Can you keep a secret?
- 20 January 2005
Linda Davidson
Confidentiality and security have always been risky issues for the National Programme for IT (NPfIT). They are sensitive, personal and prone to provoke strong reactions; in addition, their complexity makes them quite difficult to explain in simple terms.
A drip-feed of information, briefings, papers and reassuring messages have been sent out from the national programme (see links below) to demonstrate the high priority placed on the preservation of confidentiality through water-tight security.
Last week, a low buzz of discussion in the business and professional media grew to a rather louder noise at the heavyweight end of the national press with an article in The Times.
Alice Miles, writing in the influential opinion pages of The Thunderer, launched a broadside against the idea that a national record system could be secure and suggested instead that the population should carry its records around on smartcards backed up at GP practices.
It delivered a smack to bring tears to the eyes of anyone who has laboured over the ‘legitimate relationship’ and a raspberry to those who had spent so long researching and devising the ‘patient sealed envelope’.
Judicious
Later in the week the Department of Health and the NPfIT used a judiciously timed press briefing to deliver assurances that the confidentiality and security issues surrounding electronic records were being taken care of by the national programme and that there was nothing to worry about.
For dedicated followers of the subject there was one interesting revelation – the news that patients can refuse to have any personal information recorded electronically.
A national programme spokesperson explained: "In extreme circumstances, if someone can show that having their information held electronically on NHS databases will cause them or someone else unwarranted substantial damage or distress, then they can opt out of having their data held on NHS databases. This will apply to very few people.
"It creates significant difficulties treating people because clinicians have professional obligations to keep proper notes and in the future notes will be kept electronically. The full implications will have to be explained to patients."
This shows an apparent change of heart since November when Marlene Winfield, head of public engagement for the national programme, said patients could not opt out of their data being electronically stored as professionals had a legal duty to maintain records of their consultations with patients.
‘Locked down’
"[Patients] will still have local electronic records and a national shared record. But the shared record will be ‘locked down’ so that no one (except possibly in the future the patient) can see it" — Spokesperson for NPfIT |
In these cases, a national programme spokesperson explained that patient can – as has been reported previously – choose to opt out of having their electronically held data shared.
"They do not have to show harm to do this though we will take steps to ensure they understand the possible implications for their healthcare. If they opt out, their data will still be sent to the national database," a national programme spokesperson told E-Health Insider.
"They will still have local electronic records and a national shared record. But the shared record will be ‘locked down’ so that no one (except possibly in the future the patient) can see it."
For these patients, discharge and referral will be done in traditional ways, with a communication between clinicians rather than giving permission to access the patient’s record. Patients will not get the full benefits of having shared records but clinicians will still be able to keep proper records, though these will remain within the institution where they are generated.
The spokesperson added: "Should patients change their minds, their ‘national shared records’ can be activated for sharing immediately and additional access controls around local records can be removed."
Explanations neededThe lengthy replies to any question asked about confidentiality demonstrate the difficulty of explaining the complex set of rules, options and exclusions available. Many of the issues surrounding confidentiality exist in the world of paper-based records, but few questions are raised because paper records are so hard to share and dispersed between different institutions.
Much remains to be done to explain the choices patient have and the national programme plans a series of local information campaigns as the NHS Care Records Service rolls out. The main risk, though, is probably not widespread public rejection of the new electronic record, but a migration of the confidentiality issue from the weighty pages of The Times to the more widely read tabloids.
With successful campaigns against casinos under their belt and some lively opposition to 24 hour drinking laws, the popular press could be up for a scrap with the government on this kind of issue.
For the NHS, life as a political football remains as painful as ever.
Related stories
CRDB conference stokes debate on patient awareness
Securing NHS Care Records By Duncan McNeil, NPfIT chief technology officer
Related documents
NHS Confederation briefing on the NHS Care Records Service [PDF, 144K]
Includes a section on security and confidentiality.
Making IT Work: December 2004 [PDF, 44K]
See p10-11, ‘The key to safe access’.