Health coaches get access to patient records

Tags: consent GP Information Governance NIGB SCR

16 Mar 2009

A primary care trust is planning to set up a health coaching service giving Bupa health coaches access to patient information unless residents opt-out within a short timeframe.

NHS West Kent is launching the CareCall service with Bupa Health Dialog to give patients access to a registered nurse, known as a health coach, who will provide them with healthcare support and information over the phone.

But E-Health Insider has learned people living in the primary care trust’s area will have some of their GP record information automatically passed to the coaches unless they opt-out.

Residents have received a letter assuming their consent and detailing the benefits and availability of the service. At the bottom it says: “There is an initial opportunity for you to opt out by calling within 15 says of the date of this letter.”

The move comes despite earlier controversy over the CareCall service. NHS Wirral planned to introduce the service last autumn, it ran into a similar row over transferring extracts from patient records to Bupa Health Dialog.

However, NHS Norfolk pushed ahead, arguing that the most deprived sections of the population, who were most likely to need the service, were the least likely to opt-in.

This argument was first used in support of the opt-out from the national Summary Care Record, although it now operates a “consent to view” system when the SCR is needed in a clinical setting.

An NHS West Kent spokesperson said: “The process has been approved by the Local Medical Committee for West Kent and externally validated by our external legal advisers, Capsticks, after close scrutiny of the systems and governance in place.”

In a statement, it also argued: “Evidence shows that taking an opt-out approach enables more people to benefit from the service, particularly those who are from communities that the NHS often finds hard to reach.”

The CareCall service is aimed at helping people with long-term conditions such as diabetes, asthma and heart disease. However, the service is also being offered to everybody in the West Kent area in an attempt to reduce unnecessary attendance at GP practices and at A&E departments.

Health coaches will also provide pro-active out-reach with specifically planned health campaigns for target groups at different times. For example, they may contact patients on discharge from hospital, or get in touch with certain patients during the winter when their condition can be more difficult to manage.

Harry Cayton, the new chair of the National Information Governance Board, has expressed concern about data sharing without consent. In a statement, the NIGB said it had not been approached for advice on the West Kent initiative.

“We support steps taken to improve the wellbeing of individuals as long as this is done in line with the care record guarantee and existing policies and procedures, and respects the need for patient consent and confidentiality.”

Sarah Bruce

Reader's Comments

Consent Model

hfdgp@aol.com

17 Mar 09 20:03

If BUPA and the practices used EMISWeb the consent model their would be no problem as the consent would be governed by the practices and be asked at point of contact.

IMHO the sooner this is accepted the sooner real shared care can occur with confidence and fully integrated healthcare can move forward.

Chris Frith Hereford GP Expression of interest: EMISNUG committee member but expressing a personal opinion.

Typical!

18 Mar 09 10:03

I work in a West Kent practice and this is the first I've heard of it. We have quite a few patients who have requested the 93C3 code to be added to their records. I am not registered in Kent (thank goodness) but if I were I would be livid at this intrusion into my personal data.

As a Caldicott Guardian and GP I applaud the West Kent and LMC's decision

richard.fitton1@btopenworld.com

19 Mar 09 04:03

The workstream satisfies the GMC's duties of a doctor as below

It also satisfies the requirements of the DPA - ie it is fairly and lawfully processed. As long as the data satisfies principle 7 See further down) it is fine.

It also satisfies the requirements oif the Data Protection review (see bottom).

Confidentiality is not secrecy - it is the confidence and trust that our data will be used for our best outcome (health in this case).

• The duties of a doctor registered with the General Medical Council • Patients must be able to trust doctors with their lives and health. To justify that trust you must show respect for human life and you must:- • Make the care of your patient your first concern • Protect and promote the health of patients and the public • Provide a good standard of practice and care o Keep your professional knowledge and skills up to date o Recognise and work within the limits of your competence o Work with colleagues in the ways that best serve patients' interests • Treat patients as individuals and respect their dignity o Treat patients politely and considerately o Respect patients' right to confidentiality • Work in partnership with patients o Listen to patients and respond to their concerns and preferences o Give patients the information they want or need in a way they can understand o Respect patients' right to reach decisions with you about their treatment and care o Support patients in caring for themselves to improve and maintain their health

The first Data protection principle 1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless— (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2 (1) Subject to paragraph 3, for the purposes of the first principle personal data are not to be treated as processed fairly unless— (a) in the case of data obtained from the data subject, the data controller ensures so far as practicable that the data subject has, is provided with, or has made readily available to him, the information specified in sub-paragraph (3), and (b) in any other case, the data controller ensures so far as practicable that, before the relevant time or as soon as practicable after that time, the data subject has, is provided with, or has made readily available to him, the information specified in sub-paragraph (3). (3) The information referred to in sub-paragraph (1) is as follows, namely— (a) the identity of the data controller, (b) if he has nominated a representative for the purposes of this Act, the identity of that representative, (c) the purpose or purposes for which the data are intended to be processed, and (d) any further information which is necessary, having regard to the specific circumstances in which the data are or are to be processed, to enable processing in respect of the data subject to be fair.

The seventh data protection principle

7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Data Sharing Review Report Richard Thomas (ICO) Mark Walport chairman of The Wellcome Trust

It is impossible to take a generic view of data sharing. Data sharing in and of itself is neither good nor bad. There are symmetrical risks associated with data sharing – in some circumstances it may cause harm to share data, but in other circumstances harm may be caused by a failure to share data. Data sharing needs to be examined in specific terms. Is the sharing of particular elements of personal information for a defined purpose in a precise fashion, likely to bring benefits that outweigh significantly any potential harm that might be associated with the sharing?

Richard Fitton Tameside and Glossop PCT

several different issues?

maryhawking@tigers.demon.co.uk

19 Mar 09 09:03

Aren't there a number of different issues here? 1. business plan for the service. One of the responses is from a GP in the area concerned - who has not heard of the service! What is it supposed to achieve, what consultation was carried out both public and with the services affected/involved? Where is the evidence that these objectives are achievable and what are the mechanisms and criteria for establishing the present situation and to measure success - or otherwise? 2. Information being transferred to BUPA CareCall. What information, from where, who gives consent for both transfer and the mechanisms (am I alone in thinking allowing automatic data extraction by PCTs is problematic?) and how is the data managed once it is under the control of a commercial organisation?

The article says that the service will cover the whole population but be targeted at patients with long term conditions. Does this mean that disease registers will be established and patients on them actively pursued? If not, how are the most deprived going to be sure of benefiting? If so, what price confidentiality?