Information Governance will be ongoing challenge
- 1 May 2007
Connecting for Health have told the House of Commons Health Select Committee that addressing the information governance challenge for shared records and use of patient data in an electronic NHS would be an ongoing challenge for the coming decade, in the same way that getting clinical governance right had been the challenge of the previous decade.
Quizzed about privacy and consent issues, Dr Gillian Braunold, joint national GP clinical lead for the DH agency, told the committee that information governance was beginning to be looked into and there would be further answers in a year’s time when an independent evaluation by University College London (UCL) of the early adopter sites was completed.
Speaking on 26 April Dr Braunold said: “The National Programme for IT has spent resources on getting governance right and it is a challenge for the next decade. We could have said just do it, but we will instead be doing an independent evaluation with UCL and take it from there…it is very difficult to go ahead with new systems when you are still having discussions about consent models.”
In the later session, the ten year gap was greeted with horror from Andrew Hawker, a former systems developer, giving evidence as a NHS patient.
“The delays give us time to get things right, Gillian Braunold said it would take ten years to get information governance right but to me that’s a problem – especially as we’ve only just started looking at it.”
Harry Cayton, DH national director for patients and the public, told the committee that the decision to go forward with the NHS CRS as an implied consent model was decided as a ‘professional agreement’ and one that was necessary to save GPs’ time.
“Informed consent was necessary as otherwise large amounts of people do not take part, and when we did back of the envelope calculations, it showed that it would take 100 years of a GP’s time to go through all consent issues. Figures for other sites with their own electronic patient records show that less than 1% opt-out when the programme is clearly and properly explained.”
Dr Braunold said most residents in the early adopter sites read the information leaflet that had come through the door and to date only 0.2% of the public had concerns.
However, Hawker said this was still a concern telling the MPs: “Even the 0.2% figure is a big deal when you consider the population of England, that’s almost 100,000 patients – the size of one of your constituencies.”
Eyebrows were also raised when the issue of use of data from the CRS for research purposes came up. CfH said that pseudonymising data meant that researchers would have access to personal health records that have no identifiable information except a postcode and a date of birth.
Dr Paul Cundy, chair of the General Practitioner’s Joint IT Committee, responded to this suggestion by telling the committee: “Anonymisation is an absolute condition for research. Data is either anonymised or its not. Saying something is pseudonymised is a clever way of avoiding saying its not anonymised. On the basis of the evidence we heard from CfH it would seem that the Secondary Uses Service is illegal".
He told the committee that GPs had concerns about their role as guardians of patient records.
“GPs remain extremely concerned about GP liability…the Medical Defence Union guidance says we will be liable, it’s a big difficulty, and with patients more and more anxious, it could become a very comprehensive issue.”
However, Richard Granger, the director general of IT for the NHS, had earlier shrugged off concerns calling both information and computers ‘vulnerable’.
“All computers are vulnerable and no-one can guarantee a flawless system,” he said, adding later: “Our suppliers all have experience with security and we are introducing functionality incrementally, mitigating risks and examining any necessary changes before the next stages.”
Cayton added that the taskforce had decided to go ahead with the NHS CRS model “cautiously and responsibly recognising concerns and ensuring the context is beneficial in clinical terms.” He added it was “a step forward as we build a consensus of what works and what doesn’t work.”
However, Hawker wasn’t so keen on the Care Record Guarantee released on the NHS CRS programme.
“It’s called a guarantee, and a guarantee is forever – but that doesn’t seem to be the case with this guarantee.”
In terms of security, Granger said it was impossible to offer ‘cast-iron guarantees’ but he was confident in the use of smartcards.
“Smartcards are laborious but effective security methods, there have been some deliberate breaches, but we looked at other technologies, and considered them immature.”
However, Dr Cundy said that the security breaches with the technology were predictable. “We predicted that people would swipe in and not sign out, it’s a trade off between security and usability and there is a conflict between the proposed role based access controls and time here.”
Dr Martyn Thomas representing the UK Computing Research Committee told the committee that CfH had no security limits.
“I have asked Richard Granger directly if he has targets for unacceptable levels of security and he says no – no targets means you will end up spending more money or you take it as it comes – which is unacceptable in practice, as it means taking systems offline.”
Dr Braunold said that patients should see the SCR as ‘a tool for help’ and said that it was ‘customisable at local level’.
“For example, in the early adopter sites, the SCR is being used as a diabetic care pathway to use to help people look after and manage their own care… We have to start somewhere. Most [patients] are keen and eager to do data sharing."
Dr Cundy said: “The SCR should be for patient safety, the concerns we have is that it is turning out to be far from it. Most GPs are not luddites and are pushing for new things, but sometimes the agenda we are pushing for is a different one to what CfH are pushing for.”
He acknowledged however that the GP Systems of Choice tender was a good initiative and he was helping evaluate nine companies who have been selected from the recent OJEU tender.