NHS - Summary Care Records. In or Out?

[ClareC]

Data Protection Act will still apply, ie you can gain a copy of what is there and have it corrected if wrong. also your consent would be required for access to be gained. Insurance companies could only access with your consent.

I read the letter and had no issue with this, sounds like progress and updating an archaic system.

[Annasfield]

ClareC Wrote:

-------------------------------------------------------

> Data Protection Act will still apply, ie you can

> gain a copy of what is there and have it corrected

> if wrong. also your consent would be required for

> access to be gained. Insurance companies could

> only access with your consent.

>

> I read the letter and had no issue with this,

> sounds like progress and updating an archaic

> system.

What ClareC said.

You'd be very surprised how all these companies dealing with your medical information for the purposes of insurance are cacking themselves in case they fuck up on DPA. I can assure you that medical records are only accessed with express consent.

[jollybaby]

I don't have any huge issues with electronic records - our main medical record - our GP files have been electronic for years and have been successfully protected. To me it seems ludicrous that primary and secondary care keep entirely different sets of records. Communication between GP and hospitals today still depends on paper letters being sent between the two. I've lost track of the number of patients who have said to me when asking questions about their recent health/drugs - 'well it's in my records' - I then have to say that I haven't a clue about what investigations their GP has ordered or what medications they have been taking since they last came to hospital.

To me the benefits outweigh the potential data protection risks. As ClareC said there will be strict access restrictions on your records. And as for the example that an insurance company may find out about you being a carrier of a gene that increases your risk of x - I'd argue that they'd have a right to know about that and it is the sort of info that you should disclose on an insurance application form anyway.

[louisiana]

ClareC Wrote:

-------------------------------------------------------

> Data Protection Act will still apply, ie you can

> gain a copy of what is there and have it corrected

> if wrong. also your consent would be required for

> access to be gained. Insurance companies could

> only access with your consent.

Insurance companies at present can only get access with consent, yes.

But the consent model is quite complex and evolving.

For example there's the idea of 'implied consent' and of 'presumed consent' in certain situations.

And there's a wide array of types of people and organisations that might be accessing.

See http://www.connectingforhealth.nhs.uk/systemsandservices/scr/staff/aboutscr/consent

for example.

There is currently some discussion around how much access police should have should they be granted access.

Once you are in, you cannot in effect leave, as while the clinical portion becomes effectively dormant, the 'legal record' remains, no longer under GP control. If DNA were to be added at any point, it's likely this would be as a legal not clinical item (as now).

There have already been breaches of the system, including on pilot sites, and by doctors and non-medical staff. In a Hull case, the breach was for over a year, and was only discovered after the member of staff left. The staff member was supposed to only be able to access anonymised data, but there appeared to not be a barrier to them accessing detailed individual patient data across 20 GP practices. Of course the beauty of SCR is that it makes it easy to see records across the board.

In a recent Scottish case (different but similar system), the government said they would not prosecute the doctor concerned as it would not be in the public interest to do so. I think this sends the wrong signals to those who improperly access. They can be fairly sure that they will not be pursued (as the authorities won't want to discuss the records in court perhaps?).

Medical data for individuals has a starting price of around ?4 apparently. I'd say in the future this data will be used in hostile divorce cases and all kinds of scenarios we haven't thought of.

The reports of use of SCR seem mixed at best. The UCL report was not very upbeat on benefit findings, and in one hospital they're reportedly causing queues.

[first mate]

Thanks Louisiana for that very helpful summary. You've pointed out some worrying aspects of this scheme. I'm definitely out.

[Huguenot]

Lousiana has merely highlighted scenarios that are as easy to apply to paper records as digital. Get a grip first mate.

I can't even believe that it's Lousiana who's saying this. She's a campaigner for freedom of the internet, against digital rights management, and is pro freedom of information. Now she's coming across like a petty control type. Out of character, or inconsistent, or both.

It makes a point about the medical industry, but is absolutely no reason for being 'out' of digital.

Any progression is necessarily a cost/benefit calculation. What we've got here is plenty of people wanking out 'cost' arguments, and as with the luddites, many of them are half-baked.

What you don't see is productivity, efficiency, money saved (your tax), better treatments, more informed staff and lives saved. Idiotic.

When I worked for the Torygraph in '97 (yes '97) we were the only paper that didn't do computers. I wrote out request forms for everything in quadruplicate. I had a secretarial pool for my department that had more people in it than the 'front-line' staff. They typed out each form I gave them in quadruplicate.

I was the laughing stock of my peer group.

Morons, morons.

[louisiana]

Huguenot Wrote:

-------------------------------------------------------

> Lousiana has merely highlighted scenarios that are

> as easy to apply to paper records as digital. Get

> a grip first mate.

Not at all. The scenarios that have already played out (involving allegations with some evidence, and talk of prosecutions, but with govt. being lily-livered about presenting records in court) involve the ability to range across the patients of many GP surgeries. Which old skool tech cannot do.

As I stated, the *beauty* of the new systems is the scaling aspect. You can literally access hundreds of thousands, millions of records. That could never be done before.

I speak as someone who has done extensive fieldwork with both paper and electronic clinical records (e.g. studies of parallel running of systems as part of systems development in clinical health care).

[louisiana]

Huguenot Wrote:

-------------------------------------------------------

>

> I can't even believe that it's Lousiana who's

> saying this. She's a campaigner for freedom of the

> internet, against digital rights management, and

> is pro freedom of

public

information. Now she's coming

> across like a petty control type. Out of

> character, or inconsistent, or both.

I'm in favour of people being able to keep private what is private to them.

There is no contradiction between having public data public, and private data private.

>

> It makes a point about the medical industry, but

> is absolutely no reason for being 'out' of

> digital.

Nothing against digital. It's only a question of *how* digital is designed.

>

> Any progression is necessarily a cost/benefit

> calculation. What we've got here is plenty of

> people @#$%& out 'cost' arguments, and as with the

> luddites, many of them are half-baked.

It is neither a question of cost/benefit nor of luddites.

It's a question of system design.

System design can be good or bad.

>

> What you don't see is productivity, efficiency,

> money saved (your tax), better treatments, more

> informed staff and lives saved. Idiotic.

I've actually come across a hi-tech system that might itself cause iatrogenic disease and death. Purely owing to its design.

>

> When I worked for the Torygraph in '97 (yes '97)

> we were the only paper that didn't do computers. I

> wrote out request forms for everything in

> quadruplicate. I had a secretarial pool for my

> department that had more people in it than the

> 'front-line' staff. They typed out each form I

> gave them in quadruplicate.

>

> I was the laughing stock of my peer group.

>

> Morons, morons.

No, not morons. You are presenting a curiously simplistic idea of life.

I spend my life attempting to improve the design of systems, so that they work better for people. There is good design, and bad design, and several points in between. The introduction of modern technology does not in and of itself guarantee anything. That's why clients pay me good money, generally after such assumptions leading to major league, expensive disasters unfortunately.

There is undoubtedly a good solution to the present situation. Many GPs are engaged in that dialogue.

[PeckhamRose]

I have thought long and hard about this opting out thing.

I am an educated person and not a 'reactionary', and I definitely appreciate the benefits well designed technology can bring us.

I am neither a luddite nor a moron.

I have a Donor card I carry at all times and I have written on it what I am allergic to, my Blood Group (A+) and my next of kin and his number, as well as the conditions with which I suffer.

When I was rushed to Kings College Hospital once I had the breath to merely speak my hospital number and name and none of the nurses or doctors bothered to check out my details anyway. Now who do you know who can recite their hospital number (and NI number and self employed tax reference etc!) What use is it if they don't even look at it anyway!

But there are other reasons I stated and I stand by my decision and freedom to opt out without being called stupid names by those otherwise probably cleverer than I.

[Ladymuck]

PeckhamRose Wrote:

-------------------------------------------------------

>Now who

> do you know who can recite their hospital number

> (and NI number and self employed tax reference

> etc!)

Me!!!!:)) - well, except for the self-employed thingy as not self-employed

> But there are other reasons I stated and I stand

> by my decision and freedom to opt out without

> being called stupid names by those otherwise

> probably cleverer than I.

Good for you PR. I am seriously thinking about opting out too. My fear (some would call it paranoia) is that the information could, in time, be used to turn people down for various services (e.g. medical insurance) or even (via an insurance company) something like employment. Having said this, this is just a fear...and I hope it will turn out to be unfounded. Clearly I need to make indepth enquiries as to the legal and practical implications of not opting out - something we should all do I think, as it is too important an issue to ignore. Whilst it is currently clear that we are at liberty to opt-in at a later date, does anyone know if the reverse applies? I.e. if we do nothing now, would we be able to opt-out in years to come if for instance we should suddenly find ourselves in disagreement with new legislation affecting this issue?

[PeckhamRose]

Another point is that the government say they will not do certain things with the information, but they say that now.

When road humps came into force TfL or its equivalent at the time stated categorically they would not be putting these road humps on bus routes.

You see my point.

[Ladymuck]

PeckhamRose Wrote:

-------------------------------------------------------

>...TfL or its equivalent at the time stated categorically they

> would not be putting these road humps on bus

> routes.

>

> You see my point.

sorry - couldn't resist PR, please forgive me...

[louisiana]

Huguenot Wrote:

-------------------------------------------------------

> It makes a point about the medical industry, but

> is absolutely no reason for being 'out' of

> digital.

>

Huguenot, it may have passed you by, but many GPs have been 'in' digital for quite some time. More than a decade, sometimes two. And mostly, I would have little argument with what they have done. They have created digital systems - on the whole - that respond well to the context of use and all the rest, and those systems have often been driven by enthusiast GPs who have really got to grips with the technology, what it can do, what it can best be used for, privacy issues, and so much more. Unfortunately, the arrival of Big Health on the scene has seen some local projects killed and big bucks for certain firms such as BT, but without much gain for GPs/patients and with some serious issues.

When you sit in a room (this week) with yet another GP who sees big bucks spent to little effect, with the only winner seemingly being one of the major IT consultancies... I've been around the block, seen so many systems effectively abandoned ('cos nobody's updating them any more) and therefore so full of crap...

And then I'm seeing all kind of disingenuous stuff on the nhscarerecords website (it really it not telling the truth)... And a system that really does seem to be full of holes: I mean, page 7 of the 'Changes to your health records' leaflet is so massively disingenuous: it avoids the issue of there not being any systematic protection of data in place (as evidenced in the Hull farce) by saying "until these controls are fully in place across England, your local NHS organisations will have their own measures..." But they clearly don't. Or we wouldn't have people who are *not* involved in any aspect of patient care being able to access records for 13 months without any comeback. These people are clearly *not* "only seeing the information they need to do their job", and are clearly *not* "directly involved in caring for you". And it seems that nobody (neither the leaflet nor the NHS records website) is saying there will be a log of who views your clinical records, which seems to be a very basic requirement.

[benjaminty]

Louisiana,

If you have been round the systems block you'll understand Access Management. The system implemented provides the required Access management capabilities... if those controlling that process are not capable of doing so then there is not a lot that can be done here. With implementation of these new tools comes the need for the correct resources and the appropriate knowledge and experience to run with them. These can be fixed and is not an issue with the system.

[louisiana]

benjaminty Wrote:

-------------------------------------------------------

> Louisiana,

>

> If you have been round the systems block you'll

> understand Access Management. The system

> implemented provides the required Access

> management capabilities... if those controlling

> that process are not capable of doing so then

> there is not a lot that can be done here. With

> implementation of these new tools comes the need

> for the correct resources and the appropriate

> knowledge and experience to run with them. These

> can be fixed and is not an issue with the system.

Benjaminty

The 'system' is the system. It includes checks, balances, people, processes... And the lack thereof. Please read your 'systems theory' basic textbooks.

[louisiana]

Brilliant! There's a reply paid envelope, but you can't use it to opt out (send back your opt out form which you've managed to locate on the interweb). If you try that one, "the contents of the envelope will be destroyed". Charming.

[benjaminty]

louisiana Wrote:

> The 'system' is the system. It includes checks,

> balances, people, processes... And the lack

> thereof. Please read your 'systems theory' basic

> textbooks.

Precisely my point. Checks, Balances and Process can all be in place but if you have spanners using and advising then look where that gets you. The old addage that if you put crap in then you get crap out. Someone somewhere may have access to data but that's because someone somewhere else has set their permissions, not because of a faulty application. So yes the 'system' is at fault not the application. It's still progress and still going in the right direction.

If we're really lucky we cou;d get all this Medical Data, DNA etc linked into the ID card scheme...