NHS Summary Care Records  Will Your Personal Health Information Be Secure?

As I was drafting these notes, the BBC News web site put out a feature by Jane Ashley, BBC Health reporter, about non-medical staff having access to health records. 

According to Big Brother Watch (BBW) (a group that campaigns on privacy issues and was set up by the founders of the Taxpayers' Alliance), hospital domestics, porters and IT staff have access to those records in some NHS Trusts. This was from information provided by 151 Trusts (out of 194 in the UK). The responses show that 101,272 non-medical staff had access to records. How do you feel about that then? BBW believes this leaves the system wide open for abuse, demonstrating slack security, and feels access rights must be reduced.

So what about computerised records?............

Many of you will have received recently a letter from NHS Devon about changes the NHS would like to make to the way your health information is stored and managed.

The intentions are good: details of your medical history and state of health are to be made accessible for medics to assess how you should be treated in case of emergency, if taken ill or have an accident, or need treatment while away from home. The scheme is central to the Government's plans to computerise the medical records of some 50 million people by 2014.

Concerns............

However, according to researchers at the University College of London (UCL), there are considerable doubts about the effectiveness of the proposed system. These doubts are endorsed by the British Medical Association (BMA).

This is because records have been found to lack information about patients' allergies, or their reaction to certain drugs, and in many cases data was out-of-date due to the way records were uploaded from some GPs' surgeries around the country.

Impact ............

As a result, the BMA has called for the "rushed roll-out" of the "imperfect" system to be halted. Apparently no patients have come to harm because of incomplete or inaccurate data, but this was because GPs and other practitioners were not using it as the sole source of information, and were double-checking on medications and allergies. Rather neutralises the benefits of having the system, wouldn't you say?

The above comments reflect the views expressed by UCL and the BMA, both highly respected bodies, and in my view should not be taken lightly.
More general concerns ............

Firstly, UK governments of whatever political colour, have an abysmal record for implementing national computer systems, running well over time and budget, and costing us taxpayers millions and millions of pounds. Some projects are subsequently abandoned, wasting the millions already spent. Implementing large computer systems requires special skills, competence and discipline. The truth is that it is made extremely difficult for the large teams trying to implement these complex projects, when targets and specifications are constantly being changed at the whim of politicians.

Unfortunately, the integration of localised NHS systems into one large national system is one of those in this category, so I personally would have major doubts about this one ever being completed in the form initially envisaged.

Accessibility.........

I have written about IT security in previous articles, but the issue is as relevant here as it is in relation to your banking details, or data that is used to identify you as an individual. Information about your state of health, if in the wrong hands, could be very damaging. You are not in control of who might see your records. You wouldn't allow this with other systems handling your private and personal information, so are you happy with allowing so here?

For example, what if individuals from insurance companies were to access your records without your knowledge or permission? They could use this to deny you services and cover that you might need, or indeed being offered a job, and this is compounded if the information is incorrect or out-of-date. It could be a local authority, or the police, or social services, or other government body gaining access. So accessibility to and accuracy of the data is a very major concern.

What to go for?............

The Information Commissioner's office says it is vital that medical records do remain private, and that information is kept secure, accurate and up-to-date. But computerised systems can be more accessible to more people and organisations than manual ones.

The Department of Health is saying that clear standards are set for NHS organisations concerning data handling, and the new electronic systems will have strict controls on access to patients' healthcare records. Smartcards will be used to track and audit all access, so that any abuse can be tracked and dealt with. This could be an improvement on the controls for the existing manual system, which BBW have described. But, like Criminal Records Bureau checks, they're pretty useless after the offence has occurred.

So the dilemma for you is which are you most likely to trust today: the existing manual way of doing things, or the future IT-based route?

Fortunately, the new NHS Summary Care Records IT system allows you to opt out if you have worries about your personal information being on it. There are details in the letter sent to you on how to do this. It is your decision to make.

Other columns by Tony Allen