DH rejects patient opt-out requests

Tags: Choice Confidentiality consent Database DH GPs SCR Security Summary Care Record

04 Dec 2006

The Department of Health has rejected patients’ requests to stop their information being uploaded to the NHS data spine.

On Friday the DH wrote to patients who had sent in a coupon from the Guardian newspaper requesting to opt-out telling them that would not be able to do.

The eight page letter from the DH to patients claims that much of what has been written about the NHS Care Records Service is inaccurate and aimed to set out the reasons for the introduction of the NCRS. The letter states that the NCRS systems being introduced have been specifically designed to support patient confidentiality and to restrict access to only those who need to see parts of a patient’s record for their care and would be more secure than existing systems.

It adds: “Returning now to the request in your letter that the Secretary of State for Health should stop the process of adding your information to the new NHS database on the grounds that it is likely to cause you substantial unwarranted distress, I am afraid that I am unable to agree your request.”

Patients who believe they do have “further unique and personal reasons for claiming substantial and unwarranted distress” are invited to write explaining those reasons to the DH’s Customer Services Centre.

The response has been criticised by the British Medical Association who claim ministers originally promised that patients would be able to opt out and that to deny that right would breach the Data Protection Act. Dr Hamish Meldrum, chairman of the BMA's GPs Committee, said the BMA is now "seeking urgent assurances" from the DH over the way the National Care Records Service will operate.

Dr Meldrum said: “We will be seeking urgent clarification on behalf of patients from the Department of Health as this seems to be a total turn-around on the assurances previously given by ministers that individual patients would be able to opt out of having their personal health records on the national database if they did not wish them to be included."

He added "The health department now seems to making a distinction between consent to sharing the personal information and consent to having the information put on the central database. Patients must be able to retain the right not to have their data uploaded in the first place, should they choose to do so. We want patients to have confidence in the system and to be able to reassure them about its value, but denying patients this right will only undermine that process and is totally unacceptable."

Dr Meldrum concluded: “The letter from the Department of Health to patients who have indicated they will wish to opt out seems to be at the very least unwise and ill considered.”

The DH letter one by one rejects the reasons highlighted in the coupon for patients to opt out including the fact that sealed envelopes, which patients can use to hide sensitive information from view, will not be available when the Summary Care Record begins to be uploaded next year.

The DH letter states that “equally secure though less flexible” measures are in place for the initial phase of the SCR service. The DH says this will mean that patients can have their record flagged so that the SCR cannot be accessed without permission.

The letter adds: “You have the choice of a full summary, a partial summary, or a summary that can be seen only with your permission. The same level of security that will be available through the “sealed envelope” procedure will therefore be available, through different means, in these early stages, to limit access to your records.”

Details of the way the proposed sealed envelope system will work are expected to be released shortly.

Link

DH letter

Reader's Comments

Explanation needed ....

04 Dec 06 16:12

As a registered medical practitioner and a BMA member of around 30 years standing, I find the BMA's approach here inconsistent. Within the last month or so, I've received a letter from the BMA effectively promoting NCRS. Yet - by their own admission cited in this article - the opt- out arrangements have not been satisfactorily agreed with DH.

Does the BMA have representation in CfH? Who is leading on clinical representation? Why have they / the BMA not been more effective in sorting out this issue?

Ditto ... for nursing, allied health, patients etc

What protection does the DPA provide

nhsperson@yahoo.co.uk

04 Dec 06 17:12

I think that the BMA quoting DPA is flawed. the DPA act is not about some right for privacy - it is about ensueing any business only holds info necessary for carrying out uts business, has controls in place to ensure accuracy, security etc and for the business to have to register what information it holds and how it used etc.

So - to use the old bank example - a bank can hold all the info about you it requires to conduct its banking business. Yes - you have a right to expect the info to be up to date, and yes you have a right to expect the back to ensure your data is secure. You do not have a right under the DPA to opt your info out of being shared across the business functions of the bank and the wider financial services industry. Further - banks are being asked to share your info to create a composit picture of your overall credit status to overcome the bad debt issue.

So - given that patient care is the business of the NHS and it needs patient level information to run its patient care business - where does the DPA come into play in enabling patients to opt out. Yes - you have a right to see the information, yes you have a right to ensure it is accurate and if not have it put right and yes - if it is not secure the NHS may be in breach of the DPA.

Now privacy laws are a different kettle of fish - but also I wonder how long it will be before the NHS has a legal case against where a patient was harmed because information was not shared - despite the capabilities of modern technology.

Accessible by commercial firms?

05 Dec 06 12:12

The DH letter states: "It is not true that personal patient data will be accessible by ... commercial firms." But isn't the spine supplied and maintained by a commercial firm? So are Cluster level contracts where the system will hold much richer information.

The DH may argue that access by staff and sub-contractors of these firms is intended to be controlled but it is wrong to claim they do not have access.

What happened to patient choice here?

05 Dec 06 14:12

A constant theme of NPfIT is patients right and patient choice. Surely this is taking away patient choice? Dont people have rights? As an nhs employee and patient I feel quite distressed at the amount of money that has gone into something which I feel will benefit the few and far between. Healthcare works locally and has done for years using a combination of manual and electronic systems. The rare occasion I may be in Cornwall in front of a bus... well is ...rare! Any pitfalls I have encountered locally seem to be lack of nurses or human error! As a patient I would prefer to see what core details can be shared before consenting. The fact there are people with smartcards who could use this to look up address/contact details alone for their own purpose bothers me, is there a full audit trail for view only? I know for a fact a colleague of mine used a managers login with their own smartcard and got their managers access levels? Is this the secure access they are trying to reassure us with? I also am led to believe records cannot be shared across the domain, so isnt this defeating the object? It all appears to be bully tactics to justify such time and cost in this project. How often has this business case been reviewed, can we see a copy of the lastest review and risk register please?

Re: Data might be accessible by commercial firms

05 Dec 06 17:12

The correspondent in this thread on 5/12 at 12:43 seems surprised that data might be accessible by "commercial firms".

Doesn't he/she realise that this has been true since 1992 to my knowledge (and probably before) when the NHS sold its Regional Computer Centres to commercial organisations. And what about other clinical applications which have nearly always been supplied, maintained, and supported by "commercial firms". And yet again, doesn't she/he realise that most of her/his personal data, health data or otherwise is managed by "commercial firms" .

Whatever security precautions and access limitations are put in place for any system, the ability to access data down to the personal level has to be available to IT professionals who have a need to support an application; this has always been so, and will continue to be so. We need to understand that IT professionals in the NHS are analogous to priests, solicitors, doctors etc. In the latter case, we trust them not to, for instance, run off and provide a report to an insurance company on those who might be "genetically compromised", and we have to trust IT professionals that they will not do the same.

To believe that comprehensive access to clinical databases by NHS IT professionals, or by IT staff in "commercial firms" which supply and maintain IT systems supplied to the NHS, whether under NPfIT or otherwise, can be monitored and controlled is illusory.

IT Contracts between the NHS and "commercial firms" are nearly always (and should be) made under NHS SYSCON/SSCON Terms and Conditions, and these make very clear the conditions relating to access to peronal data, whether by "commercial firm" staff, or by NHS staff.

Incidentally, isn't a GP receptionist, for instance, an employee of a "commercial firm"?

What happened to patient choice here?

06 Dec 06 07:12

There does seem to be a problem that some of the safeguards are "being developed" rather than already available. Not technical, but we now seem to have several different sealed envelopes: physician sealed envelopes (sealed from patients), sealed envelopes (visible but only to be opened with patient consent) and sealed and locked envelopes (not visible except within the organisational record: would they be sealed within the workgroup, and would the workgroup know that this information was sealed and locked elsewhere?) Similarly, AFAIAA, the audit trail for who has accessed PDS (and don't forget that before establishing a Legitimate Relationship, you have to locate the patient on PDS) is being developed - not yet in place, even though PDS, unlike the NCR sumary has been rolled out a couple of years ago. The Demographics web site may be of interest. http://www.connectingforhealth.nhs.uk/demographics/pds/ig/access/vulnerable

Commercial firm access

06 Dec 06 10:12

If the NHS has outsourced the database to a third party then some of the technical people in the commercial firm will have access but this is no different to the technical people in the NHS having access. They are all human beings. Working in the NHS doesn't mean they are not going to abuse their power. When I worked for a PCT I had access to all the patient data I wanted to yet I wasn't a clinician. I needed to have access to audit the system to ensure it was running correctly, and also to 'clean' the data entered by clinicians. I didn't abuse this and I wouldn't if I was working for a third party. I suspect the contracts in place for CFH are large enough to deter any business from even contemplating flogging the data on the side. And as for individuals working there - well that could be done by individuals in the NHS. If anything - the audit trails required by CFH will ensure the data is much more secure than that held in NHS Trusts.

Genetic link proved between Governemnt promises and Donkeys rear area

chris@wheatley37.fsnet.co.uk

06 Dec 06 11:12

This just flies in the face of the promises made by the Government and denies public freedom of choice as promised by the Data Protection Act.

I thought we looked down our noses at less enlightened countries mis-use of electronic data; instead the British Government proves its genetic similarity to a Donkeys hind quaters

Opt out alternative

comsat99@mail.com

06 Dec 06 11:12

If people are genuinely concerned, they should contact their GPs and make it clear that they wish their submitted GP Summary to contain little or no information. They should also make it clear that they do not give consent to share data between legal entities (recorded via PDS). I'd also comment that the Guardian are being extremely unhelpful here, as the IG rules around the patient record are already (too?) tight, to the point where clinical safety is second to confidentiality. Their journalists seem to deliberately ignore informed CfH input. Lastly I'd comment that the real issue is the usefulness of PSIS, the so called single patient record. CfH have specified it to be an unstructured collection of messages (and an initial GP Summary). In 10 years time, a clinician will have to trawl through 10 years of messages to try to determine current conditions, meds or allergies. Useful? I think not.

DH Letter to objectors

06 Dec 06 22:12

Returning to the original theme, I was very surprised by the EHI coverage on this one - too similar to the Guardian's sensationalist and poorly researched articles. If you read through to the end of the DH letter, then you will see that it invites further response: ‘Should you feel that there are further unique and personal reasons for claiming substantial and unwarranted distress that are not addressed by the safeguards and choices I have described, you should write, explaining those reasons, to …’.

It rightly refutes the incredibly partial information provided by Prof. Anderson, which is a gross misrepresentation designed to panic people into objecting – scarcely an exercise in ‘fully informed consent’. He may have valid criticisms of NPfIT, but conning the public into objecting this way in order to further his cause must surely undermine his reputation as one of the good guys.

DH has rejected a pro forma ‘coupon’ (as they call it) as any clinician might try to correct a patient who has read on the internet that green tea cures cancer. If the patient really believes it will and still refuses any clinical treatment, then so be it, but it is important that the patient knows the proper facts before making a judgement.

Response

06 Dec 06 22:12

I posted on 05 Dec 06 at 12:43 and see the response of 05 Dec 06 at 17:15. The poster misses my point entirely: I am not surprised at all that commercial firms DO have access to data. NSTS is another good example. I *am* surprised that the DH letter states they do NOT (and remains unchallenged).

Identifying the patient

07 Dec 06 10:12

There may well be mechanisms to identify the clinician, but the whole system falls down because there is no mechanism to identify the patient.

Data protection in the UK fails to meet the required European standard

07 Dec 06 11:12

In 2004 the European Commission started the first stage of legal proceedings against the UK for defective data protection that does not meet the required European standards. This letter of formal notice, a substantial document, outlines various provisions which the Commission considers amount to a defective implementation of data protection law. Although European rules allow the government to publish the European Commission’s complaint, the British government and the Information Commissioner refuse to do so. The matter is ongoing, yet being kept secret. The British government and the Information Commissioner are not, according to Europe, implementing data protection law properly. This seriously undermines their credibility. The BMA are right to challenge the government about patients’ rights under DPA.

Data protection - letter of formal notice and HMG guidance

nhstechie@btinternet.com

09 Dec 06 09:12

This is hardly being pursued is secret - see http://www.out-law.com/page-4717 for further details The guidance given to public bodies by the Dept of Constitutional affairs makes interesting reading and runs counter to the assumptions made by the Grauniad (http://www.dca.gov.uk/foi/sharing/psguarantees/psg-english1.pdf)

When we ask you for personal information, we promise: to make sure you know why we need it; to only ask for what we need, and not to collect too much or irrelevant information; to protect it and make sure nobody has access to it who shouldn’t; to let you know if we share it with other organisations to give you better public services - and if you can say no; to make sure we don’t keep it longer than necessary; and not to make your personal information available for commercial use without your permission.

Extraordinary

jlgh_consult@dsl.pipex.com

05 Jan 07 11:01

This has only just come to my attention. There are no shades of grey here. It is utterly outrageous. I have asked my Doctor neither to submit any of my records nor to advise the DoH of my request. My reasons would not be accepted by the DoH: I simply do not trust them.

Extraordinary Expostulation

05 Jan 07 15:01

It is not at all clear what the previous poster is objecting to: The DH rejection of the 'coupon' requests; the Guardian article; the colour of post-boxes, or what? From the little I know, you only have to tell your GP that you do not consent - you don't have to give a reason. At least to lock your data from access - if you want to prevent it being uploaded, which involves special processing, then you may have have to show good cause as per Data Protection Act - the same way as you should show justification for any special treatment by the NHS or any publicly funded body. Strangely, the idea is that the Summary Care Record should be good for you and everybody else - a bit like fluoride in water. Probably at the start there were similar objections to that too - all I can say is that my children's teeth are far better than mine - I hope my grandchildren's health will be better because of a national EHR system

Data Controller

05 Jan 07 15:01

Your GP is the data controller for your medical records, NOT the DoH. It was somewhat silly of the Guardian to suggest writing to the DoH. It is for the GP, and the GP ALONE, to determine whether to process your medical records in this way (i.e. upload them to the spine) or not, and it is for him/her to determine whether he/she feels your request is justified (as a "data subject request" under Section 10 of the DPA). I would be surprised if any GPs rejected such a request as unjustified, but even if they did:

1) You could appeal to the information commissioner, or ask the courts to enforce your data subject request 2) The GMC is crystal clear in its advice to GPs about repecting confidentiality: • “You must respect the wishes of any patient who objects to particular information being shared with others providing care, except where this would put others at risk of death or serious harm.” • “If the patient withholds consent, or consent cannot be obtained, disclosures may be made only where they are required by law or can be justified in the public interest.” 3) Article 8 of the Human Rights Act 1998 affords everyone the right to respect for their private and family life, their home and their correspondence. 4) The advice of the Medical Defence Union is also crystal clear: • "Disclosure of confidential information without consent or ethical or lawful justification carries the risk of legal action by the patient and/or investigation by the relevant regulatory body which may lead to a finding of impaired fitness to practise."

GPs (and I am one) CANNOT upload records to the spine if the patient has given explicit refusal.

What the DoH is referring to, though they are not making it clear (deliberately), is that, ONCE UPLOADED, the DoH, as the new data controller of the spine-held records, would not accept a data subject request to withhold processing of that data to the summary care record, or indeed to remove the records from the spine. The DoH, unless it changes the law, cannot force any GP to upload a record to the spine - it can only ask.

A question to GPs

08 Jan 07 15:01

A patient comes into your surgery and asks "Doctor, Should I allow my records to be uploaded to the spine?" What are the parameters which guide your response? Clearly the balance of clinical risk will be one of them. "Well, you are elderly but manage to travel a lot and therefore if you have an accident somewhere else in the country you would benefit from having the information on the central register" or "you have an allergy to penicillin, bi-polar disorder and diabetes so it would be wise to make that information avaialble in case of a crisis." or "You are a well known figure who has previously suffered from a depressive illness, anorexia and undergone a termination. Although the risk of inappropriate disclosure is low, it could have significant impact on your well-being. On the other hand you are currently physically and mentally well so the sharing of the information would provide little clinical benefit".

But what other issues might impinge on that discussion. Surely the GPs view of the advisability, or otherwise of a national database as a matter of policy should not impinge on the discussion any more than the Minister conviction as to its universal benefit.

It seems to me that in the end this comes down to balances of risks and benefits. The better the security and confidentiality model is, the more people the shared model is appropriate for. The more people are part of the spine the more clinically useful it is. But the more technically complex the system is and the more complex the access model is the less valuable it is. This is a balance to be struck both for the NHS as a whole and for individual patients looking at their individual needs supported by their professional medical advisors.