This site is intended for health professionals only


Longstanding fears over consent and confidentiality are realised



If it feels like Pulse has been writing about consent and confidentiality fears related to the Summary Care Record forever, then that’s because in IT terms we have been.

Back in 2007, when the rollout began, Twitter was a largely unknown microblogging service and the very first iPhone was yet to hit the shops. Technological innovation moves at a more stately pace when it’s the NHS is doing it.

That year, Pulse ran a ‘Common Sense on IT’ campaign which highlighted a series of concerns over the consent and confidentiality safeguards in the new system.

GPs wanted patients to have to give explicit rather than merely implied consent before records were created. Plans to use data within the records for research purposes without explicit consent had Catholic and Muslim leaders up in arms, because they feared the research could be purposes contrary to their faiths, such as abortion or stem cell research.

We revealed that celebrities, politicians and other patients whose information is regarded as sensitive would be exempted from the automatic creation of a Summary Care Record, raising questions about the system’s security. And we reported that patients who did not initially choose to opt out of the Summary Care Record would be unable to have their records subsequently deleted.           

At the time, it felt as though the stories, while interesting and concerning, were somewhat theoretical. The Summary Care Record’s deployment to date had been patchy and it was far from certain it would continue. In the meantime, fewer than 1% of patients had bothered to opt out. (Now, with nearly 22 million records created and more than 41 million patients contacted, the figure stands at 1.34%).

But the news today that 4,201 patients had Summary Care Records created without them giving even implied consent – and that they will not be able to have them deleted – reignites the whole debate. Suddenly ‘what if’ scenarios have become reality.

There remain a series of questions about the incident, questions which the Department of Health has so far declined to answer. Where did the incident take place? Who was the supplier involved? And most crucially of all, have the patients affected even been informed?

There is also a real question over why the DH has decided that the records cannot be deleted. Although we reported in April 2009 that patients would not be able to delete Summary Care Records once created in order to maintain the audit trail, the next month, following a meeting with the Information Commissioner, Connecting for Health said that patients would now be able to have their record deleted on request, so long as it had not already been accessed as part of someone’s care. According to the official Summary Care Records website this appears to still be the case. (GP campaigner Dr Neil Bhatia has published a ‘deletions process’ document dating from 2010 here).

To date the rows over consent, confidentiality and security have done little to derail the Summary Care Record. Millions of patients have had records created, there has been some tentative evidence that out-of-hours prescribing and end-of-life care may have improved as a result and though painfully slow, the rollout has continued largely under the radar.

But now that hypothetical problems have become, for at least a few thousand patients, a reality, that may change.