back to article Doctors warn on patient data

Doctors' group the British Medical Association is warning the coalition government that it risks putting ease of access ahead of patient confidentiality as it reforms NHS IT systems. The BMA warned that the Health Bill provides various groups and bodies with access to your personal health file. The Secretary of State for …

COMMENTS

This topic is closed for new posts.
  1. alain williams Silver badge

    Why I opted out

    a year or so ago. I knew that this would happen.

    1. Anonymous Coward
      Alert

      Did you get confirmation?

      My wife wrote in to opt-out way back when they first announced that you could. She's still waiting for some sort of confirmation that her records are not going to be stored online. How does one check?

      I seem to remember comments somewhere about "once your records are in the computer system we can't delete them". So I'm expecting they will have "lost" her opt-out and now it's too late.

      Yes I am a pessimist, and it's only paranoia if they aren't really out to get you.

    2. Anonymous Coward
      Alert

      You Think You Opted Out?

      You say you opted out, but out of what? Summary Care Records?

      Only Summary Care Records?

      There are also Detailed Records, which you don't opt out of. And then there's the NHS Spine, and all the other stuff that goes on top of that, too.

      And don't make the mistake of thinking that Summary Care Records are all there is to this information sharing stuff. That's only the tip of the iceberg, nicely conflated with Detailed Records and the Spine, so that we can mistakenly think we've opted out of all of it, when we've only opted out of a tiny little bit of it.

      It's like opting out of Twitter, and thinking you've opted out of the entire internet.

  2. Anonymous Coward
    Anonymous Coward

    How about..

    The BMA reading the documentation on "Information Governance" that states nobody gets to read the medical information unless it's for Primary use (i.e. supporting clinical use). Everything else has to be pseudonymised and heavily protected.

    If it's for clinical use, they need it to keep you alive/healthy. If it's not, then they may know that someone is generally suffering from the conditions you have, amongst many other someones, but there's no way for them to work out who it is, without compromising the pseudonymising databases.

    I'm surprised the BMA say "There's not much info on this", as there is actually quite a bit, and it's highly specific.

  3. Anonymous Coward
    Anonymous Coward

    The title is required, and must contain letters and/or digits.

    What's really scary is the way in which some doctors appear to believe that using Google's online services to store sensitive medical information is somehow acceptable.

    No doubt some of them will be using Vodafone handsets or dongles to view information online which will result in all the web traffic being forwarded to a faceless Californian company regardless of whether the doctors have asked for it or not.

    1. Anonymous Coward
      Pint

      From the horse's mouth...

      I support one of the NHS applications (so AC, obviously)... here's one problem report we got in yesterday, which puts things in perspective :

      "We cannot log into [X], it is saying incorrect password on the system. This is for all users who use this password."

      So not only are they all sharing one login, but they don't even understand the fundamentals of how a username/password works.

      Pint, cos I need one at the end of most days.

    2. Displacement Activity

      Google online services?

      Any details?

  4. Anonymous Coward
    Anonymous Coward

    Headline should have read...

    Doctors attempt to shut barn door after horse has bolted.

  5. Anonymous Coward
    Anonymous Coward

    "Safeguard" rules not enough.

    It's increasingly clear with the proliferation of databases --often entirely superfluous but not always entirely so, as here-- that the government must take its role in providing infrastructure well-suited for the task of enabling selective information disemmination while provacbly ensuring not divulging information that shouldn't be divulged. And it's not doing it. Privacy laws are entirely a paper tiger and even if they'd be rigorously enforced they'd not be enough. Now that we need our government for a truly essential and visionary endeavour, it is letting us down. What is our government doing for us? Polishing its shiny empty words, that's what.

  6. Lionel Baden
    Paris Hilton

    dont really care tbh

    I guess that's due to growing up in the information age coupled together with laziness and knowledge that im not that fucking important and nobody really cares about boring ol me.

    what i wouldn't mind is some knowledge of what the database is what is in there on me and who can see it, given to the staff so that they can give more than a vauge "ermmmmm we dont really know" answer when asked.

    At the end of the day if im in a car accident and due to this database the guy lying next to me can get my heart on time or vica versa im all for it.

    paris because that would be a oft looked up medical record

    1. Anonymous Coward
      Anonymous Coward

      The title is required, and must contain letters and/or digits.

      Do you have medical insurance? If so when your medical costs go up because your details end up in the hands of insurers and some bean counter thinks you should be paying more would you care then?

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      "Nobody knows who looked because nobody has access."

      No, you as an individual likely aren't important. But part of the system is, and indeed must be, that even if you somehow become "important" --rightly or, worse, wrongly-- or "a person of interest" or whatever the euphemism du jour is, that you still are protected against abuse, including abuse of whatever whichever database has on you.

      At the end of the day, ending up in a database state is not a price worth paying for timely transfers of hearts. Especially since it's not a necessary price; it is possible to, and therefore the state must, get the gains without the drawbacks, or lose the people's trust. And you can see very vividly in the news what happens then.

      Of course that doesn't happen overnight. But the longer it takes (because, for example, the trust-assaulting systems have become too entrenched to easily remove) the higher the price the people pay. So it is in our interest to fix the problem before it becomes a problem. Which now is some time in the past already, actually, even if most of us haven't noticed anything yet.

      1. Anonymous Coward
        Anonymous Coward

        Typo day

        The title of the previous post was to be:

        "Nobody knows who looked because everybody has access."

        But in the end both will be true, making auditing utterly useless and impossible both. And beyond that, there'll be hoarding of data, gumshoes with paid friends, and so on, and so forth. The more valuable the data (and the more data the more value), the more inciting it becomes to snarf, snatch, snitch, or otherwise monetize opportunity whether legally or not. It doesn't matter that the individuals in the database all believe they're each insignificant. It will happen. It already happens.

  7. Tzael

    The wave of privatisation

    This video gives a good overview of what is being done to the NHS right now: http://www.youtube.com/watch?v=sNiruX2gZDc

    Reading this article on The Register makes it clearer how the government is ensuring that private businesses will have permission to access and use our medical data without fear of prosecution. On the one hand that means private companies being able to deliver a suitable medical service to us, on the other hand why do we need to hand over the NHS to private businesses - what can they do that we as a country can't? Either the NHS survives on similar budgets in which case stick with a public NHS, or private businesses increase costs thereby ensuring higher taxes or additional outgoings on medical insurance. Do you really want an accountant deciding if you qualify for treatment?

    1. Anonymous Coward
      Anonymous Coward

      The title is required, and must contain letters and/or digits.

      Whilst I agree with the general sentiment of your post, do you honestly believe that the beancounters aren't already in control? NICE has been around for quite some time now after all...

    2. David Neil

      Sorry but...

      NHS services have been under a cost/benefit analysis for a long time already.

      The question is surely which is more important, the clinical outcome for the patient, or the method of delivery?

  8. Cucumber C Face
    Alert

    re: The wave of privatisation

    >>Either the NHS survives on similar budgets in which case stick with a public NHS, or private businesses increase costs thereby ensuring higher taxes or additional outgoings on medical insurance.<<

    I disagree.

    The drive towards 'consumerism' and away from paternalism in the NHS has led to it becoming unsustainable.

    The 'worried well' want their slices, so crowd pleasing gimmicks like NHS Direct proliferate; sexy day case surgery for all the simple stuff expands etc. Meanwhile the elderly, disadvantaged, chronically sick, mentally ill etc go to the the back of the queue. Who cares? They don't vote anyway.

    No UK government ever had the guts to raise the issue of rationing directly. They can't tell middle England that emergency appointments for sniffles, free nips and tucks, infertility treatment etc aren't in the package. So waiting lists, post-code lotteries etc ARE rationing by another name.

    That is the reason the middle classes will need private insurance within the decade.

  9. Syntax Error
    WTF?

    Protecting Doctors

    Its difficult to understand the fuss about patient confidentiality. Who's really interested in these records apart from the patient and immediate family?

    Generally speaking putting patient records on a database is very sensible. When a patient is admitted to hospital or they visit a GP their records are immediately accessible to every hospital and GP in the country.

    People do not worry about which bank employee has access to their bank records so what is the fuss about medical records?

    I think its more about Doctors protecting what they write about patients from patients. Patient confidentiality is a smoke screen for Doctors to protect themselves.

    1. John Miles 1

      Protecting doctors and hiding bad practice

      Yes, the downside of keeping information highly protected is that it reduces the ability to perform analyses of things such as patient outcomes, and so identify badly performing doctors or unsuitable practices.

      Perhaps this is really behind some of the BMA objections ?

      Widening access in a controlled manner introduces some risk of loss of confidentiality, but not doing so allows poor practices to continue that result in premature death or unecessary suffering.

      I know which approach I would prefer.

    2. Martin Gregorie

      If you think that you haven't a clue

      "Its difficult to understand the fuss about patient confidentiality. Who's really interested in these records apart from the patient and immediate family?"

      Insurance companies and Big Pharma for starters.

      1. Anonymous Coward
        Anonymous Coward

        not forgetting

        BigWoo - not as rich as BigPharma yet but will get there on the back of the localisation of the NHS

    3. Anonymous Coward
      Thumb Down

      What about...

      Insurance companies, prospective employers, social security, benefits office, council officials, political candidates, police officers, etc...

      Those and many more could make, non-approved, use of your medical records. You may not have anything in there... yet. But an awful lot of people have entries describing *possible* diagnoses of acute or chronic conditions, depression, mental illness, possible domestic abuse, etc. which could be used against them if they became "public knowledge".

      How long before the rumours of leaks start and we all lose our trust in our GPs. How long before people avoid getting treatment for "that nasty rash", or "that bruised eye"?

      A secret shared is no longer a secret.

    4. PatientOne

      The fuss is thus:

      Insurance firms getting hold of your medical data tops the list, I think.

      Research firms and pharmaceutical companies come second.

      Your family or friends, or even your work getting hold of your medical data is close third.

      It matters because of *why* they would want to, and *what* they will do once they have that data.

      It's a case of *need* to know. Does anyone out side of patient care *need* to know about a patient's condition?

      The answer is: No.

      Not even family need to know. Not unless the patient decides they do, or they are next of kin and the patient can't make decisions for themselves.

      Just remember: If you've been tested for HIV, it'll be there in your records, no matter what the result is, but the reason for you having the test will not be.

      Even innocent people can have things to hide.

    5. Anonymous Coward
      Grenade

      Put even more lightly

      To begin with, patients have unrestricted access to their own medical records, so there's no medical conspiracy going on to keep patients in the dark. Second, as someone who actually works for a banking concern, access to customer data *is* restricted, and that's as it should be: do you want Jim the intern walking away with your confidential banking data? If you do, then you earn the moniker that got the original version of this post rejected by the moderators (and which I acknowledge was strong, even if it was deserved).

      On that point, the reason health data is restricted is that it can be so easily abused and because individuals may not want everyone and his dog reading their health records and knowing what illnesses they've had. Even if you personally don't have a desire for privacy, many people do. Beyond that, it's not hard to imagine employers, for example, doing a quick trawl and refusing to hire someone because of a previous illness. That information is both intensely personal and open to significant abuse and therefore needs to be protected. Sure, it benefits the patients that their caregivers have speedy access to it, and that's a benefit; the trick is making sure that *only* patients and their caregivers have access.

  10. Anonymous Coward
    Anonymous Coward

    Title?

    If I'm in the position of needing medical care and being unable to communicate I like the idea of doctors knowing my medical history. The reality is however that your medical records will probably contain errors. I've been dealing with the NHS for six years on behalf of one of my parents. I've lost count of the number of times we've had to get information corrected, examples include: wrong drugs listed, treatment instances missing, the best one was they'd got the main illness wrong, what was listed was actually the complete opposite of what the person has.

    I opted out of the Summary Care Records system, I sent my opt out form via recorded delivery to my doctors surgery that's two mile down the road.

    The fact that some doctors are only now expressing concern is par for the course. Like everything in the NHS, it's a bit late.

    1. This post has been deleted by its author

  11. Yet Another Anonymous coward Silver badge

    Protecting Doctors

    Or when I'm looking to hire somebody I can pay $5 to a US website and check their medical history - I don't want to hire somebody who has a history of cancer or heart disease or diabetes do I ?

    Ultimately i suppose there will be an app-for-that allowing me to check out how many abortions/STDs/breast enhancements my prospective date has direct form my iPhone

  12. Tron Silver badge

    Usual mess.

    Incompetent private companies with their snouts in the trough and the govt. playing politics with tech and making a mess of it. We pay for it, get a crap service and lose out.

    As to who you wouldn't want to see your data. In many cases, your friends, your enemies, your stalkers, your family, your neighbours, prospective partners, abusive partners, ex-partners, their divorce solicitors and ultimately world+dog when the stuff gets leaked to the web and distributed as a torrent.

    Nobody wants the world to know that they lost a baby, suffer from depression, have herpes, got raped, got abused, had an abortion, have a dodgy ticker or only have a few years left. Unlike the bullshit about what you bought on the iTunes store, this stuff really needs to stay private.

    So keeping data like this secure is a plan. Secure means your GP sees it or a doctor treating you in an emergency sees it. Not the nosy temp on the reception desk who lives four doors down from you or the guys in tech support who should have real data on their screens replaced by gibberish when they are maintaining the system.

    Politicians are involved, so expect it to all go pear-shaped.

    Oh, and if you apply for health insurance or any form of health-related benefit, expect to lose your privacy in this area. The temps who process your data will find out everything about you. And it all goes on their databases. You have been warned.

  13. Anonymous Coward
    Black Helicopters

    my wise old Grandad ...

    not being English (grew up under Mussolini) had an innate distrust of anything to do with the state. I never understood why he was so suspicious of what seemed to me, at the time, good ideas.

    Remember folks, once they have it, they have it.

  14. Anonymous Coward
    Anonymous Coward

    As a sidenote

    Maybe you'd want to talk over with your GP just what needs to be in your medical files, and then you put the important details on an usb stick and you carry that with you. Currently there's not much standardised about it, but I would expect even doctors to be able to read a plain text file. Maybe stick a PDF copy on there just in case.

    Haven't gotten around to it but I know some people do wear a nice and small usb stick on a neck chain with the stuff they *really* don't want to lose, like medical records, tax returns, and so on. The stuff that's supposed to save you when incapacitated will need to be in the plain for now, but the rest probably needs suitably strong encryption.

    But it'd be the perfect opt-in system. It's in your best interest to not lie (too much) in your medical records. Going forward I'd like something like a way to encrypt your medical files such that only you, your GP, and any emergency medical personnel acting on an emergency can decrypt it, with an audit trail attached. How? That is a SMOP, m'dear. And something we can design and implement.

  15. david 63

    Insurance companies red herring

    Be sure that if you fail to disclose a known condition they will wriggle out of paying out.

  16. Anonymous Coward
    FAIL

    we have all your (health) base

    It's much too late. Too many people have had their fingers in the pie for too long and made a mess of things. Opt out all you want. As soon as you need treatment for something you'll get a form to opt in.

  17. Displacement Activity

    @ElReg

    News organisations have a tendency to confuse "The BMA" and "doctors". When it gets down to it, few doctors have any idea what the BMA says, and even less interest. They also have a tendency to talk utter bollox: their history on commissioning is a case in point. The stuff they were writing last year is completely different to their output now; it's taken them that long to actually find out that most GPs don't want to touch commissioning with a bargepole.

    I've read the bill, and the notes (or as much as I could stand), and it didn't even occur to me that there was a data privacy issue there. This is just BMA grandstanding. Oh, and the BMA "can't lobby to change the law"; there is no law to change. Yet.

This topic is closed for new posts.

Other stories you might like