This site is intended for health professionals only

At the heart of general practice since 1960

pul jul aug2020 cover 80x101px
Read the latest issue online

Independents' Day

Immigration centres able to access patient records from 2,700 practices

Exclusive Healthcare professionals in police stations and immigration removal centres are able to access the full patient records from 2,700 practices, Pulse can reveal.

A report obtained by Pulse reveals that around 6,600 organisations using the SystmOne IT system can view the records of GP patients who registered with a practice on the system, if the practice has switched on the sharing function and the patient hasn’t explicitly objected.

These organisations include healthcare staff contracted to 23 police station ‘custody suites’, prisons, and immigration removal centres, including Yarl’s Wood, where asylum seekers are held while pending immigration status.

SystmOne developer TPP said that only registered health professionals within the organisations could access records and that national sharing was ‘immensely powerful’ for ensuring patients get the best care.

But the GPC’s IT policy lead, Dr Paul Cundy, told Pulse that GPs would struggle to explain to patients which organisations will have access to the records.

This could put them potentially at breach of the Data Protection Act, and the GPC advises GPs must be able to inform patients who might be able to see their records, where, when, what parts of their records and for how long.

Pulse revealed earlier this year that the Information Commissioner’s Office (ICO) had raised concerns about SystmOne’s data sharing model.

How does the model work?

SystmOne’s data-sharing model allows organisations using the system to see the records of patients in around 2,700 SystmOne GP practices if the practice has enabled ‘data sharing’ for its patients – which most practices do, and the GMC encourages this.

Under the ‘data sharing’ function, in most cases patients are opted in by the practice as long as the practices runs an ‘awareness drive’ – meaning patients would have to actively opt out if they do not want their data shared. But TPP told Pulse it ‘remains of the view that explicit consent is best’.

Even with the patients’ ‘implied consent’, other organisations have to ask the patient before accessing their full records.

However, there is an ‘override’ function that allows the organisations to view the full record of a patient if they can’t get the patient’s consent, if they are unconscious, for example.

There are safeguards for the override function; patients can explicitly opt out and the use of an override alerts the patient’s practice.

After Pulse reported this, a change was brought in allowing patients to see which organisations have accessed their records. Though practices were already able to generate reports of all the organisations on SystmOne that are able to access records.

One of these reports generated by a practice, obtained by Pulse, reveal that healthcare professionals in around 6,600 organisations have access to patient records, a number which is growing daily.

They include NHS organisations such as A&Es, district nursing groups and GP out-of-hours providers on SystmOne.

However, they also include non-NHS organisations such as healthcare professionals in police stations, prisons and the immigration removal centres.

TPP’s medical director Dr John Parry told Pulse that he understood that GPs have obligations under the Data Protection Act.

However, he added: ‘I worked in GP out of hours for many years, and it’s immensely powerful –with appropriate safeguards – to be able to say to a patient, yes I understand your problem, shall we look at your last few hospital letters.’

Dr Parry said that this could apply to places such as police stations. He added: ‘There have been some never events, in custody suites, where people with medical conditions have come to serious harm because they didn’t know what was wrong with them.

‘This is for healthcare professionals providing care for those in custody, it’s not part of the police national computer, the desk sergeant doesn’t have access to this information, it’s under the control of health professionals.’

But Dr Cundy told Pulse: ‘I don’t believe any GP has ever fully understood the extent of this sharing. So if the GP has not understood it, then how can you fully inform anyone.

‘Even now, now practices can see this list of 6,600 [organisations], how do you fairly inform patients about that?

‘It’s completely unreasonable to assume that patients will understand the scale of the sharing, or be happy with sharing with [clinical staff in] custody suites.’


Readers' comments (5)

  • Let’s not forget that the patients whom health professionals attend in custody suites, and similar institutions, are members of the public who find themselves incarcerated for a variety of reasons. They are often vulnerable and may be entirely innocent of any crime. Some of them are injured and need hospitalisation; others have long term conditions such as diabetes and asthma which need prompt attention; many have mental health and substance misuse problems and these can profoundly affect their welfare whilst in custody. Making it possible for their carers to access clinical data, with their explicit consent, which has potential to ensure that they are treated promptly and correctly is a great step forward. Let’s hope that if you, or someone you care about, are ever unfortunate enough to be in a custody suite and need medical attention, then the clinician who attends will be able to offer you the choice of care which is enhanced by access to your patient record. I think we can be reasonably confident that the relatives of Anthony Brown, Darren Lyons and Valdas Jasiunas would all welcome this development. Each of them had pre-existing medical problems which were relevant to their deaths in custody.
    Dr John Connolly
    GP and Clinical Director at TPP

    Unsuitable or offensive? Report this comment

  • The argument put forward by Dr John Connelly is not without merit and is clearly well intentioned but rather misses the point. And he seems to be out of step with his employers. If it is so beneficial for an individual’s entire medical record information to be rendered so widely accessible then there should be no difficulty informing patients of this modus operandum and obtaining their explicit consent before it is placed on his database. This is a decision for the individual patient who must be fully informed.

    Day in, day out patients divulge sensitive information about their vulnerabilities to us as individual clinicians. They trust us to keep that information very private. This includes information about past life experience and stigmatizing or even criminal behaviour.

    If we automatically share information between all of us, many patients will stop divulging information to any of us. That is where the major public health risk really lies.

    As data controllers under the Data Protection Act, practices are obliged to provide accurate and reliable “fair processing information” to patients and we are obliged to allow patients to opt out of such processing should they require it. If we fulfilled that process properly and reliably, the workload would be little different than if we were obliged to obtain individual explicit consent to such data streaming. If such explicit consent cannot be secured in the routine safety of the GP surgery that patients choose to attend when fully conscious and sober, how can one possibly claim that consent obtained in a custodial setting is a sufficient alternative, coercion free, ethical safeguard?

    I have no direct familiarity with the tragic cases of Anthony Brown, Darren Lyons and Valdas Jasiunas and it would be wrong to base health policy on three awful anecdotes. But press reports of all three cases suggest that when they needed help none of them had capacity to give consent for access to their records, all deteriorated substantially before the arrival of a health professional and in at least the last case, police records had not been updated from a previous detention. In those multifactorial events, to the extent that the need for information was a determining factor in their deaths, it seems it might have been sufficient and quicker for the essential data to be recorded on a low tech card in their wallet/pockets or on a medic alert bracelet accessible to the humblest first aid trained constable.

    As Chelsea Manning demonstrated, the biggest security vulnerability of any database is the unauthorised use of a database by an otherwise legitimately authorised user. As the number of data subjects on a database increases, the more it is likely to be targeted. As the number of people with access increases, the greater the risk that they will include people who are malign, or who are vulnerable to the influence of people in the working environment around them. Properly informed, it would be entirely legitimate for patients to choose not to take Dr Connelly’s advice in respect of their data. As TPP told Pulse “Explicit consent is best”.

    Unsuitable or offensive? Report this comment

  • Dear John,
    As Paul says there is apparent merit in your argument but someone has to cut through your emotive smoke screen. You offer interesting examples of explicit consent; under arrest, locked up in a cell, possibly unfairly, vulnerable, maybe an element of mental illness, very likely inebriated, maybe injured or possibly diabetic and surrounded by burly blokes in stab vests and this is a situation where consent can be relied upon and consensual. Neither does consent even need to be gained, unless the patient's GP had had the foresight to pre-emptively block that persons individual record, there are overrides. And most of the staff accessing the system will be non professional, trained up civilians, not doctors or nurses.
    But you miss the point, which is whether or not your patients would be surprised to hear that the records their GP holds on them can be accessed at all of these sites. If they weren't told they need to be asked.
    Paul Cundy

    Unsuitable or offensive? Report this comment

  • Spuds

    Confidentiality is the most important factor in a GP-patient relationship.

    Custody medics can do adequate medicine without going into all the notes.

    Keep GP notes for use by the registered GP practice only.

    Unsuitable or offensive? Report this comment

  • Where are the human rights??
    and UK wants to make human rights lessons to the entire world??
    This is double standard !!
    The only solution is individual medical files, as with smart cards for instance, protected by pin code.
    Only vital information should be accessible, and with different access from the health professional depending of his field, with a professional access electronic key...

    Unsuitable or offensive? Report this comment

Have your say