Government claims on Care Record security 'simply false'
By Steve Nowottny
Critics of the National Programme for IT have attacked a Government report as ‘simply untruthful', after it backed security measures used in the controversial Secondary Uses Service.
In its response last week to the Health Select Committee's inquiry into the electronic patient record, the Department of Health rejected calls for patients to give consent before particularly sensitive data, held inside so-called sealed envelopes, is used for research purposes.
The report said: ‘Patient consent to the use of anonymised or effectively pseudonymised data is not required by law.'
But campaigners attacked the government's response, arguing NHS staff already access patient-identifiable data through SUS.
Last week Pulse revealed that three SUS users in every organisation within the NHS have been given access to patient-identifiable information contained with Commissioning Data Sets and Payment by Results data.
Professor Ross Anderson, a world expert in security engineering at the University of Cambridge, said: ‘The Department's justification is not just an evasion but is simply untruthful. They claim that the design of SUS ‘ensures that patient confidentiality is protected' when it fact it doesn't.'
‘Even if you ask for your data to be kept private, three people at each of hundreds of different organisations get to paw through it.'
Dr Neil Bhatia, a GP in Yateley in Hampshire, described the response as a ‘farce', and Dr Paul Thornton, a GP in Kingsbury in War-wickshire, said it was ‘a complete falsehood.'
The Department accepted other criticisms from MPs over the Secondary Uses Service – but claimed it had ‘already taken steps that will ad-dress these recommendations.'
A new National Information Governance Board, which will replace the existing Patient Information Advisory Group, has been established to over-see the use of patient data in the SUS. A majority of the board's members will be members of the public recruited via ‘a national public advertising campaign'.
The department has also launched research into the effectiveness of pseudonymisation.
Meanwhile in an exclusive interview with Pulse, GPC chair Dr Laurence Buckman this week denied the BMA had endorsed the department's plans for the Secondary Uses Service.
‘Are there secondary uses for data that is collected through Connecting for Health?' he said. ‘No. Patients gave that data for specific purposes, it shouldn't be used for anything else.'IT Will identifiable patient data be made available through SUS?
Will identifiable patient data be made available through SUS?
'Patient consent to the use of anonymised or effectively pseudonymised data is not required by law and the use of such data for secondary uses, including research, is both accepted and actively promoted by the relevant profes-sional and regulatory bodies' – Department of Health re-sponse to MPs
‘There is identifiable data held within SUS, but access to this is strictly controlled… The restriction to three users per organisation is a means of limiting this access' - Connecting for Health statement to Pulse