Dr Inglesfield said: "The longitudinal primary care record remains the definitive description of the patient’s health journey. Through this bird’s-eye view we observe our patients as they flow through healthcare settings."
This is getting awfully close to the 'theograph' or God's-eye view which was/is the cherished vision of Tim Straughan. In its full-fledged form, there would be a single massive centralised database of everything, including Chemo, Social Care, Mental Health, Prescribing, In-Patient, ED, Out-patient, and all primary care encounters including all GP activity. That's how the Integrated Digital Care record - care.data - was described by NHS England in a presentation given late 2013.
I don't want to argue the pros and cons of care.data. I would, however, say that patient choice over what happens to their own data is paramount. If NHS England supports and maintains a central database, then the patient should have the choice to opt-in to having their data uploaded to it.
Alternately, I see no reason why the patient should not hold and control their own data. Management of personal data by the person who owns it should be an option. There may be some who don't want to be responsible for their own data. But that's no reason to deny the option to others.
Speaking for myself, I'd be very comfortable with carrying my own personal records (including, but not limited to health) on an AES 256-bit encrypted stick.
Like the previous commenters, I've also opted out.
I would have to echo this: "exactly why do they need individual identifiable data to do any of that.?"
I'd add that from the GP Practice viewpoint, it would seem statistically a lot less risky to
a) be one of several thousand Practices that NHS England might have a go at (if I opted-out all my patients),
b) pray that not one of my several thousand patients might sue me if I broke the law by breaching the Data Protection Act and allowed their personal data to be extracted without their explicit consent and opt-in.
You take your chances either way I suppose.
As an information professional, and one whose business currently has an application in train to become a Data Controller in our own right, I'm acutely aware of the responsibilities involved.
I wrote to my personal physician recently and here's what I said:
As holder of patient data, General Practices are legally obliged to register with the Information Commissioner as Data Controller, and have to comply with the Data Protection Act.
"Although it might appear that the HSCA2012 might override the DPA1998, there’s an interesting set of comments on the EMIS National User Group pages:
Practices as data controller are responsible for ensuring their patients are fully informed under the Data Protection Act.
Care.data will extract patient information from the practice data base. The practice as data controller cannot decline the request from care.data without the risk of prosecution. The only person who can decline the extraction of data is the individual patient.
If patient data is extracted from the practice clinical data base without the patient being made aware then the practice could be prosecuted by the patient. It is thus vital that the practice takes steps to try and inform its practice population about the care.data extraction so that individual patients have the opportunity to opt out of their personal data extraction. "
The implication is, of course, that it would take only one disgruntled patient to successfully sue a Practice, for the entire house of cards (and I chose my metaphors carefully) to come tumbling down.
Practices ought to be aware of just how legally exposed they are.
In my personal view, care.data is simply NPFiT re-animated, and will quite likely suffer the same fate.