NHS plans for storing electronic patient records pose a huge threat to individuals’ privacy and could quickly erode public trust in the health service.
That is the verdict of national doctors’ body the British Medical Association, which has blasted the government’s Health Bill that is aimed at overhauling the NHS. There were so many problems with the bill, it said, that the entire set of proposals may need to be abandoned. Today, it emerged the bill may be delayed as a "listening exercise" continues.
The comments come three days after the powerful Public Accounts Committee questioned the security measures around patient records, which are being created under the failed £11.4 billion National Programme for IT. NHS officials insisted that in-depth records were secure because of better controlled access and better audit trails than on paper.
Today, the BMA said the Health Bill “brings into stark relief a number of grave concerns”. A key issue, it said, was the government’s plans to extend the powers of the Information Centre – which will hold data – to obtain and disclose confidential patient information.
This move, it said, “will undermine patient confidentiality, threatening the doctor-patient relationship and public trust in the health service”.
“We are concerned that the Bill in its current form may allow for the acquisition of personally identifiable patient data from primary, secondary and social care for transfer into the Information Centre without patient consent,” it warned.
“This would undermine patients’ rights to confidentiality and the professional duty of doctors to keep in confidence information given to them in trust by patients,” the BMA warned. “Any loss of trust in the privacy of the medical record will have a seriously detrimental effect on the relationship between doctors and patients.”
The BMA called for the wording of the Bill to be amended immediately to ensure patient confidentiality is protected and consent is sought.
“Doctors must be able to fulfil their professional ethical obligations to patients’ information whilst ensuring that suitably processed information can be used to support NHS management, research and other projects for the public good,” it said.
On Monday, at a Public Accounts Committee hearing, MPs initially appeared to have difficulty obtaining a clear answer from NHS officials as to how many staff were able to access patient records.
Following repeated questioning on the number, Stephen Barclay MP, a member of the committee, said in frustration: “Again you’re not answering. I used to work in financial crime prevention. One of the issues then was the concern of staff, often on very modest salaries, being bribed in order to reveal confidential information. It’s not a new issue. It’s one I assume in your risk assessment that you have looked at.”
“Certainly,” said NHS chief information officer Christine Connelly. She told the Public Accounts Committee that there were “380,000 unique logins” to the patient records system in March. Some 800,000 clinicians are registered to the system.
Connelly was asked if patients would be asked to keep a PIN number, so they could control access. She said that instead, for the detailed record, only staff who are assigned to the clinical team treating that patient would have access to the record, and only when consent was given.
Ian Swales MP, another member of the committee, said: “One in every 50 adults in the country is going to have access to this system. Eight hundred thousand people. So it’s a legitimate question to ask about security of data isn’t it?”
“It’s absolutely a legitimate question,” replied Connelly. “There’s a level of security about the records for particular patients, where those patients are assigned to a clinician’s list. So as the patient gets assigned to the clinician’s list, then the record goes with that. In the same way if your paper record moved and you went to have treatment, your paper record would be called up from a file.... and would work its way through the system and move to the clinicians who were treating you.”
Asked whether this could easily be taken and photocopied, Connelly said it was harder than with a paper record.
“By actually putting this on an electronic system, we have an audit trail of everybody who has ever accessed the system, and so if there was to be some kind of leak it would be very clear on who the community of people were who had access to this system, in a way that we wouldn’t have with paper records,” she said.
The PAC is expected to produce its report on the National Programme for IT in the coming two weeks. Its conclusions, and those of a separate Cabinet Office report soon to be published, will be used to inform decisions on whether to allow the scheme to proceed.
This week, the BMA called for the NHS to “take stock” on the national programme and reconsider its remit, and to build this around the wishes of “clinicians and patients”.