Who's responsible for mistakes in summary care records?

There is no clear answer to the question of who’s responsible for mistakes in summary care records.

NHS Connecting for Health suggests that responsibility for mistakes lies with the person making the incorrect entry into a patient’s medical records.

But the legal responsibility appears to lie with the Data Controller who, in the case of Summary Care Records, is the Secretary of State for Health, according to a Parliamentary answer on 25 June in 2008 by the then NPfIT minister Ben Bradshaw.

The Data Protection Act says that the “data controller” should takereasonable steps to ensure the accuracy of data – and keep it up todate.

But it’s unclear how the Secretary of State can ensurethat Summary Care Records are up to date, or are free of mistakes.

GPNeil Bhatia points out that the adviceof the Information Commissioner’s Office is that:

“…it isnot enough for a data controller to say that, because theinformation was obtained from either the data subject or a third party,they had done all that they could reasonably have done to ensure theaccuracy of the data at the time.

“Now data controllers may haveto gofurther and take reasonable steps to ensure the accuracy of the datathemselves and mark the data with any objections. The extent to whichsuch steps are necessary will be a matter of fact in each individualcase and will depend upon the nature of the data and the consequences ofthe inaccuracy for the data subject.”


Bhatia questionswhether the Secretary of State takes any reasonable steps to ensureaccuracy of the SCR data; and he says that nobody from Connecting forHealth checks the GP-held summary data data prior to upload. It’s alsounlikely that the GP checks it either.

So who makes sure the SCR- which is a central part of the £12.7bn NPfIT – is accurate?

Nobody, it seems.

Last month Ireported that the Summary Care Records database containsinaccuracies and omissions that make it difficult for doctors to trustit as a single source of truth, according to a confidential draftreport by University College London.


Confidentialreport on Summary Care Records finds database is inaccurate – ITProjects Blog

Opting outof the NHS database – GP Neil Bhatia’s advice

Lib-Demswant to abolish the NPfIT – Smarthealthcare.com

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.


This appears to be a good example of the confusion between accountability and responsibility. The Secretary of State is accountable for the quality of SCR data, the processes and systems used to manage and update the data. Responsibility for entry, updating and correction lies with the many staff involved across the NHS. To hold senior managers/politicians etc. responsible for all data quality errors may not help improve data quality.

To minimise the risk of data errors a number of enablers are required:

* Systems should be constructed to minimise the risk or error

* Clear standards and processes are required for the provision and updating of data

* Staff should be incentivised to correct any errors that are discoverd

* Data stewards should undertake regular data quality checks in order to assess the quality of data and plan any remedial actions

Data quality issues are, in general, the symptoms of human failures. Whether these are failures to follow correct processes, out of date standards or poorly planned systems. This forensic activity is where efforts should be focused to design out of the overall system any areas of weakness.

Julian Schwarzenbach

Data and Process Advantage


Since my previous comment we have had a good example of an impending data quality problem in the SCR process.

Today we recieved our consent forms for the creation of an SCR record for my wife and I. These were clearly the same as the letter that arrived yesterday for a previous resident at our address. Now, bearing in mind we have lived here for over 6 years and the previous owner (not the addressee of this letter) for 3 years, this means that this persons data is at least 9 years out of date, and possibly much more.

It would be interesting to know how the NHS respond to this error. Will they treat it as "one of those things" and correct it in isolation? Or will they use it as a possible example of a more widespread problem and investigate the root cause, correct this cause and track down other related data entries?

I suspect it will be the first approach ...

As someone with over ten years experience of data quality problems, I will be surprised if they do anything apart from inviting you to send them a note to add to the file.