Two senior officials at the Department of Health and the
chairman of the conference have taken exception to the reporting in
our 15 July issue of the conference organised by the British
Computer Society's Health Informatics Committee and Assist, the
Association for ICT Professionals in Health and Social Care, in
Birmingham.
Marlene Winfield
Head of patient and citizen relations, NHS Information
Authority
As one of the people responsible for patient confidentiality
policy in the NHS, I want to correct errors and misunderstandings
in Tony Collins' article (Doctors express alarm at plans to store
patient data without consent, 15 July). He spoke of "secret plans"
to put health data into a "data spine" system. They are only secret
insofar as they have been discussed at major conferences (NHS
Confederation, Carers UK annual general meeting). Moreover, the
data spine contents were decided in a series of discussions with
clinicians and representatives of patient and citizen groups. They
have also just been the subject of research with patients and the
public conducted for us by the Consumers' Association. Not a
definition of secrecy I would recognise!
Your author neglected to mention that at the British Computer
Society meeting that prompted the article, it was announced that
the supposedly secret Output Based Specification, which ran to many
hundreds of pages, would soon be made public in a summary version.
Many who attended the meeting were given access to the complete
version beforehand and parts of it appeared in a Powerpoint
presentation at the meeting.
The impression is given that a national database of patient
identifiable information will be available without patients'
consent. That is not the case. Identifiable "spine" records will
not "go live" until each patient consents individually. We do,
however, admit to ensuring that clinicians explain to patients the
consequences of having and not having an identifiable "spine"
record. We are guilty as charged of wanting patients to have
informed consent.
The records of patients who do not consent to their "spine"
record going live will be used for authorised planning and
management of health services and for research that has ethical
approval. Neither of these forms of access will reveal the identity
of the patient. Planners and researchers will have permission only
to extract limited data for the purpose of their analysis. No one
will be able to see the full record except in rare circumstances,
such as a medical emergency, and even then under extremely strict
conditions which would generate live alerts. This kind of access is
fully in accord with the Data Protection Act and is provided in the
interest of patient care. This data will be held under very strong
security appropriate to the risks involved, as is always the case
in a good security design.
We must also admit to being honest with patients and the public
about hackers. If the Pentagon is not safe from hackers, then we
cannot give absolute guarantees either. We can, though, use state
of the art protection and explain what measures we are taking to
protect people's information. Our research with the public
consistently suggests that while they have some concerns about
security, their highest priority is good health information being
available to them and those treating them.
Contrary to the impression given, the police will have no more
access to patient records than now and probably less. A
Confidentiality Code of Practice will be published in the autumn
giving NHS staff clear instructions about when they must and must
not give information to the police. And as was made very clear at
the meeting, clerical staff will find it much more difficult to
sell information to private detectives when electronic records
greatly restrict their access to clinical details in patient
records. Another thing the author neglected to include.
You also report elsewhere that some clinicians are concerned
that the measures to protect patient confidentiality might be too
rigorous. It seems we cannot win! The confidentiality policy that
underpins the technical specification for the integrated care
record was largely devised by patients (including those with
particularly sensitive health problems) and then widely and
publicly consulted on with all interested parties, who gave the
proposals an 86% approval rating.
A press release issued after the meeting by the British Computer
Society said, "The mood of the meeting was one of considerable
enthusiasm for the overall plan and optimism that the vision it
describes could, if appropriately developed, fundamentally improve
patient care in the NHS." Somehow, that was left out of the article
reporting on the meeting. I for one am at a loss to understand why
Computer Weekly allows itself to print scare stories which may sell
a few more copies but at the cost of frightening patients
needlessly and some might say cruelly.
Private meeting
David Young
Clinical adviser to the Information Policy Unit, Department
of Health
I find your reporting of parts of the health informatics
conference organised by Assist and BCS deeply disturbing in at
least two respects.
Firstly it was a gross breach of confidence to report the
meeting at all. It was a private meeting at which attendees from
all parts of the NHS, suppliers, academics, management consultants
and the Department of Health could express their ideas and views on
the National Programme for IT in the NHS knowing that they would
not be made public. A summary report will be the only outcome of
the meeting. The chairman of the meeting specifically stated in his
introductory remarks that all were bound not to comment publicly on
what was said.
To break confidences in this way is undermine the understanding
which allows individuals from opposite sides of the fence to meet
for frank and open discussions to the benefit of both and the
services they represent.
Secondly the report was given the most sensational spin, with
phrases such as "secret plans to put sensitive health dataÉ into a
national 'data spine'," "patientsÉ unaware that health recordsÉ
could be seen by authorised government agencies such as the
police", "sensitive data, which could include references to sexual
historiesÉ could be vulnerable to hacking attempts".
Spin is more about style than substance as is evidenced in your
report.
For the record there are no secret plans to put sensitive data
into a national data spine. The plans for a national Integrate Care
Records Service were published in June 2002 and have been on the
internet for over a year now. The specific arrangements for a
"National Data Spine" were presented publicly at the Health Care
2003 meeting in March and several times since. The proposals were
widely discussed within the information community of the NHS.
The police or anyone else will have no greater power to examine
health records than they do now. The process needs a court order
and is thus subject to judicial review.
It is common knowledge that any database of information from
banks to the Ministry of Defence are subject from time to time to
attempts at unauthorised access. Something an IT journalist should
be aware of. It is part of the modern electronic world such as
spamming and other unsolicited e-mails. The most stringent security
measures will protect all electronic health records.
It is a great disappointment to have to complain of such an
abuse of trust, which will make it more difficult for CW world
(sic) to achieve the factually (sic) accuracy I am sure it strives
for.
Scientific contribution
Glyn Hayes
Family physician, chairman, Health Informatics Committee of
the British Computer Society
The British Computer Society's Health Informatics Committee is
extremely concerned at the cheap headline-grabbing nature of the
reporting in Computer Weekly of the discussions that took place at
our recent meeting. This meeting was a scientific contribution to
the development of the National Programme for IT in the NHS and as
such had a balanced and constructive series of workshops which were
aimed to assist in the successful implementation of the programme.
Your reporting and in particular your headlines only concentrated
on one side of what took place.
My comments about the possibilities for problems around the
confidentiality requirements of the new systems were designed to
explore in a reasoned fashion, how clinical staff might work. The
debate which took place following these comments produce a very
different viewpoint than that reported. Thus my comments were taken
out of context and have been used to raise unfounded anxieties
amongst NHS staff and patients.
I raised the possibility that it would take staff time to cope
with these confidentiality constraints and the discussion agreed
that this was why the national programme had decreed they needed a
phased implementation. The only proposal which thus arose was the
need to evaluate these phases at each stage during the five-year
implementation to ascertain whether they do cause problems and
modify them in the light of experience. This phasing and evaluation
are not mentioned, yet they are a fundamental point.
It was pointed out very strongly at the meeting that effective
and rigorous confidentiality constraints are an essential
requirement if we are to keep patient confidence. No one objected
to the need to share patient data if we are to use IT systems to
improve patient care. Patients themselves find it ridiculous in
this modern age that their records are not available to those who
care for them wherever they are within the NHS. The idea that
"doctors would boycott such systems" was not raised at the meeting
and is inaccurate.
I would also take issue with the comment that the proposals are
"secret". Everyone at the meeting had had access to the report and
I commented in my opening speech that arrangements are in place to
make it public.
There is a basic inconsistency with two of your reports. On the
front page you state that the confidentiality requirements are too
strong and in a later report you say that there is danger in
patient data being held in the National Spine without patient
consent! It was quite clearly stated that patients will have to
give their consent before any data can be used by anyone for any
purpose.
It is extremely worrying if experts in the field cannot debate
these very important issues without inaccurate and unbalanced
reporting. All such reporting does is stifle the real debates we
need if we are to ensure that we are successful in realising the
huge benefits in care that IT can deliver. Widespread informed
debate is needed; ill-informed scaremongering is not.