Another view: are local data repositories set to become data dumps?
I’m not sure this article is going to win me many friends, but here goes. There seems to be a huge rush towards setting up data repositories, and I’m really not sure I agree with them.
Locally there is the Cheshire Care Record (CCR). I’ve seen news stories about a similar system in Leeds and I went to a talk about one in Bristol – the speaker there mentioned he knew of others all over the country.
I have multiple problems with the Cheshire Care Record and data repositories in general. It’s not that I don’t understand where the drive for them has come from. Cheshire isn’t one just area. We are at least three, if not six, if you consider our neighbours. We all refer into different hospitals and the geography is huge.
Re-treading ground
Locally we had already set up the ability for A&E, urgent care and outpatients to see the GP record. The evidence was they hardly every used it, and not because it was too difficult to do so. Locally, we are an EMIS Web economy so our community staff and our GPs can already share records, send each other tasks, and book appointments.
Now there is an issue that this hasn’t been set up right and the data sharing agreements are in a mess and variable, but even a small part of the resource that’s gone into the CCR could have sorted this.
I do wonder if this project thing is a job for the boys (and girls). Commissioning Support Units are getting rid of people; clinical commissioning groups aren’t exactly hiring loads. Having each area run a massive project keeps a few people in a job, and calling a project ‘big’ helps make it look good on the CV.
What about the Summary Care Record?
Of course, the laudable aim of these schemes is to create a whole health economy-wide data repository that anyone from primary, community, secondary or social care can access if they need to. Whenever I’ve been to presentations about them, the team gives examples of ill patients in A&E and the heroic doctors needing to know if they have a penicillin allergy or are on chemo drugs. But locally most of that was doable anyway.
What’s worse is, given we are on the border of Cheshire, some of our patients will attend an A&E that isn’t in the CCR anyway. What happens beyond the boundaries?
Amazingly, there is an alternative that appears to have been overlooked. It’s called the Summary Care Record (SCR). There is even an extension to it, called Additional information. This is national – has Royal College of General Practitioners’ approval, contains all the data one might need in an emergency, and has a load of rich features on sharing more than the standard data but not sharing everything.
One of the biggest clinical drivers I have ever heard was from a consultant psychiatrist who was dealing with severely mentally ill patients. She bemoaned her inability to see patients’ live prescribing data or see what they were on or at what dose. She felt she was being asked to make risk judgements that could kill the patient – and perhaps her career – on the basis of incomplete data.
I told her that information is in the SCR already, and all she needs to do is ask her IT department to give her access. I’m not sure she believed me and I’m not sure she has yet asked or had it given to her, but she has no reason to wait for the CCR to give her this information.
Towards a data controller role
Of course, I’m more than happy to share a patient’s data with someone who is looking after him or her. But I think we need to move towards more of a data management role where I authorise people rather than giving almost blanket coverage to the whole health economy to access a record.
This is one of my concerns with the data repository. Sitting here typing in front of a Samsung TV, who knows who is accessing this data? Does it really need a copy of everyone’s data all the time? Why can’t it use a system where it only shares the data on the person in question? Having my data held multiple times surely puts the risk of it appearing on WikiLeaks?
Once the data is held separately, I presume I’m no longer the data controller so I have no power over what’s done with it. Will it be sold to insurance companies? Perhaps not at first, but researchers or private big data people might be granted access. Will they start to look at it for performance assessments rather than clinical ones?
Risk that data repositories become data dumps?
Given the adage ‘garbage in, garbage out’, whether anyone will be able to pull anything meaningful from it will be dubious.
However, do I want a copy of my data sitting in some repository for anyone to access? OK, they say it’s secure – they say only staff trained in information governance will access it – but is that a good enough security measure?
They say only if a patient is on a practitioner’s caseload will that healthcare professional be able to see the data – but that’s a loose definition. I might attend the hospital for an outpatient appointment in one speciality, but will my neighbour who happens to work in another department be able to look me up? I’m live on their system but is it clever enough to know that my neighbour is in the wrong department to see my information?
The reassurance we’ve been given is twofold. Firstly: we will do audits – though never seen one published yet. Secondly – your practice manager will be notified every time a patient’s record is accessed and he or she can check it. I won’t repeat exactly what my practice manager said to this, but something to do with having better things to do with her time than track 23,000 patients and their outpatient attendance, and how is she to know whether access is justified or not.
Trust the patient and let them give permission
One of my simple solutions to these issues would be that every time a patient’s record is accessed, text that individual with details of who accessed it and where they work. Let the patients track it.
Moreover, I would give the patients power to grant access to their records. Currently the consent process involves the clinician who is asking to see the record ticking a box on screen. How can you prove retrospectively that the patient was in the room and agreed – was even asked? Perhaps take a photo of them with their thumbs up, or get them to give their signature with a mouse, or to record their fingerprint.
So I prefer the idea of a national, centrally held, summary record that patients can control or that, at the very least, they can see who is accessing their data. It doesn’t store all my records – just pertinent data. The patient could link it to their Apple Health app and store data in there for their clinicians to see. Perhaps it might include some dental or optician information. It would tell me whenever my record was accessed, and perhaps could act as some form of communication portal tracking my appointments and so on. Wait a sec: don’t we kind of have this? Should we just use it and perhaps develop it?
38 Comments
Exactly; had the information been shared with me I would have spotted the errors before release. What has happened since the days when a patient sat in the surgery and physically leafed through his records. I missed something here; since when, and how, is it that correspondence can be withheld from the patient. And who is the arbiter of that decision. If it rests with the individual practitioner then there must be huge variations. I cannot imagine any patient who may not wish to know the truth. It is uncertainty and second guessing that I would want to avoid at all costs.
Sharing appropriately is perfectly acceptable. It is the margin for error when records may be (or have been in my case) released with serious errors and too much irrelevant confidential information. This would have been nipped in the bud had a more rigorous system been in place, and/or staffing problems properly addressed so that they did not impact on the very delicate matter of data release/sharing. Sharing patient information cannot be across the board, it must be selective. Perhaps sending the patient his own SCR with the consent letter would have been a better approach and saved much distress. Or more obvious, opting the patient OUT as the norm, unless informed otherwise. I wonder what the take up would have been in that case. I note that there are GPs making a stand while incorporating duties as Caldicott Guardians. I hope others are muttering mea culpa.
I disagree with the following statement: “Sharing patient information cannot be across the board, it must be selective.”
The thread is about sharing patient’s health information with the patient, is anyone able to provide some generic examples?
Until patients are in control of their one data, the NHS will continue to be vexed by this issue.
The flip side of this is that patients will need to understand and agree that if they withhold their data and subsequently come to harm because their information was not available to the health professional, then they, the patient, take responsibility for that.
Cave quid vis, as they say …
Neil – “How can you prove retrospectively that the patient was in the room and agreed – was even asked? Perhaps take a photo of them with their thumbs up, or get them to give their signature with a mouse, or to record their fingerprint.” You already do far more invasive things with patients – do you record consent for these in these ways?
I have no objection to sharing as appropriate. The breach occurred in the SCR being released without checking the information. There were errors, mixed up entries with a different patient, and historical events which, because as they told me, they had no other category under which to group entries, appeared at the head of the page when they should have long been archived, deleted or ignored for SCR purposes. Hence my suggestion that common sense should have dictated that each and every ( apparent) opt in should have been double checked. Shoddy work. I believe a young techie would be less sensitive to personal data as would, say, a middle aged female. Perhaps empathy should be programmed in!
With regard to the national data model, it should support the process of an individual choosing which pathway data (e.g. Breast Cancer) to share with which organisations (e.g. Cancer Research UK and St. Bartholomew’s). IT’s not difficult, the NHS just needs far more people doing it and less talking about it.
Julian, Suzanna, I think you both express the same issue from different points of view.
Julian -you generate data, you have a responsibility for it, but you don’t ‘own’ this data (or you shouldn’t!) that then obviates the moral dilemma about to share or not to share.
Suzanna, I assume you are talking as a patient here, and you are correct that you should be able to choose if/ when your data is shared. However, this shouldn’t be a binary yes/ no decision. Within your record, you should have the functionality to share none/some/all of your data with specific care providers. Sharing would be on a specific basis eg time based (week/month, year etc, which you can define) or for a specific episode of care.
it doesn’t really matter what systems people use but any data provided must ne to a standard format and served to the pt +/- advice about how they use/ share it. Some people may need help/ support wit this, but particularly the younger generation are pretty tech savvy so will ‘get’ this pretty easily.
It has taken me precisely over 18 months for my data to be opted out since the time I realised I had been opted in, without my permission. I have been asking the same question of my surgery, NHS Digital, IG, NDG, etc., and only within this week have I been told my “SCR is not being shared”. The surgery staff have been clueless and who can blame them with such a vast network of organisations and complicated structures. The new IT manager referred me to CCG advising me to make a complaint. I suspect the delay in my long overdue opt out request being honoured was again, staffing at practice level. Were this a commercial concern, it would have toppled over and failed by the sheer weight of its own incompetence. Breach of confidentiality is almost a euphemism if, when releasing an unchecked SCR, it has a catastrophic impact on a patient’s health which is certainly not answered by making a complaint.
The “choice” of whether to share their integrated health data or not should lie with the individual, not a health care professional (HCP). The individual may choose to seek advice from a HCP and a GMP is probably their best bet, because it is probable that a GMP made the initial referral (hopefully using eReferrals) in order to sort out a problem, either mental or physical. This is how the system is supposed to work, why it isn’t working like this goodness only knows. In many domains outside of the NHS, the good management of IT has leveled the playing field and given people choice. Wealth gives a person choice but surely the whole basis of the NHS is that in matters of health, all have equal choice. In my personal and honest opinion the NHS has so far failed to use technology and data efficiently. This problem (i.e. the NHS being very good at the clinical but bad at the technical) needs to be sorted out as quickly as possible because it’s technology that now makes things run efficiently and gives people choice. Apart from offering advice, General Practices should NOT be having to sort out or even manage this problem that the NHS has.
Thank you for sharing, I have asked to view my health records too, and as there is a charge of between £10 and £50, I want to know what I am getting for my money. The data is mine, the NHS are it’s guardians, not its owners. I don’t have to pay banks, retail organisations or non NHS providers to access my data. As a taxpayer I do not feel it is appropriate to pay an admin. charge to an organisation that has failed to keep up with modern ways. I presented the practice with a list of questions. It has been suggested I book an appointment with a doctor to discuss, however I have been brought up not to waste doctors time, and in any case I do not see it as a doctors job to explain. I was going to contact a CCG or even NHS England but having read your account I think I would be wasting my time. I would like to point out I am more than happy with my GP, however I can not say the same for the senior management and leadership within the NHS, quiet the opposite.
The day I ask my GP about data protection is the day I ask a plumber about my health.
This will all change in 2018. Not only will you have a legal right to your data at no charge, you will also have a right for it to be in electronic format. Most GP’s (and seemingly the wider NHS) have very little idea this new legislation is coming let alone what it comprises of.
Hi all,
This is a very important problem for many primary-care focused healthcare systems.
Saying that the patient should be responsible for data sharing is fair enough but what of instances where a swift decision needs to be made and/or the patient is unable/ill-qualified to make them? I am not sure that is a viable strategy.
Getting back to the original proposition that a nationally coordinated SCR system might address the problem of unconnected data ponds? Would it not be best if the role of the nominated general practice included holding a patient’s data and making it accessible to other parties in accordance with the patient’s wishes? Clearly the role of general practice would need to be redefined accordingly and systems and resources created and put at their disposal to achieve it.
Often a choice of strategy is made following the realisation that we have a problem that must be solved, we must decide which is the lesser evil?
Please note I am from New Zealand but we have exactly the same question facing us here. We have done some work to develop general practice systems that will allow the GP to make a patient’s records in real time to ED and ‘After Hours’ but are far from agreed on an overall strategy.
Tom Bowden
Director – Industry Relationships
[Healthlink]
E.
tom.bowden@healthlink.net
T.
+64 9 354 7201
M.
+64 21 874 154
W.
http://www.healthlink.net
Level 3
13 – 15 Teed Street
Newmarket, Auckland 1023
New Zealand
This e-mail and any attachments are intended only for the person to whom it is addressed and may contain privileged, proprietary, or other data protected from disclosure under applicable law. If you are not the addressee or the person responsible for delivering this to the addressee you are hereby notified that reading, copying or distributing this transmission is prohibited. If you have received this e-mail in error, please telephone us immediately and remove all copies of it from your system. Thank you for your co-operation.
The key to it is to keep it simple and a good technician makes the highly complex appear simple. e.g. I am happy to share the data on each of my specific pathways where: 1 It will be of direct benefit to me with NHS health care providers 2.It will be of direct benefit to me with all health care providers 3.It will be of direct benefit to me or others (anonamized/pseudonamized) with NHS health care providers 4.It will be of direct benefit to me or others (anonamized/pseudonamized) with all health care providers 5. It will be of direct benefit to me or others (anonamized/pseudonamized) with all organisations We can all take an academic app_roach to health IT, but best to just get on on with building it.
I have followed the comments with interest and, as a GP, I feel I should answer the accusations of paternalism, obstruction etc.
I cannot help feeling between a rock and a hard place. There are people who say we are obstructive by not opening up records when we are asked. There are also people who are horrified (and even make complaints) because we have shared records. In between are the vast majority of the population who think it happens anyway and are happy.
GPs have to try and satisfy all groups and, because of this, have tended to prefer an opt- in process. The problem with this is that it needs to be a repeated process given the steady expansion of sharing. A patient may be asked to share within the NHS community but, later, sharing with social services is introduced. My experience is that there are a far greater number who are cautious about releasing information to social care (rightly or wrongly). Likewise the sharing of information with other government bodies is viewed with suspicion unless it is anonymised at source.
This all takes an enormous amount of work and GPs fear that they will be left to do this within their already limited time. (Or we can pay out of our own pockets for our staff to do it) The alternative, opt out, is easier but more open to abuse and the accusation that information was insufficient (cf care.data)
The ‘permission at point of care’ is one way round this but the current implementaiton is open to abuse and it does not work for data used away from the point.
All of this leaves GPs with a dilemma. Virtually all believe that it is better to share data than to keep it in silos. As working at scale increases in GP land, it becomes even more vital. However we are stuck in a situation where we are asked to implement processes which do not always comply with the need to meet the wishes of the whole range of people. This leaves us back with the dilemma. Do we decline–and be called paternalistic–or agree and be accused of breach of confidentiality? Given one is uncomfortable and the other potentially career-threatening, I suspect that decline is viewed as the lesser of two evils
“GPs have to try and satisfy all groups” – Is paternalistic in itself and serves only to highlight the problem. We need to focus on putting in place the mechanisms that give data and control to the individual to allow them to make the decisions for themselves. If the individual is in control and making informed decisions they will have fewer reasons to complain about the NHS trying to second guess what they want or applying a broad brush approach to everyone. In 2018 when the new data protection legislation comes in individuals will have even more rights to privacy, explicit and informed consent will be a must and we’ll have a legal right to access our data freely and in an electronic machine readable format, not to mention the right to be forgotten. The current model is unworkable when faced with such requirements.
Yes, yes and yes to the above comment. One would imagine patient control of their data to be the sine qua non. But it will be a case of shutting the stable door after the horse has bolted. NHS and IT is an ill-matched marriage. The data controller (who he) wielded an immense power and should have been under more scrutiny, with far more checks in place at opt out/opt in time.
Local systems are all bound to fail – patients don’t obey or recognize ‘traditional NHS boundaries whether organisational or geographical.
In terms of functionality, what we need here is a ‘medical’ Facebook where the I (the patient) decides what to share and what not to. In fact, with the health and social care agenda maybe ‘medical’ Facebook doesn’t quite describe it but you get the idea.
if the patient is in control of their data there are unlikely to be any IG issues.
With regard to citizens access to their integrated health data, technical consultants can level the playing field far more than clinical consultants. Why? because good technology has no geographical/demo graphical boundaries. The NHS should move forward into this century, and accept this. NHS patient access to their integrated health data needs to be done “nationally”. If the N(ational)HS does not wish to manage this, to take on the responsibility then it should hand it over to an organisation that is and as quick as possible because the NHS is under huge pressure to deliver an acceptable clinical service and this is what it should be focusing on !
GPs in the area where I live (Surrey) use the EMIS.
I think they all have the same policy of charging a patient between £10 and £50 pounds to access THEIR health DATA.
EMIS are a good IT supplier, a good organisation, I do not blame them for this unacceptable charge.
Access to health data should be equal for all, this should have been managed better at a National level and this has not happened. The fact that this has not happened is nothing to do with NPfIT (this was more about imposing systems on providers that were not appropriate, patient access is about the management of DATA at a national level) and I for one, am fed up with people blaming IT suppliers like EMIS, they have no choice but to live in the real world, a world which is becoming increasingly competitive.
This excellent piece answers many of my questions but raises many more. I have never received a coherent response from my practice, from where my SCR was “released” without my permission. My question is, if the GP makes corrections and amendments to this SCR, will it be updated globally? In my case that would be closing the door after the horse has bolted. But it illustrates perfectly the rash decision to release the SCR without the patient ever catching sight of it! When it is replete with errors and questionable history. It is bad enough when consultant correspondence is added to the record which the patient has not been copied on; even the police need two officers to witness an event. Consultant correspondence in my case differed radically before and after a consultant had access to my data. I rest my case officer.
I agree with you Kevin, it’s 2017 and I am flabbergasted that you and me are not in control of “our” health data, why aren’t we ?
I have access to so much of my data, but not my health data.
Would an NHS Leader please respond to this question, or do NHS Leaders just see communication as one way, there is a word for that ! it’s time4change, that’s not the word bi the way.
It’s time to liberate our health data from a paternalistic health care system and give it back to the individuals to which it belongs!
I don’t agree with my GP authorising access to my record, it should be me. I don’t agree with my GP (or system supplier) being able to decline access to my care.
Seconded. The NHS does not understand my preferences or interests and therefore cannot possibly determine the use for which I want my data to be used. Furthermore, when they let the data out the back door for undefined research purposes I don’t get anything back.
Portals are great but … so much confusion. The integration of health and social care, both physical and mental, will need the care activity data to be integrated otherwise there will be extreme inefficiency to too much admin. The best aproach to integrating the care data is to tackle it from the perspective of the patient/service user/person. This is a long term view but we now need less people talking about it (unless they are real teachnicians) and more people doing it, supporting those that can with both money and sway. Thanks for both listening and talking Nick, quiet refreshing from a “cluster” of nhs leaders who just seem to want to talk. Stay good and best of luck.
Thanks for being open and sharing Nick, sounds great, do the patients, service users, etc (i.e. people), have access to and control of their integrated health data ? If not any plans to give it to them? If not why not?
Thanks Clive Leeds Care Record is a portal so doesn’t hold any data in its own right, it just provides a limited view into the different organisations’ systems. (The only significant exception to this is the audit log which shows who has looked and when).
The access and control for patients would be a question to pose to the organisations involved. Our Citywide Informatics Clinical group are talking about a patient portal, but everything is at a really early stage.
The access controls are indeed a questionnaire but i’m not aware of anyone who seen it.
Staff at my local GP don’t really understand the difference between care.data, SCR or Leeds care record.
The reason that these local systems are successful is that they can develop faster than SCR could achieve. In Leeds we are lucky to have a better defined geography which lends itself to this. We have on Mental Health Trust, one Acute trust and 80% of the GPs using one system. The Council footprint also has similar geography.
I agree that SCR might be the solution in the long term, but people will die waiting and it may never happen. Getting national agreement on the nature of the data and how to present this would take forever. It causes enough headaches just in one city. What these local systems do is demonstrate to the rest of the country what is possible and generate a model to follow; Bit like the exemplar trusts. I for one accept the IG concerns, but believe that the risks are well worth taking for the benefit of joined up care. That’s a debate to have separately as we develop the national opt in programme.
This morning I’ve looked at MRI results for an epileptic patient, Surgical info. A+E discharge info. All of this improved my patients’ care. I wouldn’t go back to “working blind” for all the tea in china. My patients wouldn’t allow it either!
Hi.
I thought you might be interested in a system we have in use in parts of New Zealand. CareInsight will allow a clinician (usually an emergency care physician but also others) to input a national ID number into a search engine, seconds later a list of every healthcare facility the patient has visited in the past six months is displayed (registed GP, After-Hours GP, pharmacies etc) and the clinician can then look at the information in each system, summarised, in real time. All records are available from a GP system for example except free text comments. Typical uses include looking for drug-drug interactions, allergies, recent history. It is used a couple of hundred times a night in 5 regions. A key benefit is that it provides key benefits but costs almost nothing to set up. Alas, the powers that be want a ‘real’ shared record system costing many millions so it has not found favour – except with the ED doctors and nurses who, in the absence of anything else find it really useful.
Happy to provide further details, case studies and links.
GPs should not be the controller of their patient’s health data, the person should be the controller of their integrated health data !
Everyone who holds data on the patient is a data controller, however, I completely agree with your sentiment. It’s not for “my GP” to decide if my data will or won’t be used for a summary care record, for research, etc. It’s highly unlikely a GP will ever understand my viewpoint/preferences nevermind be able to make decisions on my behalf.
The best way for me as an individual to be a genuine data controller and engage in the activities I want to is for me to hold and control my data. I can then share it with who I like when I like.
GDPR will give me much more right to do this but, there is a massive mindset change required in what is a paternalist and arrogant health care system, where there are also conflicts of interest influencing how my data is used.
Dr Bhatia perhaps you may be answer my queries which have still gone unanswered. Are you also a Caldicott Guardian perchance?
1. Is it the GP who can provide the patient with details of who has accessed the SCR, and the dates. I have been given 3 different responses, including the practice IT manager’s, who directed me to the CCG. NHS Digital tell me it’s the GP!
2. Although I am now finally opted out (you just can’t get the help), will the SCR as originally released be deleted from sites where those persons accessed it, or will it remain on their systems.
3. If any of those individuals added to the record, what happens to that information after late opt out.
There are 4 years during which I had no idea my records were available to, for example, dentists, opticians, private radiographers, entre autres.
This is of such crucial importance yet is handled with what I can only describe as flippancy. How on earth did things get to this irretrievable state. Health Care Records in underdeveloped countries must be in better shape. I cannot understand why there has not been some sort of revolution in the ranks, by both patients and concerned health care officers. It is without a doubt, pathetic.
Interesting article.
But the SCR is the biggest “data dump” of them all (care.data would have been).
It gives “almost blanket coverage to the whole health economy to access a record”.
It has “a copy of everyone’s data all the time”.
Once extracted and uploaded, the GP is indeed “no longer the data controller” and so the GP has “no power over what’s done with it”.
Patients cannot see “who is accessing their data”.
And very many patients still have no idea that it exists, or that their data is being uploaded in this way.
No friends lost. I agree with most of what you say , Paul, particularly about empowering the patient to be in control of sharing and that’s at the heart of our ambition for Great North Care Record. However , for me, SCR failed the 3 “U’s” test. A sharing solution needs to Useful, Usable and Used. SCR was pared down to a minimally useful set of information, made difficult to access and then failed to get uptake in secondary care. People looked elsewhere. We went with MIG, useful, usable and used. There is a lot of evidence that secondary care staff do use access to the GP record when it is made sufficiently usable, i.e.. one click in-context of the secondary care record. I too would welcome a beefed up SCR with more information and easier access with citizen control and decent audit trail but the politics proved impossible last time and I’m not sure its changed. The citizen may be even less inclined to trust a national system now than 10 years ago. The longer argument here : https://youtu.be/1jeidHpMgO4
Thanks for sharing Joe, however surely it’s easier to get a citizen to trust one organisation with their health data rather than expect them to trust many, ’cause, in my personal view, in health business da da da da da da da da you can trust some of providers some of the time but you can’t trust all of the providers all of the time. I think the full delivery of the SCR should be part of a NPfHD (National Programme for Health Data. (ps NICE to know you have got your priorities right).
This article is spot on.
The SCR is a view of a person’s Health Data, the Health Data that makes up their Health Journey.
The only way this view makes sense is if “it is national”.
This article is spot on.
Comments are closed.