Comment by An NHS IT Manager

December 18, 2006 @ 15:02

I believe you are misleading the public. There are many working within NHS IT who disagree with much of the NHS Connecting for Health approach, but the lack of key information kills patients (To err is human, Crossing the quality chasm, Spoonful of sugar reports).

If universal, the summary care record can save lives. If you promote mass opt-out, the value is much reduced.

Yes we need adequate safeguards, yes there are limitations to what has been built so far, but as a sceptic of much of the programme, I believe that undermining public confidence is a greater threat to patient safety.

Comment by IanWhickham

December 18, 2006 @ 20:02

I think you will find that its the Government and their continual backtracking on crucial issues like informed consent and ability to opt out of this atrocious scheme that are misleading the public.

Out of one side of their mouths they say that it will be possible to opt out of uploading and sharing of data (today’s report), out of the other they say we must somehow ‘prove it causes us substantial mental distress’!?

The only rationale we are given for why this system has to be set up is that people might be involved in an emergency and be allergic to something. Nowadays people carry a card or wear a bracelet. Does this really happen often enough for it to be worth setting up an experimental system, with huge privacy implications and costing billions of pounds? Of course not. There has to be some other reason for this that the public (and that includes GPs) are not being told? Come clean, IT Manager.

When over 50% of GPs, the British Computer Society, and a Cambridge Professor of Computer Security tell you that you’re going about things all wrong, isn’t it time to take a step back and say “Hey, maybe we should listen to the people who know what they’re talking about for once?”

Ian

Comment by IanWhickham

December 18, 2006 @ 20:58

I believe it is the Government and Connecting for Health who are misleading the public, particularly as regards the crucial issues of consent and ability to opt out of this appalling centralisation scheme.

Out of one side of their mouths (today’s press release) they say that people who are concerned about their medical privacy will be able to deny consent for uploading and sharing of their records. Out of the other, they say that people will somehow have to prove that their information being accessible to thousands will cause ’substantial mental distress’!?

And what is the justification for this clear and present danger to our medical privacy? Because it will perhaps be of assistance in emergencies if someone happens to be allergic to medication? Nowadays people carry a card or a bracelet. I’ll take the chance, thank you very much.

Tell us what this is really for, other than keeping you and your ilk in gravy? Why is the Government planning on spending £12bn of taxpayers’ money on a database that patients don’t want, GPs don’t want, the British Computer Society thinks is a bad idea, as does the Cambridge University professor of Security Engineering.

Comment by Jon

December 18, 2006 @ 22:28

I disagree with the comment above. Although access to medical records in an emergency may be useful (putting aside the question of how to ID the person if you can’t take a history, and why if there is cause for concern they aren’t wearing a warning tag), the problem with this database is that we are being forced to be part of it, and there are no safeguards for privacy or future feature creep (such as merging with ID register, DNA database, etc.). These cannot be tacked on afterwards and should be dealt with now. Full disclosure: I’m a Dr of computer science & IT, and know about databases – but not linked to the spine (I hope!)

Comment by Dave

December 19, 2006 @ 11:30

If you are refered to a consultant by your GP, he/she will send the relevant data (sometimes irelevant data if they do not deselect some of the coded data, such as if you have had an abprtion) to the consultant who can then send his report back to your GP. If you are in A&E the chances of them not knowing about your bad case of thrush 2 years ago is unlikely to have an impact on how they treat your broken leg, yet that is the sort of info they will get. There is also a time factor to consider. How will the doctor/nurse at A&E get the time to go through your records looking for data? Answere: They will not have the chance or they will get admin staff to go through your records without your consent (that is likely to include the ’sealed envelopes’ (assuming they ever work).

Confidentality: Something a lot of the public do not seem to be aware of and ministeres seems to have forgot to tell people, is that their identifiable data will be shared with the Seconary Use Service who will be able to share it with others. Researchers in England (who seem to be against the idea of patients keeping identifiable data away from them) can already gain access to patient identifiable medical data under the Section 60 (something else that is controversial and not introduced in Scotland because it lowered the alreday low level of confidentality to almost zero). The national spine will be a prime target for data (Researchers have already gained access to identifiable medical data from GUM clinics without patient consent).

The new system will allow more people more access than ever before and more access than in any other western country, all without the patients consent. You will never know who has accessed what about you, never know who knows about that bad case of thrush and not know who it has been passed on to.

If you have alergies or current medical problems, carry info with you (CfH systems has broke down 110 times so far!).

What TBOO seems to be promoting is patient choice. If you want the info about your thrush going on the system, that is your choice but patients should be allowed to say no and keep that (and any other data) on a system that can not be accessed outside the GP practice or hospital. Even the recent spin does not change this as patient data will still be uploaded without consent and in the future all data “must” go via NCRS and therrefore a National Care Record will be creatted.

Comment by Mike

December 19, 2006 @ 13:12

I have yet to see a singe convincing reason why there is a need for an NHS spine containing medical history information. For those patients with pertinent medical information which might be important in an emergency, they should carry this about with them. It might even be dangerous if patients are led to believe that their records are always accessible in hospital. How can we be sure that they will be correctly identified when they are bought into A and E unconscious? Much safer to wear a medical bracelet, or better still a flash drive with a summary of your medical records. At least then when you are unconscious or on holiday abroad it will still be accessible.

Yet the potential for abuse of information is enormous. There are far too many possibilities for security lapses. How many thousands of these so called ’smart cards’ have been issued. If it is easy to clone a bank cash card or a phone sim card, doesn’t the same apply to NHS smart cards. What about lost cards (there are absent minded professionals who leave all sorts of things lying about in patients homes or unsecured in hospital or community practices).

There will be terminals all over hospitals and GP surgeries with direct access to this information. How can any ever pretend that this data will be secure?

Comment by Steven

December 19, 2006 @ 16:39

I can see why someone with mental health or sexual health issues may be concerned about having that info uploaded, but a lot of the paranoia on this site is very very dangerous.

Look at the situation now – a health record in a hospital is a paper file. It can be left on a table or on a trolley. It can be ‘borrowed’ without being booked out.
We know that some medical records clerks can be bribed by insurance companies and copies of people’s records can be made – with no audit trail. The Care Records Service will make this virtually impossible. Only people who have a need to see my file as part of my care will see it. The only way an organisation like the police could see it is if they a) bribed a records clerk or b) go through the exact channels that exist now to get hold of information legitimately.

Even in GP surgeries some receptionists and admin staff can access all of my record, not just the bits they need to make a booking.

I for one will feel much happier when my record is computerised with an audit trail that shows who has accessed it and role based so that the right people see the right bits. The conspiracy theorists that abound on sites like this should take a look at what happens now and realise that the security the new systems offer is a step forward not back.

Comment by IanWhickham

December 19, 2006 @ 18:04

Steven,

Is it really necessary to go through the logic of why a national database accessible by up to 500,000 users is less safe privacy-wise than records held locally at a GP’s surgery?

I suggest you take a look at the ‘Security of Health Information Systems‘ section of Prof. Ross Anderson’s website – http://www.cl.cam.ac.uk/~rja14/

Ian

Comment by Dave

December 19, 2006 @ 21:47

I for one am not against my data being on a computer system *it is not always more private as the receptionist could still be allowed to access it without my consent) and I could name medical practices where GPs refuse to put data into computers and simply tell admin staff patints data. In the past if ‘Mrs Jones’ has problems reaching an orgasim and is worried that it migh be linked to her abortion the GP would write it in the notes, now some simply tell admin staff. It is the fact that the data will be put on a national database so that others will be able to see what I told my GP/nurse I am against. It is the fact that identifiable medical data will be shared with SUS (even though pesudomisation could have been used- there is a research company that does this with coded data, not notes, from 4-5 million GP records) and others, such as researchers (some of whom have gained acccess to identifiable data from GUM clinics), are likely to see the database as a prime target for data without patient consent that I am against.

As for the audit trails. You will not know who has accessed what and what they know about you. I have been trying to find that out for close to 2 years and been refused access to any such audit trails.

It is the fact that those that refuse to allow their data go via NCRS and NCR will not be capable of accessing health care for things like operations, cancer screening, blood test, counciling or anything else the GP/nurse wants to share with others, I am against.

It is not computers I am against, it is the fact that personal and intimate information will be put on databases for others to see without consent and patients are being led to believe that doctors not knowing about that bad case of thrush 3 years ago will imped their health care for that brocken leg, even though it won’t, that I am against.

The thing about the police is they can go to court to obtain the data from anyone that has a partial realtionship with you (that person can self apoint themselves). In the past they had to get through the GP (some were like a brick wall and even PCTs have refused to disclose data after being told by the courts to release it), something that they will no longer need to do.

All the independant experts say the system will not work, be insecure, breach confidentality and is not needed. I am sure there is someone that could put together a list of the internationaly reconised experts if need be

Comment by Gavin

December 20, 2006 @ 12:05

It is true that there is no change to the police access at the moment.
Once the details are on there there is no going back. You information will not only be subject to current laws but all future ones as well. We have already seen the creep in the DNA database.
If, in the future, there was an emotive murder the police may have a description of a man about 5′9″ in 30s-40s. Forensics may have found traces of Prozac at the scene. It is easy to foresee the police being allowed to search the database for these factors – they are all on your record.
This is how access creep will occur. Once these new powers are given they are likely to be used more and more for less and less serious crimes.

Comment by Tim

December 21, 2006 @ 21:04

Whatever. It really is time the NHS got itself some proper IT. I live in a small country of around 7m people, with 4 not-for-profit HMOs. I can login securely to my HMOs website, book appointments, view current and historic test results, prescription records, nurse/GP visits, and details of any co-payments. Blood tests are usually taken in the morning, and I can see the results online by midday. Nobody here thinks this is unusual, or worries about privacy. But then we all carry round ID cards, and nobody gives a flying flip about that either. These things just make life easier. Naive? Probably. Paranoid? No… life’s too short for that.

Remember folks, if you’ve done nothing wrong, you’ve got nothing to be afraid of! Boo!

Comment by Dave

December 24, 2006 @ 16:18

Does your country allow others to view your medical records? Are you able to access health care if you say no? Are you allowed to know who knows what about you? Did your goverment force all your doctors/nurses to ignore their ethical principles and let other access you infor without your consent?

The UK alreday has among the lowest safegaurds of medical data anywhere in the world. I could easily name practices where admin staff are allowed access without patient consent, where nurses at asthma clinics are allowed to know if a patient has been raped, abused, had sexual problems and everything else without patient consent, I could name practices that remove patients from their list if they try retrict access even though the GMC and NHS says patient can restrict access. I van name PCTs where how medical data is obtained is not relevant, I can name a whole host of people that everyday lie to patients, share data without consent then refuse to put in writing who knows what about the patient.

Medical data can be extreamly personal and the patient does not need to justify keeping it private. You might not care who kows about your your info but som people do.

‘Nothing to hide, nothing to fear’ has no place in medical info sharing, simply because you do not want others to know you have been raped does not make you danagerious and it is entirley unethical and imporal to even imply such a thing. If you want to use it, then mayby you should be asking doctors/nurses why they do not want to be transparent with patients when it comes to who will know their info. You could try asking our MPs why they are misleading the public, why they mislead the BMA and why thy have the transparency of a brick wall.

Comment by Peter Jones

December 24, 2006 @ 16:45

This debate is crucial and not novel (the Government Data Network 1980s …), but as clinicians if we criticise the need for ICT tools then I and my colleagues are ‘hypocrites’. Once we have our slippers on – we book holidays, shop, and buy cars on-line; we write essays on home PCs, laptops, and then we go to work …

Next to commerce, health and social care is one of the most distributed and multidisciplinary occupations and yet in informatics terms health and social care is in the Dark Ages. Just how long does it take to achieve integrated and holistic care – more than 30 years?

There are at least two problems. One is that “digital identity” does not revolve around the individual, but remains service-organisation centric. This has to change and will eventually with the evolution of Identity 2.0 – (see OSCON 2005 Keynote). Secondly, this debate (rightly) highlights just how immature our understanding of ‘information’ is. We appreciate the value of the census and our obligations as citizens, but ‘health’ transcends the individual. We do need to watch those who watch us – souveillance.

Staff want and need a modern health and social care system whatever – ‘NPfIT’ – IT is called. This issue is not just about individuals though, true they ARE the key focus for care delivery. But, health is becoming increasingly entangled with ecosystem concerns and quality of life. As the population pyramid changes, services must change too.

To state the obvious ‘populations’ matter, but without data where are we? ‘Public Health’ is an established discipline and yet it struggles for attention amid the ongoing priority melee. Wither then public MENTAL health? Younger care students quickly realise the misnomer that is the ‘National HEALTH Service’. If services do not change and address personal and community health literacy, then that could prove the real crisis?

Balance in all things. We need to maintain a sociotechnical perspective as afforded by such tools as Hodges’ model. We will (must!) get there. I hope so as I sit here with my Santa hat, wearing my ape-man slippers…

Season’s Greetings

Comment by Dave

December 25, 2006 @ 12:46

I dont think people are complaining about IT. For example I have no problem with my GP storing data on a system at his/her practice, he/she can send relevant data to a consultant via a secure connection and results can be sent back via the same connection. Computres can allow data to be held more secure if done right (3/5th od health professionals do not use adequate protection on portable systems as it is and a few are under the impression patients could not care less about who knows their info). Access can be filltered, but again this is rarely done in practice and I should know, I have been in practices where all staff have full access and are alloweed to access data that they do not need to know, e.g. nurses at an asthma cliniv being allowed to know if a patient has ever been raped, abused, sexul problems and EVERY other condition they seen a doctor/nurse for, I have even been in practices where adim staff are allowed to know everything about patients without consent and I know of an agency in Preston that allows admin staff to access data even though they have reason to hold a grudg against the patient and where they have ben denied access by the patient). These are the type of people that will have access to the spine.

There is no need for identifiable data to go to SUS (I can back this up if you do not believe me), there is no need for the data to go via a national database and the goverments need for data should not prevent people accessing health care (something CfH will do).

What CfH will do is allow more staff to access more data without consent.

At which point will the doctor at A&E have the time to go through your detailed medical records? Why would ythe consultant need to go through them if the GP had sent the RELEVANT data?

Computers can be a good thing, but not the way CfH are\doing it. Medical data is already far more widely shared than it used to be and more than patients know (for example the controversial section 60 request). The spine will not help patients, will destroy the reputation of the health profession in the UK, patients that hae been informed of the danger the spoine posses will withhold data. In the future it will be a case of tell everyone, or tell no one, how is that a step forward?

Comment by Dr Lisa Silver

December 29, 2006 @ 21:36

I am a practising GP seeing about 1000 patients a month both in- hours and for the out- of- hours service.
So, tell me, how famous do you have to be NOT to be on the spine. Am I really going to be able to idly look at Tony Blairs records. How about the Big Brother contestant, one day an obscurity and the next a celebrity with a past and a juicy past at that. I know as well as the next man that accessing their notes leaves a trace, but what if I am short of cash and someone is waving fivers at me for info. If the famous are not going to be on the spine, this invalidates the spine. I practice in an affluent area with a cross section of musicians, celebs etc. They will most definitely not want anyone other than their GP having any access at all to their notes.

The more serious side of the NHS spine is a clinical one. I simply do NOT need to have a patients record in front of me to treat them – in fact reliance on what is on the screen will lead to deaths and not prevent them. Non-clinicians seem to think that we need the records in order to make a decision. This is completely untrue. Taking a history and forming a conclusion is the bulk of ones medical training and takes 3-4 years without the benefit of having a summary of a patients record.
Take the following scenario – a genuinely true example. I once looked after 4 women, all with the same name, all in hospital with the same operation and all on a 4 bedded bay and all, yes all from the same street up north. Impossible you might say but true. They all had limited English. One of them was diabetic. What happens when one of them (not diabetic) presents in a semi comatose state to A and E. Rather than the clinician using his nouse and basing his clinical opinion on the patient before him, he will believe the screen, he will believe the patients records which are telling him the comatose patient is in a diabetic coma when the likelihood is that they are not – presuming he picks the wrong patient from the pick list
Until such time as we can identify the patient the spine will kill people.
The Spine is dangerous. A and E doctors will not be walking around with Personal devices to access records, they are going to have to wait to get onto a screen to input the data, at which point they pick from a list of patients because they have had to wait for access and hey presto the wrong one is picked.

Finally cogitate on this one. Let us say you decide to become an imposter. Let us say you are a journalist wishing to know about a patients history because you suspect they have Aids. The patient might be a captain of industry let us suppose. Let us say you roll up to casualty and announce your false identity and address ( it is easy to find out where people live so this will not be a problem) the casualty officer does not know who you really are, brings up your notes and in the course of the conversation, says, so you are taking the following medications: Retrovir. Immediately you know what a patient is on and he has AIDs, and then whilst the cas officer is not looking you leave the A and E. These situations will happen, confidentiality will be broken. We dont need the spine.
As a GP and a GP that is a local negotiator with the primary care trust, I have never once been consulted about the spine – none of my colleagues have either.
The spine will be used as a billing mechanism under the new financial arrangements for the NHS which came into force on 1.4.06. and in the process we have lost a very vital part of our rights which is the right to have our medical records held confidentially.