP Surgery’s who will have to decide what level of access to give staff. Some Hosptial Consultant, for example, may give their temporary Secretary full clinical access, so they can, for example, manage radiology and pathology result. Surgeons’are very likely to give this level of access. I have had this level of access when I worked as a Clinical Coordinator. Although the Consultant was very honorable and did inform patients. I needed this level of accessto be able to do my job. This was on standalone Hospital Trust System (old system).
MP’s are raising the issue of monitoring the audit trials and who has had access to the medical records as in the Pilot Areas for the IT system NHS staff are unable to cope with managing/policing the audit trials.
Damien Green MP raised this in the House of Commons.
http://www.parliament.the-stationery-office.co.uk/pa/cm200708/cmhansrd/cm080515/text/80515w0004.htm
A Freedom of Information Request to Bolton Primary Care Trust which is one of pilot areas for the scheme has shown that NHS staff are having serious problems monitoring/policing the audit trials for SPINE/Summary Care Record.
http://www.ehiprimarycare.com/News/3585/cfh_says_scr_audit_trails_%E2%80%98clunky%E2%80%99
With the number of Agency staff that work in the NHS, for example, Nurses it will be so incredibly easy for them to access the medical records of patients. They then leave the job but the damage to the patient is done. It may have catastrophic and disastrous consequences for the patient. The patient will have no come back as its not a criminal offense and the Agency member of staff will have left (having givem the medical information to a private detective, ex-husband, press etc) and be on the way back to the Austrialia/New Zealand.
Unfortunately its already happening (with the new IT system) a debt collector connected us wanting make sure his details where secure on this new IT system as he calls on NHS staff collecting debts from them. Apparently the going rate on the black market is £300.
Comment by laneendsurgery — June 10, 2008 #
In the industry I am in, logging in/accessing a PC/System that is already logged in by another user is a sackable offence, quite rightly so as we are dealing with issues of national security. Maybe the NHS should shake up its’ staff by doing the same.
Comment by Jessio — June 13, 2008 #
Jessio – My prime objection to the government controlling our data is their seeming belief that once they have our details they are able to pass them on (sell them) to any other agencies.
The arguement concerning persons able to access paper records easily is doubtful as firstly the person searching for them requires a patient number as generally records are stored by numer rather than name and……the number is obtained via a computer. Secondly the areas medical records are stored in is locked or, if regarding a current patient stored where the medical staff are.
I’m pleased to know that in your industry, involving national security, there are rigourous controls over computer access. Here I would refer to the quote from Martyn Hart (above)”The only place you can make that kind of arrangement work is where there is strict control and governance, like in the army. Not in a health organisation.”
In the NHS there is limited computer access on the wards. A typical postnatal ward will have 1 ward clerk, 3 midwives, assorted visiting doctors/managers and 1, or if you are really lucky, 2 terminals. These are needed for multiple different tasks from accessing pathology results to obtaining an NHS number for a baby. As a midwife who may be caring for 10 women and babies, accompanying doctors on ward rounds, transferring, discharging and admitting women on the computer when I need a blood result in a hurry I will look it up the quickest way possible, which is not logging out and then logging in again.
Helen mentioned agency staff and the ‘damage’ they may cause. My perspective is far more that of the damage they may do by not being able to access functions on the computer.
Comment by midwifemuse — June 13, 2008 #