Thursday, September 18, 2008

Acess to health records - two major announcements

The last 48 hours have seen two major announcements about changes to access restrictions for patients records in the UK's National Health Service. The first will require staff are to seek patients' specific consent before reading their electronic medical records, the second was an announcement of a consultation with the public and healthcare professionals on the use of patient information for purposes such as health research and managing and planning care.

Connecting for Health, the agency charged with the delivery of the NHS's National Programme for IT has finally bowed to pressure from a wide range of patient and professional groups and changed the "consent model" which will be used in an attempt to protect patient confidentiality when dealing with electronic health records uploaded onto the "spine". As has been noted on this blog and elsewhere the original model assumed the consent of patients to upload and share the information they gave to healthcare professionals, unless they actively "opted out", and proposed the use of sealed envelopes for particularly sensitive information. This has been challenged in various ways and was criticised in the evaluation of pilot projects by University College London, published in May.

According to The Guardian 638,000 patients in the five trial areas were written to about plans to share their GP records, only about 2,500 opted out and 500 said their records could be uploaded with conditions. However many thousands in the trial areas were unaware of the public information campaigns, and NHS staff were often unaware of an obligation to patients who wanted to be notified when staff wanted access to their file.

According to the report on E-Health Insider Professor Patricia Greenhalgh, the lead author of the UCL report, said she was delighted by the decision.

“The most consistent and disturbing finding from the UCL evaluation of the SCR was concern from NHS staff, patients, professional organisations and civil liberties groups about the original ‘implied consent’ model,” she said.

According to the Health Service Journal this new approach provides a simplified model which has the backing of the BMA, Royal College of Nursing, medical defense unions, chief information officers and the General Medical Council.

This change is seen as moving the system in England towards the one chosen in Scotland and Wales, more of a consent to view - however it could be argued that consent to share is still implied as patients will not be asked directly whether they are happy for their records to be shared via the national spine.

The second independent but related announcement, concerns a 12 week "consultation exercise" being run by Tribal Consulting for Connecting for Health giving patients and the public the opportunity to comment on the ways in which their information is used for research and planning purposes and examine the potential benefits, legal safeguards and practical steps available to meet confidentiality and ethical obligations. This follows various criticisms of the ways in which the "Secondary Uses Service/NHS Information Centre" operates, and criticisms of the Care Records Guarantee.

Some of the questions included are:

* Who should have access to patient data?
* For what additional or secondary uses should data be used other than direct care?
* What process should govern access when individual patients can or cannot be identified?
* Who should control and manage access to the information?
* What consent options and safeguards should there be for patients?
* What concerns do people have about secondary uses and how can they best be addressed?

The public consultation covers the use of patient information for uses such as:

* Research into prevention and treatment of diseases
* Improving public health
* Managing and planning future health services
* (Health) planning screening
* Quality control (clinical audit)

It will be interesting to see how much involvement there is from the public and health professionals, although the impressions given by the "experts" on the news release page suggest that the benefits are a given - and runs the risk of suggesting that a decision has already been made to share the information - and that the consultation will only affect how this might be done. According to E-Health Insider Professor Michael Thick (chief clinical officer for NHS Connecting for Health) said people would not give explicit consent to their information being included in the new service, which will collect data automatically from the NHS CRS, Choose and Book, and other national systems. He also indicated that patients would not be able to opt out, although they will be able to apply under section 10 of the Data Protection Act to prevent use of data that would cause them distress.

As discussed on this blog when the report, entitled the Data Sharing Review by Richard Thomas, the Information Commissioner, and Mark Walport, the director of the Welcome Trust, came out in July, there is a major difference between anonymous and identifiable personal data. When Connecting for Health say that " while patient identifiers will “normally” be removed from the information “sometimes” these will be required", alarm bells should start ringing.

The safeguards provided by NHS Research Ethics Committees need to be very carefully examined if they can grant access to pseudonymised and in some cases patient identifiable data, as well as anonymised records.

According to PULSE the consultation will also raise questions over the extent to which the NHS should be sharing data with external researchers. Last year Connecting for Health’s subcontractor BT suggested in a written submission to the Health Select Committee that pseudonymised patient data could be shared with pharmaceutical company researchers to earn the NHS cash.

The invitiation to consult along with supporting documentation can be found at and I would encourage everyone with an interest to get involved.

I feel these two announcements suggest that the balance between patient confidentiality/privacy and the demands of governments and other organisations which trawl personal data need to be very carefully observed.

Labels: , , , ,


Post a Comment

<< Home