‘The single patient record is a once-in-a-generation opportunity for the NHS’
GP and clinical adviser to NHS England Dr Phil Koczan explains why the single patient record is not about creating one giant database; but connecting clinicians to the information they need
I’ve been a GP in north east London for more than 30 years and have always been passionate about using technology to improve how we work and provide care – particularly around record sharing, both locally and nationally.
I’ve been supporting the work of NHS England around the plans for the single patient record. There are significant challenges but, if we can get this right, the benefits are huge.
The public have said they want it, and they want us to get on with it. As you’d expect, they want complete assurance on data security, on tiered access – so only the right people see the right information – and for there to be a record of who has accessed it. The single patient record is being built on those principles.
GP systems hold a staggering number of records, and the single patient record must offer close to real-time updates to deliver on its aims. We have already proved we can achieve this. The London Care Record [a digital system that shares health and social care information from GPs, hospitals, and councils across London] is accessed more than 30 million times a year – with annual time saved calculated to be worth almost £50 million.
As an example, I recently had an urgent report from a trust X-ray department about a patient I’d referred with a fracture. It wasn’t clear if the patient had been informed and sent to the emergency department, but I could see on the system they were already there, so there was no need for me to spend time contacting them.
The downside, of course, is that if records are held outside the OneLondon [a collaborative of London’s five ICSs and the London Ambulance Service] area then l wouldn’t have been able to check this. We need a national service, and this is once in a generation opportunity to achieve that.
It’s true it’s complex, with so many systems and interfaces. But it’s not enough to just say that people have tried this before and failed and give up before starting.
The architecture for the single patient record is still being designed. It has been proven this is achievable regionally and the next logical step is to take that nationally. I think as a profession we need to do all we can to be part of that solution.
Security and information governance is clearly mission critical. The single patient record is being designed to Secure by Design standards, with principles of segmented data storage, tiered access and an audit trail of who has accessed what – designed in conjunction with the National Cyber Security Centre.
I understand why colleagues are worried about risk. We are talking about some of the most sensitive data that exists – people’s health records – and we should expect searching questions.
But it’s important to be clear about what is actually being proposed, and what isn’t. Security here isn’t an afterthought, it is the starting point. The system is being designed so that access is tightly controlled.
Not everyone in the NHS will be able to see everything. In fact, the principle is the opposite: only those directly involved in a patient’s care can access the information they need. That access will be recorded, visible and auditable.
The idea that this would involve taking every GP record in the country and putting it all into one giant central database is simply not how this is being designed. The intention is not to replace GP systems or hospital records, but to connect them more effectively so that, when needed, the right information can be seen in the right place.
In many ways, we are building on what we already have in Shared Care Records, just doing it more consistently and more securely at a national level.
Fragmentation carries its own risks. Currently, patient information is spread across multiple systems, often not joined up, with workarounds and duplication. We all know the clinical risks of not having the full picture in front of us, especially in urgent or complex care.
A more joined up approach, done properly, is about reducing that risk as much as anything else.
On consent and privacy, this isn’t about changing the rules of the game. The same legal safeguards apply – confidentiality, data protection law and patient choice.
Where data is used beyond direct care, there are already established controls, including the national data opt out, and the single patient record will be designed with these principles in mind and communicated transparently.
Importantly, this approach gives patients more visibility and control over their own data than they have today.
We will also address the concerns about the single patient record, including sensitive information that the patient may not want to be shared; safeguarding information that should not be widely shared, particularly with the patient; and abnormal results or output from multi-disciplinary team meetings that have not yet been communicated or explained to the patient.
Of course, the scale is significant and that does mean we have to get this right. But scale on its own does not automatically mean greater risk. It depends entirely on how you design access, governance and security. Those are exactly the areas where the most effort is going in.
For me, the bigger question is this: Is the current situation of fragmented records, incomplete information and inconsistent safeguards really the safer option? Or do we have an opportunity to do better for patients, while strengthening trust in how their data is used? I believe we do have that opportunity. And as a profession, we should be shaping it, not standing back from it.
The single patient record will give us an invaluable single point of truth for both the clinician and the patient. The benefits of that cannot be understated. We should work together to meet the challenges and be part of the solution.
Dr Phil Koczan is a GP, clinical adviser at NHS England, and fellow of the Royal College of General Practitioners. He is also clinical safety officer for the OneLondon programme.
Have you got a view you want to share with Pulse?
We’re always open to first-hand pieces and opinions from GPs.
Email your piece for consideration to be published on our site.
Related Articles
READERS' COMMENTS [3]
Please note, only GPs are permitted to add comments to articles
I understand everything you write and claim and the view you cheer for, Dr Koczan. And, done properly, I could agree with you, as a caring clinician, about the benefits of the SPR. But your view, though optimistic, is naive. You have declared your conflict of interest ie, advisor to (soon to be defunct) NHSE.
Your view avoids political context: of decline in trust in the governing class, the rise of trillionaire surveillance capitalism (see Palantir, Clearview, Cambridge Analytica), corruption (see Mandelson and ilk), hacking and spying, the technofeudal opportunity, and of possible private equity assault.
It also avoids the philosophical and ethical issues around privacy, consent, capture, surveillance, opportunities for discrimination. It particularly avoids understanding of the right of freedom, to individuality, to avoid tools of possible oppression. You talk about truth in a throwaway manner.
There are ways to enhance information sharing and connectivity to facilitate the dr-pt consultation while maintaining strict control by the GP and the patient of their data and inputs. And organisations like eg Mozilla (rather than Palantir) would be better placed and trusted.
But this Health Bill is wrong. You must be more trusting than I, and I can’t share your enthusiasm.
So the bird flew away – eloquently put!
This is an opportunity for a private company to have a monopoly on the population’s health records and data whilst earning millions. We really dont learn that by giving huge contracts and control of important assets to these types of companies we are eventually held to ransom for upgrades, bail outs, maintenance etc and is there an actual ceiling on costs as there will be no alternative to the system. This is before we start with holding companies to account for poor performance, data breaches etc in any financially meaningful way. The NHS is not world class at writing contracts and worse at enforcing any monetary penalties when terms are not met. Large private companies are adept at contract management and avoiding penalty clauses. They have entire divisions of savvy lawyers.
How can we forget the £10 billion NHS programme for IT debacle 2002-2011 (I think) Root causes for its failure being cited as top down mandates, lack of end user consultation, poor contract writing and unrealistic scope. Anything ringing alarm bells?
Whilst I admire the ambition I believe there are other ways of systems talking to systems sharing information and being secure. Ways in which we can own our own data and profit from it.
Clearly the author is passionate and invested but again I also have to agree naive even if we’re just looking at the costs of development. Concerns as always are plans developed by a few at the helm of NHSE removed from the front line reassuring themselves by working with like minded but not necessarily representative clinicians that this is a sound strategy.
The potential of the information held by them is an enormous asset, let’s not put this in the hands of morally questionable institutions.
The comments above are all true so I won’t repeat them. On the ground the current information on our clinical system is increasingly populated in a way that makes looking back in any meaningful in person consultation more difficult. Simple look ups of an acute result may well be easier but our care of recurrent presentations in our complex patients is often made harder often finding referrals and investigations are repeated time and time again because looking back in the record is just too clogged up.