- Elizabeth Dove's visit to her GP for depression may be an open secret on the Isle of Wight, since 966 council staff have access to her medical data. 966 is about 1% of the adult population of the island.
- GPs across England routinely share mental health data with PCTs which share it with thousands of local council staff.
- GP Paul Cundy says the case of Elizabeth Dove is an ominous warning for the sharing of Summary Care Records data under "implied consent".
In 2008 Elizabeth Dove (a pseudonym) saw her GP to ask what could be done about her depression.
Some time later Dove had a dispute with her local council, a matter entirely unrelated to her health.
Pursuing her complaint to the Isle of Wight council, she submitted a request under the Data Protection Act to be sent all the information the authority held on her.
To her dismay, she received sensitive data from her GP health records. It came from officials at the local council's housing department - with whom she had the dispute.
It turns out that her health data was held on a joint council and primary care trust system "Swift".
She hadn't consented to her health records being shared with the local council.
Dove said in an email to me:
"I feel very let down and betrayed by the NHS and my local council. I feel particularly that my trust has been broken by the NHS regarding the sharing of my medical information . Local authorities and public statutory organsisations seem insensitive to a person's basic human rights to personal privacy."
My article on this blog about Elizabeth Dove was picked up by investigative journalist Donal MacIntyre who hosts a programme on BBC Radio 5 live.
When Bob Howard, who works on the Donal MacIntyre programme, asked the Isle of Wight PCT and the IW Council for a comment on Elizabeth Dove's concerns, he learned that 966 council staff have access to the "Swift" system.
This was the joint statement issued by the Isle of Wight PCT and the IW Council:
"The SWIFT system is used jointly by the Isle of Wight Council and the Isle of Wight NHS PCT to support the provision of fully integrated mental health services
"The principal reason why data is, under strict control, shared between the NHS and the Council is to allow those organisations to offer the most appropriate treatment or services to people in need.
"We would be open to criticism if care offered by one organisation conflicted with that being given by the other.
"This data sharing is practised throughout the country in accordance with strict controls and safeguards.
"Only staff professionally involved with providing care are authorised to access the information and access is audited to be sure each user is using the system correctly. Approved users are authorised to view only the files relevant to the cases they are working on.
"All users are acutely aware that inappropriate use of SWIFT is a very serious breach of confidentiality under numerous pieces of legislation and inappropriate use of SWIFT will result in disciplinary action.
"There are 966 (both full and part time staff) people authorised to access the system under these stringent controls.
"Since the implementation of SWIFT, procedures have been put in place to ensure service users are aware of data sharing.
"Last year, the council completed an exercise where all Community Services key workers received leaflets and consent forms for each of their service users.
"If a service user does not wish information to be held on the Swift system there is a process to follow and in very exceptional circumstances the system will not be used. Service user data is not used during training."
During his programme last weekend MacIntyre interviewed me about the Dove case. MacIntyre also spoke to GP Paul Cundy, a member of the BMA's GP IT committee.
I told the programme that the council's data security procedures are of no comfort to Dove when dozens of council staff who have seen her records leave the authority as part of normal staff turnover.
What if Dove is in dispute with a neighbour who used to work for council? That neighbour could bring up the fact that Dove has had mental health problems and threaten to spread the word.
Paul Cundy said that when a GP shared information with another doctor by letter, the GP would discretely extract only relevant information. With electronic records it's a "completely different arrangement".
He said: "Databases distribute information about you even when care is not being delivered."
He added that the BMA's view is that a profoundly different arrangement for sharing information, via national or regional databases, needs a profoundly different arrangement for consent. "In the past there was implied consent and trust between the doctor and the patient.
"There should still be trust but people cannot reasonably assume that implied consent is enough. If now, when you see your GP, that information could end up on the screens of 1,000 local council employees, instead of implied consent patients should give their explicit consent. They should be asked."
Donal Macintyre: "So do you think patients will win out in the end?"
Cundy: "I am afraid I am not certain about that. Governments are big, powerful organisations. They are rolling out the Summary Care Records despite an apparent agreement not to do that. I'm afraid the greater losers may be patients."
Patient dismay as her medical data is shared with council - IT Projects Blog
When data sharing ruins lives - IT Projects Blog