The majority of family doctors have said they will shun a government plan to stuff a database full of all our medical records. According to a poll conducted by the Guardian, 59 per cent of GPs said they would not put records on the so-called spine without the consent of a patient, and fully three-quarters say records will be …
They're quite right to be suspicious, given that the taxman's recent carelessness
Following the loss of 15 million child benefit records...
...15,000 Standard life records, 2,000 ISA records...
they might have a point. Which makes me wonder about the other 41%
Cos that's impossible now right?
"a quarter said they were worried about bribery or blackmail of people with access to records"
Because, that is totally impossible now right? It's totally impossible to find a nurse at <insert random celebrity>'s surgery and blackmail them for the paper records? Wait...
These reports never mention the safeguards put in place to prevent the abuse of the spine records. 'Legitimate Relationships' stop anyone who is not directly connected to that patient accessing clinical data, and flagged records in the Patient Demographic Service stop demographic details of sensitive patients falling into the wrong hands. And of course, everything is audited, so if you're found out looking at records you shouldn't be, bye bye job, and depending on what you've done with the information, hello police!
The big issue is, and always has been, trust and control. Vocal GPs want control over "their" data, and don't trust anyone else. Until that mind set is changed, reports slamming the spine will continue.
I thought that the safe guards where only on the wishlist, as for auditing...
Impossible is nothing, Egor
Yes, of course a nurse at an individual surgery could be bribed. Or a student doing work experience etc.
But they would only have access to the locally held records, and the blackmailer/other would have to know which surgery to start at.
If someone with access to the spine was blackmailed/bribed or otherwise persuaded to share their access, *all* records would be compromised, audited or not.
Do you own your info?
This is similar to what happened in Iceland years ago when a gene research company ordered from ruling government a research database with the nations health info on mandatory level. The main argument was of course better life, cure of sickness, etc. In order to make some money out of this, paid third party access was planned which meant that insurance companies would theoretically have access to a person on dna level and determine premium to that level and companies could do dna screening on job candidates. Many were against the database but the government being somewhat personally entangled with the head of said company pushed this project very hard and the argument rose even to the ugly level of the government actually disputing a person's claim of owning the rights to him/herself since a person is born into the society.
"'Legitimate Relationships' stop anyone who is not directly connected to that patient accessing clinical data, and flagged records in the Patient Demographic Service stop demographic details of sensitive patients falling into the wrong hands."
Medical Training Application Service.
That's all I'm saying.
"f someone with access to the spine was blackmailed/bribed or otherwise persuaded to share their access, *all* records would be compromised, audited or not."
That's what legitimate relationships cover.
Also flagged record, data envelopes, etc.
No system is secure, finding the patient's surgery is not a big deal, and even easier if you know what "clinic" they've been to recently *picks up a copy of the Sun*.
My point is, there is MANY safeguards in place to prevent widescale abuse, congrats, you've busted the system and told the papers Gorden Brown has a heart condition, it gets trailed back to you and you spend the next 5 years in jail and go broke due to "proceeds of crime", that's a pretty good deterrant. Who's going to find out if you copy the records out from a piece of paper?
Safeguards - "my arse"
I'm not worried about a nosey health worker accessing my health record - the sad person needs help. The "spine" system provides detection tools so that's great then?
If the data is distributed it makes it very much more difficult to get at (who actually needs it, anyway?) and, be assured, I trust 20k Drs to much more readily flag a data mining operation than I do a bunch of civil servants who could be involved in a revolving door process with "industry".
Actually, you are right Egor. It is about "trust" and the blighters in charge don't have mine. On the basis of recent revelations they won’t be getting it anytime soon, either. They've very publicly shown they don't deserve it and can't handle it, even if not voluntarily given.
"...it gets trailed back to you..."
Because all hospital staff will be able to log off and on all the time when they want to access a terminal, and no one's password will ever be shared. Or written on a postit in their desk drawer.
Abuse may not be widescale, but the opportunities for it only grow with a centralised record system.
All Your Records Are Belong To Us
Lucy is right: the spine will give fraudulent access to your personal details a country-wide scope where now its limited to an individual surgery. That's a worry given the sieve-like security of so many government databases from the PNC to HMRC's data pile.
However, there's worse that can happen than that. Much worse.
My chief worry is that once everybody's data is in the system, the government will start changing the rules. I can visualise the access creep now as they progressively change the rules so that they can:
- match medical records with disability claims
- combine them with the DNA database
- combine them with DVLA records
- combine them with the ID/passport database
- sell them to insurance companies to recoup NHS costs
Identifying the patient is the issue
So I pitch up in hospital and say I am "Gordon Brown" (or the name of some wannabe BB celeb). How does the doctor know I am who I say I am? (in GP surgery this is done by visual identification - GP knows patients by sight). Spine has no biometric ID... Chances of me carrying an ID card are nil... What if I'm pissed out of my head and my mate says I'm "Gordon Brown" etc etc
Is docor committing a crime if he looks up "Gordon Brown - 10 Downing St" rather than "Gordon Brown - 10 Dowding St" - sorry M'lud genuine error.
A Question of Scale
At my local charnel house, patient records are part-computerised and part hardcopy. The bloodletters who deign to see me once in a while display the computer skills of a two-year-old iguana (perhaps the real reason why they won't put patient records on 'the spine').
The real computer whizzes in this outpost of Nightingale Medicine, Inc. are the receptionists and admin. assistants (after all, until they were forced off unemployment, they had little else to do between Richard and Judy and I'm A Nonentity, Get Me Exposure Here.) Now, if you want to know what's wrong with your brother Willie's willy, meet said receptionist or admin. ass. in the pub on Friday night. A couple of Stellas will get you what you want to know.
What a big database linked to others can do
I couldn't possibly argue as eloquently as this award-winning video:
If this URL isn't permitted here, please search on Youtube for "Big Brother Pizza Shop". It's an American video, but these things are already much closer to happening here in the UK than they are in America.
If you think this video is a stretch of the imagination, ask yourself who would be in favour of such linked-up information, how much influence they might have. Then ask who would be against it and how much influence they might have.
Then start to actually do something about it. Privacy International rates the UK at the bottom of the countries list along with China and Russia. This is because the English don't protest when their privacy is infringed.
Thank goodness it's 59%
and there is still time to persuade the other 41%.
A related issue, post 9/11 is if someone claiming to be from the security services arrived at your doctor's surgery and said they required your records for security purposes, and to avoid a terrorist incident, or some such similar insinuation. What would your doctor's response be? The correct response is F**k off and don't come back without a court order. The deplorable response is Here they are, and by the way, s/he is well acquainted with X, Y, and Z.
It's good to see some physicians can recall the Hippocratic Oath.
The Big Out Out
If you go to our web site www.thebigoptout.com there is suitable a letter to opt out of SPINE, that is available for download. Just fill it in ans sign it then give to Reception at your GP Surgery. It has been written by 2 doctors who advise The Big Opt Out.
You can sign a letter on behalf of any children under 16 too.
The Big Opt Out
I am a nurse (hence, have to remain anonymous).
We have to use a computer system for patient records (no, not the "Spine"). On 95% of the shifts I work, we have bank or agency staff. Probably more than 50% of these do not have a login. Management have instructed that these must "borrow" one -- no, I'm not kidding. Also, computers are frequently unattended while a person is logged in.
Yes, there are audit trails which, in theory, will record who has accessed any information. No, it does not work -- could have been anyone accessing that record.
And no, my own details will not go onto the "Spine". Social services looking at my medical records? You must be kidding.
Martin Gregorie: "...I can visualise the access creep now as they progressively change the rules so that they can:
- match medical records with disability claims
- combine them with the DNA database
- combine them with DVLA records
- combine them with the ID/passport database
- sell them to insurance companies to recoup NHS costs"
The Rand Corporation published a book about 1960 on computerized municipal record keeping. Rand being Rand and the era being what it was, the proposals totally disregarded privacy, ethics, or the potential for an IT-based police state.
The idea of cross-linking databases of all sorts of personal information is hardly a new one. All of your life are belong to us!
http://www.rand.org/pubs/papers/P1924/ may be the document I'm thinking of.
If you are interested in the history of this kind of thing, it's a document worth reading.
they gone ahead and done this is Scotland anyway?
AFAIK, very few people opted out as they WERE NOT told they could.....
Not me, sonny Jim
I don't normally post anonymously on here, but this will be an exception.
I am a doctor and I have told my GP that my records are not to be sent onto the Spine.
I just don't trust the government to hold that much information about myself.
My medical data is between myself and my doctor and a very select group of people to whom I decide to disclose it.
NOT for Gordon Brown's eyes.
....and the NHS remains a joke.
Anyone who has been referred for specialist treatment on the NHS knows that half the time, the left hand doesn't know what the right hand is doing. There is often a complete lack of co-ordination not just between, say, your GP and your hospital consultant on two different sites - but between different departments of the same hospital, both of whom rely on the same set of paper records and must transfer them physically between departments in order to know what treatment has been prescribed etc.
There *is* a strong case for being able to share data electronically, at least on a case-by-case basis. The present system is archaic, slow and potentially lethal.
On the other hand, I have full confidence that our illustrious leaders and their trusted suppliers can competently implement a system that is *not* archaic (by the time it's actually delivered), slow or potentially lethal...
..what the survey result would be if they ran it again this week? A bit more than 59%, possibly... :-)
"There *is* a strong case for being able to share data electronically, at least on a case-by-case basis. The present system is archaic, slow and potentially lethal."
Possibly, but shouldn't it be my choice.
There are several things I would NEVER have discussed with a GP if I had known at the time that his notes would eventually be uploaded to a central database. It's a complete breach of confidentiality.
I find it fucking outrageous that the government is now laying claim to MY medical records and suggesting I have no choice.
Incidentally if there is a group out there who have funding and want a subject for a test case - I'm your man
Anonymous nurse endorsement
Posting anonymously about my girl friend, who is a nurse at a major London hospital, whose experiences echo the previous anonymous nurse's post.
Indeed, all patient information is already entered on a computer system (local to the hospital, I believe). Computer security is bypassed on an almost continuous basis due to factors such as agency staff (of which there are enormous numbers) without their own logins (or trackable guest logins), borrowed logins due to forgotten passwords or delayed userid/password setup, or simply because the system security is so horrible to use that they haven't got time or can't be bothered - if you make something too difficult for people to use then they won't; if it's security then they'll bypass it.
Now almost every dept in the NHS probably has at least one agency staffer. So how easy do you think it is for an unscrupulous person to get a job with access to confidential data? And what do you think the chances of tracing that person would be, given the above situation? If they used a fake ID (perhaps built from the handy data on that copy of that nice HMRC CD they bought from ebay or downloaded!)
Also, physical security is similarly lax, for much the same reasons: security doors that should be accessible only by ID swipe badge are wedged open, again for reasons such as agency staff haven't got the access badges, locks faulty (for weeks at a time), or can't be bothered with them. On the one occasion I visited the dept to meet my girl-friend after work, I was able to walk through the wedged open security doors into the "secure" area, and was able to wait in the empty managers office, where I had immediate physical access to the PC and hospital network and systems (the manager being busy helping out with clinical matters due to the chronic staff shortages).
Several databases, several layers of case management, no cross indexing, no reliable reporting of outbreaks of infectious diseases, no reliable way to know if a hospital is severely substandard in any department, or if a physician has killed more than his fair share of patients, but it's fairly easy to pose as a relative and get whatever data about a patient without them knowing. This is how it is in the US I'm sure you are doing a better job in the UK, here it's a nightmare. Some of the million or so reasons I won't go to a hospital as a patient let my death be unmanaged.
Availability of Medical Information
Obviously, some medical information is critial for the successful treatment of emergency medical situations. Maybe not my life history, but medical information of a sort in case I require treatment and cannot speak for myself.
On that basis, I carry with me a duly signed, legally-binding, business card sized, advanced medical document listing preferneces and current meds. I also have a living will (which is registered at the GP and local hospital). I carry a copy of said living will with me when I travel. My wife does the same.
I am not a lawyer. I am not a doctor. I am a First Aider, but prefer to hide behind the IT Bod banner. I have had a think about what level of medical treatment I want and what, if anything, I don't want. I've done my homework.
If people were prepared to do the research, document their choices, make the results of this research freely available on their person - would there be much reason for the "spine"?