This site is intended for health professionals only

At the heart of general practice since 1960

pul jul aug2020 cover 80x101px
Read the latest issue online

Independents' Day

Longstanding fears over consent and confidentiality are realised

  • Print
  • 9
  • Save

If it feels like Pulse has been writing about consent and confidentiality fears related to the Summary Care Record forever, then that’s because in IT terms we have been.

Back in 2007, when the rollout began, Twitter was a largely unknown microblogging service and the very first iPhone was yet to hit the shops. Technological innovation moves at a more stately pace when it’s the NHS is doing it.

That year, Pulse ran a ‘Common Sense on IT’ campaign which highlighted a series of concerns over the consent and confidentiality safeguards in the new system.

GPs wanted patients to have to give explicit rather than merely implied consent before records were created. Plans to use data within the records for research purposes without explicit consent had Catholic and Muslim leaders up in arms, because they feared the research could be purposes contrary to their faiths, such as abortion or stem cell research.

We revealed that celebrities, politicians and other patients whose information is regarded as sensitive would be exempted from the automatic creation of a Summary Care Record, raising questions about the system’s security. And we reported that patients who did not initially choose to opt out of the Summary Care Record would be unable to have their records subsequently deleted.           

At the time, it felt as though the stories, while interesting and concerning, were somewhat theoretical. The Summary Care Record’s deployment to date had been patchy and it was far from certain it would continue. In the meantime, fewer than 1% of patients had bothered to opt out. (Now, with nearly 22 million records created and more than 41 million patients contacted, the figure stands at 1.34%).

But the news today that 4,201 patients had Summary Care Records created without them giving even implied consent – and that they will not be able to have them deleted – reignites the whole debate. Suddenly ‘what if’ scenarios have become reality.

There remain a series of questions about the incident, questions which the Department of Health has so far declined to answer. Where did the incident take place? Who was the supplier involved? And most crucially of all, have the patients affected even been informed?

There is also a real question over why the DH has decided that the records cannot be deleted. Although we reported in April 2009 that patients would not be able to delete Summary Care Records once created in order to maintain the audit trail, the next month, following a meeting with the Information Commissioner, Connecting for Health said that patients would now be able to have their record deleted on request, so long as it had not already been accessed as part of someone’s care. According to the official Summary Care Records website this appears to still be the case. (GP campaigner Dr Neil Bhatia has published a ‘deletions process’ document dating from 2010 here).

To date the rows over consent, confidentiality and security have done little to derail the Summary Care Record. Millions of patients have had records created, there has been some tentative evidence that out-of-hours prescribing and end-of-life care may have improved as a result and though painfully slow, the rollout has continued largely under the radar.

But now that hypothetical problems have become, for at least a few thousand patients, a reality, that may change.

Readers' comments (9)

  • As the trailing of the Francis Report Mark 2 is currently happening , the growing call for managers that make self evidently poor judgement calls to be permanantly disbarred from public sector service, can we extend the plea to the politicians?
    Those who rode rough shod over a millenia of clinical practice on "obtained consent" to the horror of the majority of reasonable clinicians, are now hanging out to dry some individual who followed their "if they ain't opted out they are in" mantra too zealously.
    A signed ""I want to Join" would have meant forseeable human error failed to create a record on those who wanted an summary record which is less "risky" than the current "forgot to opt out those who wished to" who now have a record they never wanted.
    The "cannot be undone" stance is a compounding strategic faiure of policy making and should be challenged via the European Court.
    To pretend there is a "choice" for individuals then fail to follow the indiciduakls preferred "choice" is malfeasceance in a public office in my opinion.

    Unsuitable or offensive? Report this comment

  • If you want healthcare, we make records. We'll take reasonable care to look after your records, but it would be dangerous and irresponsible of us not to keep records. If you don't like it, then you can't have healthcare.

    Unsuitable or offensive? Report this comment

  • @Peter not sure I understand your comment as no one is saying records cannot be kept just that should be shared only with patient consent.

    Unsuitable or offensive? Report this comment

  • "If you don't like it, then you can't have healthcare." Yes you can, you can go private. Or you can choose not to share sensitive information and leave your NHS GP to guess - now that's irresponsible and dangerous.

    Unsuitable or offensive? Report this comment

  • If I was one of those 4201 patients I would be hopping mad.

    @Peter and @Ann - it seems to me that you may both be missing the point. GPs have always kept records and always will do - this is not in question. There is GMC guidance to GPs as to how they may share that information with others - guidance which (if I remember correctly - I'm now retired!) limits that sharing to those directly involved in the patient's current care, or otherwise only with the patient's informed consent. Only in well defined dire circumstances might confidentiality be breached for protection of the patient or others. It is a system which works well to protect confidentiality.

    Personally I do not trust that any nationally accessible IT system can ever be secure. There are too many access points to keep secure, too many people to trust to use it correctly, and too many technical issues which may occur 'accidentally' (like in the article above). And the thought that anyone who can argue they have a genuine need/interest may gain 'back-office' access is shocking to put it mildly. And if a teenager can hack into the highly protected US Pentagon IT system - who will give odds on the national SCR system remaining intact?

    There is also the issue of mistakes and incorrect data being uploaded. Thus, for safety, any information on the SCR must be checked with the patient, their representative, or their GP... so what is the point?

    Don't we all know that secure confidentiality is essential for the maintenance of Dr/patient trust, which is the cornerstone of effective General Practice? The SCR may hold limited data, but even such basic facts as what medication a patient takes can convey, by inference, extremely sensitive information to the reader.

    As far as I'm concerned, if the royal family and top politicians won't have their records uploaded for security reasons, then neither will I.

    Unsuitable or offensive? Report this comment

  • Mark Struthers

    @Janette Lockhart.

    Hear, hear on all your points well said. But ...

    "Don't we all know that secure confidentiality is essential for the maintenance of Dr/patient trust, which is the cornerstone of effective General Practice?"

    Unsuitable or offensive? Report this comment

  • This comment has been moderated

  • I choose to believe that, unless proven otherwise, 4200 of 4201 patients, are very likely to not care that these records have been put on the spine.

    Only GPs continually bang on about this issue, and its because you don't want oversight of clinical decision making, and not really about patients views at all.

    Sorry, it had to be said. Just look at what kids today stick on facebook.

    (must remember to tick 'anonymously' box)

    Unsuitable or offensive? Report this comment

  • Sean, could you show us the evidence to back your post?

    I doubt any GP would be worried about their record being read - after all, it is easily accessible via Data Protection Act. It may not be instant but as the system tracks your entries, you cannot hide facts retrospectively.

    I agree with Janet. I've just read a modern hacker can break 14 digit password within 10 min. Something which would have taken several decades only a few years ago. The more access point, the worse the security gets. The more input point there s, less accurate the record will become. Anyone who read the old paper record of patient who had several different GP will know this isn't due to digital age - it's the fact medical record has never been made uniform (and its not possible to do so either).

    So we'll end up with unsecured personal data with lots of inaccuracies. And in 10 years time we'll have to employ an Expensive IT firm to re-summarise and re-validate the record to is useful state again.

    Unsuitable or offensive? Report this comment

  • @janet and @michihiro +1 to both of yo for sensible posts.

    Unsuitable or offensive? Report this comment

Have your say

  • Print
  • 9
  • Save