A senior government official agreed on Thursday that patients should be allowed to opt out of having their personal health information put on a centralised medical records database.
The government is investing at least £6bn over the next nine years to update the NHS' IT systems, including putting patient data from the hospital and GP computer systems into a centralised database, which can be accessed by health professionals and government officials around the country.
Earlier this year, officials from the NHS National Programme for IT said that patients can only opt out of having their data stored in 'extreme circumstances'.
But Caroline Flint, the parliamentary under-secretary at the Department of Health, said on Thursday that people will not be forced to deregister from the NHS in order to prevent their health information from being shared.
"We recognise that there will be some people who feel so strongly about what they see as threats to the confidentiality of their personal health information that they will seek to remove any possibility of this information being shared within the NHS. Let me make it clear, however, that we do not envisage any circumstances in which patients who choose to have some or all of their records deleted will be 'deregistered' from the NHS or otherwise denied NHS care against their wishes," said Flint in a House of Commons debate.
This follows the case of a health professional, Helen Wilkinson, who discovered she had been mistakenly registered as an alcoholic on her medical records. Concerned about who might have access to this false information, she asked to have her records removed from the NHS systems. After being told this was not possible, she decided to withdraw from the NHS as a patient so that her records could be removed from NHS computer systems.
Wilkinson's story was related to the House by conservative MP Paul Goodman, who explained the risks of having potentially sensitive information accessed by a large number of people.
"Other NHS patients will be as concerned as Helen about the confidentiality of their records, if those records end up on a national system that a large number of NHS bodies and individuals, including social workers for example, can access," said Goodman. "Those records will contain information about such sensitive matters as sexuality, ethnicity, genetics, mental health, intellectual impairment, illicit drug use, imprisonment, abortion, contraception, impotence, paternity, infertility, HIV, personal relationships, domestic violence, rape and abuse in childhood."
The government argues that the centralised system is important to improve patient care and allow patients to be treated by different health professionals in different environments.
But Ross Anderson, a privacy advocate and Cambridge University professor, told ZDNet that a centralised medical system could be detrimental in emergency situations.
"The last thing an A&E [accident & emergency] consultant wants is to be confronted with a medical record -- all 4 gigabytes of it. You treat what you see," said Anderson. "If you have diabetes, you should have a bracelet or card in your wallet. If you suddenly get rid of these and put the information in a fancy computer, what's going to happen if you keel over on a jet over the Atlantic, or the server crashes, or the doctor forgets his password."
Anderson said the public should use the opportunity that the government has given them to boycott the centralised system.
"If you have had surgery in the last 10 years, send a letter to the medical director of hospital and demand to be removed from all central NHS systems -- NWCS and HES. Write to your GP and insist that you are not put on the NHS data spine or care recovery service database," said Anderson. "If enough people boycott having centralised NHS records, with a bit of luck the service will be abandoned."
Talkback
anderson = tree hugger - clearly this guy needs to wake up and realise that the NHS IT changes will represent a real step forward to getting a 21st century NHS - of course this isnt the only thing that needs to happen but it will make a real difference.
I can see the concerns about the right to privacy and confidentiality being infringed if staff do not follow NHS Information Governance procedures but I for one will take the small risk in pursuit of better healthcare for myself and my family.
I base my conclusions on a horrendous experience with current systems which may not (hopefully) be typical but which I went through:
I was diagnosed with cancer and opted to be referred to a hospital in London for the recommended operation (the choice was based on consultant recommendation and performance statistics from NWCS/HES). After a few weeks with no appointment I found (by contacting the consultants secretary in London myself) that they had not received the referral letter – a second one was sent a couple of days later after I contacted the local consultants secretary and she had had a chance to check my notes. A further delay occurred as it turned out (more phone calls by me) that the London hospital was waiting for my local test results etc to decide on the treatment but the local hospital was not aware of this. More chasing locally and faxing of the paper records (I had to supply the fax number).
The outpatient appointment came within a week and I was booked in two weeks later.
During all this time my GP could not help as he was not aware of what was going on once he ‘handed over’ to the hospital and had confirmation that I was due to be referred to London.
Six months after the operation I received an outpatient appointment from my local hospital which I assumed was a follow-up on the treatment – it turned out that they were not aware I had already had the operation and were proposing to admit me as an urgent case!
The medical treatment was excellent but what an administrative fiasco! Roll-on the electronic record.
I work in the NHS and for years have been striving to improve information systems for more effective service management. Following this experience I am more convinced than ever that sorting out the way patients are managed is just as important. We cannot do that without sharing data under the right safeguards.
While I understand the bright and shiny intention, I have absolutely no confidence whatsoever that 'they' will get it right. In my dealings with state run resources (NHS, HMRC, Agencies etc) the staff tend to be ok, but embattled, but their IT support systems suck .. hugely.
I will be opting to have my records remain on paper in my GP's surgery. I am assuming that the other option is to have them held electronically in the Spine, which to my mind is simply not a safe option.
When HMRC lose my companies 2004/5 NIC records (as they just did) it's a bit inconvenient. When the NHS screw up my medical records it is potentially fatal.
Maybe if the project was treated as a life critical system, rather than just a juicy profit centre it would be fairing a little better.