The British Journal of General Practice has just published an editorial I wrote on Patient confidentiality and central databases. I’m encouraging GPs to make clear to patients that it’s OK to opt out – that they won’t incur the practice’s disapproval. Some practices have distributed leaflets from www.TheBigOptOut.org while others – such as The Oakland practice – have produced their own leaflets. These practices have seen the proportion of patients opting out rise from about 1% to between 6% and 19%. The same thing happened a few years ago in Iceland, where GP participation led to 11% of the population opting out of a central database project, which as a result did not become universal. GPs can help patients do the same here.
The BJGP March issue has the CfH counter attack.
I think April’s letter will be interesting.
Here is the letter that I published in the April issue.
Ross
In an editorial in your March issue [1], senior officials from the Department
of Health claimed of the summary care record (SCR) that `It is a health record
and there will be no access for police, immigration authorities, or others.’
This credulous view was undermined when Computer Weekly noted that the health
minister Ben Bradshaw had already told Parliament last year that the police
have access given a court order, or where there is statutory authority, or
where there is an overriding public interest [2]. As I had pointed out in my
February editorial to which the Department was responding [3], the police have
always been able to get a court order to seize material that is actual evidence
of a crime. For the Department to affect ignorance of this was perplexing.
In practice, medical confidentiality depends on who controls access as much as
on the letter of the law. For example, one of the family planning charities was
asked by the police to supply the names of all their under-16 patients; they
refused, and the police sensibly did not press the matter [4]. Had they gone to
court, there could have been an interesting test of whether UK law on medical
privacy complies with the European Convention on Human Rights (a 2006 study for
the Information Commissioner concluded that it doesn’t [5]). However, in
future the police will have a less troublesome option: they will be able to ask
BT, the custodian of the secondary uses service (SUS). A BT manager may well be
less combative than a practising gynaecologist who sees her patient
relationships, professional integrity, self-esteem and business viability all
directly under threat from a police fishing trip.
Michael Thick and his colleagues also had a letter in your March issue that
made an intemperate personal attack on me for encouraging patients to opt out
of the SCR [6], while their editorial boasted of the fact that patients can opt
out of the SCR. This bluster – that we can opt out of the SCR if we want to,
though it’s irresponsible to suggest that anyone actually do so – was echoed in
Parliament. When Mr Bradshaw was asked whether patients would be able to opt
out of the care records service, he answered it by referring solely to the SCR
[7]. Ministers and officials have been careful to focus on the safeguards for
SCR, and avoid discussing SUS. Yet the new centralised system has at least
three components holding large amounts of identifiable health information –
SUS, the SCR, and the Detailed Care Record (DCR). The first two are already
beyond clinical control, and the third is heading that way as more and more
records from both primary and secondary care migrate from local to hosted
systems. As I noted in February, many government departments have declared
intentions to use identifiable health data, such as the Home Office’s ONSET
database that tries to predict which children will offend. And, despite the
Department’s bluster, GP data have already been used to hunt illegal migrants.
I repeat my call for GPs to make leaflets from The Big Opt Out [8] available in
waiting rooms. This will reassure patients that they will not suffer
discrimination (in the practice at least) if they exercise their advertised
right to opt out. Finally, I would like to invite all GP partners to think very
carefully about whether it’s wise to accept the Department’s kind offer to move
your practice records to a hosted system. Once you lose control, you will have
a hard time getting it back.
Ross Anderson
Professor of Security Engineering
Cambridge University
[1] Davies M, Eccles S, Braunold G, Winfield M, Thick M. Giving control to
patients, BJGP vol 58 no 548, Mar 2008, pp 148–9
[2] Bradshaw B, written answer to Wright J, Hansard Dec 10 2007; cited in
Collins T, `Police to be allowed searches of national database of NHS patient
records’, Computer Weekly, Feb 28 2008
[3] Anderson R. Patient confidentiality and central databases. BJGP vol 58 no
547, Feb 2008, pp 75–76
[4] Foundation for Information Policy Research. Consultation response on The
Data Sharing Review. Feb 15 2008, at http://www.fipr.org
[5] Anderson R, Brown I, Clayton C, Dowty T, Korff D, Munro E. Children’s
Databases — Safety and Privacy. Information Commissioner’s Office, November
2006
[6] Thick M, Eccles S, Braunold G, Winfield M, Pujara M, Short P. Connecting
for Health, BJGP vol 58 no 548, Mar 2008, pp 204–5
[7] Bradshaw B, written answer to Letwin O, Hansard Feb 27 2008
[8] http://www.TheBigOptOut.org
Following tonight’s Panorama programme it seems to me that the government has got its priorities completely wrong.
If just a tiny fraction of the effort and resources that are being provided for the setting up national record databases for the NHS, where to be targeted at combating hospital acquired infections then we might not have patients dieing at the rate of one per hour in our hospitals!
Best Regards,
Richard McFarlane.
http://www.drrant.net/2008/04/joint-guidance-on-protecting-electronic.html
CfH and BMA now issuing guidance on “information governance”
we’re still far from reassured