This site is intended for health professionals only

At the heart of general practice since 1960

Who gets access to patient data?

MPs call for Department of Health Inquiry GPs express fears of confidentiality of Care Record

MPs call for Department of Health Inquiry GPs express fears of confidentiality of Care Record

Ask Professor Ross Anderson what patients have to fear from the Secondary Uses Service, and he immediately brings it close to home.

Very close to home.

‘My postcode's got four houses in it,' he says. ‘If you find a 50-year-old male at my postcode then you've got me. That's as little information as is needed to pull somebody's records out of SUS if you've got access to it.'

That access, he worries, is likely to be widespread, as increasing numbers of researchers are given the right to use the system.

‘We'll give it to hundreds of thousands of researchers, civil servants, clinical auditors, drug companies, Uncle Tom Cobley and all,' he warns.

Plans to use patients' electronic records for research in the Secondary Uses Service have so far received relatively little media attention – but they are one of the most controversial areas of the care records project.

The Health Select Committee's report into the electronic patient record, published last week, devoted an entire chapter to the topic, concluding there was an ‘urgent need' for a Department of Health review.

Speaking to Pulse before the report was published, Professor Anderson – professor in security engineering at the University of Cambridge and a world expert in his field – has no doubts about the significance of SUS.

‘This is where the rubber hits the road,' he says.

The need for researchers to have access to patient records is clear. Without data, there can be no research.

Giving evidence to MPs, Dr Mark Walport of the Wellcome Trust argues: ‘The opportunity in England to have potentially 50 million health records with good record linkage offers enormously important opportunities for improving patient health.'

Lives at risk

The Academy of Medical Sciences puts it even more starkly. It warns that ‘disproportionate constraints on the use of health information can compromise the quality and validity of research results, leading to potentially misleading claims, or even costing lives'.

Labour MP and committee chair Kevin Barron says: ‘The health service has only developed in the past 60 years on the basis of information it collects itself. That's how we improve healthcare in this country.'

But the amount of information being passed to researchers is set to increase exponentially.

The Department of Health intends to make data from both summary and detailed care records available through SUS, arguing that the new systems are ‘a major opportunity' to expand the scope for research.

And, as the select committee's report put it: ‘While explicit patient consent is the ideal means of allowing access to data, it is often impossible to ask for consent in practice, particularly when using historical data.'

Yet others insist that assuming consent is unethical, and could be against European law. If patients cannot stop their data being passed on, critics argue, they may start lying about their symptoms to their GP.

Ethical decisions

Patients may also decide they do not want to help with some forms of research, Professor

Anderson argues. A devout Catholic, for instance, could baulk at her gynaecological records being used to inform medical abortion research.

‘It's a nuclear landmine underneath the SUS that's about to go off, any time now,' he says.

But there are some signs that the Government is starting to tackle these issues.

Connecting for Health says that where patient-identifable data is used for research, consent with positive ‘opt-in' is likely to be more appropriate than a communications exercise and an ‘opt-out' consent model.

But exactly what is and is not patient-identifiable information is a matter for debate.

Most data made available to researchers through the Secondary Uses Service will first have been pseudonymised, a technique which reduces the risk of records in a database being identified by replacing data in key fields, such as a patient's NHS number.

In theory, full pseudonymisation makes it impossible to trace a record back to a patient. But in practice, for data to be of any use to researchers, some fields – such as age, sex and postcode – need to stay intact.

As Pulse revealed in May, leaving even those few details intact could leave the record open to an ‘inference attack'.

In August last year, computer hackers used inference attacks to successfully identify thousands of internet users after online giant AOL made pseudonymised search data about more than 600,000 of its users available to researchers.

‘The bottom line is that patient information will be shared without their consent or even contrary to their dissent,' says Dr Paul Thornton, a GP in Kingsbury in Warwickshire.

Dr Chaand Nagpaul, the GPC negotiator responsible for IT issues, adds: ‘As we allow uses of data further away from the original intent we need to make sure that there are safeguards.'

Just what those safeguards may be, though, remains unclear – at least until the Department of Health responds to the Health Select Committee's report in two months' time.

Dr Richard Taylor, committee member and independent MP, says: ‘It's an incredibly difficult situation. I don't know where the answer lies. One's got to have the information for the people doing the research and yet somehow protect confidentiality.'

That could prove impossible.

Health committee cautiously backs Care Record

The Health Select Committee's report into the electronic patient record last week is the latest in a series of investigations into the controversial National Programme for IT.

Although the report raised concerns over the Secondary Uses Service and called for better communication and clarity over care records, it was generally supportive of the scheme.

In particular, it backed Connecting for Health's controversial ‘opt-out' consent model for the Summary Care Record, much criticised by GPs.

But previous inquiries have come to sterner conclusions.

In June 2006, a report from the National Audit Office warned the national programme presented the Department of Health with ‘significant challenges'.

An investigation by the BBC later found the report had been toned down before publication.

In April this year, a damning report from the Public Accounts Committee said the national programme had lost the backing of GPs and required ‘urgent remedial action' at ‘the highest level'.

Tory MP Edward Leigh, chair of the committee, said the project was ‘not looking good', and its benefits were ‘unclear'.

But despite calls from the Public Accounts Committee, a panel of 23 academics and the BMA, the Government has repeatedly refused to hold an independent public inquiry into the programme.

In a statement last month, the Department of Health said it did ‘not consider there are grounds for an independent review of the business case at this stage'.

Dr Paul Thornton: confidentiality is at risk even if patients refuse to share information Dr Paul Thornton: confidentiality is at risk even if patients refuse to share information Dr Paul Thornton Dr Paul Thornton

The bottom line is that patient information will be shared withouth their consent

Rate this article 

Click to rate

  • 1 star out of 5
  • 2 stars out of 5
  • 3 stars out of 5
  • 4 stars out of 5
  • 5 stars out of 5

0 out of 5 stars

Have your say