Patient dismay as medical data shared with council

After Elizabeth Dove saw her GP about suspected depression she was dismayed and angry to find that her sensitive NHS records were put on a database which was shared with staff at the local council.

But it was no mistake: Dove discovered that it is routine for the NHS to make medical information on some patients accessible to some employees of local councils.

Doctors have told Computer Weekly that GPs refer patients to the local Primary Care Trust which shares some medical information with the local council through joint computer systems. The data sharing is done in the name of “offering best care”.

But Dove’s predicament shows how government attempts to share personal information more widely in the public interest can upset the individual rather than help.

Dove contacted Computer Weekly’s IT Projects blog to say that the transfer of her medical information to a council social care system “Swift” has caused her considerable distress and upset. Her records were marked “private and confidential”. The Swift system is used widely by local authorities. 

“I am pleased you will be highlighting this issue,” she said, “I think there are some very important principles here that affect us all and a person’s right to privacy and confidentiality … It is worrying. It is scary. Nobody has bothered to inform the general public to see what they think or seek their permission in the release and sharing of their personal medical information. This is wrong.”

Dove has raised the matter with the Information Commissioner. She says the Isle of Wight Primary Care Trust has betrayed the trust she placed in the NHS to keep her medical information secret; and that it’s unfair that because she went to her GP about suspected depression – and has never been trouble with police, is not a paedophile, is not schizophrenic, and has never shown any signs of violence to her or society – she has had her right to privacy removed.

She was not asked if she wanted her medical records shared with the council.

The Isle of Wight Primary Care Trust told Computer Weekly that it has now produced a leaflet for patients on the sharing of their information. The leaflet was published only after Dove submitted a request to the council under the Data Protection Act, discovered that it possessed her medical details and, as a result, expressed her concern to officials.

Meanwhile the Swift system, and others like it, remain in the shadows: few among the population realise that if they approach their GP about a mental health matter such as depression their medical history may be accessible on a council database.

Dove says the joint system gives some of the council’s staff the potential to “snoop, scrutinise, monitor and track patients”.  She added: “It has discriminatory undertones [if] a local authority and the NHS perceive anyone and everyone with a mental health problem to be either a schizophrenic or a paedophile. This regrettably stigmatizes people with any mental health issue.”

GP Paul Thornton, who has studied the legal and ethical issues around the sharing of  medical information, said:

“She [Elizabeth Dove] has experienced in microcosm the issues which are unresolved in respect of the Connecting for Health [National Programme for IT] database.

“Ministers claim the proposals [on data sharing] are lawful but continue to refuse to publish the legal guidance, a counsel’s opinion, upon which their claims are based.

“A recent judgment from the European Court of Human Rights is clear that uninvolved staff must be ‘unable’ to access records, rather than just ‘not allowed’.” Thornton said that the common law basis for the sharing of medical information is on an assumption of implied consent: that patients are aware their medical history is to be shared agree to it.

“The problem is that professional or institutional assumptions of consent may not be shared by the patient.

“It seems [that Elizabeth Dove] has been seen by a staff member from a community mental health team. Such teams comprise some staff employed by the health service and others employed by local authority social services department. They have a common computerised record system. It might be accessible beyond the local team from which her particular contact worker is drawn, across the social services department area.”

A spokeswoman for the Isle of Wight NHS Primary Care Trust told Computer Weekly:
“In line with national best practice and guidance, the NHS and local authority on the Isle of Wight formally integrated mental health services in 2001.

“A joint electronic information system enables a co-ordinated approach, the development of care packages to meet all the needs of an individual, and provides key information to support the provision of crisis, out of hours and emergency services.  Security is maintained to a high standard and strict measures are in place to monitor access. Leaflets which explain the information sharing policy are available to service users.”

But Elizabeth Dove – which is a pseudonym because she does not want her real name disclosed – said:

“Why weren’t patients, members of the general public informed of this information joint sharing back in 2001 when this computer system was first set up? Why has it taken seven years for the gen public to be informed? Why has the NHS PCT been working in this `covert way’, not being open and transparent?  I am not suicidal. I have not committed a criminal offence. There are no child protection issues. So why have I been placed on `Swift’ when I did not request an out-of-hours, crisis service?” 

In an exchange of emails with me, these are some of her comments:

“I had no idea my medical information was held on a joint computer system called `Swift’ and could be accessed by council employees.  I am very distressed that I was not contacted by the NHS first to inform me of this situation and gain my permission first. I am upset also that I was allowed to be identified in this way and my personal privacy totally invaded and not respected. I had not committed a criminal offence, I was no risk to self or others and there were no child protection issues. I am livid.

“The answers I have received back from the NHS is that they are quite within laws policies and procedures to do this. I have been informed this is to ensure `best care’ for a person/patient but does not affect all patients, only those that seemingly have contact with Primary Care Trusts (mental health) around the county.

“This practice of [sharing data] on joint computer systems is happening up and down the country covertly. It is extremely worrying that the general public have not been informed about this, and even more worrying that they have no control over their personal data.

“I have been informed by the NHS [that] as a result of my formal complaint, a patient-information leaflet is being planned to inform patients of the use and sharing of their personal data.  My questions are:

– why wasn’t this [leaflet for patients] done in the first place when this joint system was being planned?
– Why were a patient’s rights not taken into consideration?
– Why does this practice only seem to apply to patients with mental health problems? Is this not direct discrimination by the NHS and Local Councils?

“I think the general public has a right to know how their personal data is being used and shared by agencies.”


Sharing NHS data – Connecting for Health website

NHS changes privacy rules to electronic health records – IEEE spectrum online

Is sharing of NHS SUS data legal? – IT Projects blog, 2007

Healthy connections – the NPfIT

NPfIT database could save your life – IT Projects blog, 2008

NHS IT condemned – by NHS trust – Taxpayers’ Alliance

Sir Bobby Robson’s e-health records viewed illicily by NHS staff – IT Projects blog, 2007

NHS NPfIT begins to fall apart – NHS Watch

Lives ruined as NHS leaks patient notes – The Guardian, 2000. 

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I am a Consultant Physician. As I understand the NHSdata sharing rules, it is OK for one NHS organisation to pass on personal clinical data to another NHS organisation under certain circumstances. For example data on cancer outcomes are collated for Cancer Network outcomes analysis and audit. This seems OK to me, and that patients would expect us to measure how well we do.

However it is also "OK" for patient data to be handed to PCTs for waiting list and "Referrals management" processes. This seems dubious ground to me. The patient, of course, expects their personal clinical information to be sent to the hospital clincal team (I need to know what the referral is about, past medical history, current medications). That is not to say that the patient expects a bureaucrat in another part of the NHS to see that very same data (perhaps OK to see name, address and to whom referred and nothing else).

Now for intimate private personal health details to be passed to Social Services without express permission in circumstances other than child protection, adult protection, and patients who carry a high risk of damaging memberso of the public, seems unacceptable to me. The process should be open and by signed consent - I expect few people would object, a few would want a "sealed envelope" and an important few would refuse.

This is so dangerous - we docs get the diagnosis wrong quite often - yet the label "depression" could stick in the Social Services system for ever, and prejudice the social workers over really important stuff like should a child be removed from a parent "Oh yes the parent has "depression" the doctor says so",when the doctor later found it was an underactive thyroid and the patient is totally well, and never thought to tell social services...

Sadly this does not surprise me. I worked for Isle of Wight Social Services a few years ago and part of my induction included training on this system (SWIFT). I thought it awful that information was shared in this way and so casually - the training session used real live data!! - and agree completely with the previous blogger that notes on such a database should have very restricted access. I also think the information should only go on such a database with the informed consent of a patient which has clearly not happened here. I refused to use the system but do know that assumptions were made about people based on this data. What happened to doctor/patient confidentiality? And why no debate on this?

Local councils play God. I was with an abusive ex and all my records were made available for all to see details about abuse I had suffered as a child etc which he later used to further abuse me. There is no such thing as patient confidentiality. I know parents involved with social services who will not go and seek help for themselves as social services may find out they have been to doctors and use it against them