After Elizabeth Dove saw her GP about suspected depression she was dismayed and angry to find that her sensitive NHS records were put on a database which was shared with staff at the local council.
But it was no mistake: Dove discovered that it is routine for the NHS to make medical information on some patients accessible to some employees of local councils.
Doctors have told Computer Weekly that GPs refer patients to the local Primary Care Trust which shares some medical information with the local council through joint computer systems. The data sharing is done in the name of "offering best care".
But Dove's predicament shows how government attempts to share personal information more widely in the public interest can upset the individual rather than help.
Dove contacted Computer Weekly's IT Projects blog to say that the transfer of her medical information to a council social care system "Swift" has caused her considerable distress and upset. Her records were marked "private and confidential". The Swift system is used widely by local authorities.
"I am pleased you will be highlighting this issue," she said, "I think there are some very important principles here that affect us all and a person's right to privacy and confidentiality ... It is worrying. It is scary. Nobody has bothered to inform the general public to see what they think or seek their permission in the release and sharing of their personal medical information. This is wrong."
Dove has raised the matter with the Information Commissioner. She says the Isle of Wight Primary Care Trust has betrayed the trust she placed in the NHS to keep her medical information secret; and that it's unfair that because she went to her GP about suspected depression - and has never been trouble with police, is not a paedophile, is not schizophrenic, and has never shown any signs of violence to her or society - she has had her right to privacy removed.
She was not asked if she wanted her medical records shared with the council.
The Isle of Wight Primary Care Trust told Computer Weekly that it has now produced a leaflet for patients on the sharing of their information. The leaflet was published only after Dove submitted a request to the council under the Data Protection Act, discovered that it possessed her medical details and, as a result, expressed her concern to officials.
Meanwhile the Swift system, and others like it, remain in the shadows: few among the population realise that if they approach their GP about a mental health matter such as depression their medical history may be accessible on a council database.
Dove says the joint system gives some of the council's staff the potential to "snoop, scrutinise, monitor and track patients". She added: "It has discriminatory undertones [if] a local authority and the NHS perceive anyone and everyone with a mental health problem to be either a schizophrenic or a paedophile. This regrettably stigmatizes people with any mental health issue."
GP Paul Thornton, who has studied the legal and ethical issues around the sharing of medical information, said:
"She [Elizabeth Dove] has experienced in microcosm the issues which are unresolved in respect of the Connecting for Health [National Programme for IT] database.
"Ministers claim the proposals [on data sharing] are lawful but continue to refuse to publish the legal guidance, a counsel's opinion, upon which their claims are based.
"A recent judgment from the European Court of Human Rights is clear that uninvolved staff must be 'unable' to access records, rather than just 'not allowed'." Thornton said that the common law basis for the sharing of medical information is on an assumption of implied consent: that patients are aware their medical history is to be shared agree to it.
"The problem is that professional or institutional assumptions of consent may not be shared by the patient.
"It seems [that Elizabeth Dove] has been seen by a staff member from a community mental health team. Such teams comprise some staff employed by the health service and others employed by local authority social services department. They have a common computerised record system. It might be accessible beyond the local team from which her particular contact worker is drawn, across the social services department area."
A spokeswoman for the Isle of Wight NHS Primary Care Trust told Computer Weekly:
"In line with national best practice and guidance, the NHS and local authority on the Isle of Wight formally integrated mental health services in 2001.
"A joint electronic information system enables a co-ordinated approach, the development of care packages to meet all the needs of an individual, and provides key information to support the provision of crisis, out of hours and emergency services. Security is maintained to a high standard and strict measures are in place to monitor access. Leaflets which explain the information sharing policy are available to service users."
But Elizabeth Dove - which is a pseudonym because she does not want her real name disclosed - said:
"Why weren't patients, members of the general public informed of this information joint sharing back in 2001 when this computer system was first set up? Why has it taken seven years for the gen public to be informed? Why has the NHS PCT been working in this `covert way', not being open and transparent? I am not suicidal. I have not committed a criminal offence. There are no child protection issues. So why have I been placed on `Swift' when I did not request an out-of-hours, crisis service?"
In an exchange of emails with me, these are some of her comments:
"I had no idea my medical information was held on a joint computer system called `Swift' and could be accessed by council employees. I am very distressed that I was not contacted by the NHS first to inform me of this situation and gain my permission first. I am upset also that I was allowed to be identified in this way and my personal privacy totally invaded and not respected. I had not committed a criminal offence, I was no risk to self or others and there were no child protection issues. I am livid.
"The answers I have received back from the NHS is that they are quite within laws policies and procedures to do this. I have been informed this is to ensure `best care' for a person/patient but does not affect all patients, only those that seemingly have contact with Primary Care Trusts (mental health) around the county.
"This practice of [sharing data] on joint computer systems is happening up and down the country covertly. It is extremely worrying that the general public have not been informed about this, and even more worrying that they have no control over their personal data.
"I have been informed by the NHS [that] as a result of my formal complaint, a patient-information leaflet is being planned to inform patients of the use and sharing of their personal data. My questions are:
- why wasn't this [leaflet for patients] done in the first place when this joint system was being planned?
- Why were a patient's rights not taken into consideration?
- Why does this practice only seem to apply to patients with mental health problems? Is this not direct discrimination by the NHS and Local Councils?
"I think the general public has a right to know how their personal data is being used and shared by agencies."
Sharing NHS data - Connecting for Health website
NHS changes privacy rules to electronic health records - IEEE spectrum online
Is sharing of NHS SUS data legal? - IT Projects blog, 2007
Healthy connections - the NPfIT
NPfIT database could save your life - IT Projects blog, 2008
NHS IT condemned - by NHS trust - Taxpayers' Alliance
Sir Bobby Robson's e-health records viewed illicily by NHS staff - IT Projects blog, 2007
NHS NPfIT begins to fall apart - NHS Watch
Lives ruined as NHS leaks patient notes - The Guardian, 2000.