back to article Patients gain right to scrub e-records from NHS database

NHS patients will be given the ability to scrub electronic records of their treatments and medical conditions from a proposed national medical database. The concession to patient privacy and data protection follows negotiations between health service officials and data protection watchdogs at the Information Commissioner's …

COMMENTS

This topic is closed for new posts.
  1. Geeks and Lies
    Thumb Down

    How daft....

    I mean really! Why would someone be so paranoid as to have their actual medical records removed! Also once they have been viewed then they are not deleted but archived due to legal reasons. Well newsflash people. Creating them puts a view on them so surely that means that nothing will be deleted only archived. Or if you take the view that creating them does not mean they have been viewed then what’s the point in creating them at all as no one would be allowed to look so why not just chuck all your paper work through the shredder and have your doctor continually guess what is wrong with you! IDIOTS! When is someone going to make common sense available on the NHS!

  2. The Mole
    Thumb Down

    Backups?

    Presumably there will be backups of this data and presumably data won't be removed from these?

  3. TeeCee Gold badge
    Thumb Down

    How does that work?

    "deleting.......too expensive, instead offering to put in place a system to hide records...."

    Exactly how is "DELETE FROM records WHERE ni_number=n" more expensive than modifying the database to incorporate a hidden flag and then modifying all the data access methods used by all the client systems to return "sod off" when the hidden flag is set?

    I call bullshit on this one. Unless, of course, the problem is that they've actually got no fucking idea of where all the places that your data might end up are. So I suppose the real question is are they lying about the cost of this or are they lying about the security of your data?

  4. Michael

    RE: How daft...

    Um, if you have an embarrassing illness and don't want colleagues to find out. Or friends, or former classmates from school.

    The proposal won't delete your medical records. It just stops them being accessed remotely by anybody in the NHS who happens to log in to the computer.

    The advantage of this system is that doctors can look up details about you in an emergency when you are in no condition to pass on the details yourself.

  5. ElFatbob

    Re: Geeks And Lies

    G&L, I would - no question.

    I think what we are talking about is the Summary Care Record, not your medical file. The SCR is what contains all the personal information about you and is accessible by anyone on the Spine (which is the main point of contention).

    Your local practice will maintain your medical records and that is what they will access and use to evaluate you.

  6. Ed
    Thumb Down

    Ridiculous!

    I completely agree that the data within this system could be very useful, maybe even life-saving, in certain circumstances. Providing data is only accessed by medical professionals, for the purposes of providing medical care, I would have no issue with my data being in the system. If anyone else has access, or data can be accessed for a reason other than the provision of medical care, they can get stuffed.

    To design a system where the only method of further restricting access to data is to delete it is pathetic.

  7. Anonymous Coward
    Anonymous Coward

    Re : Geeks and Lies

    Perhaps some people have rather more regard for the security and privacy of their personal health records than you do.

  8. Anonymous John

    Knowing this government.

    You'll probably have to wait 12 years, and they'll only be deleted if you haven't been ill during that time.

  9. BlueGreen

    @Geeks and Lies

    I'd agree with you except I'm paranoid to the extent of considering deleting them.

    It's about trust. I don't trust them. I don't trust them not to have accidents with them, I don't trust them not to deliberately spread my info around without my consent.

    I *don't* trust anymore. That's a bad sign for a society.

    It's a magnificent resource, it's genuinely of great potential use, if I trusted our 'lords and masters' (heh) then I'd be entirely happy. I don't so I'm not, not at all. So deletion is in the balance right now.

  10. David Pollard

    Open Source

    There seems to me to be an underlying and insurmountable problem: that it is not logically possible to maintain a totally accurate audit trail while also allowing deletion of data. At a practical level, for example, what would be the appropriate procedure were the wrong record to be accidentally deleted? The only way in which full integrity can be provided is for the system, at some level, to be write once; with no deletion or amendment after commit.

    It is precisely to tackle this problem that standard commercial procedure uses credit notes and goods return notes rather than allowing direct amendments and deletions. The entire set of original entries is preserved.

    The ICO is right to point out that "People want the assurance that they can restrict who can access their personal details in NHS electronic records." This is indeed the real problem, and the latest move doesn't properly address it.

    The solution would seem to be have NHS data stored locally wherever possible, rather than on a massively centralised system; to use Open Source so that the processes and procedures are open to inspection; to allow the data subjects to see their records easily, adding corrections if necessary; and to use tight access controls to provide verifiably accurate logs which are open to inspection. This would, of course, depend on there being a sufficient number of independent individuals able and prepared to spend the time and effort to scrutinise the software and system specifications.

    The question of how to use the resource that the database could provide for appropriate research without also allowing the possibility of surveillance or malfeasance is for another day.

  11. Anonymous Coward
    Anonymous Coward

    Not useful

    Although the idea that a doctor might have access to your records when you're delivered unconscious to A&E might seem appealing, in fact it's not really very useful. I've heard doctors interviewed about this and they claim that, for example, maybe there was one time in their careers when it could have saved some time. In most cases, either the patient is not unconscious, or there is someone with them (partner etc) who knows about their condition, or they can be treated with "safe" drugs (etc, or 'O-' blood) until the details can be found.

    Even if you think it would be useful for those few people who are, for example, allergic to penecillin to be recorded as such on a database (rather than wearing a bracelet as many currently do), THAT DOES NOT MEAN THAT THE REST OF US SHOULD HAVE THE DETAILS OF OUR RECENT "PROCEDURES" PUBLISHED FOR ALL TO GOSSIP ABOUT.

  12. Peter White
    Jobs Horns

    I'll get you

    Cool, how can I put "Do not resuscitate" on someone's records ?

  13. r
    Thumb Down

    Do not resuscitate

    "The same SCRs could be used to indicate a dying patient's preference not be be resuscitated in cases where they experience a heart attack, for example"

    I wonder who'll carry the can when it's discovered that the value in this field in some poor sod's record was wrong?

  14. Anonymous Coward
    Anonymous Coward

    Are MPs listed on it?

    I'm assuming (probably incorrectly, but ho hum), that the Government pushed through the "get everybody on this database" scheme: it'll be interesting to see how many MPs are happy with the security that they've allowed their details to be put on the Spine. If they don't think it's secure enough for their information, it's not secure enough for us...

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    The problem is

    Normally electronic medical records best practice says the patients records must not be deleted in order for full clinical audit to take place. Records can be deleted as part of records management policies, but this is usually well after the last encounter - in some instances many years later (+30).

    The thinking behind this is to ensure that the clinical decisions made by a doctor are placed in context. He make those desisions on the evidence in front of him both from the the patients symptoms and his medical records. If the patient reacts badly to a drug or later dies it is important that all the evidence is available to the doctor and others investigating what happened. Another reason why records are not normally deleted is to stop a new Dr Shipman covering his tracks. An audit trail would point to the record being deleted but not the actual content.

    If a doctor used the SCR today and gave a patient drug A, which leads to a malpractice suit, and that same SCR is deleted then the orginating doctor & the NHS would have a problem

    If you read the CFH ruling it says you can ask for deletion, which will be carried out if the SCR has not been accessed. What accessed means is the million dollar question.

    Before we get shouts of DPA, the NHS has huge exemptions in this area that go back over 10 years. Worth reading chaps

    http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4131747

  17. the insider

    Oh Reaaaahaaaaleey

    Geeks and Lie, ill tell you when..

    When you are mysteriously refused health insurance and never figure out it was because some muppet erroneously entered a condition mistakenly on your record which was (and could be in time) passed on to certain agencies. You'll never know what's on there unless you keep asking for a copy. (think it doesnt happen? no comment)

    When your ex-bunny boiling spouse manages to track down your new address after the "kitchen knife incident a few years back" and you return to find your beloved spaniel hung drawn and quartered and its fur used as a retro looking xbox cover.

    When you cant figure out why the neighbours wife cant help but laugh and smirk every time she sees you having read about your impotence problem and the counselling you now receive twice weekly.

    When that slightly strange girl Georgina down the road is forced to up and move home suddenly when it turns out he actually had his surgery complete the year before moving to the area.

    When you would rather just not have known that little Jonny who you take to footy every Tuesday night wasnt yours after all, after all those years of bringing him up with your wife.. only to discover in a heated argument with the bloke down the road with a smart card that your "so called" mate is the dad,

    and on, and on, and on...

    would the SCR help.. it could, but as someone already said it doesnt bring that much new to the table.. did you die last time you were rushed in to hospital on holiday say because they didnt have an SCR to look at?? no.

    can this sysyem be implemented properly, with proper safegaurds in place.. Gordon Brown has more chance of winning Playgirl of the year. The system is wide open to abuse, its designed and written by people with no idea of the end user requirements or working practice, and has more bugs than a Scottsman returning home from a honeymoon in Mexico.

    Its not a case of having nothing to hide... its simply these muppets cant be trusted

  18. Anonymous Coward
    Anonymous Coward

    If you can believe them...

    Back in 2006, I sent a request to my consultant to not place my records onto the spine with the accompanying ‘93C3 — Refused consent for upload to national shared electronic record.’ I do not believe that it is in my interests to have my records stored in this way.

    The next time I saw my consultant, my file which over 35 years of chronic illness, was now over a foot in thickness and consisted of four binders, was now about one inch thick.

    When I asked what happened to my file, my question was met with the answer, or "its' probably been archived".

    Frankly, I do not believe the establishment has the faintest concept of privacy.

  19. Anonymous Coward
    Anonymous Coward

    RE:If you can believe them

    As things stand NO historic data has been electronically gathered as part of the national programme. What the person you asked meant was put in a box and stored in a warehouse off site as has been a necessity for years as paper records take up a heck of a lot of space.

    Nice paranoia though.

  20. Neil

    Let's be clear

    This is about being able to delete your Summary Care Record only.

    Not your GP-held records and not your hospital-held records.

    I sought advice (from the DoH then the ICO) on whether patients who:

    * discover that their data has been uploaded to the SCR (without their knowledge or understanding) and don't want it there, or

    * decide that they really don't want their data stored in this way (say after the next great data loss), or

    * decide that there are better ways of sharing their information, or

    * decide that what they signed up to (by not opting out of the SCR) is turning out not to be as they thought (expanding access, secondary uses of information, linking to other databases etc)

    could get their uploaded data - their SCR - deleted. Their choice.

    The DoH said no, as was widely reported.

    So I wrote to the ICO as I could not see how this was compatible with data protection laws.

    http://www.neilb.demon.co.uk/download/ICO_SCR1.pdf

    This prompted meetings between CfH and the ICO

    http://www.whatdotheyknow.com/request/11135/response/28041/attach/3/Final%20version%20of%20meeting%20note%202%20April%2009.PDF.pdf

    and it appears that this is the outcome.

    If you have a SCR and you are happy with it, fine.

    If you don't, and you don't want one, then opt out now.

    But I bet it won't be easy to get your SCR deleted.

    I suspect patients will have to write to CfH, provide multiple proofs of ID (just like the Hampshire Health Record tries to insist on), may even have to attend in person somewhere, may need to "discuss it first" with someone.....

    Neil

    www.nhsdatabase.info

    www.hampshirehealthrecord.info

  21. Neil

    In fact

    Your SCR may not even have been accessed.

    http://www.connectingforhealth.nhs.uk/systemsandservices/scr/staff/faqs/mpsfaqs

    "In the event that a summary care record has been accessed, or should have been accessed, as part of someone’s healthcare, the record needs to be kept"

    So if you presented to A&E and refused to let someone look at your SCR (perhaps because all that was wrong with you was a simple laceration) then thereafter you would not be able to get your SCR deleted.

    read the small print.

This topic is closed for new posts.

Other stories you might like